Trojaner-Board - HackTool.KMS

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - HackTool.KMS (https://www.trojaner-board.de/174874-hacktool-kms.html)

TuneUp Utilities
SpyHunter 4
Security Task Manager 2.1

Bitte deinstallieren.

Danach bitte Suchscan durchführen:

Schritt 1

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Code:

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=d461849f249f00449dc654355a41a70c

# end=init

# utc_time=2016-01-11 04:45:06

# local_time=2016-01-11 05:45:06 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# osver=6.2.9200 NT 

Update Init

Update Download

Update Finalize

Updated modules version: 27590

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=d461849f249f00449dc654355a41a70c

# end=updated

# utc_time=2016-01-11 04:50:41

# local_time=2016-01-11 05:50:41 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# osver=6.2.9200 NT 

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7777

# api_version=3.1.1

# EOSSerial=d461849f249f00449dc654355a41a70c

# engine=27590

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2016-01-11 06:37:59

# local_time=2016-01-11 07:37:59 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1031

# osver=6.2.9200 NT 

# compatibility_mode_1='COMODO Antivirus'

# compatibility_mode=3081 16777213 100 92 4406658 61542073 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 100 94 13157116 77418772 0 0

# scanned=456346

# found=12

# cleaned=0

# scan_time=6437

sh=764E35F5D7285A7A0F0AE509CD3A7AE35A7617EE ft=1 fh=ceaa75ecc558b7b3 vn="MSIL/AdvancedSystemProtector.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RegClean Pro\systweakasp.exe.vir"

sh=1748CC36EA295AED6E263F08C30FD2676C187552 ft=1 fh=c7f29243341991bf vn="Variante von Win32/AdWare.CycloneAd.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Stefan\AppData\Local\ContextFree\cntcmd.exe.vir"

sh=CA2893AB5FBA02B348423F87A7216C73207D8DE3 ft=1 fh=f8578be9d3a2b3db vn="Variante von Win32/AdWare.CycloneAd.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Stefan\AppData\Local\ContextFree\framei.exe.vir"

sh=B41F338BC7860041D2C50CE6F9FC63D96CD6DEA0 ft=1 fh=4916afb9d6170540 vn="Win32/Adware.CycloneAd Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Stefan\AppData\Local\ContextFree\notifications.exe.vir"

sh=B26FE56C808C0FDA3B67425DA635F8F24FEA73D9 ft=1 fh=38f50cd977d242b7 vn="Variante von Win32/AdWare.CycloneAd.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Stefan\AppData\Local\ContextFree\nvcmd.exe.vir"

sh=58EB1347A55242A9764930671564048F7718848F ft=1 fh=2126ffaf7f10baa4 vn="Variante von Win32/Adware.CycloneAd.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Stefan\AppData\Local\ContextFree\windoclib.exe.vir"

sh=C5AA96F17ED2B68CA4C839EA7394F4534B4F5C3F ft=1 fh=57a85fb4fd4bc01c vn="Variante von Win64/Systweak.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"

sh=E1EE9FFB7521CD6E355FCE47F2E1F35F1BC1AAD1 ft=1 fh=c71c00110ade7ada vn="Win32/TrojanDownloader.Wauchos.Q Trojaner" ac=I fn="C:\Users\Stefan\dxazlfq.exe"

sh=E1EE9FFB7521CD6E355FCE47F2E1F35F1BC1AAD1 ft=1 fh=c71c00110ade7ada vn="Win32/TrojanDownloader.Wauchos.Q Trojaner" ac=I fn="C:\Users\Stefan\dxfgihc.exe"

sh=E1EE9FFB7521CD6E355FCE47F2E1F35F1BC1AAD1 ft=1 fh=c71c00110ade7ada vn="Win32/TrojanDownloader.Wauchos.Q Trojaner" ac=I fn="C:\Users\Stefan\dxzyeqt.exe"

sh=0BFF84AA6CC4CCF580EAE2FBF4C129FA6EA612C4 ft=1 fh=9fe1a4845276fe8f vn="Win32/Adware.ADON evtl. unerwÃ¼nschte Anwendung" ac=I fn="E:\Download\Unlocker1.9.1-x64.exe"

sh=4A693EC98C747851A490670E3A7184792DD8E22F ft=1 fh=f16e220bdbe45c69 vn="Variante von Win32/Systweak.M evtl. unerwÃ¼nschte Anwendung" ac=I fn="E:\Download\wzsysutil.exe"

Schritt 1

http://filepony.de/icon/frst.png http://deeprybka.trojaner-board.de/b...e/frst/sn1.PNG

Bitte starte FRST erneut, markiere auch die checkbox http://deeprybka.trojaner-board.de/b...t/addition.pngund drücke auf Untersuchen.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

Code:

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:07-01-2015

durchgeführt von Stefan (Administrator) auf PRIVAT (12-01-2016 09:06:51)

Gestartet von C:\Trojaner Board

Geladene Profile: Stefan (Verfügbare Profile: Stefan)

Platform: Windows 8.1 Pro (X64) Sprache: Deutsch (Deutschland)

Internet Explorer Version 11 (Standard-Browser: Chrome)

Start-Modus: Normal

Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Prozesse (Nicht auf der Ausnahmeliste) =================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

() C:\Windows\oem.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe

(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe

(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 

==================== Registry (Nicht auf der Ausnahmeliste) ===========================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
 

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2015-08-03] (Hewlett-Packard )

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2015-03-28] (Microsoft Corporation)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2015-08-03] (IDT, Inc.)

HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-23] (Oracle Corporation)

HKU\S-1-5-21-2620496672-2744858316-2536672267-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2899136 2015-08-15] (Valve Corporation)

HKU\S-1-5-21-2620496672-2744858316-2536672267-1001\...\Run: [EPSON SX420W Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE [224768 2015-09-22] (SEIKO EPSON CORPORATION)

IFEO\SppExtComObj.exe: [Debugger] SppHook.exe

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardOS API.lnk [2014-04-17]

ShortcutTarget: CardOS API.lnk -> C:\Program Files\Siemens\CardOS API\bin\siecacst.exe (Siemens IT Solutions and Services GmbH)

Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Medien-Prüfung.lnk [2014-08-26]

ShortcutTarget: Picture Motion Browser Medien-Prüfung.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
 

==================== Internet (Nicht auf der Ausnahmeliste) ====================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
 

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{23733C74-886E-4B65-A5C5-9AADCC25EEDF}: [DhcpNameServer] 192.168.1.1
 

Internet Explorer:

==================

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-2620496672-2744858316-2536672267-1001 -> {29618F75-CCD5-477E-A67F-0C0B27CE9ACD} URL = hxxps://it.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default

SearchScopes: HKU\S-1-5-21-2620496672-2744858316-2536672267-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)

BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-23] (Oracle Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-23] (Oracle Corporation)

Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
 

FireFox:

========

FF ProfilePath: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\i25vx326.default-1430134795022

FF Homepage: about:home

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [Keine Datei]

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-03] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-03] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-23] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-23] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\i25vx326.default-1430134795022\searchplugins\yahoo-ysp.xml [2015-11-23]

FF Extension: Adblock Plus - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\i25vx326.default-1430134795022\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-17]
 

Chrome: 

=======

CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}

CHR DefaultSearchKeyword: Default -> google.com___

CHR Profile: C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Präsentationen) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-08]

CHR Extension: (Google Docs) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-08]

CHR Extension: (Google Drive) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-08]

CHR Extension: (YouTube) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-08]

CHR Extension: (Google-Suche) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-08]

CHR Extension: (Google Tabellen) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-08]

CHR Extension: (Google Docs Offline) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-08]

CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-08]

CHR Extension: (Yahoo Web) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo [2016-01-08]

CHR Extension: (Google Mail) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-08]

CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx
 

==================== Dienste (Nicht auf der Ausnahmeliste) ========================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)

R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-11] (COMODO)

S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-07] (COMODO)

R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2056376 2015-11-26] (Comodo)

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-10-17] (Hewlett-Packard Company)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Datei ist nicht signiert]

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2015-08-03] (Intel(R) Corporation) [Datei ist nicht signiert]

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2015-08-03] (Intel(R) Corporation)

R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2015-08-03] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2015-08-03] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)

R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2015-08-03] (IDT, Inc.) [Datei ist nicht signiert]

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-08-12] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-08-12] (Microsoft Corporation)
 

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 

S3 A38CCID; C:\Windows\system32\DRIVERS\a38ccid.sys [62976 2015-04-18] (Advanced Card Systems Ltd.)

R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21720 2015-11-18] (COMODO)

R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [828144 2015-11-18] (COMODO)

R1 cmdhlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [35056 2015-08-05] (COMODO)

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)

S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-01-04] ()

R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127232 2015-08-05] (COMODO)

S0 kebzlm; kein ImagePath

R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-15] (Malwarebytes)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-15] (Malwarebytes)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-12] (Malwarebytes)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-15] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2015-08-03] (Intel Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)

S0 prohlp02; C:\Windows\SysWOW64\drivers\prohlp02.sys [70400 2004-04-08] (Protection Technology) [Datei ist nicht signiert]

S0 prosync1; C:\Windows\SysWOW64\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology) [Datei ist nicht signiert]

S0 sfhlp01; C:\Windows\SysWOW64\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) [Datei ist nicht signiert]

U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-08-12] (Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-08-12] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-08-12] (Microsoft Corporation)

S3 ALSysIO; \??\C:\Users\Stefan\AppData\Local\Temp\ALSysIO64.sys [X]

S1 prodrv06; \SystemRoot\System32\drivers\prodrv06.sys [X]
 

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
 

==================== Ein Monat: Erstellte Dateien und Ordner ========
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 

2016-01-12 09:05 - 2016-01-12 09:06 - 00000000 ____D C:\FRST

2016-01-11 19:20 - 2016-01-11 19:20 - 00373597 _____ C:\Users\Stefan\Downloads\TV_Die.Bergung.der.Costa.Concordia.German.DOKU.720p.HDTV.x264-UTOPiA.nzb

2016-01-11 19:20 - 2016-01-11 19:20 - 00307941 _____ C:\Users\Stefan\Downloads\TV_Das.Raetsel.der.Spider.Rocks.GERMAN.DOKU.720p.WebRip.x264-BTVG.nzb

2016-01-11 19:19 - 2016-01-11 19:19 - 00114060 _____ C:\Users\Stefan\Downloads\TV_Faszination.Kanada.E01.Die.Arktis.Expedition.in.die.Nordwestpassage.GERMAN.DOKU.WS.HDTVRip.x264-TMSF.nzb

2016-01-11 19:18 - 2016-01-11 19:18 - 00091869 _____ C:\Users\Stefan\Downloads\TV_Revolverhelden.Legenden.des.Wilden.Westens.S02E03.Bat.Masterson.GERMAN.DOKU.HDTVRip.x264-MDGP.nzb

2016-01-11 19:17 - 2016-01-11 19:17 - 00089731 _____ C:\Users\Stefan\Downloads\TV_Crazy.Food.Die.verruecktesten.Restaurants.der.Welt.S01E02.GERMAN.DOKU.HDTV.x264-KiTCHEN.nzb

2016-01-11 17:36 - 2016-01-11 17:36 - 02870984 _____ (ESET) C:\Users\Stefan\Downloads\esetsmartinstaller_deu.exe

2016-01-10 20:03 - 2016-01-10 21:49 - 00000000 ____D C:\Trojaner Board

2016-01-10 09:58 - 2016-01-10 09:58 - 00554546 _____ C:\Users\Stefan\Downloads\Filme_Der Eiserne Ritter Von Falworth (1954) AVI.nzb

2016-01-10 09:58 - 2016-01-10 09:58 - 00290653 _____ C:\Users\Stefan\Downloads\Filme_Die.Prinzessin.mit.dem.goldenen.Stern (1959) CSSR DEFA.nzb

2016-01-10 09:57 - 2016-01-10 09:57 - 00496542 _____ C:\Users\Stefan\Downloads\Filme_Agatha Christie-Toedliche Safari-1989-Filmklassisker.nzb

2016-01-10 09:54 - 2016-01-10 09:54 - 00149290 _____ C:\Users\Stefan\Downloads\TV_Drogen.im.Visier.S07E04.Spring.Break.Deals.GERMAN.DOKU.HDTVRip.x264-MDGP.nzb

2016-01-10 09:53 - 2016-01-10 09:53 - 00279998 _____ C:\Users\Stefan\Downloads\TV_Entfuehrt.im.Irak.311.Tage.Nervenkrieg.German.DOKU.720p.HDTV.x264-UTOPiA.nzb

2016-01-10 09:52 - 2016-01-10 09:52 - 00217575 _____ C:\Users\Stefan\Downloads\TV_Mountain.Men.-.Ueberleben.in.der.Wildnis.S04E08.Ausgehungert.GERMAN.DOKU.HDTVRip.x264-RiO.nzb

2016-01-09 21:02 - 2016-01-09 21:06 - 00000000 ____D C:\ProgramData\SecTaskMan

2016-01-08 15:51 - 2016-01-08 15:51 - 00115293 _____ C:\Users\Stefan\Downloads\TV_17.000.Kilometer.Kanada.E01.Kaempfen.Jagen.Ueberleben.German.DOKU.WS.HDTVRip.x264-OMGtv.nzb

2016-01-04 19:32 - 2016-01-04 19:32 - 00000000 _____ C:\autoexec.bat

2016-01-04 19:31 - 2016-01-04 19:31 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Enigma Software Group

2016-01-04 19:30 - 2016-01-04 19:31 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys

2016-01-04 19:28 - 2016-01-11 14:15 - 00000000 ____D C:\Program Files\Enigma Software Group

2015-12-16 10:58 - 2016-01-07 08:39 - 00000350 _____ C:\Windows\Tasks\HPCeeScheduleForStefan.job

2015-12-16 10:58 - 2016-01-06 17:08 - 00003166 _____ C:\Windows\System32\Tasks\HPCeeScheduleForStefan
 

==================== Ein Monat: Geänderte Dateien und Ordner ========
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 

2016-01-12 09:05 - 2013-08-22 14:36 - 00000000 ____D C:\Windows

2016-01-12 08:59 - 2014-03-31 18:25 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat

2016-01-12 08:51 - 2014-05-17 17:51 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2016-01-12 08:50 - 2015-05-25 19:21 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-01-12 08:50 - 2013-12-25 17:04 - 00000000 ____D C:\ProgramData\NVIDIA

2016-01-12 08:50 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-01-12 07:40 - 2015-05-25 19:21 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-01-12 07:22 - 2014-06-04 07:41 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2016-01-12 06:07 - 2013-12-25 02:38 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4D2B7B8E-79AF-4D0E-A59A-E31AB7216E22}

2016-01-11 21:14 - 2014-02-26 10:48 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\vlc

2016-01-11 20:43 - 2013-12-22 13:54 - 02139696 _____ C:\Windows\system32\PerfStringBackup.INI

2016-01-11 20:43 - 2013-09-30 04:58 - 01032826 _____ C:\Windows\system32\perfh007.dat

2016-01-11 20:43 - 2013-09-30 04:58 - 00248774 _____ C:\Windows\system32\perfc007.dat

2016-01-11 20:43 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf

2016-01-11 20:35 - 2014-05-28 14:19 - 00000000 ____D C:\Users\Stefan\AppData\Local\QuickPar

2016-01-11 19:41 - 2013-12-23 22:14 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2620496672-2744858316-2536672267-1001

2016-01-10 19:19 - 2013-12-22 17:33 - 00008704 _____ C:\Windows\SppHook.exe

2016-01-10 11:14 - 2015-11-26 09:23 - 00000776 _____ C:\Users\Stefan\Desktop\Challenge 16.lnk

2016-01-09 16:05 - 2014-04-06 10:05 - 04174900 _____ C:\Windows\system32\Drivers\fvstore.dat

2016-01-08 19:56 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI

2016-01-07 23:01 - 2015-05-26 10:46 - 00000000 ____D C:\AdwCleaner

2016-01-04 19:31 - 2013-12-23 22:08 - 00000000 ____D C:\Users\Stefan

2015-12-30 08:37 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp

2015-12-30 08:33 - 2015-11-12 18:26 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-12-30 08:33 - 2015-11-12 18:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-12-29 11:23 - 2014-06-04 07:41 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-12-27 16:14 - 2014-03-25 17:01 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\dvdcss

2015-12-21 19:52 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\FxsTmp

2015-12-17 20:15 - 2015-04-05 18:49 - 00000000 ___SD C:\Windows\SysWOW64\GWX

2015-12-17 20:15 - 2015-04-05 18:49 - 00000000 ___SD C:\Windows\system32\GWX

2015-12-17 12:46 - 2015-05-25 19:24 - 00002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-12-15 22:55 - 2015-04-27 10:30 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\ObviousIdea
 

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
 

2015-11-22 01:32 - 2015-11-22 01:32 - 0000017 _____ () C:\Users\Stefan\AppData\Local\resmon.resmoncfg
 

Dateien, die verschoben oder gelöscht werden sollten:

====================

C:\Users\Stefan\dxazlfq.exe

C:\Users\Stefan\dxfgihc.exe

C:\Users\Stefan\dxzyeqt.exe
 
 

Einige Dateien in TEMP:

====================

C:\Users\Stefan\AppData\Local\Temp\DseShExt-x64.dll

C:\Users\Stefan\AppData\Local\Temp\DseShExt-x86.dll

C:\Users\Stefan\AppData\Local\Temp\SDShelEx-win32.dll

C:\Users\Stefan\AppData\Local\Temp\SDShelEx-x64.dll
 
 

==================== Bamital & volsnap =================
 

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
 

C:\Windows\system32\winlogon.exe => Datei ist digital signiert

C:\Windows\system32\wininit.exe => Datei ist digital signiert

C:\Windows\explorer.exe => Datei ist digital signiert

C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert

C:\Windows\system32\svchost.exe => Datei ist digital signiert

C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert

C:\Windows\system32\services.exe => Datei ist digital signiert

C:\Windows\system32\User32.dll => Datei ist digital signiert

C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert

C:\Windows\system32\userinit.exe => Datei ist digital signiert

C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert

C:\Windows\system32\rpcss.dll => Datei ist digital signiert

C:\Windows\system32\dnsapi.dll => Datei ist digital signiert

C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert

C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
 
 

LastRegBack: 2016-01-10 13:54
 

==================== Ende von FRST.txt ============================

Code:

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:07-01-2015

durchgeführt von Stefan (2016-01-12 09:07:30)

Gestartet von C:\Trojaner Board

Windows 8.1 Pro (X64) (2013-12-23 21:08:57)

Start-Modus: Normal

==========================================================
 
 

==================== Konten: =============================
 

Administrator (S-1-5-21-2620496672-2744858316-2536672267-500 - Administrator - Disabled)

Gast (S-1-5-21-2620496672-2744858316-2536672267-501 - Limited - Disabled)

Stefan (S-1-5-21-2620496672-2744858316-2536672267-1001 - Administrator - Enabled) => C:\Users\Stefan
 

==================== Sicherheits-Center ========================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}

AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}
 

==================== Installierte Programme ======================
 

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
 

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)

ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.204 - Adobe Systems Incorporated)

Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)

AirXonix version 1.37G (HKLM-x32\...\AirXonix_is1) (Version:  - )

AllDup 3.3.14 (HKLM-x32\...\AllDup_is1) (Version: 3.3.14 - Michael Thummerer Software Design)

Alt.Binz 0.39.4 (HKLM-x32\...\Alt.Binz) (Version: 0.39.4 - Rdl)

CardOS API (Version: 3.3.018 - Siemens IT Solutions and Services GmbH) Hidden

Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 46.9.15.424 - Comodo)

COMODO Internet Security Premium (HKLM\...\{8899F0F2-03D8-4DDE-ADCA-4F0A7CE18A74}) (Version: 7.0.51350.4115 - COMODO Security Solutions Inc.)

Core Temp version 0.99.8 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 0.99.8 - Arthur Liberman)

Depths of Betrayal (HKLM-x32\...\{7EF17D39-44BB-4E4B-9FB7-7082550024C9}) (Version: 1.00.0000 - PurpleHills)

Der Mondkalender 2.0 (HKLM-x32\...\InstallShield_{C91D774B-69EF-4DC8-A8B2-5A2FA5279264}) (Version: 1.00.0000 - USM)

Der Mondkalender 2.0 (x32 Version: 1.00.0000 - USM) Hidden

Dike 5.5.0 (HKLM-x32\...\{3163143A-EA7F-4CED-B7BD-AEA38B4E0B5D}) (Version: 5.5.0 - InfoCert S.p.A)

Epson Easy Photo Print 2 (HKLM-x32\...\{310C1558-F6B5-4889-98B0-7471966BA7F2}) (Version: 2.2.3.0 - SEIKO EPSON CORPORATION)

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)

Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)

EPSON SX420W Series Handbuch (HKLM-x32\...\EPSON SX420W Series Manual) (Version:  - )

EPSON SX420W Series Netzwerk-Handbuch (HKLM-x32\...\EPSON SX420W Series Network Guide) (Version:  - )

EPSON SX420W Series Printer Uninstall (HKLM\...\EPSON SX420W Series) (Version:  - SEIKO EPSON Corporation)

EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)

EpsonNet Setup 3.2 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.2a - SEIKO EPSON CORPORATION)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

Free AVI Video Converter version 5.0.59.525 (HKLM-x32\...\Free AVI Video Converter_is1) (Version: 5.0.59.525 - DVDVideoSoft Ltd.)

Freemake Video Converter Version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)

Golden Trails 2 (HKLM-x32\...\Golden Trails 2) (Version:  - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)

Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden

GTR Evolution (HKLM-x32\...\GTR Evolution_1.1.1.2_is1) (Version:  - SimBin)

GTR Evolution (HKLM-x32\...\Steam App 8660) (Version:  - SimBin)

HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.1.40.3 - Hewlett-Packard Company)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)

Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)

Light Image Resizer 4.6.7.0 (HKLM-x32\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.6.7.0 - ObviousIdea)

MahJongg Master 4 (HKLM-x32\...\MahJongg Master 4_is1) (Version:  - eGames)

Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft Works Kalender 1.0 (HKLM-x32\...\Works Calendar) (Version:  - )

Microsoft Works Setup Launcher (HKLM-x32\...\Works99Setup) (Version:  - )

miniLector (Version: 3.0.0 - Bit4Id) Hidden

Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)

MultiPar Version 1.2.4.7 (HKLM-x32\...\{AAFC96BF-C615-4D77-9A55-C692A7B26FC5}_is1) (Version: 1.2.4.7 - Yutaka Sawada)

MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)

MyEpson Portal (x32 Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden

Neverball (HKLM-x32\...\Neverball) (Version:  - )

NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)

NVIDIA 3D Vision Treiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation)

NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)

NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)

NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)

NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)

Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Primo (x32 Version: 1.00.0000 - Your Company Name) Hidden

QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)

quifoto.it (HKLM-x32\...\it.quifoto.editor.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.6.7 - myphotobook GmbH)

quifoto.it (x32 Version: 1.6.7 - myphotobook GmbH) Hidden

RACE 07 - Formula RaceRoom Add-On (HKLM-x32\...\Steam App 44630) (Version:  - )

RACE 07 (HKLM-x32\...\Steam App 8600) (Version:  - SimBin)

Race Driver 3 (HKLM-x32\...\{A137D52E-FA96-4815-85F5-E7B8F66837DB}) (Version: 1.00.0000 - Codemasters)

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden

SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden

Ski Challenge 12 (AT) (HKU\S-1-5-21-2620496672-2744858316-2536672267-1001\...\sc12-AT_MAIN) (Version:  - )

Ski Challenge 14 (HKU\S-1-5-21-2620496672-2744858316-2536672267-1001\...\sc14-GAMETWIST_MAIN) (Version:  - )

Ski Challenge 15 (HKU\S-1-5-21-2620496672-2744858316-2536672267-1001\...\sc15-GAMETWIST_MAIN) (Version:  - )

Ski Challenge 16 (HKU\S-1-5-21-2620496672-2744858316-2536672267-1001\...\sc16-GAMETWIST_MAIN) (Version:  - )

Sony Picture Utility (HKLM-x32\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 4.0.00.10020 - Sony Corporation)

SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.21.10.4584 - Enigma Software Group, LLC)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)

Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{5D2260D6-DB16-41DC-915B-A39BF4F66362}) (Version:  - Microsoft)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)

VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)

Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)

Windows-Treiberpaket - ACS (A38CCID) SmartCardReader  (12/16/2009 1.1.6.5) (HKLM\...\F02CC611741E33C64CDEAEEE2C7A46E41719B2CC) (Version: 12/16/2009 1.1.6.5 - ACS)

Windows-Treiberpaket - ACS (ACSSCR) SmartCardReader  (01/17/2007 1.1.5.9) (HKLM\...\3BD7308AF0777D24D780B4C4F2C71336B1848E27) (Version: 01/17/2007 1.1.5.9 - ACS)

WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
 

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 

Task: {0018AB2E-434C-41C9-85F0-49F0197954EB} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-07] (COMODO)

Task: {02611EA7-06A8-46C7-B3C7-EFC5095067EF} - System32\Tasks\HPCeeScheduleForStefan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-08-03] (Hewlett-Packard)

Task: {03BD76AE-D4BD-4667-9868-3E59606C7495} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

Task: {13D31055-5345-4A00-89AA-503E5793BC7D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-26] (Google Inc.)

Task: {15564071-2723-4552-9930-A2060BC329F2} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-07] (COMODO)

Task: {1ED3EDB0-6462-45BC-81C4-CDC474FF6671} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-17] (Hewlett-Packard)

Task: {274DD30E-6946-4294-A1B3-8C0D75407B52} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-07] (COMODO)

Task: {3B1217C4-8180-4516-87AF-CE018314C64B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-10-17] (Hewlett-Packard Company)

Task: {40BB3E76-FE1B-4471-81F8-4707FC1F70BE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-29] (Adobe Systems Incorporated)

Task: {4BCD17E2-D0E4-4083-9A90-899C1DD79F04} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-11-23] (Oracle Corporation)

Task: {5AC59849-3BA5-4396-8633-08B6E69EECC1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-12-08] (Microsoft Corporation)

Task: {6BF8CDE9-C4AA-4270-A773-5FDBC509AC82} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-11-08] (Adobe Systems Incorporated)

Task: {6FEA9EB9-7AF8-4F51-9BF6-D67128683581} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-11-08] (Adobe Systems Incorporated)

Task: {74C0EE3D-F78D-4120-8311-61FA9FE9C36B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-17] (Microsoft Corporation)

Task: {7E949E90-7B1F-48FF-91CF-AA2080C28457} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-26] (Google Inc.)

Task: {80D97481-2186-4B2B-BD01-0202AF046F8A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-10-17] (Hewlett-Packard Company)

Task: {82CF28F6-8466-4D89-A789-4FE2B4F144CD} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-07] (COMODO)

Task: {842A1711-47DA-43A8-B64D-E304B94F4B1E} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-07] (COMODO)

Task: {88B07CD8-9D8F-493C-A911-9DB027D35183} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-10-20] (Hewlett-Packard)

Task: {8DDBCD28-E576-4DCE-89B8-D557BAE2EAEE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-12-03] (HP Inc.)

Task: {8F9410B3-0366-4AAA-9D35-97F295401A8E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

Task: {9667ABE1-ED33-4D48-8748-9F6E0A7CAB29} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-17] (Microsoft Corporation)

Task: {9DB46CD8-B500-4A9C-BBED-259E202FB382} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-17] (Hewlett-Packard)

Task: {B9082931-6747-4E43-BADA-8898A9D45DAC} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)

Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto

Task: {BAE31404-F969-4E46-9415-FB6343DE95B9} - System32\Tasks\OEM => C:\Windows\oem.exe [2013-12-22] ()

Task: {EF53A34D-4B7F-4B80-BF37-307D5CA038F6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-12-03] (HP Inc.)

Task: {F15E1EB4-DF8C-411C-95FC-FA79F14A2C55} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-07] (COMODO)
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForStefan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 

==================== Verknüpfungen =============================
 

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
 

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
 

2013-12-22 00:56 - 2013-12-22 17:45 - 00517862 _____ () C:\Windows\oem.exe

2013-04-15 16:39 - 2015-01-08 23:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav

2015-08-03 12:28 - 2015-08-03 12:28 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

2015-12-17 12:46 - 2015-12-11 04:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll

2015-12-17 12:46 - 2015-12-11 04:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
 

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
 

AlternateDataStreams: C:\autoexec.bat:$CmdTcID

AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID

AlternateDataStreams: C:\Windows\HelpPane.exe:$CmdTcID

AlternateDataStreams: C:\Windows\hh.exe:$CmdTcID

AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID

AlternateDataStreams: C:\Windows\regedit.exe:$CmdTcID

AlternateDataStreams: C:\Windows\splwow64.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SppHook.exe:$CmdTcID

AlternateDataStreams: C:\Windows\sttray64.exe:$CmdTcID

AlternateDataStreams: C:\Windows\twain_32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\winhlp32.exe:$CmdTcID

AlternateDataStreams: C:\Windows\write.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\accessibilitycpl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\acledit.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\aclui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\acppage.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\acproxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ActionCenter.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ActionCenterCPL.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ActionQueue.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\activeds.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\actxprxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\adhapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\adhsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AdmTmpl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\adprovider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\adrclient.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\adsldp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\adsldpc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\adsnt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\advpack.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\aecache.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AepRoam.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\aitagent.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\alg.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AltTab.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\amstream.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\apds.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Apphlpdm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AppIdPolicyEngineApi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\appmgmts.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\appmgr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AppReadiness.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\apprepapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\apprepsync.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\appsruprov.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\appwiz.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AppxAllUserStore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AppxApplicabilityEngine.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AppXDeploymentClient.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AppXDeploymentExtensions.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AppXDeploymentServer.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AppxPackaging.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AppxSip.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AppxStreamingDataSourcePS.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AppxSysprep.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ARP.EXE:$CmdTcID

AlternateDataStreams: C:\Windows\system32\aspnet_counters.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\asycfilt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\at.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AtBroker.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\atl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\atlthunk.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\attrib.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AudioEndpointBuilder.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\auditcse.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AuditNativeSnapIn.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AuditPolicyGPInterop.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AuthBroker.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AuthExt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\authfwcfg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AuthFWGP.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AuthFWSnapin.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AuthFWWizFwk.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AuthHost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AuthHostProxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\authz.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\autoconv.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\autoplay.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AutoWorkplaceN.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\avicap32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\avifil32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\avrt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AxInstSv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AxInstUI.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\azroles.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\azroleui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\AzSqlExt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\baaupdate.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\backgroundTaskHost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\BackgroundTransferHost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\basecsp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\batmeter.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bcd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bcdboot.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bcdprov.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bcdsrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\BCP47Langs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bcrypt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bdaplgin.ax:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bdechangepin.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\BdeHdCfg.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\BdeHdCfgLib.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bderepair.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bdesvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\BdeSysprep.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bdeui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\BdeUISrv.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bdeunlock.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\BFE.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bidispl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\BioCredProv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bisrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\BitLockerDeviceEncryption.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\BitLockerWizard.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\BitLockerWizardElev.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bitsadmin.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bitsigd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bitsperf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bitsprx2.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bitsprx3.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bitsprx4.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bitsprx5.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bitsprx6.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bitsprx7.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\biwinrt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\blb_ps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\BluetoothApis.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bootcfg.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bootim.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\BootMenuUX.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bootsect.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bootux.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\brdgcfg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bridgeunattend.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\BrokerLib.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\browcli.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\browser.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\browseui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bthci.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\BthHFSrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\BthMtpContextHandler.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bthpanapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\BthpanContextHandler.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bthprops.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\system32\BthRadioMedia.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bthserv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\BthSQM.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\bthudtask.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\btpanui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Bubbles.scr:$CmdTcID

AlternateDataStreams: C:\Windows\system32\BulkOperationHost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\BWContextHandler.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ByteCodeGenerator.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cabinet.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cabview.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cacls.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\calc.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\CallButtons.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\CallButtons.ProxyStub.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\CameraSettingsUIHost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\capiprovider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\capisp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\catsrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\catsrvps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cca.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cdosys.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\certca.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\certCredProvider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\certenc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\CertEnroll.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\CertEnrollCtrl.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\CertEnrollUI.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\certmgr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\CertPolEng.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\certprop.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\certreq.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\certutil.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ceutil.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cfgbkend.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cfgmgr32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cfmifs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cfmifsproxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\change.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\chartv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\chcp.com:$CmdTcID

AlternateDataStreams: C:\Windows\system32\CheckNetIsolation.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\chglogon.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\chgport.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\chgusr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\chkdsk.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\chkntfs.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\chkwudrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\choice.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\CHxReadingStringIME.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cic.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cipher.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\CIRCoInst.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\clb.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\clbcatq.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cleanmgr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cliconfg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cliconfg.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\clip.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\CloudNotifications.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\CloudStorageWizard.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\clusapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cmcfg32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cmd.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cmdext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cmdial32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cmdkey.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cmdl32.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cmifw.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cmlua.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cmmon32.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cmpbk32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cmstp.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cmstplua.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cmutil.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cngcredui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cngprovider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cnvfat.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cofire.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cofiredm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\colbact.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\colorcpl.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\colorui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\combase.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\comcat.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\comdlg32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\comp.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\compact.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\CompMgmtLauncher.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\CompPkgSup.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\compstui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ComputerDefaults.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\comrepl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\comsnap.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\comuid.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ConfigureExpandedStorage.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\connect.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ConnectedAccountState.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ConsentUX.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\console.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\control.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\convert.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\correngine.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\CredentialMigrationHandler.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\CredentialUIBroker.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\credui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\credwiz.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cryptcatsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cryptdlg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cryptdll.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cryptext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\CryptoWinRT.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\crypttpmeksvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cryptuiwizard.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cryptxml.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cscapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cscdll.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\CscMig.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cscobj.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cscript.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cscsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cscui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\CSystemEventsBrokerClient.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ctfmon.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cttune.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\cttunesvr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\C_G18030.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\C_IS2022.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\C_ISCII.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3d10.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3d10core.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3d10_1.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3d10_1core.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3d11.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3d8thk.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3d9.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\D3DCompiler_39.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\D3DCompiler_40.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\D3DCompiler_42.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\D3DCompiler_47.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3dcsx_42.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3dx10_39.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3dx10_42.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\D3DX9_41.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dab.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dabapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DAConn.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dafBth.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DafPrintProvider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dafupnp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dafWCN.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dafWfdProvider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DAFWSD.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DAMM.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DaOtpCredentialProvider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\das.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dasHost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dataclen.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\datusage.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\davhlpr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dbgeng.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dbghelp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dbnetlib.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dbnmpntw.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dccw.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dcomcnfg.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dcomp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DDACLSys.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ddodiag.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DDOIProxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DDORes.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ddpchunk.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ddptrace.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ddputils.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ddp_ps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ddraw.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ddrawex.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DefaultDeviceManager.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DefaultPrinterProvider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Defrag.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\defragproxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\defragsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\delegatorprovider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\desk.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\system32\deskadp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\deskmon.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DevDispItemProvider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\deviceaccess.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\deviceassociation.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DeviceCenter.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DeviceDisplayStatusManager.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DeviceDriverRetrievalClient.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DeviceEject.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DeviceElementSource.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DeviceMetadataRetrievalClient.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DevicePairing.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DevicePairingFolder.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DevicePairingProxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DevicePairingWizard.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DeviceProperties.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\deviceregistration.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DeviceSetupManager.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DeviceSetupManagerAPI.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DeviceUxRes.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\devmgr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\devobj.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DevPropMgr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\devrtl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dfdts.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DFDWiz.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dfp.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DfpCommon.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dfrgui.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dfscli.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DfsShlEx.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dhcpcmonitor.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dhcpcore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dhcpcore6.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dhcpcsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dhcpcsvc6.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DHCPQEC.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dhcpsapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DiagCpl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\diagperf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dialer.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\difxapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dimsjob.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dinput.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dinput8.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\discan.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\diskcomp.com:$CmdTcID

AlternateDataStreams: C:\Windows\system32\diskcopy.com:$CmdTcID

AlternateDataStreams: C:\Windows\system32\diskcopy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\diskpart.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\diskraid.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dispci.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dispdiag.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dispex.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Display.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DisplaySwitch.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\djoin.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dllhost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dllhst3g.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dlnashext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dmdlgs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dmdskmgr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dmintf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dmloader.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dmocx.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DMRServer.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dmsynth.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dmusic.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dmutil.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dmvdsitf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dmview.ocx:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dnsapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dnscacheugc.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dnsext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dnshc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dnsrslvr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\docprop.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\doskey.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dot3api.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dot3cfg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Dot3Conn.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dot3dlg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dot3gpclnt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dot3gpui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dot3hc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dot3mm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dot3msm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dot3svc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dot3ui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dpapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dpapimig.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dpapiprovider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dpapisrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DpiScaling.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\driverquery.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\drprov.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\drt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\drtprov.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\drttransport.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\drvcfg.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\drvinst.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\drvstore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dsauth.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DscCore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DscCoreConfProv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dsdmo.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dskquota.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dskquoui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DsmUserTask.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dsound.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dsparse.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dsprop.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dsquery.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dsrole.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dssec.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dssenh.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Dsui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dsuiext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dswave.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dtsh.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dui70.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\duser.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dvdplay.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dvdupgrd.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dwm.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dwmredir.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DWWIN.EXE:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dxdiag.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dxdiagn.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dxgi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dxgwdi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DXP.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dxpps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Dxpserver.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\DxpTaskSync.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\dxva2.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Eap3Host.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\eapp3hst.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\eappcfg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\eappgnui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\eapphost.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\eappprxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\eapprovp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\EAPQEC.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\eapsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\easconsent.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\EaseOfAccessDialog.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\easinvoker.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\easinvoker.proxystub.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\easwrt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\efsadu.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\efscore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\efslsaext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\efssvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\efsui.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\efsutil.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\efswrt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\EhStorAPI.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\EhStorAuthn.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\EhStorPwdMgr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\EhStorShell.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ELSCore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\elshyph.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\elslad.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\elsTrans.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\embeddedapplauncher.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\EmbeddedAppLauncherConfig.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\encapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\energy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\energyprov.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\energytask.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\eqossnap.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\es.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\esent.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\esentprf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\esentutl.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\eudcedit.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\EventAggregation.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\eventcls.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\eventcreate.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\eventvwr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\expand.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\extrac32.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\E_GCINST.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\E_IBCBGCE.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Faultrep.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fc.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fdBth.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fdBthProxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\FdDevQuery.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fde.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fdeploy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fdPHost.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fdPnp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fdprint.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fdProxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\FDResPub.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fdSSDP.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fdWCN.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fdWNet.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fdWSD.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\feclient.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fhautoplay.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fhcat.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fhcfg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fhcleanup.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fhcpl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fhengine.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fhevents.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fhlisten.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fhmanagew.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fhshl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fhsrchapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fhsrchph.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fhsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fhsvcctl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fhtask.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\FileAppxStreamingDataSource.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\filemgmt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\find.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\findnetprinters.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\findstr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\finger.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Firewall.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\system32\FirewallAPI.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\FirewallControlPanel.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fltLib.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fltMC.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fmapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fmifs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fms.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Fondue.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fontext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fontview.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\forfiles.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\format.com:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fphc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\framedyn.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\framedynos.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\frprov.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fsavailux.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fsutil.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fsutilext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fthsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ftp.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fundisc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fveapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fveapibase.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fvecerts.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fvecpl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fvenotify.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fveprompt.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fveskybackup.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fveui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fvewiz.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\fwcfg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\FXSAPI.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\FXSCOM.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\FXSCOMEX.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\FXSCOMPOSE.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\FXSCOVER.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\FXSMON.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\FXSROUTE.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\FXSST.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\FXSSVC.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\FXST30.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\FXSTIFF.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\FXSUNATD.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\FXSUTILITY.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\g711codc.ax:$CmdTcID

AlternateDataStreams: C:\Windows\system32\gacinstall.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\gameux.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\gcdef.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\GdiPlus.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\GeofenceMonitorService.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\getmac.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\getuname.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\glcndFilter.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\glmf32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\GlobCollationHost.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\globinputhost.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\glu32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\gpedit.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\gpprefcl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\gpprnext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\gpresult.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\gpscript.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\gpscript.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\gptext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\gpupdate.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Groupinghc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\grpconv.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\hbaapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\hcproviders.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\hdwwiz.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\system32\hdwwiz.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\help.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\HelpPaneProxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\hgcpl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\hgprint.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\hhctrl.ocx:$CmdTcID

AlternateDataStreams: C:\Windows\system32\hhsetup.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\hid.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\hidphone.tsp:$CmdTcID

AlternateDataStreams: C:\Windows\system32\hidserv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\hnetcfg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\hnetmon.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\HOSTNAME.EXE:$CmdTcID

AlternateDataStreams: C:\Windows\system32\hotplug.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\hotspotauth.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\httpapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\httpprxm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\httpprxp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\htui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\hwrcomp.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\hwrreg.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ias.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\iasacct.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\iasads.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\iasdatastore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\iashlpr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\IasMigPlugin.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\iasnap.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\iaspolcy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\iasrad.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\iasrecst.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\iassam.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\iassdo.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\iassvcs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\icacls.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\icfupgd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\icm32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\icmui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\IconCodecService.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\icsigd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\icsunattend.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\icsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\IdCtrls.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\IdListen.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\idndl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\IDStore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\iepeers.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ifmon.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ifsutil.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ifsutilx.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\igdDiag.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\imaadp32.acm:$CmdTcID

AlternateDataStreams: C:\Windows\system32\imagehlp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\imapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\imapi2.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\imapi2fs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\imm32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\immersivetpmvscmgrsvr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\system32\inetmib1.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\inetppui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\InfDefaultInstall.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\InputSwitch.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\inseng.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\intl.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ipconfig.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\IPHLPAPI.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\iphlpsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ipnathlp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\iprtprio.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\iprtrmgr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ipsecsnp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ipsmsnap.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\irclass.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\irftp.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\irmon.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\irprops.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\system32\iscsicli.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\iscsicpl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\iscsicpl.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\iscsidsc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\iscsied.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\iscsiexe.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\iscsium.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\iscsiwmi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\iscsiwmiv2.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\isoburn.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\itircl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\itss.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\iuilp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\iyuv_32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\joy.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\KBDAZE.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\KBDAZEL.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\KBDAZST.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\kbdgeoqw.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\KdsCli.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\kdusb.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\kd_02_8086.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\keepaliveprovider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\kernel.appcore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\kernelceip.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\KeyboardFilterCore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\KeyboardFilterSvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\keyiso.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\keymgr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\klist.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\kmddsp.tsp:$CmdTcID

AlternateDataStreams: C:\Windows\system32\KMSVC.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\korwbrkr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ksetup.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID

AlternateDataStreams: C:\Windows\system32\kstvtune.ax:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Kswdmcap.ax:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ksxbar.ax:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ktmutil.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ktmw32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\l2gpstore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\l2nacp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\L2SecHC.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\l3codeca.acm:$CmdTcID

AlternateDataStreams: C:\Windows\system32\l3codecp.acm:$CmdTcID

AlternateDataStreams: C:\Windows\system32\label.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\LangCleanupSysprepAction.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\LAPRXY.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\LaunchTM.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\linkinfo.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ListSvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\livessp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\LldpNotify.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\lltdapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\lltdsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\lmhsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\loadperf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\localsec.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\localui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\LocationApi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\LocationNotifications.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Locator.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\LockScreenContent.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\LockScreenContentHost.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\LockScreenContentServer.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\lodctr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\logagent.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\loghours.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\logoff.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\logoncli.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\LogonUI.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\lpkinstall.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\lpksetup.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\lpksetupproxyserv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\lpremove.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\lsm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\lsmproxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\luainstall.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Magnification.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Magnify.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\main.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MaintenanceUI.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\makecab.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\manage-bde.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MbaeApi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MbaeApiPublic.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MbaeParserTask.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MbaeXmlParser.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mblctr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mbsmsapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mbussdapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mcbuilder.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mciavi32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mcicda.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mciqtz32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mciseq.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mciwave.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\McxDriv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MDEServer.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MDMAgent.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mdminst.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mdmregistration.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MdRes.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MdSched.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MemoryDiagnostic.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mf3216.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mfAACEnc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mfasfsrcsnk.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mfc42.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mfc42u.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MFCaptureEngine.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mfcore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mfcsubs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mfds.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mfdvdec.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mfh264enc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MFMediaEngine.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mfmjpegdec.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mfmp4srcsnk.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mfmpeg2srcsnk.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mfnetcore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mfnetsrc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MFPlay.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mfreadwrite.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mfsrcsnk.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mfsvr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mftranscode.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mgmtapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mibincodec.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\microsoft-windows-system-events.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MicrosoftAccountTokenProvider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\midimap.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\migflt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\miguiresource.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mimefilt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mimofcodec.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MirrorDrvCompat.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mispace.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\miutils.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mlang.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mmc.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mmcbase.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mmci.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mmcico.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mmcndmgr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mmcshext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mmcss.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MMDevAPI.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mmsys.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mobsync.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mode.com:$CmdTcID

AlternateDataStreams: C:\Windows\system32\modemui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\montr_ci.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\more.com:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mountvol.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Mpeg2Data.ax:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mpg2splt.ax:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mpnotify.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mpr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mprapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mprddm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mprdim.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mprext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mprmsg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MPSSVC.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MRINFO.EXE:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MrmCoreR.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MrmIndexer.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msaatext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MSAC3ENC.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msacm32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msacm32.drv:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msadp32.acm:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msasn1.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MSAudDecMFT.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msauserext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mscandui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mscat32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msched.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MSchedExe.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mscms.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msconfig.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msctfime.ime:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MsCtfMonitor.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msctfp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msctfui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msctfuimanager.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msdadiag.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msdart.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msdelta.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msdmo.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msdri.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msdrm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msdt.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msdtc.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msdtckrm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msdtclog.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msdtcprx.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msdtctm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msdtcuiu.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MSDvbNP.ax:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msg.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msg711.acm:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msgsm32.acm:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MsiCofire.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msidcrl40.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msident.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msidle.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msieftp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msiltcfg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msimg32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msimtf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msinfo32.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msisip.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msiwer.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mskeyprotcli.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mskeyprotect.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msls31.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MSNP.ax:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msoeacct.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msoert2.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mspaint.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mspatcha.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mspatchc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msports.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msra.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msrahc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msrdc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MsRdpWebAccess.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msrle32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msscntrs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mssha.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msshooks.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mssign32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mssip32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mssitlb.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MsSpellCheckingHost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mssph.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mssphtb.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mssprxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mssrch.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mssvp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mstask.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msTextPrediction.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msutb.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msvcirt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msvcp60.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msvcrt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msvfw32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msvidc32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MSVideoDSP.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msvproc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MSWB7.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MSWB70011.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MSWB7001E.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MSWB70404.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MSWB70804.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mswmdm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\msyuv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mtstocom.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mtxclu.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mtxdm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mtxex.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\muifontsetup.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MUILanguageCleanup.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MuiUnattend.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\MultiDigiMon.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mycomput.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\mydocs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Mystify.scr:$CmdTcID

AlternateDataStreams: C:\Windows\system32\napdsnap.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NapiNSP.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\napipsec.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NAPMONTR.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NAPSTAT.EXE:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Narrator.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NaturalLanguage6.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nbtstat.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NcaApi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NcaSvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ncbservice.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NcdAutoSetup.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NcdProp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nci.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ncobjapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ncpa.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ncryptprov.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ncryptsslp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ncuprov.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ndadmin.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nddeapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ndfapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ndfetw.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ndfhcdiscovery.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ndiscapCfg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ndishc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NdisImPlatform.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ndproxystub.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nduprov.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\negoexts.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\net.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\net1.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\netapi32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\netbios.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\netbtugc.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\netcenter.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\netcfg.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\netcfgx.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\netcorehc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\netdiagfx.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NetEvtFwdr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\netid.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\netiohlp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\netiougc.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\netjoin.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\netlogon.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\netman.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\netplwiz.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Netplwiz.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\netprofm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\netprofmsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\netprovisionsp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NetSetupApi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\netsh.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\netshell.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NETSTAT.EXE:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nettrace.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\netutils.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NetVscCoinstall.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\networkexplorer.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\networkitemfactory.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NetworkStatus.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\newdev.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\newdev.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ninput.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NL7Data0011.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NL7Data001E.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NL7Data0404.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NL7Data0804.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nlahc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nlhtml.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nlmgp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nlmproxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nlmsprep.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData0000.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData0002.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData0003.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData0007.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData0009.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData000a.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData000c.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData000d.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData000f.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData0010.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData0018.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData001a.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData001b.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData001d.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData0020.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData0021.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData0022.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData0024.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData0026.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData0027.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData002a.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData0039.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData003e.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData0045.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData0046.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData0047.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData0049.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData004a.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData004b.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData004c.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData004e.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData0414.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData0416.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData0816.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData081a.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsData0c1a.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Nlsdl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NlsLexicons0009.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nltest.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\normaliz.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\npmproxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nrpsrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nshhttp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nshipsec.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nshwfp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nsi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nsisvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nslookup.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ntasn1.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ntdsapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ntlanman.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ntlanui2.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ntmarta.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ntprint.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ntshrui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nvapi64.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nvcompiler.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nvcuda.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nvcuvenc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nvcuvid.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nvd3dumx.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nvEncodeAPI64.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NvFBC64.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NvIFR64.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\NvIFROpenGL.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nvinitx.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nvoglshim64.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nvoglv64.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\nvvsvc.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\objsel.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ocsetapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\odbc32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\odbcad32.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\odbcbcp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\odbcconf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\odbcconf.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\odbccp32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\odbccr32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\odbccu32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\odbctrac.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\OEMLicense.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\offfilt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\offreg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ogldrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\oleacc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\oleacchooks.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\oledlg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\oleprn.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\OnDemandConnRouteHelper.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\onex.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\onexui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\OobeFldr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\OpcServices.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\OpenCL.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\openfiles.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\opengl32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\OpenWith.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\OptionalFeatures.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\osbaseln.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\OskSupport.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\osuninst.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\P2P.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\P2PGraph.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\p2pnetsh.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\p2psvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PackageStateRoaming.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\panmap.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PasswordOnWakeSettingFlyout.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PATHPING.EXE:$CmdTcID

AlternateDataStreams: C:\Windows\system32\pautoenr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\pcacli.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\pcaui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\pcaui.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PCPKsp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PCPTpm12.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\pcsvDevice.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\pcwrun.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\pcwutl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\pdh.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\pdhui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PeerDist.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PeerDistAD.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PeerDistCacheProvider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PeerDistCleaner.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PeerDistHttpTrans.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PeerDistSh.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PeerDistSvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PeerDistWSDDiscoProv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\perfctrs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\perfdisk.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\perfmon.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\perfnet.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\perfos.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\perfproc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\perfts.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PhotoMetadataHandler.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PhotoScreensaver.scr:$CmdTcID

AlternateDataStreams: C:\Windows\system32\photowiz.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PickerHost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\pid.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PING.EXE:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PkgMgr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\pla.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\plasrv.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\playlistfolder.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PlaySndSrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PlayToDevice.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PlayToManager.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PlayToStatusProvider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ploptin.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\pmcsnap.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\pnidui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\pnpclean.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\pnppolicy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\pnpts.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\pnpui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PnPUnattend.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PnPutil.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PNPXAssoc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PNPXAssocPrx.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\pnrpauto.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Pnrphc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\pnrpnsp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\pnrpsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PortableDeviceApi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PortableDeviceClassExtension.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PortableDeviceConnectApi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PortableDeviceStatus.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PortableDeviceSyncProvider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PortableDeviceTypes.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PortableDeviceWiaCompat.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PortableDeviceWMDRM.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\pots.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\powercfg.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\system32\powercfg.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\powercpl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\powrprof.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ppcsnap.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PresentationSettings.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\prevhost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\print.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PrintBrmUi.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PrintDialogHost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PrintDialogs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\printfilterpipelineprxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\printfilterpipelinesvc.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PrintIsolationHost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PrintIsolationProxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\printui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\printui.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\prncache.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\prnfldr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\prnntfy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\prntvpt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\procinst.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\profapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\profext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\profprov.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\profsvcext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\propsys.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\proquota.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\provcore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\provsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\provthrd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ProximityCommon.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ProximityCommonPal.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ProximityRtapiPal.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ProximityService.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ProximityServicePal.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ProximityUxHost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\prvdmofcomp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\psapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\psisdecd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\psisrndr.ax:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PSModuleDiscoveryProvider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\psmsrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\psr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\pstask.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\pstorec.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\puiapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\puiobj.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PurchaseWindowsLicense.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\PurchaseWindowsLicense.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\pwlauncher.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\pwlauncher.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\pwrshplugin.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\pwsso.dll:$CmdTcID

Code:

AlternateDataStreams: C:\Windows\system32\QAGENT.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\QAGENTRT.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\qappsrv.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\QCLIPROV.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\qdv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\qmgr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\qmgrprxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\qprocess.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\QSHVHOST.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\QSVRMGMT.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Query.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\query.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\quser.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\QUTIL.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\qwave.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\qwinsta.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RacEngn.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\racpldlg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\radardt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\radarrs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RADCUI.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rapiproxystub.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rapistub.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rasadhlp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rasapi32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rasauto.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rasautou.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rascfg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\raschap.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\raschapext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rasctrs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rascustom.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rasdiag.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rasdial.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rasdlg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\raserver.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rasgcw.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rasman.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rasmans.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rasmbmgr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RASMM.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rasmontr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rasmxs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rasphone.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rasplap.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rasppp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rasser.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rastapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rastlsext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rdbui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rdpcfgex.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rdpclip.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rdpcore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rdpencom.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rdpendp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rdpinput.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RdpSa.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RdpSaProxy.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RdpSaPs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RdpSaUacHelper.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rdrleakdiag.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RDSAppXHelper.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rdsdwmdr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RDSPnf.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rdvvmtransport.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ReAgent.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ReAgentc.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ReAgentTask.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\recimg.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\recover.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\recovery.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RecoveryDrive.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\reg.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\regapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RegCtrl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\regedt32.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\regidle.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\regini.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Register-CimProvider.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\regsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\regsvr32.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ReInfo.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rekeywiz.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RelPost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\remotepg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\remotesp.tsp:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RemoveDeviceContextHandler.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RemoveDeviceElevated.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\repair-bde.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\replace.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\reset.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\reseteng.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\resmon.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RestoreOptIn.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\resutils.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rfxvmt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rgb9rast.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Ribbons.scr:$CmdTcID

AlternateDataStreams: C:\Windows\system32\riched20.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\riched32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RMActivate.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RMActivate_isv.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RMActivate_ssp.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RMActivate_ssp_isv.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RMapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RmClient.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rmttpmvscmgrsvr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rnr20.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RoamingSecurity.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Robocopy.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RotMgr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ROUTE.EXE:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RpcEpMap.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RpcNs4.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rpcnsh.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RpcPing.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RpcRtRemote.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rpcss.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rsaenh.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rshx32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RstrtMgr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rtffilt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rtm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RtNicProp64.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rtutils.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RTWorkQ.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\runas.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rundll32.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RunLegacyCPLElevated.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\runonce.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\RuntimeBroker.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\rwinsta.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\samcli.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\samlib.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\samsrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sas.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sbe.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sbeio.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sc.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\scansetting.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SCardDlg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SCardSvr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sccls.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ScDeviceEnum.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\scecli.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\scext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\schedcli.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\schtasks.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\scksp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\scripto.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\scrnsave.scr:$CmdTcID

AlternateDataStreams: C:\Windows\system32\scrobj.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\scrptadm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\scrrun.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sdchange.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sdclt.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sdhcinst.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sdiageng.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sdiagnhost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sdiagprv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sdiagschd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sdohlp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SearchFilterHost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SearchFolder.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SearchIndexer.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SearchProtocolHost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SecEdit.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\secinit.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\secproc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\secproc_isv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\secproc_ssp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\secproc_ssp_isv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sendmail.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Sens.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SensApi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SensorsApi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SensorsClassExtension.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SensorsCpl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sensrsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\serialui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\serwvdrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SessEnv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sessionmsg.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sethc.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SetNetworkLocation.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SetProxyCredential.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\setspn.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SettingMonitor.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SettingsHandlers.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SettingSync.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SettingSyncCore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SettingSyncHost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SettingSyncPolicy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\setupapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\setupcln.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\setupugc.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\setx.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sfc.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sfc_os.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\shacct.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sharemediacpl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SHCore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\shdocvw.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\shfolder.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\shgina.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\shimgvw.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\shlwapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\shpafact.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\shrpubw.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\shsetup.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\shsvcs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\shunimpl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\shutdown.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\shwebsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\signdrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sigverif.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SimAuth.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SimCfg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sisbkup.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SkyDrive.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SkyDriveShell.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SkyDriveTelemetry.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SlideToShutDown.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\slpts.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SmartcardCredentialProvider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SmartCardSimulator.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SmartScreenSettings.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SMBHelperClass.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\smbwmiv2.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\smphost.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SmsDeviceAccessRevocation.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SMSRouter.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SndVol.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SndVolSSO.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SnippingTool.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\snmpapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\snmptrap.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SNTSearch.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\softkbd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\softpub.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sort.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SortServer2003Compat.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SortWindows61.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SortWindows6Compat.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SoundRecorder.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SpaceAgent.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SpaceControl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\spbcd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\spfileq.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SPInf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\spmpm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\spnet.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\spoolss.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\spoolsv.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\spopk.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\spp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sppnp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sppobjs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sppsvc.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sppwinob.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\spwinsat.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\spwizeng.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sqlcecompact40.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sqlceoledb40.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sqlceqp40.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sqlcese40.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sqlsrv32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sqmapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\srchadmin.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SRH.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\srhelper.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\srm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\srmclient.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\srmscan.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\srmshell.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\srmstormod.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\srmtrace.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\srm_ps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SrpUxNativeSnapIn.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\srrstr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SrTasks.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\srumapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\srumsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\srvcli.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\srvsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\srwmi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sscore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sscoreext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ssdpapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ssdpsrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SSShim.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ssText3d.scr:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sstpsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\st646496.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\stapi64.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\stapo64.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Startupscan.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\stclient.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sti.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\StikyNot.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sti_ci.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\stobject.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\StorageContextHandler.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\storagewmi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\storagewmi_passthru.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\storewuauth.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Storprop.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\StorSvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\streamci.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\StructuredQuery.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SubscriptionMgr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\subst.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sud.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\svchost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\svsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\swprv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sxproxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sxs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sxshared.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sxssrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sxsstore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sxstrace.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SyncCenter.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\synceng.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SyncEngine.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SyncHost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SyncHostps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SyncInfrastructure.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SyncInfrastructureps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Syncreg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\syncui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sysclass.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sysdm.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\syskey.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sysmon.ocx:$CmdTcID

AlternateDataStreams: C:\Windows\system32\sysntfy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SysResetErr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\syssetup.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\systemcpl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SystemEventsBrokerClient.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SystemEventsBrokerServer.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\systeminfo.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SystemPropertiesAdvanced.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SystemPropertiesComputerName.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SystemPropertiesHardware.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SystemPropertiesPerformance.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SystemPropertiesProtection.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SystemPropertiesRemote.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\systemreset.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SystemSettings.Handlers.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SystemSettingsAdminFlows.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SystemSettingsAdminFlowUI.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SystemSettingsDatabase.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\SystemSettingsRemoveDevice.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\systray.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\t2embed.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Tabbtn.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\TabbtnEx.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tabcal.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\TabletPC.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\system32\TabSvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\takeown.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tapi3.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tapi32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tapilua.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\TapiMigPlugin.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tapiperf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tapisrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\TapiSysprep.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\TapiUnattend.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\taskbarcpl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\taskcomp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\taskeng.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\taskhost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\taskhostex.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\taskkill.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tasklist.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Taskmgr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\taskschd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\TaskSchdPS.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tbs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tcmsetup.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tcpipcfg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\TcpipSetup.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tcpmib.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tcpmon.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tcpmonui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\TCPSVCS.EXE:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tdc.ocx:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\telephon.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\system32\termmgr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\TetheringIeProvider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\TetheringMgr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\TetheringStation.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\themecpl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\themeservice.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\themeui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\threadpoolwinrt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\thumbcache.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ThumbnailExtractionHost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\TimeBrokerClient.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\TimeBrokerServer.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\timedate.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\system32\TimeDateMUICallback.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\timeout.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\TimeSyncTask.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tlscsp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tpmcompc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\TpmInit.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\TpmTasks.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tpmvsc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tpmvscmgr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tpmvscmgrsvr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tquery.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\TRACERT.EXE:$CmdTcID

AlternateDataStreams: C:\Windows\system32\traffic.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tree.com:$CmdTcID

AlternateDataStreams: C:\Windows\system32\trkwks.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tsbyuv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tscfgwmi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\TSChannel.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tscon.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tsdiscon.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tskill.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tsmf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\TSTheme.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\TtlsAuth.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\TtlsCfg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\TtlsExt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tvratings.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\twext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\twinapi.appcore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\twinapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\twinui.appcore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\twinui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\txflog.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\txfw32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tzsync.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\tzutil.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ucmhc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ucrtbase.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\udhisapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\uDWM.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\uexfat.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ufat.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\UI0Detect.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\UIAutomationCore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\uicom.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\uireng.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\UIRibbon.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\UIRibbonRes.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ulib.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\umb.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\umdmxfrm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\umpnpmgr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\umpo.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\umpoext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\umpowmi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\umrdp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\unattend.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\unimdm.tsp:$CmdTcID

AlternateDataStreams: C:\Windows\system32\unimdmat.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\uniplat.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\unlodctr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\unregmp2.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\untfs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\upnp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\upnpcont.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\upnphost.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ureg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\usbceip.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\usbmon.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\usbperf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\usbui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\UserAccountBroker.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\UserAccountControlSettings.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\UserAccountControlSettings.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\usercpl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\userenv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\userinit.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\userinitext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\UserLanguageProfileCallback.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\UserLanguagesCpl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ustprov.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\utildll.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Utilman.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\uudf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\UXInit.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\uxlib.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\uxtheme.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\VAN.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Vault.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\vaultcli.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\VaultCmd.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\VaultRoaming.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\vaultsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\VBICodec.ax:$CmdTcID

AlternateDataStreams: C:\Windows\system32\vbisurf.ax:$CmdTcID

AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\vds.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\vdsbas.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\vdsdyn.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\vdsldr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\vdsutil.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\vdsvd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\vds_ps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\verclsid.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\verifier.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\verifier.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\version.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\vfwwdm32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\vidcap.ax:$CmdTcID

AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\virtdisk.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\VmApplicationHealthMonitorProxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\vmbuspipe.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\VmdCoinstall.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\vmictimeprovider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\vmrdvcore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\vpnike.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\vpnikeapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\VscMgrPS.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\vssadmin.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\vssapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\vsstrace.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\VSSVC.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\vss_ps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\w32time.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\w32tm.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\w32topl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WABSyncProvider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\waitfor.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WallpaperHost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WavDest.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wavemsp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wbadmin.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wbemcomn.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wbengine.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wbiosrvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wcescommproxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wcmapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wcmcsp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wcmsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WcnApi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wcncsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WcnEapAuthProxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WcnEapPeerProxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WcnNetsh.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wcnwiz.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WcsPlugInService.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wdc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01011.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wdiasqmmodule.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wdmaud.drv:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wdscore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WebcamUi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\webio.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\webservices.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Websocket.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wecapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wecsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wecutil.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wephostsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\werconcpl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wercplsupport.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\werdiagcontroller.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WerFault.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WerFaultSecure.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wermgr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wersvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\werui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wevtapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wevtfwd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wevtsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wevtutil.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wfapigp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wfdprov.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WfHC.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WFS.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\where.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\whhelper.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\whoami.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wiaacmgr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wiaaut.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wiadefui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wiadss.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wiarpc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wiascanprofiles.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wiaservc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wiashext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wiatrace.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WiFiDisplay.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wimgapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wimserv.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winbici.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winbio.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winbrand.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wincorlib.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wincredprovider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Store.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Data.Pdf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Devices.Background.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Devices.Background.ps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Devices.Bluetooth.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Devices.Custom.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Devices.Custom.ps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Devices.Enumeration.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Devices.Enumeration.ps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Devices.Geolocation.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Devices.PointOfService.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Devices.Portable.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Devices.Printers.Extensions.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Devices.Scanners.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Devices.Sensors.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Devices.SmartCards.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Devices.Usb.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Globalization.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Globalization.Fontgroups.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Graphics.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Graphics.Printing.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\windows.immersiveshell.serviceprovider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Media.Devices.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Media.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Media.MediaControl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Media.Renewal.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Media.SpeechSynthesis.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Media.Streaming.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Media.Streaming.ps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Networking.Connectivity.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Networking.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Networking.HostName.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Networking.Proximity.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Networking.Vpn.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Storage.ApplicationData.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Storage.Compression.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.System.Display.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.System.Profile.HardwareId.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.System.RemoteDesktop.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.UI.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.UI.Immersive.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.UI.Input.Inking.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.UI.Search.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.UI.Xaml.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Web.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Windows.Web.Http.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WindowsCodecsExt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\windowslivelogin.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winethc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WinFax.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wininit.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wininitext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winipsec.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Winlangdb.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winlogonext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winmde.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winmm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winmmbase.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WinMsoIrmProtector.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winnsi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WinOpcIrmProtector.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winrnr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winrs.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winrscmd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winrshost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winrssrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WinRtTracing.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WinSAT.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WinSATAPI.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WinSCard.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winshfhc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winsku.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winsockhc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winspool.drv:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WINSRPC.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WinSync.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WinSyncMetastore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WinSyncProviders.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WinTypes.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winusb.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\winver.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wisp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\witnesswmiv2provider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wkscli.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wkspbroker.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wkspbrokerAx.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wksprtPS.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wkssvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wlanapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wlancfg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WLanConn.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wlandlg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wlanext.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wlangpui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WLanHC.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wlanhlp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wlaninst.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WlanMM.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wlanmsm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wlanpref.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WlanRadioManager.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wlansec.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wlansvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wlansvcpal.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wlanui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Wldap32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wldp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wlgpclnt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wlidcli.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wlidcredprov.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wlidfdp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wlidnsp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wlidprov.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wlidsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wlrmdr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WlS0WndH.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WMASF.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wmcodecdspps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wmcoinst-070531-0952.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wmdmlog.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wmdmps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wmdrmdev.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wmdrmnet.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wmi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wmiclnt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wmicmiplugin.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wmidcom.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wmidx.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wmiprop.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wmitomi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WMNetMgr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WMPDMC.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WmpDui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wmpdxm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wmpeffects.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wmpps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wmpshell.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wmsgapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WMVCORE.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wmvdspa.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WofTasks.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WofUtil.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\workerdd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WorkFolders.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WorkfoldersControl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WorkFoldersGPExt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WorkFoldersShell.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\workfolderssvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wowreg32.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Wpc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wpccpl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WpcMon.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wpcsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WpcWebSync.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wpdbusenum.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WPDShextAutoplay.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WPDShServiceObj.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WPDSp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wpd_ci.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wpnapps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wpncore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wpninprc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wpnpinst.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wpnprv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wpnsruprov.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\write.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ws2help.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wscapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wscinterop.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wscisvif.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WSClient.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WSCollect.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wscproxystub.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wscript.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wscsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wscui.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WSDApi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wsdchngr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WSDMon.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WSDPrintProxy.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WSDScanProxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wsecedit.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wsepno.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wshbth.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wshcon.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wshelper.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wshext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wship6.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wshirda.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wshnetbs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wshom.ocx:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wshqos.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WSHTCPIP.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WsmAgent.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wsmplpxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wsnmp32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wsock32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wsqmcons.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WSReset.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WSService.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WSShared.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WSSync.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WSTPager.ax:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wtsapi32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WUDFCoinstaller.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WUDFHost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WUDFPlatform.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WUDFSvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WUDFx.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WUDFx02000.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wusa.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WUSettingsProvider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WwaApi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WWAHost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WWanAPI.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wwancfg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wwanconn.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WWanHC.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wwaninst.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wwanmm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Wwanpref.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wwanprotdim.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\WwanRadioManager.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wwansvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\wwapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\X3DAudio1_7.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xactengine3_2.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xactengine3_3.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xactengine3_4.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xactengine3_5.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xactengine3_6.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\XAPOFX1_1.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\XAPOFX1_4.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\XAudio2_2.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\XAudio2_3.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\XAudio2_4.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\XAudio2_5.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\XAudio2_6.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\XAudio2_8.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xcopy.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\XInput1_4.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\XInput9_1_0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xmlfilter.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xmllite.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xmlprovi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xolehlp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\XpsFilt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\XpsGdiConverter.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\XpsPrint.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\XpsRasterService.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xpsrchvw.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xpsservices.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\XPSSHHDR.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xpssvcs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xwizard.exe:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xwizards.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xwreg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xwtpdui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\xwtpw32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\zipfldr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\accessibilitycpl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\acledit.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\aclui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\acppage.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ActionCenter.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ActionCenterCPL.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\activeds.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\actxprxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\AdmTmpl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\adprovider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\adrclient.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\adsldp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\adsldpc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\adsnt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\advpack.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\amstream.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\apds.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Apphlpdm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\AppIdPolicyEngineApi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\appmgmts.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\appmgr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\apprepapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\apprepsync.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\appwiz.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\AppxAllUserStore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\AppxApplicabilityEngine.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\AppXDeploymentClient.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\AppxPackaging.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\AppxSip.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ARP.EXE:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\aspnet_counters.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\asycfilt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\at.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\AtBroker.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\atl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\atlthunk.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\attrib.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\audiodev.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\AuditNativeSnapIn.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\AuditPolicyGPInterop.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\AuthBroker.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\AuthExt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\authfwcfg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\AuthFWGP.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\AuthFWSnapin.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\AuthFWWizFwk.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\authz.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\autoconv.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\autoplay.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\avicap32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\avifil32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\avrt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\azroles.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\azroleui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\AzSqlExt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\backgroundTaskHost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\BackgroundTransferHost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\basecsp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\batmeter.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\bcd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\BCP47Langs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\bcrypt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\bdaplgin.ax:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\bidispl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\BioCredProv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\bitsadmin.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\bitsperf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\bitsprx2.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\bitsprx3.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\bitsprx4.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\bitsprx5.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\bitsprx6.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\bitsprx7.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\biwinrt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\BluetoothApis.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\bootcfg.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\browcli.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\browseui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\bthprops.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\bthudtask.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\btpanui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Bubbles.scr:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\BWContextHandler.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ByteCodeGenerator.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cabinet.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cabview.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cacls.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\calc.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\CallButtons.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\CallButtons.ProxyStub.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\CameraSettingsUIHost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\capiprovider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\capisp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\catsrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\catsrvps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cca.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cdosys.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\certca.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\certCredProvider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\certenc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\CertEnroll.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\CertEnrollCtrl.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\CertEnrollUI.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\certmgr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\CertPolEng.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\certreq.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\certutil.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ceutil.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cfgbkend.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cfgmgr32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cfmifs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cfmifsproxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\charmap.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\chartv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\chcp.com:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\CheckNetIsolation.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\chkdsk.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\chkntfs.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\choice.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\CHxReadingStringIME.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cic.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cipher.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\clb.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\clbcatq.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cleanmgr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cliconfg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cliconfg.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\clip.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\CloudNotifications.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\CloudStorageWizard.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\clusapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cmcfg32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cmd.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cmdext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cmdial32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cmdkey.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cmdl32.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cmifw.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cmlua.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cmmon32.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cmpbk32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cmstp.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cmstplua.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cmutil.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cngcredui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cngprovider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cnvfat.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\colbact.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\colorcpl.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\colorui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\combase.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\comcat.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\comdlg32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\comp.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\compact.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\CompPkgSup.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\compstui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ComputerDefaults.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\comrepl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\comsnap.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\comuid.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\connect.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ConnectedAccountState.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\console.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\control.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\convert.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\CredentialMigrationHandler.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\CredentialUIBroker.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\credui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\credwiz.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cryptdlg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cryptdll.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cryptext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\CryptoWinRT.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\crypttpmeksvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cryptuiwizard.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cryptxml.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cscapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cscdll.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cscobj.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cscript.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ctfmon.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cttune.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\cttunesvr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\C_G18030.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\C_IS2022.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\C_ISCII.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\d2d1.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\d3d10.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\d3d10core.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\d3d10level9.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\d3d10_1.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\d3d10_1core.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\d3d11.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\d3d8.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\d3d8thk.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\d3d9.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_39.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_40.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_41.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_42.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_47.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_42.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\d3dim.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\d3dim700.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\d3dramp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_39.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_40.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_41.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_42.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_39.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_40.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_41.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_42.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\d3dxof.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dabapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\DafPrintProvider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\DaOtpCredentialProvider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dataclen.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\davhlpr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dbgeng.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dbghelp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dbnetlib.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dbnmpntw.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dccw.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dcomcnfg.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dcomp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\DDACLSys.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ddodiag.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\DDOIProxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\DDORes.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ddraw.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ddrawex.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\DefaultDeviceManager.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\DefaultPrinterProvider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\delegatorprovider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\desk.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\deskadp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\deskmon.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\DevDispItemProvider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\deviceaccess.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\deviceassociation.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\DeviceCenter.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\DeviceDisplayStatusManager.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\DevicePairing.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\DevicePairingFolder.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\DevicePairingProxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\DevicePairingWizard.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\DeviceProperties.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\DeviceUxRes.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\devmgr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\devobj.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\devrtl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dfrgui.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dfscli.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\DfsShlEx.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dhcpcmonitor.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dhcpcore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dhcpcore6.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dhcpcsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dhcpcsvc6.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\DHCPQEC.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dhcpsapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dialer.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\difxapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dimsjob.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dimsroam.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dinput.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dinput8.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\diskcomp.com:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\diskcopy.com:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\diskcopy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\diskpart.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\diskraid.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dispex.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Display.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\DisplaySwitch.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dllhost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dllhst3g.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dlnashext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dmband.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dmcompos.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dmdlgs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dmdskmgr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dmime.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dmintf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dmloader.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dmocx.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dmscript.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dmstyle.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dmsynth.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dmusic.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dmutil.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dmvdsitf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dmview.ocx:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dnsapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\docprop.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\doskey.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dot3api.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dot3cfg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dot3dlg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dot3gpclnt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dot3gpui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dot3hc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dot3msm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dot3ui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dpapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dpapimig.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dpapiprovider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\DpiScaling.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dplaysvr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dplayx.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dpmodemx.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dpwsockx.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\driverquery.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\drprov.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\drt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\drtprov.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\drttransport.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\drvinst.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\drvstore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dsauth.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dsdmo.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dskquota.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dskquoui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dsound.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dsparse.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dsprop.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dsquery.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dsrole.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dssec.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dssenh.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Dsui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dsuiext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dswave.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dtsh.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dui70.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\duser.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dvdplay.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dvdupgrd.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\DWWIN.EXE:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dxdiag.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dxdiagn.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dxgi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\DxpTaskSync.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\dxva2.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\eapp3hst.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\eappcfg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\eappgnui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\eapphost.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\eappprxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\eapprovp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\EAPQEC.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\EaseOfAccessDialog.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\easwrt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\efsadu.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\efscore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\efsui.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\efsutil.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\efswrt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\EhStorAPI.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\EhStorAuthn.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\EhStorPwdMgr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ELSCore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\elshyph.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\elslad.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\elsTrans.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\encapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\eqossnap.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\es.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\esent.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\esentprf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\esentutl.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\eudcedit.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\eventcls.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\eventcreate.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\eventvwr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\expand.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\extrac32.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Faultrep.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\fc.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\fdBth.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\fdBthProxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\FdDevQuery.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\fde.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\fdeploy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\fdPnp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\fdprint.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\fdProxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\fdSSDP.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\fdWCN.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\fdWNet.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\fdWSD.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\feclient.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\filemgmt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\find.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\findnetprinters.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\findstr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\finger.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\FirewallAPI.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\FirewallControlPanel.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\fltLib.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\fltMC.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\fmifs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\fms.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Fondue.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\fontext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\fontview.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\forfiles.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\format.com:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\fphc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\framedyn.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\framedynos.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\frprov.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\fsutil.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\fsutilext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ftp.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\fundisc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\fwcfg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\FWPUCLNT.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\FXSAPI.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\FXSCOM.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\FXSCOMEX.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\FXSEXT32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\FXSXP32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\g711codc.ax:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\gameux.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\gcdef.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\GdiPlus.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\GeofenceMonitorService.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\getmac.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\getuname.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\glcndFilter.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\glmf32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\GlobCollationHost.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\globinputhost.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\glu32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\gpapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\gpedit.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\gpprefcl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\gpprnext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\gpresult.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\gpscript.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\gpscript.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\gptext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\gpupdate.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\grpconv.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\hbaapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\hcproviders.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\hdwwiz.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\hdwwiz.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\help.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\HelpPaneProxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\hgcpl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\hh.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\hhctrl.ocx:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\hhsetup.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\hid.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\hidphone.tsp:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\hidserv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\hnetcfg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\hnetmon.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\HOSTNAME.EXE:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\httpapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\htui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ias.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\iasacct.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\iasads.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\iasdatastore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\iashlpr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\IasMigPlugin.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\iasnap.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\iaspolcy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\iasrad.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\iasrecst.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\iassam.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\iassdo.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\iassvcs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\icacls.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\iccvid.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\icm32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\icmui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\IconCodecService.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\icsigd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\icsunattend.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\IdCtrls.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\idndl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\IDStore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\iepeers.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ifmon.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ifsutil.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ifsutilx.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\imaadp32.acm:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\imagehlp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\imapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\imapi2.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\imapi2fs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\imm32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\inetmib1.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\InfDefaultInstall.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\InputSwitch.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\intl.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ipconfig.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\IPHLPAPI.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\iprop.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\iprtprio.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\iprtrmgr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ipsecsnp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ipsmsnap.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ir32_32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ir41_32.ax:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ir41_qc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ir41_qcx.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ir50_32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ir50_qc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ir50_qcx.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\irclass.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\irprops.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\iscsicli.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\iscsicpl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\iscsicpl.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\iscsidsc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\iscsied.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\iscsium.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\iscsiwmi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\iscsiwmiv2.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\isoburn.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\itircl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\itss.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\iyuv_32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\joy.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\KBDAZE.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\KBDAZEL.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\KBDAZST.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\kbdgeoqw.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\kernel.appcore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\KeyboardFilterCore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\keyiso.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\keymgr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\kmddsp.tsp:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\korwbrkr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\kstvtune.ax:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Kswdmcap.ax:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ksxbar.ax:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ktmutil.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ktmw32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\l2gpstore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\l2nacp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\L2SecHC.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\l3codeca.acm:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\l3codecp.acm:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\label.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\LAPRXY.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\LaunchTM.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\linkinfo.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\loadperf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\localsec.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\LocationApi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\LocationNotifications.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\lodctr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\logagent.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\loghours.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\logoncli.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\lsmproxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\luainstall.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Magnification.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Magnify.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\main.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\makecab.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MbaeApi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MbaeApiPublic.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mbsmsapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mbussdapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mcbuilder.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mciavi32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mcicda.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mciqtz32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mciseq.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mciwave.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mdminst.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mdmregistration.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mf3216.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mfAACEnc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mfasfsrcsnk.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mfc42.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mfc42u.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MFCaptureEngine.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mfcore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mfcsubs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mfds.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mfdvdec.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mfh264enc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MFMediaEngine.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mfmjpegdec.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mfmp4srcsnk.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mfnetcore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mfnetsrc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MFPlay.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mfreadwrite.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mfsrcsnk.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mfsvr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mftranscode.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mgmtapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mibincodec.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MicrosoftAccountTokenProvider.dll:$CmdTcID

Code:

AlternateDataStreams: C:\Windows\SysWOW64\midimap.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\miguiresource.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mimefilt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mimofcodec.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MirrorDrvCompat.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mispace.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\miutils.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mlang.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mmc.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mmcbase.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mmci.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mmcico.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mmcndmgr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mmcshext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MMDevAPI.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mmsys.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mobsync.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mode.com:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\modemui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\more.com:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mountvol.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Mpeg2Data.ax:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mpg2splt.ax:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mpr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mprapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mprddm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mprdim.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mprext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mprmsg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MRINFO.EXE:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MrmCoreR.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MrmIndexer.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msaatext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MSAC3ENC.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msacm32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msacm32.drv:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msadp32.acm:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msasn1.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MSAudDecMFT.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mscandui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mscat32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mscms.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mscpxl32.dLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msctfime.ime:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MsCtfMonitor.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msctfp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msctfui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msctfuimanager.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msdadiag.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msdart.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msdelta.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msdmo.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msdrm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msdt.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msdtcprx.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msdtcuiu.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MSDvbNP.ax:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msftedit.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msg711.acm:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msgsm32.acm:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msidcrl40.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msident.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msidle.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msieftp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msiltcfg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msimg32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msimtf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msinfo32.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msisip.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msiwer.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mskeyprotcli.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mskeyprotect.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msls31.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MSNP.ax:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msoeacct.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msoert2.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mspaint.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mspatcha.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mspatchc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msports.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msra.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msrdc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MsRdpWebAccess.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msrle32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msscntrs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msscript.ocx:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mssha.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msshooks.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mssign32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mssip32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mssitlb.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MsSpellCheckingFacility.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MsSpellCheckingHost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mssph.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mssphtb.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mssprxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mssrch.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mssvp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mstask.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msutb.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msvcirt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msvcp60.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msvcrt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msvfw32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msvidc32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MSVideoDSP.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msvproc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MSWB7.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MSWB70011.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MSWB7001E.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MSWB70404.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MSWB70804.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mswmdm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mswsock.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\msyuv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mtstocom.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mtxclu.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mtxdm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mtxex.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mtxlegih.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\muifontsetup.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\MuiUnattend.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mycomput.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\mydocs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Mystify.scr:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\napdsnap.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NapiNSP.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\napipsec.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NAPMONTR.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NAPSTAT.EXE:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Narrator.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NaturalLanguage6.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NcaApi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NcdProp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\nci.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ncobjapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ncpa.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ncryptprov.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ncryptsslp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ndadmin.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\nddeapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ndfapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ndfetw.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ndfhcdiscovery.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ndiscapCfg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ndishc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ndproxystub.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\negoexts.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\net.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\net1.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\netapi32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\netbios.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\netbtugc.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\netcenter.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\netcfgx.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\netcorehc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\netdiagfx.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\netid.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\netiohlp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\netiougc.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\netjoin.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\netlogon.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\netplwiz.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Netplwiz.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\netprofm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\netprovisionsp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\netsh.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\netshell.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NETSTAT.EXE:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\netutils.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\networkexplorer.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\networkitemfactory.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\newdev.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\newdev.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ninput.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NL7Data0011.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NL7Data001E.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NL7Data0404.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NL7Data0804.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\nlhtml.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\nlmgp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\nlmproxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\nlmsprep.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData0000.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData0002.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData0003.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData0007.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData0009.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData000a.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData000c.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData000d.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData000f.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData0010.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData0018.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData001a.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData001b.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData001d.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData0020.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData0021.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData0022.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData0024.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData0026.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData0027.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData002a.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData0039.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData003e.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData0045.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData0046.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData0047.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData0049.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData004a.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData004b.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData004c.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData004e.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData0414.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData0416.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData0816.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData081a.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsData0c1a.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Nlsdl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NlsLexicons0009.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\normaliz.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\npmproxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\nshhttp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\nshipsec.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\nshwfp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\nsi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\nslookup.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ntasn1.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ntdsapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ntlanman.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ntlanui2.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ntmarta.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ntprint.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ntprint.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ntshrui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\nvd3dum.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\NvIFROpenGL.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\nvinit.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\nvoglshim32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\nvoglv32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\nvopencl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\nvumdshim.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\nvwgf2um.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\objsel.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ocsetapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\odbc32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\odbcad32.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\odbcbcp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\odbcconf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\odbcconf.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\odbccp32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\odbccr32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\odbccu32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\odbcji32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\odbcjt32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\odbctrac.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\oddbse32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\odexl32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\odfox32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\odpdx32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\odtext32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\OEMLicense.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\offfilt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\offreg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ogldrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\oleacc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\oleacchooks.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\olecli32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\oledlg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\oleprn.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\olesvr32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\olethk32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\OnDemandConnRouteHelper.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\onex.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\onexui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\OobeFldr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\OpcServices.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\OpenCL.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\openfiles.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\opengl32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\OpenWith.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\osbaseln.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\osk.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\OskSupport.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\osuninst.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\P2P.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\P2PGraph.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\p2pnetsh.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\PackageStateRoaming.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\panmap.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\PasswordOnWakeSettingFlyout.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\PATHPING.EXE:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\pautoenr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\pcacli.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\pcaui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\pcaui.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\PCPKsp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\PCPTpm12.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\pdh.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\pdhui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\PeerDist.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\PeerDistSh.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\perfctrs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\perfdisk.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\perfmon.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\perfnet.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\perfos.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\perfproc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\perfts.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\PhotoMetadataHandler.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\PhotoScreensaver.scr:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\photowiz.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\PickerHost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\pid.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\PING.EXE:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\PkgMgr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\pla.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\playlistfolder.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\PlaySndSrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\PlayToDevice.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\PlayToManager.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\PlayToStatusProvider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\pnrpnsp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\polstore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceApi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceClassExtension.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceConnectApi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceStatus.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceSyncProvider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceTypes.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceWiaCompat.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceWMDRM.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\pots.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\powercfg.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\powercfg.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\powercpl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\powrprof.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\prevhost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\print.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\PrintConfig.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\PrintDialogs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\printui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\printui.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\prncache.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\prnfldr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\prnntfy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\prntvpt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\profapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\profext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\propsys.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\proquota.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\provcore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\provsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\provthrd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ProximityCommon.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ProximityCommonPal.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ProximityRtapiPal.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\prvdmofcomp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\psapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\psisdecd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\psisrndr.ax:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\PSModuleDiscoveryProvider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\psr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\pstorec.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\puiapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\puiobj.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\pwrshplugin.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\QAGENT.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\QCLIPROV.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\qdv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\qmgrprxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\QSHVHOST.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\QSVRMGMT.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Query.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\QUTIL.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\qwave.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\RacEngn.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\racpldlg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\radardt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\radarrs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\RADCUI.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rapiproxystub.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rapistub.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rasadhlp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rasapi32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rasautou.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rascfg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\raschap.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\raschapext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rasctrs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rasdiag.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rasdial.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rasdlg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\raserver.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rasgcw.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rasman.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rasmontr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rasmxs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rasphone.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rasplap.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rasppp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rasser.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rastapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rastlsext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rdpcore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rdpencom.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rdpendp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\RdpSa.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\RdpSaProxy.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\RdpSaPs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\RdpSaUacHelper.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rdrleakdiag.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rdvvmtransport.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ReAgent.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ReAgentc.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\recover.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\reg.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\regapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\RegCtrl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\regedit.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\regedt32.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\regini.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Register-CimProvider.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\regsvr32.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ReInfo.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rekeywiz.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\remotepg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\remotesp.tsp:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\RemoveDeviceContextHandler.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\RemoveDeviceElevated.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\replace.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\resmon.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\RestoreOptIn.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\resutils.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rgb9rast.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Ribbons.scr:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\riched20.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\riched32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\RMActivate.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_isv.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_ssp.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\RmClient.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rnr20.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Robocopy.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ROUTE.EXE:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rpchttp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\RpcNs4.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rpcnsh.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\RpcPing.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\RpcRtRemote.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rsaenh.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rshx32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\RstrtMgr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rtffilt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rtm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rtutils.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\RTWorkQ.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\runas.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\rundll32.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\RunLegacyCPLElevated.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\runonce.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\samcli.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\samlib.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sas.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sbe.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sbeio.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sc.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\scansetting.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SCardDlg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\scecli.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\schedcli.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\schtasks.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\scksp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\scripto.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\scrnsave.scr:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\scrobj.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\scrptadm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\scrrun.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sdchange.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sdiageng.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sdiagnhost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sdiagprv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sdohlp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SearchFilterHost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SearchFolder.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SearchIndexer.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SearchProtocolHost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SecEdit.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\secinit.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\secproc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\secproc_isv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\secproc_ssp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\secproc_ssp_isv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sendmail.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SensApi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SensorsApi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SensorsCpl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\serialui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\serwvdrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SessEnv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sethc.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SettingMonitor.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SettingSync.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncCore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncHost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncPolicy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\setupapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\setupcln.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\setupugc.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\setx.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sfc.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sfc_os.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\shacct.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SHCore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\shdocvw.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\shfolder.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\shgina.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\shimgvw.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\shlwapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\shpafact.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\shrpubw.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\shsetup.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\shsvcs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\shunimpl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\shutdown.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\shwebsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\signdrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SimAuth.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SimCfg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sisbkup.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SkyDriveShell.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\slpts.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SmartScreenSettings.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SMBHelperClass.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\smphost.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SndVol.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SndVolSSO.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\snmpapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\softkbd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\softpub.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sort.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SortServer2003Compat.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SortWindows61.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SortWindows6Compat.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\spbcd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\spfileq.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SPInf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\spnet.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\spopk.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\spp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\spwinsat.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\spwizeng.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sqlcecompact40.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sqlceoledb40.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sqlceqp40.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sqlcese40.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sqlsrv32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sqmapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\srchadmin.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SRH.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\srm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\srmclient.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\srmscan.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\srmshell.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\srmstormod.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\srmtrace.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\srm_ps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SrpUxNativeSnapIn.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\srumapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\srumsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\srvcli.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sscore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ssdpapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SSShim.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ssText3d.scr:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Startupscan.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\stclient.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sti.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\stobject.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\StorageContextHandler.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\storagewmi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\storagewmi_passthru.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Storprop.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\StorSvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\StructuredQuery.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\subst.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sud.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\svchost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sxproxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sxs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sxshared.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sxsstore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sxstrace.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SyncCenter.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\synceng.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SyncHost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SyncHostps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SyncInfrastructure.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SyncInfrastructureps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Syncreg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\syncui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sysdm.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\syskey.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\sysmon.ocx:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\syssetup.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\systemcpl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SystemEventsBrokerClient.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\systeminfo.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesComputerName.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesHardware.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesPerformance.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesProtection.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesRemote.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\systray.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\t2embed.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\takeown.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\tapi3.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\tapi32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\TapiMigPlugin.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\tapiperf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\tapisrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\TapiSysprep.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\TapiUnattend.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\taskcomp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\taskeng.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\taskkill.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\tasklist.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Taskmgr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\taskschd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\TaskSchdPS.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\tbs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\tcmsetup.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\tcpipcfg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\tcpmib.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\tcpmonui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\TCPSVCS.EXE:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\tdc.ocx:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\telephon.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\termmgr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\themecpl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\themeui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\threadpoolwinrt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\thumbcache.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ThumbnailExtractionHost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\TimeBrokerClient.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\timedate.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\TimeDateMUICallback.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\timeout.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\tlscsp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\tpmcompc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\TpmInit.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\tquery.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\TRACERT.EXE:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\traffic.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\tree.com:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\tsbyuv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\TSChannel.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\tsmf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\TSTheme.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\TSWorkspace.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\TtlsAuth.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\TtlsCfg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\TtlsExt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\tvratings.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\twext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\twinapi.appcore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\twinapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\twinui.appcore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\twinui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\txflog.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\txfw32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\tzutil.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ucmhc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ucrtbase.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\udhisapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\uexfat.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ufat.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\UIAnimation.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\UIAutomationCore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\uicom.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\uireng.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\UIRibbon.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\UIRibbonRes.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ulib.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\umdmxfrm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\unimdm.tsp:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\unimdmat.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\uniplat.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\unlodctr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\unregmp2.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\untfs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\upnp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\upnpcont.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\upnphost.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ureg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\usbceip.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\usbperf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\usbui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\UserAccountBroker.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\UserAccountControlSettings.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\UserAccountControlSettings.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\usercpl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\userenv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\userinit.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\userinitext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\UserLanguageProfileCallback.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\UserLanguagesCpl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ustprov.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\utildll.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Utilman.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\uudf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\UXInit.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\uxlib.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\uxtheme.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\VAN.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Vault.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\vaultcli.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\VBICodec.ax:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\vbisurf.ax:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\vdmdbg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\vds_ps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\verclsid.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\verifier.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\verifier.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\version.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\vfwwdm32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\vidcap.ax:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\virtdisk.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\vpnikeapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\VscMgrPS.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\vssadmin.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\vssapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\vsstrace.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\vss_ps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\w32tm.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\w32topl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WABSyncProvider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\waitfor.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wavemsp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wbemcomn.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wcescommproxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wcmapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WcnApi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wcnwiz.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WcsPlugInService.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wdc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wdmaud.drv:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wdscore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WebcamUi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\webio.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\webservices.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Websocket.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wecapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wecutil.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wer.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\werdiagcontroller.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WerFault.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WerFaultSecure.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wermgr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\werui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wevtapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wevtfwd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wevtutil.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wfapigp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wfdprov.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WfHC.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\where.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\whhelper.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\whoami.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wiaacmgr.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wiaaut.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wiadefui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wiadss.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wiascanprofiles.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wiashext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wiatrace.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wimgapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\winbio.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\winbrand.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wincorlib.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wincredprovider.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Background.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Background.ps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Custom.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Custom.ps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Enumeration.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Enumeration.ps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Geolocation.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Portable.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Printers.Extensions.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Globalization.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Globalization.Fontgroups.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Graphics.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Devices.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.SpeechSynthesis.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Streaming.ps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.Proximity.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Storage.Compression.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.Display.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.Profile.HardwareId.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.RemoteDesktop.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Search.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Web.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Windows.Web.Http.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecsExt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\windowslivelogin.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WinFax.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\winhttp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wininitext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\winipsec.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Winlangdb.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\winmde.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\winmm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\winmmbase.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WinMsoIrmProtector.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\winnsi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WinOpcIrmProtector.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\winrnr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\winrs.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\winrscmd.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\winrshost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\winrssrv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WinRtTracing.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WinSATAPI.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WinSCard.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\winshfhc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\winsku.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\winsockhc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\winspool.drv:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WINSRPC.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WinSync.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WinSyncMetastore.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WinSyncProviders.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WinTypes.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\winusb.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\winver.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wisp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wkscli.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wkspbrokerAx.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wksprtPS.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wlanapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wlancfg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WLanConn.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wlandlg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wlanext.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wlangpui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wlanhlp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wlaninst.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WlanMM.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wlanmsm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wlanpref.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wlansec.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wlanui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Wldap32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wlgpclnt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wlidcli.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wlidcredprov.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wlidfdp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wlidnsp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wlidprov.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WlS0WndH.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WMASF.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wmcodecdspps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wmdmlog.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wmdmps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wmdrmdev.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wmdrmnet.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wmi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wmiclnt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wmidcom.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wmidx.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wmiprop.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wmitomi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WMNetMgr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WMPDMC.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WmpDui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wmpdxm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wmpeffects.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wmpps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wmpshell.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wmsgapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WMVCORE.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wmvdspa.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wowreg32.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\Wpc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wpcsvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WPDShextAutoplay.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WPDShServiceObj.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WPDSp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wpnapps.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\write.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ws2help.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\ws2_32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wscapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wscinterop.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wscisvif.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WSClient.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wscproxystub.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wscript.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wscui.cpl:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WSDApi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wsdchngr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wsecedit.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wshbth.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wshcon.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wshelper.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wshext.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wship6.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wshirda.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wshom.ocx:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wshqos.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WSHTCPIP.DLL:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WsmAgent.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wsmplpxy.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wsmprovhost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wsnmp32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wsock32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WSShared.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WSSync.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WSTPager.ax:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wtsapi32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wusa.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wvc.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WwaApi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WWAHost.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\WWanAPI.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\wwapi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_5.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_6.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_7.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_2.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_3.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_4.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_5.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_6.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_1.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_2.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_3.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_4.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_2.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_3.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_4.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_5.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_6.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_8.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\xcopy.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\XInput1_4.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\XInput9_1_0.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\xmlfilter.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\xmllite.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\xmlprovi.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\xolehlp.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\XpsFilt.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\XpsGdiConverter.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\XpsPrint.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\XpsRasterService.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\xpsrchvw.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\xpsservices.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\XPSSHHDR.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\xpssvcs.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\xwizard.exe:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\xwizards.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\xwreg.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\xwtpdui.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\xwtpw32.dll:$CmdTcID

AlternateDataStreams: C:\Windows\SysWOW64\zipfldr.dll:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\a38ccid.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\acpi.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\agilevpn.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\ahcache.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\bridge.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\bthhfenum.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\Classpnp.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\clfs.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\csc.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\dam.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\dumpsd.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\dxgmms1.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\EsgScanner.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\fltMgr.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\fsdepends.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\hidbth.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\i8042prt.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\iaStorA.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\intelpep.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\kbdclass.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\kbdhid.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\mouclass.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\mouhid.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\mpsdrv.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\mslldp.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\ndiscap.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\NdisImPlatform.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\ndistapi.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\ndproxy.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\Ndu.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\netbios.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\netio.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\netvsc63.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\nsiproxy.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\nvlddmkm.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\nwifi.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\pacer.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\pdc.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\qwavedrv.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\rasacd.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\rasl2tp.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\rassstp.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\rdpvideominiport.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\refs.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\rootmdm.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\Rt630x64.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\scfilter.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\sdbus.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\sermouse.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\spaceport.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\storvsp.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\stwrt64.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\swenum.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\tbs.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\TeeDriverx64.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\tpm.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbGD.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\tunnel.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\UCX01000.SYS:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\udfs.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\usbcir.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\USBHUB3.SYS:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\usbuhci.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\USBXHCI.SYS:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\vhdmp.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\vmbkmcl.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\vmbus.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\vmstorfl.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\vpci.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\wanarp.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\WdBoot.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\WdFilter.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\WdNisDrv.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\wfplwfs.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\wimmount.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\winhv.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\wpcfltr.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\WUDFPf.sys:$CmdTcID

AlternateDataStreams: C:\Windows\system32\Drivers\WUDFRd.sys:$CmdTcID

AlternateDataStreams: C:\Users\Stefan\dxazlfq.exe:$CmdTcID

AlternateDataStreams: C:\Users\Stefan\dxfgihc.exe:$CmdTcID

AlternateDataStreams: C:\Users\Stefan\dxzyeqt.exe:$CmdTcID

AlternateDataStreams: C:\Users\Stefan\Downloads\esetsmartinstaller_deu.exe:$CmdTcID

AlternateDataStreams: C:\Users\Stefan\Downloads\esetsmartinstaller_deu.exe:$CmdZnID

AlternateDataStreams: C:\Users\Stefan\Downloads\Filme_Agatha Christie-Toedliche Safari-1989-Filmklassisker.nzb:$CmdZnID

AlternateDataStreams: C:\Users\Stefan\Downloads\Filme_Der Eiserne Ritter Von Falworth (1954) AVI.nzb:$CmdZnID

AlternateDataStreams: C:\Users\Stefan\Downloads\Filme_Die.Prinzessin.mit.dem.goldenen.Stern (1959) CSSR DEFA.nzb:$CmdZnID

AlternateDataStreams: C:\Users\Stefan\Downloads\TV_17.000.Kilometer.Kanada.E01.Kaempfen.Jagen.Ueberleben.German.DOKU.WS.HDTVRip.x264-OMGtv.nzb:$CmdZnID

AlternateDataStreams: C:\Users\Stefan\Downloads\TV_Crazy.Food.Die.verruecktesten.Restaurants.der.Welt.S01E02.GERMAN.DOKU.HDTV.x264-KiTCHEN.nzb:$CmdZnID

AlternateDataStreams: C:\Users\Stefan\Downloads\TV_Das.Raetsel.der.Spider.Rocks.GERMAN.DOKU.720p.WebRip.x264-BTVG.nzb:$CmdZnID

AlternateDataStreams: C:\Users\Stefan\Downloads\TV_Die.Bergung.der.Costa.Concordia.German.DOKU.720p.HDTV.x264-UTOPiA.nzb:$CmdZnID

AlternateDataStreams: C:\Users\Stefan\Downloads\TV_Drogen.im.Visier.S07E04.Spring.Break.Deals.GERMAN.DOKU.HDTVRip.x264-MDGP.nzb:$CmdZnID

AlternateDataStreams: C:\Users\Stefan\Downloads\TV_Entfuehrt.im.Irak.311.Tage.Nervenkrieg.German.DOKU.720p.HDTV.x264-UTOPiA.nzb:$CmdZnID

AlternateDataStreams: C:\Users\Stefan\Downloads\TV_Faszination.Kanada.E01.Die.Arktis.Expedition.in.die.Nordwestpassage.GERMAN.DOKU.WS.HDTVRip.x264-TMSF.nzb:$CmdZnID

AlternateDataStreams: C:\Users\Stefan\Downloads\TV_Mountain.Men.-.Ueberleben.in.der.Wildnis.S04E08.Ausgehungert.GERMAN.DOKU.HDTVRip.x264-RiO.nzb:$CmdZnID

AlternateDataStreams: C:\Users\Stefan\Downloads\TV_Revolverhelden.Legenden.des.Wilden.Westens.S02E03.Bat.Masterson.GERMAN.DOKU.HDTVRip.x264-MDGP.nzb:$CmdZnID
 

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
 
 

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
 
 

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
 
 

==================== Hosts Inhalt: ===============================
 

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
 

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 

==================== Andere Bereiche ============================
 

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
 

HKU\S-1-5-21-2620496672-2744858316-2536672267-1001\Control Panel\Desktop\\Wallpaper -> E:\Foto Family E\Simon 07.10.2015. 10.01, 3.630g\P1080620.JPG

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall ist aktiviert.
 

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
 

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
 

HKLM\...\StartupApproved\StartupFolder: => "Start GeekBuddy.lnk"

HKLM\...\StartupApproved\StartupFolder: => "CardOS API.lnk"

HKLM\...\StartupApproved\StartupFolder: => "AddonNP.lnk"

HKLM\...\StartupApproved\Run: => "SysTrayApp"

HKLM\...\StartupApproved\Run: => "BeatsOSDApp"

HKLM\...\StartupApproved\Run: => "Windows Mobile Device Center"

HKLM\...\StartupApproved\Run32: => "tvncontrol"

HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"

HKLM\...\StartupApproved\Run32: => "Adobe ARM"

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

HKLM\...\StartupApproved\Run32: => "PrivDogService"

HKLM\...\StartupApproved\Run32: => "fst_it_204"

HKU\S-1-5-21-2620496672-2744858316-2536672267-1001\...\StartupApproved\StartupFolder: => "genesis_07151917.lnk"

HKU\S-1-5-21-2620496672-2744858316-2536672267-1001\...\StartupApproved\StartupFolder: => "Picture Motion Browser Medien-Prüfung.lnk"

HKU\S-1-5-21-2620496672-2744858316-2536672267-1001\...\StartupApproved\Run: => "EPSON SX420W Series"

HKU\S-1-5-21-2620496672-2744858316-2536672267-1001\...\StartupApproved\Run: => "Steam"

HKU\S-1-5-21-2620496672-2744858316-2536672267-1001\...\StartupApproved\Run: => "framei"

HKU\S-1-5-21-2620496672-2744858316-2536672267-1001\...\StartupApproved\Run: => "nvcmd"

HKU\S-1-5-21-2620496672-2744858316-2536672267-1001\...\StartupApproved\Run: => "cntcmd"

HKU\S-1-5-21-2620496672-2744858316-2536672267-1001\...\StartupApproved\Run: => "genesis_07151917"
 

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 

FirewallRules: [{2D1351D8-CF7E-4CC5-8F48-FBCDA0F9E167}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe

FirewallRules: [{8217E0CC-86A7-48B9-ABF1-279E744C7F04}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe

FirewallRules: [{93F474FF-1722-4CDD-B571-FA28E3988D26}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe

FirewallRules: [{F0E566BC-B5C7-4703-933C-7A462D291509}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe

FirewallRules: [{88771030-AB65-4991-8EE2-A310F3DC5710}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{8BB2F6A0-87B5-4555-A02C-21648B149D68}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{A5B678BB-DAAD-4140-98D0-0F45EC28551C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{79AAC5A3-DEA4-4BE9-800C-CD218934D14B}] => (Allow) C:\Windows\KMSEmu.exe

FirewallRules: [{361BD660-1C6D-475B-A403-3E898F390373}] => (Allow) C:\Windows\KMSEmu.exe

FirewallRules: [{3F590FCC-3999-4AF0-852E-50791FCEA7C9}] => (Allow) C:\Windows\KMSEmu.exe

FirewallRules: [{83961BED-3FC7-4431-ACE0-AD4337A280A7}] => (Allow) C:\Windows\KMSEmu.exe

FirewallRules: [{9AD93C85-3E44-43A0-8EFB-CD890FADBE3B}] => (Allow) C:\Windows\KMSEmu.exe

FirewallRules: [{96E7D2F6-1EC4-4734-BE23-D4D750F700C7}] => (Allow) C:\Windows\KMSEmu.exe

FirewallRules: [{D1D2C072-5067-4D21-84CD-CA1E3C76B49A}] => (Allow) C:\Windows\KMSEmu.exe

FirewallRules: [{0E99E9E0-0CA5-4E5F-A164-582D638A1EEF}] => (Allow) C:\Windows\KMSEmu.exe

FirewallRules: [{0AFB5CB9-EFE5-440B-BBBB-4571159D4201}] => (Allow) C:\Windows\KMSEmu.exe

FirewallRules: [{404198F7-16F5-4D04-883A-09ECCBC50319}] => (Allow) C:\Windows\KMSEmu.exe

FirewallRules: [{D34F63BA-5CA1-4590-B789-B19F69E21F40}] => (Allow) C:\Windows\KMSEmu.exe

FirewallRules: [{3AE4F548-E2E5-487E-A3F4-8A3CE46FB671}] => (Allow) C:\Windows\KMSEmu.exe

FirewallRules: [{7D9F024B-ECD9-4466-AF57-676E76064C28}] => (Allow) C:\Windows\KMSEmu.exe

FirewallRules: [{77D30115-3EEE-462C-9ED3-4C192DFBE0C1}] => (Allow) C:\Windows\KMSEmu.exe

FirewallRules: [{62C15BB3-8294-4B6C-868F-D50D6C8960E0}] => (Allow) C:\Windows\KMSEmu.exe

FirewallRules: [{2F810D24-FD9F-4573-BB07-1B020F4CCD64}] => (Allow) C:\Windows\KMSEmu.exe

FirewallRules: [{A0418FC4-DB54-4F74-86F1-4FD1C35429DE}] => (Allow) C:\Windows\KMSEmu.exe

FirewallRules: [{6F584601-F9F6-4935-BAFF-A62D124C40F9}] => (Allow) C:\Windows\KMSEmu.exe

FirewallRules: [{FEBE048B-E121-48A3-B44A-1C29842B6C00}] => (Allow) C:\Windows\KMSEmu.exe

FirewallRules: [{53DC010B-396F-4750-87B0-54C9340F9B69}] => (Allow) C:\Windows\KMSEmu.exe

FirewallRules: [{5B7DA6E0-DC4C-4E31-8933-EA4A6921427E}] => (Allow) C:\Windows\KMSEmu.exe

FirewallRules: [{EA9C0E0C-A387-4CC1-8A75-F9C04CCB3FA8}] => (Allow) C:\Windows\KMSEmu.exe

FirewallRules: [TCP Query User{1B190E47-920E-45E4-82BE-6E6062A7098C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe

FirewallRules: [UDP Query User{396A8F4C-DFDD-412E-89EF-79F4D15AF2B7}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe

FirewallRules: [{ACD0F4D0-D8F1-4544-8061-C89744CA1937}] => (Allow) C:\Windows\KMSEmu.exe

FirewallRules: [{41A04CEB-CEBF-4D42-8D06-ED9CD2A256D4}] => (Allow) C:\Windows\KMSEmu.exe

FirewallRules: [{C3004E82-F96F-4D65-849E-E639D2C42D9A}] => (Allow) C:\Windows\KMSEmu.exe

FirewallRules: [{77882835-80B3-411A-BC5F-C04FB95C9D93}] => (Allow) C:\Windows\KMSEmu.exe

FirewallRules: [{239EB5BB-7E34-4F6C-969F-EC1105868316}] => (Allow) C:\Windows\KMSEmu.exe
 

==================== Wiederherstellungspunkte =========================
 

30-12-2015 08:36:55 Windows Update

06-01-2016 20:32:14 Geplanter Prüfpunkt

11-01-2016 14:24:31 TuneUp Utilities 2014 wird entfernt
 

==================== Fehlerhafte Geräte im Gerätemanager =============
 
 

==================== Fehlereinträge in der Ereignisanzeige: =========================
 

Applikationsfehler:

==================

Error: (01/12/2016 07:53:27 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 1.8.323.0, Zeitstempel: 0x533c0ef6

Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18146, Zeitstempel: 0x5650b9bb

Ausnahmecode: 0xc0000142

Fehleroffset: 0x00000000000ec540

ID des fehlerhaften Prozesses: 0x129c

Startzeit der fehlerhaften Anwendung: 0xnvstreamsvc.exe0

Pfad der fehlerhaften Anwendung: nvstreamsvc.exe1

Pfad des fehlerhaften Moduls: nvstreamsvc.exe2

Berichtskennung: nvstreamsvc.exe3

Vollständiger Name des fehlerhaften Pakets: nvstreamsvc.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvstreamsvc.exe5
 

Error: (01/11/2016 11:33:29 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 1.8.323.0, Zeitstempel: 0x533c0ef6

Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18146, Zeitstempel: 0x5650b9bb

Ausnahmecode: 0xc0000142

Fehleroffset: 0x00000000000ec540

ID des fehlerhaften Prozesses: 0xe50

Startzeit der fehlerhaften Anwendung: 0xnvstreamsvc.exe0

Pfad der fehlerhaften Anwendung: nvstreamsvc.exe1

Pfad des fehlerhaften Moduls: nvstreamsvc.exe2

Berichtskennung: nvstreamsvc.exe3

Vollständiger Name des fehlerhaften Pakets: nvstreamsvc.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvstreamsvc.exe5
 

Error: (01/11/2016 08:07:18 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
 

Error: (01/11/2016 08:06:30 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
 

Error: (01/11/2016 08:05:04 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
 

Error: (01/11/2016 06:17:49 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
 

Error: (01/11/2016 05:44:53 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
 

Error: (01/11/2016 05:44:53 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
 

Error: (01/11/2016 05:44:50 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
 

Error: (01/11/2016 05:36:51 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
 
 

Systemfehler:

=============

Error: (01/12/2016 08:49:49 AM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \SystemRoot\SysWow64\drivers\prodrv06.sys
 

Error: (01/12/2016 07:53:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 

%%1062
 

Error: (01/12/2016 06:16:25 AM) (Source: DCOM) (EventID: 10010) (User: Privat)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 

Error: (01/12/2016 06:15:55 AM) (Source: DCOM) (EventID: 10010) (User: Privat)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 

Error: (01/12/2016 06:04:06 AM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \SystemRoot\SysWow64\drivers\prodrv06.sys
 

Error: (01/11/2016 11:29:24 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \SystemRoot\SysWow64\drivers\prodrv06.sys
 

Error: (01/11/2016 08:17:44 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \SystemRoot\SysWow64\drivers\prodrv06.sys
 

Error: (01/11/2016 05:47:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1275
 

Error: (01/11/2016 05:47:26 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\Users\Stefan\AppData\Local\Temp\ehdrv.sys
 

Error: (01/11/2016 05:47:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1275
 
 

CodeIntegrity:

===================================

  Date: 2016-01-12 09:05:36.037

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2016-01-12 08:51:05.223

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2016-01-11 23:25:01.825

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2016-01-11 23:18:10.793

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2016-01-11 21:28:01.815

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2016-01-11 20:49:22.415

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2016-01-11 20:40:55.827

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2016-01-11 20:26:41.052

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2016-01-11 20:03:51.748

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 

  Date: 2016-01-11 19:09:33.749

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
 

==================== Speicherinformationen =========================== 
 

Prozessor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz

Prozentuale Nutzung des RAM: 21%

Installierter physikalischer RAM: 8131.19 MB

Verfügbarer physikalischer RAM: 6407.48 MB

Summe virtueller Speicher: 9411.19 MB

Verfügbarer virtueller Speicher: 7075.81 MB
 

==================== Laufwerke ================================
 

Drive c: (Windows 8.1) (Fixed) (Total:120.12 GB) (Free:23.76 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]

Drive d: () (Fixed) (Total:100.59 GB) (Free:92.07 GB) NTFS

Drive e: (Volume) (Fixed) (Total:710.8 GB) (Free:434.23 GB) NTFS
 

==================== MBR & Partitionstabelle ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6D4BBC3E)

Partition 1: (Not Active) - (Size=100.6 GB) - (Type=07 NTFS)

Partition 2: (Active) - (Size=120.1 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=710.8 GB) - (Type=07 NTFS)
 

==================== Ende von Addition.txt ============================

Schritt 1

http://filepony.de/icon/frst.png http://deeprybka.trojaner-board.de/b...e/frst/sn2.PNG

Gib in das Suche-Feld: SppHook.exe;oem.exe ein.
Klicke auf den Datei-Suche Button.
Bitte poste die erstellte Search.txt - Datei in Deiner nächsten Antwort.

Code:

Farbar Recovery Scan Tool (x64) Version:07-01-2015

durchgeführt von Stefan (2016-01-12 19:40:31)

Gestartet von C:\Trojaner Board + Programme

Start-Modus: Normal
 

================== Datei-Suche: "SppHook.exe;oem.exe " =============
 

C:\Windows\oem.exe

[2013-12-22 00:56][2013-12-22 17:45] 0517862 ____A () DDC83B832C2D00FC17A24DEA870896CB [Datei ist nicht signiert]
 

C:\Windows\SppHook.exe

[2013-12-22 17:33][2016-01-10 19:19] 0008704 ____A () 8B1804152A5EEEFFC6452351E589D078 [Datei ist nicht signiert]
 

====== Ende von Suche ======

Schritt 1

http://filepony.de/icon/frst.png http://deeprybka.trojaner-board.de/b...e/frst/sn4.PNG

Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w8.png + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:

Code:

CloseProcesses:

IFEO\SppExtComObj.exe: [Debugger] SppHook.exe

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

2016-01-04 19:32 - 2016-01-04 19:32 - 00000000 _____ C:\autoexec.bat

2016-01-04 19:31 - 2016-01-04 19:31 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Enigma Software Group

2016-01-04 19:30 - 2016-01-04 19:31 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys

2016-01-04 19:28 - 2016-01-11 14:15 - 00000000 ____D C:\Program Files\Enigma Software Group

C:\Users\Stefan\dxazlfq.exe

C:\Users\Stefan\dxfgihc.exe

C:\Users\Stefan\dxzyeqt.exe

Task: {BAE31404-F969-4E46-9415-FB6343DE95B9} - System32\Tasks\OEM => 

C:\Windows\oem.exe

C:\Windows\SppHook.exe

EmptyTemp:

Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.

Starte FRST und drücke auf den Entfernen-Button.
Das Tool erstellt eine "Fixlog.txt" -Datei.
Poste mir bitte deren Inhalt.

http://www.trojaner-board.de/extra/lesestoff.pngGibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

Code:

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:07-01-2015

durchgeführt von Stefan (2016-01-13 21:27:15) Run:1

Gestartet von C:\Trojaner Board + Programme

Geladene Profile: Stefan (Verfügbare Profile: Stefan)

Start-Modus: Normal

==============================================
 

fixlist Inhalt:

*****************

CloseProcesses:

IFEO\SppExtComObj.exe: [Debugger] SppHook.exe

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

2016-01-04 19:32 - 2016-01-04 19:32 - 00000000 _____ C:\autoexec.bat

2016-01-04 19:31 - 2016-01-04 19:31 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Enigma Software Group

2016-01-04 19:30 - 2016-01-04 19:31 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys

2016-01-04 19:28 - 2016-01-11 14:15 - 00000000 ____D C:\Program Files\Enigma Software Group

C:\Users\Stefan\dxazlfq.exe

C:\Users\Stefan\dxfgihc.exe

C:\Users\Stefan\dxzyeqt.exe

Task: {BAE31404-F969-4E46-9415-FB6343DE95B9} - System32\Tasks\OEM => 

C:\Windows\oem.exe

C:\Windows\SppHook.exe

EmptyTemp:

*****************
 

Prozess erfolgreich geschlossen.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SppExtComObj.exe" => Schlüssel erfolgreich entfernt

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich entfernt

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich entfernt

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich entfernt

C:\autoexec.bat => erfolgreich verschoben

C:\Users\Stefan\AppData\Roaming\Enigma Software Group => erfolgreich verschoben

C:\Windows\system32\Drivers\EsgScanner.sys => erfolgreich verschoben

C:\Program Files\Enigma Software Group => erfolgreich verschoben

C:\Users\Stefan\dxazlfq.exe => erfolgreich verschoben

C:\Users\Stefan\dxfgihc.exe => erfolgreich verschoben

C:\Users\Stefan\dxzyeqt.exe => erfolgreich verschoben

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{BAE31404-F969-4E46-9415-FB6343DE95B9}" => Schlüssel erfolgreich entfernt

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAE31404-F969-4E46-9415-FB6343DE95B9}" => Schlüssel erfolgreich entfernt

C:\Windows\System32\Tasks\OEM => => nicht gefunden.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OEM => => Schlüssel nicht gefunden. 

C:\Windows\oem.exe => erfolgreich verschoben

C:\Windows\SppHook.exe => erfolgreich verschoben

EmptyTemp: => 447.9 MB temporäre Dateien entfernt.
 
 

Das System musste neu gestartet werden.
 

==== Ende von Fixlog 21:27:51 ====

Hallo deeprybka
Ich glaube das sieht jetzt wohl gut aus, die Warnung kommt nach dem Neustart nicht mehr. Ich werde es weiterhin kontrollieren. Also Daumen hoch!!! Du hast eine Ausgezeichnete Arbeit geleistet und einen "Anfänger" wie mich ein bisschen gscheiter gmocht. Recht Herzlichen Dank für deine Mühe. Gruß Pumuckl57
Ps. Spende folgt