Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 02-11-2017 Uruchomiony przez Dell (02-11-2017 21:34:22) Uruchomiony z C:\Users\Dell\Desktop Windows 7 Professional Service Pack 1 (X64) (2015-01-19 23:19:19) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-2924517680-291123336-3497316216-500 - Administrator - Disabled) Dell (S-1-5-21-2924517680-291123336-3497316216-1000 - Administrator - Enabled) => C:\Users\Dell Gość (S-1-5-21-2924517680-291123336-3497316216-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-2924517680-291123336-3497316216-1002 - Limited - Enabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98} AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated) Dell ControlVault Host Components Installer 64 bit (HKLM\...\{97308CC9-FAED-4A1C-9593-64B2F1FD852D}) (Version: 2.3.309.1625 - Broadcom Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.11.1193 - Intel Corporation) Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel) Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation) Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation) Kaspersky Internet Security (HKLM-x32\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Kaspersky Secure Connection (HKLM-x32\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation) Microsoft .NET Framework 4.7 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.7.02053 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation) Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation) Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{2180B33F-3225-423E-BBC1-7798CFD3CD1F}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Policies (HKLM-x32\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{6D10FB2C-82A9-40F2-91D0-7BE64CF0DAF2}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation) Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM-x32\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation) Mozilla Firefox 56.0.2 (x64 pl) (HKLM\...\Mozilla Firefox 56.0.2 (x64 pl)) (Version: 56.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla) SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.7280 - Analog Devices) SQL Server 2008 R2 Common Files (HKLM\...\{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden SQL Server 2008 R2 Common Files (HKLM\...\{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden SQL Server 2008 R2 Database Engine Services (HKLM\...\{FA7394B8-CE65-4F9E-AC99-F372AD365424}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden SQL Server 2008 R2 Database Engine Services (HKLM\...\{FBD367D1-642F-47CF-B79B-9BE48FB34007}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden SQL Server 2008 R2 Database Engine Shared (HKLM\...\{A2122A9C-A699-4365-ADF8-68FEAC125D61}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden SQL Server 2008 R2 Database Engine Shared (HKLM\...\{C942A025-A840-4BF2-8987-849C0DD44574}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden SQL Server 2008 R2 Management Studio (HKLM\...\{51E5BC99-A087-4CFF-8D93-462903EA7E12}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden SQL Server 2008 R2 Management Studio (HKLM\...\{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden Sql Server Customer Experience Improvement Program (HKLM\...\{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden TL-WN725N_WN723N Driver (HKLM-x32\...\{3C3F9CEB-2C5A-4A47-8EAA-DA76037546BA}) (Version: 1.3.1 - TP-LINK) WinRAR 5.10 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ContextMenuHandlers1: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\shellex.dll [2017-03-29] (AO Kaspersky Lab) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-06-13] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-06-13] (Alexander Roshal) ContextMenuHandlers2: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\shellex.dll [2017-03-29] (AO Kaspersky Lab) ContextMenuHandlers4: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\shellex.dll [2017-03-29] (AO Kaspersky Lab) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-01-10] (Intel Corporation) ContextMenuHandlers6: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\shellex.dll [2017-03-29] (AO Kaspersky Lab) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-06-13] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-06-13] (Alexander Roshal) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {02EA8080-3B01-4105-9AD9-F345EED142A4} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-07-17] (Intel(R) Corporation) Task: {396A36E8-A742-4F66-A200-F7C4937F7E03} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\ProgramData\cisFC86.exe <==== UWAGA Task: {8F0095FB-6A02-4CE3-911C-DCD040792ACB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Skróty & WMI ======================== (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) ShortcutWithArgument: C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handlowiec iBiznes.lnk -> C:\firmatec\iBiznesH.exe (Firmatec) -> C:\AUTOEXEC.BAT ShortcutWithArgument: C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iBiznes.lnk -> C:\firmatec\FakturaF.exe (Firmatec) -> C:\AUTOEXEC.BAT ShortcutWithArgument: C:\Users\Dell\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\iBiznes.lnk -> C:\firmatec\FakturaF.exe (Firmatec) -> C:\AUTOEXEC.BAT ==================== Załadowane moduły (filtrowane) ============== 2017-07-28 01:56 - 2017-07-28 01:56 - 000008192 _____ () C:\Windows\SysWOW64\srvany.exe 2017-07-28 01:56 - 2017-07-28 01:56 - 000151552 _____ () C:\Windows\KMService.exe 2010-01-30 01:40 - 2010-01-30 01:40 - 004254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2016-06-28 00:19 - 2016-06-28 00:19 - 000865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll 2016-05-09 21:57 - 2016-05-09 21:57 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) AlternateDataStreams: C:\Windows\bfsvc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\splwow64.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\twain_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\accessibilitycpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\acppage.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ActionCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ActionCenterCPL.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ActionQueue.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\actxprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AdmTmpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aitagent.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\amstream.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-ums-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appwiz.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AuthFWSnapin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\autochk.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\autoconv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\autofmt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\autoplay.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AuxiliaryDisplayCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AuxiliaryDisplayServices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AxInstSv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\azroles.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\azroleui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AzSqlExt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\basecsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\batmeter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcdboot.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcdsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BFE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\biocpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bitsadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bitsperf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BlbEvents.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bootres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\browcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\browser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\browseui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bthprops.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Bubbles.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BWUnpairElevated.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cabinet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cabview.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\capiprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cca.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\certenc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CertEnroll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\certmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CertPolEng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\certprop.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\certutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cfgmgr32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\change.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\chglogon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\chgport.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\chgusr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\choice.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\clusapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cmd.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cmstp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cngprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\comdlg32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\credui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptdlg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cscapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cscdll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CscMig.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cscobj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cscript.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cscsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cscui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\C_ISCII.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d11.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dbgeng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dbghelp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\defaultlocationcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\desk.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DeviceCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DevicePairingFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dfrgui.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dhcpcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dhcpcore6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dhcpcsvc6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DiagCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diagperf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diskpart.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diskraid.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Display.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\djoin.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dnsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dnscacheugc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dnscmmc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dnsrslvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3api.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3cfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3msm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3svc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3ui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dpapiprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dpnaddr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dpnet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dpx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\drvstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dsauth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DShowRdpFilter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dskquoui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dsuiext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dwmredir.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxdiagn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DXP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DxpTaskSync.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\e1cmsg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eapp3hst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eappgnui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eapphost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\efscore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EhStorAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\elsTrans.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\esent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eudcedit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Faultrep.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fde.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fdeploy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fdProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\findstr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FirewallControlPanel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fms.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fontext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fphc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\framedyn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\framedynos.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fsutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ftp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSCOVER.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSMON.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSSVC.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSTIFF.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\FXSUNATD.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\g711codc.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gameux.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hal.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hbaapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hgcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hgprint.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\HotStartUserAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\httpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iasacct.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iasrad.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\iasrecst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IcCoinstall.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IEUDINIT.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ifsutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igd10umd64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igdumd64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\imagehlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\imapi2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\imapi2fs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetmib1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\intl.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iologmsg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IPHLPAPI.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iphlpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iprtrmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ipsmsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iscsicli.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iscsium.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\isoburn.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\itircl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iTVData.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iyuv_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDBLR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDBULG.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDCZ1.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDGEO.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDGKL.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDGR1.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDINBEN.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDINHIN.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDINKAN.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDINMAR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDINORI.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDINTAM.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDINTEL.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kbdlk41a.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDLT1.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDMAORI.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDMON.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDNEPR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDPO.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDRU.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDRU1.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDSF.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDSG.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDTAJIK.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDTAT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDTUF.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDTUQ.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDTURME.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDUGHR1.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDUS.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDYAK.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kd1394.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kdcom.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kdusb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KMSVC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kstvtune.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Kswdmcap.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ksxbar.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ListSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\localsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\logoff.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\logoncli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LogonUI.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lpksetup.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lsm.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lsmproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\luainstall.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\main.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\manage-bde.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mblctr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mcbuilder.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MCEWMDRMNDBootstrap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mciqtz32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Mcx2Svc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MdSched.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MediaMetadataHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfc42.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfc42u.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MFPlay.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\mfreadwrite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mimefilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mmsys.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mobsync.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Mpeg2Data.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mpg2splt.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mprapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mprddm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MPSSVC.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSAC3ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msasn1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msconfig.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mscoree.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdmo.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msdri.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdrm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdtctm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSDvbNP.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msftedit.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msieftp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSNP.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mspbda.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msrle32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mstask.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msvcrt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msvidc32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msyuv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mtxclu.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\muifontsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MultiDigiMon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mydocs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Mystify.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NAPCRYPT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\napdsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NAPHLPR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Narrator.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NaturalLanguage6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ncryptui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\net1.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netcenter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netcfgx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netcorehc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netdiagfx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netevent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netfxperf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netid.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netiohlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netjoin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netlogon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netplwiz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netshell.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netutils.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NETwNc64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NETwNr64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\networkexplorer.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\networkmap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NicInstC.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nltest.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nrpsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nshipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nshwfp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nslookup.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntlanman.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntshrui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\objsel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ocsetapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ocsetup.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbc32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbcconf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbccp32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbccr32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbccu32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbctrac.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\oleacc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\onex.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\onexui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\OnLineIDCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\OobeFldr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\OpcServices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\OxpsConverter.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PerfCenterCPL.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PhotoScreensaver.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\photowiz.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\pifmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PkgMgr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pnidui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PnPUnattend.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PortableDeviceApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PortableDeviceStatus.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PortableDeviceSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\powercfg.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\powercpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PresentationHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PresentationHostProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PresentationSettings.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\prevhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PrintIsolationProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\printui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\prncache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\prnfldr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\prntvpt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\profprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\propsys.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\proquota.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PROUnstl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\provsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\psisdecd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\psisrndr.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\puiobj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PushPrinterConnections.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\QAGENT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\QAGENTRT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qappsrv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qcap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\QCLIPROV.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qdv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qprocess.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\QSHVHOST.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\QSVRMGMT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\query.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\QUTIL.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RacEngn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\raschap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasmans.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasppp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpcfgex.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpclip.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpcorekmts.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpd3d.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpdd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RDPENCDD.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpencom.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpendp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdprefdrvapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpwsx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdrmemptylst.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ReAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\recdisc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\recovery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\regapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\remotepg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\repair-bde.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\reset.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Ribbons.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\riched20.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\riched32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RMActivate.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RMActivate_isv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RMActivate_ssp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RMActivate_ssp_isv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Robocopy.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RpcRtRemote.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rtutils.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\runonce.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rwinsta.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\samcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sbe.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scansetting.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scecli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\schedcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\schtasks.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scrptadm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scrrun.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdclt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdengin2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdrsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SearchFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\secproc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\secproc_isv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\secproc_ssp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\secproc_ssp_isv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SensorsCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SessEnv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sethc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\setupapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\setupcl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SFComm64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SFCTPL64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SFFXCPStr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SFProc64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SFSAPO64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shacct.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shadow.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sharemediacpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shgina.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shimgvw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shlwapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shunimpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shwebsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sisbkup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\slui.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\slwga.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SmartcardCredentialProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SmaxCo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SmiEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SndVol.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SndVolSSO.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spbcd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spinstall.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spoolsv.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\spopk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sppc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sppcomapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sppnp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sppobjs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sppsvc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sppwinob.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spreview.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spwizeng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spwizres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spwizui.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\sqlcese30.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sqlsrv32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sqmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srchadmin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srrstr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srvcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srvsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sscore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ssText3d.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\stobject.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sud.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sxs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SyncCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\synceng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\syncui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sysclass.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sysdm.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\syssetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\systemcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tabcal.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TabletPC.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TabSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\takeown.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tapisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\taskbarcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\taskcomp.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\taskeng.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\taskhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\taskmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\taskschd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tcpipcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\termmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\themecpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\thumbcache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\timedate.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tlscsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TRAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tsbyuv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tscfgwmi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tscon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tsdiscon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tskill.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tsmf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\twext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tzutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UIRibbon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UIRibbonRes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\umb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\umpnpmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\umrdp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\unimdm.tsp:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\unimdmat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\untfs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\upnp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UserAccountControlSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\usercpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\userenv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\userinit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\uxlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VAN.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Vault.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VBICodec.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vbisurf.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vds.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vdsbas.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vdsutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vfwwdm32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VmbusCoinstaller.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\vmbuspipe.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vmbusres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VmdCoinstall.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vmicres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vmicsvc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vmictimeprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vmstorfltres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vpnike.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vpnikeapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vssapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VSSVC.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vss_ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WavDest.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wavemsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wbemcomn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wbengine.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wcncsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01011.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Wdfres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wdiasqmmodule.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wdmaud.drv:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\webservices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\werconcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WerFaultSecure.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wevtsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WFS.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wiadefui.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\wiaservc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wiavideo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wincredprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WindowsAnytimeUpgradeResults.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinSAT.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinSATAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinSCard.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winspool.drv:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wisptis.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wkscli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wkssvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlangpui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlanpref.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlanui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmdrmdev.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmdrmnet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmicmiplugin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMNetMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmpdxm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmpeffects.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMPEncEn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmpps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmpshell.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmpsrcwp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVCORE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Wpc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpccpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpdbusenum.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WPDShServiceObj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WPDSp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpdwcn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpd_ci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wscapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wscript.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSDApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wsdchngr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wshbth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wshirda.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wshom.ocx:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wsnmp32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wsqmcons.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSTPager.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WUDFCoinstaller.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WUDFHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WUDFPlatform.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WUDFSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WUDFx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wusa.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wwanconn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wwanprotdim.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wwansvc.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\xmllite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XpsRasterService.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xpsservices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\zipfldr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\accessibilitycpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\acppage.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ActionCenter.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\ActionCenterCPL.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\activeds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\actxprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AdmTmpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\adprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\adsldp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\amstream.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\appmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\appwiz.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\audiodev.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AuthFWSnapin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\autochk.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\autoconv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\autofmt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\autoplay.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AuxiliaryDisplayCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\avifil32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\azroles.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\azroleui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AzSqlExt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\basecsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\batmeter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bitsadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bitsperf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\browcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\browseui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bthprops.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Bubbles.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cabinet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cabview.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\calc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\capiprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cca.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\certenc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CertEnroll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\certmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CertPolEng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\certutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cfgmgr32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\charmap.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\clusapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cmd.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\cmstp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cngprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\comdlg32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\credui.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\cryptdlg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cscapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cscdll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cscobj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cscript.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\C_ISCII.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d2d1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d11.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dbgeng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dbghelp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\defaultlocationcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\desk.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DeviceCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DevicePairingFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\devobj.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\devrtl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dfrgui.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dfshim.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dhcpcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dhcpcore6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dhcpcsvc6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dimsroam.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\diskpart.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\diskraid.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Display.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dnsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dnscacheugc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dnscmmc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dot3api.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dot3cfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dot3msm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dot3ui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dpapiprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dpnaddr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dpnet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dpx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\drvinst.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\drvstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dsauth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DShowRdpFilter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dskquoui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dsuiext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dxdiagn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DxpTaskSync.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\eapp3hst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\eappgnui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\eapphost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\efscore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\EhStorAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\elsTrans.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\esent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\eudcedit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Faultrep.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fde.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fdeploy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\findstr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FirewallControlPanel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fms.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fontext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fphc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\framedyn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\framedynos.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\fsutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ftp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FWPUCLNT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\g711codc.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gameux.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hbaapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\heciudlg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hgcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\httpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iasacct.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iasrad.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iasrecst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\icardagt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\icardres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iccvid.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ifsutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\igd10umd32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\igdumd32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\imagehlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\imapi2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\imapi2fs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\imm32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\inetmib1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\infocardapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\intl.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iologmsg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\IPHLPAPI.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iprtrmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ipsmsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iscsicli.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iscsium.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\isoburn.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\itircl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iTVData.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iyuv_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDBASH.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDBLR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDBULG.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDCZ1.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDGEO.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDGKL.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDGR1.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDINBEN.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDINHIN.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDINKAN.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDINMAR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDINORI.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDINTAM.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDINTEL.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\kbdlk41a.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDLT1.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDMAORI.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDMON.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDNEPR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDPO.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDRU.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDRU1.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDSF.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDSG.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDTAJIK.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDTAT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDTUF.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDTUQ.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDTURME.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDUGHR1.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDUS.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDYAK.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\kstvtune.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Kswdmcap.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ksxbar.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\localsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\logagent.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\logoncli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\lsmproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\luainstall.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\main.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mcbuilder.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MCEWMDRMNDBootstrap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mciavi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mciqtz32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MediaMetadataHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mesoludlg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfc40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfc40u.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfc42.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfc42u.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MFPlay.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfreadwrite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\migisol.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mimefilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MMDevAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mmsys.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mobsync.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Mpeg2Data.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mpg2splt.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mprapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mprddm.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\MSAC3ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msasn1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mscoree.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mscorier.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mscories.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msdmo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msdrm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSDvbNP.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msftedit.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msieftp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSNP.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msrle32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mstask.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msutb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msvcrt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msvfw32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msvidc32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msyuv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mtxclu.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\muifontsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MuiUnattend.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\mydocs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Mystify.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NAPCRYPT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\napdsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NAPHLPR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NaturalLanguage6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ncryptui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\net1.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netcenter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netcfgx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netcorehc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netdiagfx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netevent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netfxperf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netid.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netiohlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netiougc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netjoin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netlogon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netplwiz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netshell.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netutils.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\networkexplorer.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\networkmap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nshipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nshwfp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nslookup.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntlanman.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntshrui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\objsel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ocsetapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ocsetup.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbc32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbcconf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbccp32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbccr32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbccu32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbcjt32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbctrac.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\oleacc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\olethk32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\onex.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\onexui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\OnLineIDCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\OobeFldr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\OpcServices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\osk.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PerfCenterCPL.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\perfts.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PhotoScreensaver.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\photowiz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pifmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PkgMgr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pmcsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pnidui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceStatus.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\powercfg.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\powercpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ppcsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PresentationHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PresentationHostProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\prevhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\printui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\prncache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\prnfldr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\prntvpt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\propsys.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\proquota.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\provsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\psisdecd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\psisrndr.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\puiobj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PushPrinterConnections.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\QAGENT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\qcap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\QCLIPROV.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\qdv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\QSHVHOST.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\QSVRMGMT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\QUTIL.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RacEngn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\raschap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rasppp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rastapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\rdpd3d.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rdpencom.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rdpendp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rdprefdrvapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ReAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ReAgentc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\regapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\remotepg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\resutils.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Ribbons.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\riched20.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\riched32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RMActivate.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_isv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_ssp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Robocopy.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RpcRtRemote.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rtutils.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\runonce.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\samcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sbe.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\scansetting.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\scecli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\schedcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\schtasks.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\scrptadm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\scrrun.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SearchFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\secproc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\secproc_isv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\secproc_ssp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\secproc_ssp_isv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SensorsCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SessEnv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sethc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\setupapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\setupcln.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\setupugc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SFFXComm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shacct.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shgina.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shimgvw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shlwapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shunimpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shwebsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sisbkup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\slwga.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\SndVol.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SndVolSSO.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\spbcd.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\spopk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\spp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sppc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sppcomapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sppinst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\spwizeng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\spwizres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sqlcese30.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sqlsrv32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sqmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\srchadmin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\srvcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sscore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ssText3d.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\stobject.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sud.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sxs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SyncCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\synceng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\syncui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sysdm.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\syssetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\systemcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\takeown.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tapisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\taskcomp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\taskeng.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\taskmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\taskschd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tcpipcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tcpmonui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\termmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\themecpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\thumbcache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\timedate.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tlscsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TRAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tsbyuv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tsmf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TSWorkspace.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\twext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tzutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UIRibbon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UIRibbonRes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\unimdm.tsp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\unimdmat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\unlodctr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\untfs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\upnp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UserAccountControlSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\usercpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\userenv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\userinit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\utildll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\uxlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\VAN.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Vault.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\VBICodec.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vbisurf.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vdsbas.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vfwwdm32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\vpnikeapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vssapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\w32tm.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wavemsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wbemcomn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wcncsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wdmaud.drv:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wdscore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\webservices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WerFaultSecure.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wiadefui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wiavideo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wimgapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wimserv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wincredprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winmm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WinSATAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WinSCard.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winspool.drv:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wkscli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlangpui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlanpref.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlanui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmdrmdev.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmdrmnet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMNetMgr.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\wmpdxm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmpeffects.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMPEncEn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmpps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmpshell.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmpsrcwp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVCORE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Wpc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WPDShServiceObj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WPDSp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wpdwcn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wscapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wscript.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WSDApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wsdchngr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wshbth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wshirda.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wshom.ocx:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wsnmp32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WSTPager.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wtsapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wusa.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xmllite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XpsRasterService.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xpsservices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\zipfldr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\1394ohci.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\acpi.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\acpipmi.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ADIHdAud.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\amdsata.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\amdxata.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ataport.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\cdrom.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\Classpnp.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\CompositeBus.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\csc.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\Diskdump.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\e1c62x64.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\fltMgr.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\fs_rec.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\fvevol.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\hdaudbus.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\HdAudio.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\HECIx64.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\hidclass.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\hidparse.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\hidusb.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\HpSAMD.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\hwpolicy.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\iaStorV.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\igdkmd64.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ipfltdrv.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\IPMIDrv.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\iusb3hcs.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\iusb3hub.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\iusb3xhc.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\kbdhid.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ks.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mpio.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\msahci.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\msdsm.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\msiscsi.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\msrpc.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ndisuio.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ndiswan.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ndproxy.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\NETwNs64.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\nvraid.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\nvstor.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\pacer.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\pci.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\rasl2tp.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\raspptp.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\rdbss.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\rdpdr.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\rdyboost.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\rimmpx64.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\RNDISMP.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\sbp2port.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\scfilter.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\scsiport.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\sdbus.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\sffp_sd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\storvsc.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tdi.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\tdtcp.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\TeeDriverx64.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\termdd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbFlt.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tunnel.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\udfs.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\umbus.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usb8023.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\USBCAMD2.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usbcir.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usbrpm.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usbvideo.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\vhdmp.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\vmbus.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\VMBusHID.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\vms3cap.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\vmstorfl.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\volmgr.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\volsnap.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\wanarp.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\Wdf01000.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\WdfLdr.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\winhv.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\winusb.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\WUDFPf.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\WUDFRd.sys:$CmdTcID [64] ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-2924517680-291123336-3497316216-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: Urządzenie nie jest podłączone do internetu. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == MSCONFIG\startupreg: picon => "C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe" -startup MSCONFIG\startupreg: sterownikiaux => C:\Users\Dell\AppData\Roaming\TCPSVCS.EXE ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{11810EE2-30CE-48B8-B891-8D167E0DF501}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E3F7DB5F-4609-43CC-973E-305D69684E93}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{7160BB0C-5B26-4DDB-B380-80D6B1290984}] => (Allow) LPort=9422 FirewallRules: [{52C16437-C5EE-4208-85C2-4414204D4213}] => (Allow) LPort=9245 FirewallRules: [{372865B2-EA81-430D-BD24-D113AB9C19FC}] => (Allow) LPort=9246 FirewallRules: [{342D5E6B-87E3-4F36-AF01-BD8B0B2AB0A5}] => (Allow) LPort=9247 FirewallRules: [{FF2EF1A5-BB5E-4C19-A9A1-9A95A34502F8}] => (Allow) LPort=1433 FirewallRules: [{62BE5C1D-8DA6-4519-B5D1-D044E2C6C86D}] => (Allow) LPort=1434 FirewallRules: [{817D818F-EB52-48B6-BB9F-A0E8A178EE6E}] => (Allow) %ProgramFiles%\Microsoft SQL Server\MSSQL10_50.FIRMATEC\MSSQL\Binn\sqlservr.exe ==================== Punkty Przywracania systemu ========================= ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (10/31/2017 02:46:51 PM) (Source: VSS) (EventID: 13) (User: ) Description: Informacje Usługi kopiowania woluminów w tle: nie można uruchomić serwera usługi COM z identyfikatorem CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} i nazwą Coordinator. [0x80070005, Odmowa dostępu. ] Error: (10/31/2017 02:45:06 PM) (Source: VSS) (EventID: 13) (User: ) Description: Informacje Usługi kopiowania woluminów w tle: nie można uruchomić serwera usługi COM z identyfikatorem CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} i nazwą Coordinator. [0x80070005, Odmowa dostępu. ] Error: (10/31/2017 02:43:21 PM) (Source: VSS) (EventID: 13) (User: ) Description: Informacje Usługi kopiowania woluminów w tle: nie można uruchomić serwera usługi COM z identyfikatorem CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} i nazwą Coordinator. [0x80070005, Odmowa dostępu. ] Error: (10/31/2017 02:41:36 PM) (Source: VSS) (EventID: 13) (User: ) Description: Informacje Usługi kopiowania woluminów w tle: nie można uruchomić serwera usługi COM z identyfikatorem CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} i nazwą Coordinator. [0x80070005, Odmowa dostępu. ] Error: (10/31/2017 02:39:51 PM) (Source: VSS) (EventID: 13) (User: ) Description: Informacje Usługi kopiowania woluminów w tle: nie można uruchomić serwera usługi COM z identyfikatorem CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} i nazwą Coordinator. [0x80070005, Odmowa dostępu. ] Error: (10/31/2017 02:38:06 PM) (Source: VSS) (EventID: 13) (User: ) Description: Informacje Usługi kopiowania woluminów w tle: nie można uruchomić serwera usługi COM z identyfikatorem CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} i nazwą Coordinator. [0x80070005, Odmowa dostępu. ] Error: (10/31/2017 02:36:22 PM) (Source: VSS) (EventID: 13) (User: ) Description: Informacje Usługi kopiowania woluminów w tle: nie można uruchomić serwera usługi COM z identyfikatorem CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} i nazwą Coordinator. [0x80070005, Odmowa dostępu. ] Error: (10/31/2017 02:34:37 PM) (Source: VSS) (EventID: 13) (User: ) Description: Informacje Usługi kopiowania woluminów w tle: nie można uruchomić serwera usługi COM z identyfikatorem CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} i nazwą Coordinator. [0x80070005, Odmowa dostępu. ] Error: (10/31/2017 02:32:53 PM) (Source: VSS) (EventID: 13) (User: ) Description: Informacje Usługi kopiowania woluminów w tle: nie można uruchomić serwera usługi COM z identyfikatorem CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} i nazwą Coordinator. [0x80070005, Odmowa dostępu. ] Error: (10/31/2017 02:31:06 PM) (Source: VSS) (EventID: 13) (User: ) Description: Informacje Usługi kopiowania woluminów w tle: nie można uruchomić serwera usługi COM z identyfikatorem CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} i nazwą Coordinator. [0x80070005, Odmowa dostępu. ] Dziennik System: ============= Error: (11/02/2017 09:32:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi risdpcie z powodu następującego błędu: System Windows nie może zweryfikować podpisu cyfrowego tego pliku. Ostatnia zmiana sprzętu lub oprogramowania mogła spowodować zainstalowanie pliku, który jest niepoprawnie podpisany lub uszkodzony. Możliwe także, że jest to złośliwe oprogramowanie pochodzące z nieznanego źródła. Error: (11/02/2017 09:32:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi rimmptsk z powodu następującego błędu: System Windows nie może zweryfikować podpisu cyfrowego tego pliku. Ostatnia zmiana sprzętu lub oprogramowania mogła spowodować zainstalowanie pliku, który jest niepoprawnie podpisany lub uszkodzony. Możliwe także, że jest to złośliwe oprogramowanie pochodzące z nieznanego źródła. Error: (11/02/2017 08:37:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi risdpcie z powodu następującego błędu: System Windows nie może zweryfikować podpisu cyfrowego tego pliku. Ostatnia zmiana sprzętu lub oprogramowania mogła spowodować zainstalowanie pliku, który jest niepoprawnie podpisany lub uszkodzony. Możliwe także, że jest to złośliwe oprogramowanie pochodzące z nieznanego źródła. Error: (11/02/2017 08:37:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi rimmptsk z powodu następującego błędu: System Windows nie może zweryfikować podpisu cyfrowego tego pliku. Ostatnia zmiana sprzętu lub oprogramowania mogła spowodować zainstalowanie pliku, który jest niepoprawnie podpisany lub uszkodzony. Możliwe także, że jest to złośliwe oprogramowanie pochodzące z nieznanego źródła. Error: (11/02/2017 08:00:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi risdpcie z powodu następującego błędu: System Windows nie może zweryfikować podpisu cyfrowego tego pliku. Ostatnia zmiana sprzętu lub oprogramowania mogła spowodować zainstalowanie pliku, który jest niepoprawnie podpisany lub uszkodzony. Możliwe także, że jest to złośliwe oprogramowanie pochodzące z nieznanego źródła. Error: (11/02/2017 08:00:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi rimmptsk z powodu następującego błędu: System Windows nie może zweryfikować podpisu cyfrowego tego pliku. Ostatnia zmiana sprzętu lub oprogramowania mogła spowodować zainstalowanie pliku, który jest niepoprawnie podpisany lub uszkodzony. Możliwe także, że jest to złośliwe oprogramowanie pochodzące z nieznanego źródła. Error: (11/02/2017 06:56:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi risdpcie z powodu następującego błędu: System Windows nie może zweryfikować podpisu cyfrowego tego pliku. Ostatnia zmiana sprzętu lub oprogramowania mogła spowodować zainstalowanie pliku, który jest niepoprawnie podpisany lub uszkodzony. Możliwe także, że jest to złośliwe oprogramowanie pochodzące z nieznanego źródła. Error: (11/02/2017 06:56:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi rimmptsk z powodu następującego błędu: System Windows nie może zweryfikować podpisu cyfrowego tego pliku. Ostatnia zmiana sprzętu lub oprogramowania mogła spowodować zainstalowanie pliku, który jest niepoprawnie podpisany lub uszkodzony. Możliwe także, że jest to złośliwe oprogramowanie pochodzące z nieznanego źródła. Error: (10/31/2017 04:16:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi risdpcie z powodu następującego błędu: System Windows nie może zweryfikować podpisu cyfrowego tego pliku. Ostatnia zmiana sprzętu lub oprogramowania mogła spowodować zainstalowanie pliku, który jest niepoprawnie podpisany lub uszkodzony. Możliwe także, że jest to złośliwe oprogramowanie pochodzące z nieznanego źródła. Error: (10/31/2017 04:16:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi rimmptsk z powodu następującego błędu: System Windows nie może zweryfikować podpisu cyfrowego tego pliku. Ostatnia zmiana sprzętu lub oprogramowania mogła spowodować zainstalowanie pliku, który jest niepoprawnie podpisany lub uszkodzony. Możliwe także, że jest to złośliwe oprogramowanie pochodzące z nieznanego źródła. CodeIntegrity: =================================== Date: 2017-11-02 21:32:17.946 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\risdpe64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-11-02 21:32:17.906 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\risdpe64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-11-02 21:32:17.856 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimmpx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-11-02 21:32:17.816 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimmpx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-11-02 20:37:44.829 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\risdpe64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-11-02 20:37:44.789 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\risdpe64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-11-02 20:37:44.739 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimmpx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-11-02 20:37:44.699 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimmpx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-11-02 08:00:22.844 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\risdpe64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-11-02 08:00:22.804 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\risdpe64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz Procent pamięci w użyciu: 35% Całkowita pamięć fizyczna: 3982.45 MB Dostępna pamięć fizyczna: 2555.42 MB Całkowita pamięć wirtualna: 7963.08 MB Dostępna pamięć wirtualna: 6452.29 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:64.83 GB) (Free:24.36 GB) NTFS Drive d: () (Fixed) (Total:46.86 GB) (Free:46.77 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 8637081D) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=64.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=46.9 GB) - (Type=07 NTFS) ==================== Koniec Addition.txt ============================