Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 02-11-2017 Uruchomiony przez Dell (04-11-2017 14:26:40) Uruchomiony z C:\Users\Dell\Desktop Windows 7 Professional Service Pack 1 (X64) (2015-01-19 23:19:19) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-2924517680-291123336-3497316216-500 - Administrator - Disabled) Dell (S-1-5-21-2924517680-291123336-3497316216-1000 - Administrator - Enabled) => C:\Users\Dell Gość (S-1-5-21-2924517680-291123336-3497316216-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-2924517680-291123336-3497316216-1002 - Limited - Enabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated) CrystalDiskInfo 7.5.0 Kurei Kei Edition (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.5.0 - Crystal Dew World) Dell ControlVault Host Components Installer 64 bit (HKLM\...\{97308CC9-FAED-4A1C-9593-64B2F1FD852D}) (Version: 2.3.309.1625 - Broadcom Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.11.1193 - Intel Corporation) Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel) Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation) Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation) Kaspersky Internet Security (HKLM-x32\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Kaspersky Secure Connection (HKLM-x32\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Malwarebytes (wersja 3.3.1.2183) (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes) Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation) Microsoft .NET Framework 4.7 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.7.02053 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation) Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation) Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{2180B33F-3225-423E-BBC1-7798CFD3CD1F}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Policies (HKLM-x32\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{6D10FB2C-82A9-40F2-91D0-7BE64CF0DAF2}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation) Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM-x32\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation) Mozilla Firefox 56.0.2 (x64 pl) (HKLM\...\Mozilla Firefox 56.0.2 (x64 pl)) (Version: 56.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla) ShadowExplorer 0.9 (HKLM-x32\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com) SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.7280 - Analog Devices) SQL Server 2008 R2 Common Files (HKLM\...\{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden SQL Server 2008 R2 Common Files (HKLM\...\{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden SQL Server 2008 R2 Database Engine Services (HKLM\...\{FA7394B8-CE65-4F9E-AC99-F372AD365424}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden SQL Server 2008 R2 Database Engine Services (HKLM\...\{FBD367D1-642F-47CF-B79B-9BE48FB34007}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden SQL Server 2008 R2 Database Engine Shared (HKLM\...\{A2122A9C-A699-4365-ADF8-68FEAC125D61}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden SQL Server 2008 R2 Database Engine Shared (HKLM\...\{C942A025-A840-4BF2-8987-849C0DD44574}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden SQL Server 2008 R2 Management Studio (HKLM\...\{51E5BC99-A087-4CFF-8D93-462903EA7E12}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden SQL Server 2008 R2 Management Studio (HKLM\...\{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden Sql Server Customer Experience Improvement Program (HKLM\...\{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden TL-WN725N_WN723N Driver (HKLM-x32\...\{3C3F9CEB-2C5A-4A47-8EAA-DA76037546BA}) (Version: 1.3.1 - TP-LINK) WinRAR 5.10 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ContextMenuHandlers1: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\shellex.dll [2017-03-29] (AO Kaspersky Lab) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-06-13] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-06-13] (Alexander Roshal) ContextMenuHandlers2: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\shellex.dll [2017-03-29] (AO Kaspersky Lab) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers4: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\shellex.dll [2017-03-29] (AO Kaspersky Lab) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-01-10] (Intel Corporation) ContextMenuHandlers6: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\shellex.dll [2017-03-29] (AO Kaspersky Lab) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-06-13] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-06-13] (Alexander Roshal) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {02EA8080-3B01-4105-9AD9-F345EED142A4} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-07-17] (Intel(R) Corporation) Task: {8F0095FB-6A02-4CE3-911C-DCD040792ACB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Skróty & WMI ======================== (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) ShortcutWithArgument: C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handlowiec iBiznes.lnk -> C:\firmatec\iBiznesH.exe (Firmatec) -> C:\AUTOEXEC.BAT ShortcutWithArgument: C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iBiznes.lnk -> C:\firmatec\FakturaF.exe (Firmatec) -> C:\AUTOEXEC.BAT ShortcutWithArgument: C:\Users\Dell\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\iBiznes.lnk -> C:\firmatec\FakturaF.exe (Firmatec) -> C:\AUTOEXEC.BAT ==================== Załadowane moduły (filtrowane) ============== 2017-07-28 01:56 - 2017-07-28 01:56 - 000008192 _____ () C:\Windows\SysWOW64\srvany.exe 2017-07-28 01:56 - 2017-07-28 01:56 - 000151552 _____ () C:\Windows\KMService.exe 2010-01-30 01:40 - 2010-01-30 01:40 - 004254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2017-11-04 14:11 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2017-11-04 14:11 - 2017-11-01 08:54 - 002358736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2016-06-28 00:19 - 2016-06-28 00:19 - 000865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll 2016-05-09 21:57 - 2016-05-09 21:57 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) AlternateDataStreams: C:\Windows\bfsvc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\splwow64.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\twain_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\accessibilitycpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\acppage.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ActionCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ActionCenterCPL.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ActionQueue.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\actxprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AdmTmpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aitagent.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\amstream.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-ums-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appwiz.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AuthFWSnapin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\autochk.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\autoconv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\autofmt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\autoplay.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AuxiliaryDisplayCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AuxiliaryDisplayServices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AxInstSv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\azroles.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\azroleui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AzSqlExt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\basecsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\batmeter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcdboot.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcdsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BFE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\biocpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bitsadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bitsperf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BlbEvents.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bootres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\browcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\browser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\browseui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bthprops.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Bubbles.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BWUnpairElevated.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cabinet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cabview.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\capiprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cca.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\certenc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CertEnroll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\certmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CertPolEng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\certprop.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\certutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cfgmgr32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\change.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\chglogon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\chgport.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\chgusr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\choice.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\clusapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cmd.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cmstp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cngprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\comdlg32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\credui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptdlg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cscapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cscdll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CscMig.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cscobj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cscript.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cscsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cscui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\C_ISCII.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d11.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dbgeng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dbghelp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\defaultlocationcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\desk.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DeviceCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DevicePairingFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dfrgui.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dhcpcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dhcpcore6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dhcpcsvc6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DiagCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diagperf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diskpart.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diskraid.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Display.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\djoin.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dnsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dnscacheugc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dnscmmc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dnsrslvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3api.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3cfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3msm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3svc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3ui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dpapiprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dpnaddr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dpnet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dpx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\drvstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dsauth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DShowRdpFilter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dskquoui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dsuiext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dwmredir.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxdiagn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DXP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DxpTaskSync.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\e1cmsg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eapp3hst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eappgnui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eapphost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\efscore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EhStorAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\elsTrans.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\esent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eudcedit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Faultrep.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fde.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fdeploy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fdProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\findstr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FirewallControlPanel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fms.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fontext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fphc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\framedyn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\framedynos.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fsutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ftp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSCOVER.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSMON.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSSVC.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSTIFF.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\FXSUNATD.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\g711codc.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gameux.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hal.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hbaapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hgcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hgprint.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\HotStartUserAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\httpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iasacct.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iasrad.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\iasrecst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IcCoinstall.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IEUDINIT.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ifsutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igd10umd64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igdumd64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\imagehlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\imapi2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\imapi2fs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetmib1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\intl.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iologmsg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IPHLPAPI.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iphlpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iprtrmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ipsmsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iscsicli.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iscsium.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\isoburn.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\itircl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iTVData.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iyuv_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDBLR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDBULG.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDCZ1.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDGEO.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDGKL.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDGR1.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDINBEN.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDINHIN.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDINKAN.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDINMAR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDINORI.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDINTAM.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDINTEL.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kbdlk41a.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDLT1.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDMAORI.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDMON.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDNEPR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDPO.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDRU.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDRU1.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDSF.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDSG.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDTAJIK.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDTAT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDTUF.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDTUQ.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDTURME.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDUGHR1.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDUS.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDYAK.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kd1394.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kdcom.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kdusb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KMSVC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kstvtune.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Kswdmcap.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ksxbar.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ListSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\localsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\logoff.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\logoncli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LogonUI.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lpksetup.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lsm.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lsmproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\luainstall.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\main.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\manage-bde.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mblctr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mcbuilder.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MCEWMDRMNDBootstrap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mciqtz32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Mcx2Svc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MdSched.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MediaMetadataHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfc42.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfc42u.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MFPlay.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\mfreadwrite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mimefilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mmsys.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mobsync.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Mpeg2Data.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mpg2splt.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mprapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mprddm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MPSSVC.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSAC3ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msasn1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msconfig.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mscoree.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdmo.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msdri.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdrm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdtctm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSDvbNP.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msftedit.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msieftp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSNP.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mspbda.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msrle32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mstask.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msvcrt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msvidc32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msyuv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mtxclu.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\muifontsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MultiDigiMon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mydocs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Mystify.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NAPCRYPT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\napdsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NAPHLPR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Narrator.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NaturalLanguage6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ncryptui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\net1.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netcenter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netcfgx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netcorehc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netdiagfx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netevent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netfxperf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netid.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netiohlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netjoin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netlogon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netplwiz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netshell.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netutils.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NETwNc64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NETwNr64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\networkexplorer.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\networkmap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NicInstC.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nltest.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nrpsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nshipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nshwfp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nslookup.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntlanman.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntshrui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\objsel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ocsetapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ocsetup.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbc32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbcconf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbccp32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbccr32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbccu32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbctrac.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\oleacc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\onex.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\onexui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\OnLineIDCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\OobeFldr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\OpcServices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\OxpsConverter.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PerfCenterCPL.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PhotoScreensaver.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\photowiz.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\pifmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PkgMgr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pnidui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PnPUnattend.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PortableDeviceApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PortableDeviceStatus.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PortableDeviceSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\powercfg.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\powercpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PresentationHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PresentationHostProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PresentationSettings.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\prevhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PrintIsolationProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\printui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\prncache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\prnfldr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\prntvpt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\profprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\propsys.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\proquota.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PROUnstl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\provsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\psisdecd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\psisrndr.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\puiobj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PushPrinterConnections.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\QAGENT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\QAGENTRT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qappsrv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qcap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\QCLIPROV.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qdv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qprocess.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\QSHVHOST.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\QSVRMGMT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\query.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\QUTIL.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RacEngn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\raschap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasmans.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasppp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpcfgex.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpclip.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpcorekmts.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpd3d.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpdd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RDPENCDD.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpencom.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpendp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdprefdrvapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpwsx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdrmemptylst.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ReAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\recdisc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\recovery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\regapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\remotepg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\repair-bde.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\reset.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Ribbons.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\riched20.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\riched32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RMActivate.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RMActivate_isv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RMActivate_ssp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RMActivate_ssp_isv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Robocopy.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RpcRtRemote.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rtutils.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\runonce.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rwinsta.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\samcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sbe.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scansetting.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scecli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\schedcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\schtasks.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scrptadm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scrrun.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdclt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdengin2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdrsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SearchFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\secproc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\secproc_isv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\secproc_ssp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\secproc_ssp_isv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SensorsCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SessEnv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sethc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\setupapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\setupcl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SFComm64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SFCTPL64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SFFXCPStr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SFProc64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SFSAPO64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shacct.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shadow.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sharemediacpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shgina.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shimgvw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shlwapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shunimpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shwebsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sisbkup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\slui.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\slwga.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SmartcardCredentialProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SmaxCo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SmiEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SndVol.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SndVolSSO.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spbcd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spinstall.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spoolsv.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\spopk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sppc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sppcomapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sppnp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sppobjs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sppsvc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sppwinob.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spreview.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spwizeng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spwizres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spwizui.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\sqlcese30.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sqlsrv32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sqmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srchadmin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srrstr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srvcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srvsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sscore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ssText3d.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\stobject.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sud.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sxs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SyncCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\synceng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\syncui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sysclass.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sysdm.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\syssetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\systemcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tabcal.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TabletPC.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TabSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\takeown.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tapisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\taskbarcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\taskcomp.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\taskeng.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\taskhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\taskmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\taskschd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tcpipcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\termmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\themecpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\thumbcache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\timedate.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tlscsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TRAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tsbyuv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tscfgwmi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tscon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tsdiscon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tskill.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tsmf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\twext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tzutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UIRibbon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UIRibbonRes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\umb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\umpnpmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\umrdp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\unimdm.tsp:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\unimdmat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\untfs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\upnp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UserAccountControlSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\usercpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\userenv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\userinit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\uxlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VAN.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Vault.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VBICodec.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vbisurf.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vds.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vdsbas.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vdsutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vfwwdm32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VmbusCoinstaller.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\vmbuspipe.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vmbusres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VmdCoinstall.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vmicres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vmicsvc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vmictimeprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vmstorfltres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vpnike.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vpnikeapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vssapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VSSVC.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vss_ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WavDest.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wavemsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wbemcomn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wbengine.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wcncsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01011.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Wdfres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wdiasqmmodule.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wdmaud.drv:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\webservices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\werconcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WerFaultSecure.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wevtsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WFS.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wiadefui.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\wiaservc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wiavideo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wincredprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WindowsAnytimeUpgradeResults.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinSAT.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinSATAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinSCard.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winspool.drv:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wisptis.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wkscli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wkssvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlangpui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlanpref.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlanui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmdrmdev.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmdrmnet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmicmiplugin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMNetMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmpdxm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmpeffects.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMPEncEn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmpps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmpshell.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmpsrcwp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVCORE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Wpc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpccpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpdbusenum.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WPDShServiceObj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WPDSp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpdwcn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpd_ci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wscapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wscript.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSDApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wsdchngr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wshbth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wshirda.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wshom.ocx:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wsnmp32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wsqmcons.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSTPager.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WUDFCoinstaller.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WUDFHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WUDFPlatform.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WUDFSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WUDFx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wusa.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wwanconn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wwanprotdim.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wwansvc.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\xmllite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XpsRasterService.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xpsservices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\zipfldr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\accessibilitycpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\acppage.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ActionCenter.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\ActionCenterCPL.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\activeds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\actxprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AdmTmpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\adprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\adsldp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\amstream.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\appmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\appwiz.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\audiodev.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AuthFWSnapin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\autochk.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\autoconv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\autofmt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\autoplay.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AuxiliaryDisplayCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\avifil32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\azroles.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\azroleui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AzSqlExt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\basecsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\batmeter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bitsadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bitsperf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\browcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\browseui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bthprops.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Bubbles.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cabinet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cabview.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\calc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\capiprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cca.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\certenc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CertEnroll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\certmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CertPolEng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\certutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cfgmgr32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\charmap.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\clusapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cmd.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\cmstp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cngprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\comdlg32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\credui.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\cryptdlg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cscapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cscdll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cscobj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cscript.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\C_ISCII.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d2d1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d11.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dbgeng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dbghelp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\defaultlocationcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\desk.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DeviceCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DevicePairingFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\devobj.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\devrtl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dfrgui.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dfshim.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dhcpcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dhcpcore6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dhcpcsvc6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dimsroam.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\diskpart.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\diskraid.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Display.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dnsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dnscacheugc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dnscmmc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dot3api.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dot3cfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dot3msm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dot3ui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dpapiprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dpnaddr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dpnet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dpx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\drvinst.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\drvstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dsauth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DShowRdpFilter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dskquoui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dsuiext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dxdiagn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DxpTaskSync.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\eapp3hst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\eappgnui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\eapphost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\efscore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\EhStorAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\elsTrans.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\esent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\eudcedit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Faultrep.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fde.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fdeploy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\findstr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FirewallControlPanel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fms.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fontext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fphc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\framedyn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\framedynos.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\fsutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ftp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FWPUCLNT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\g711codc.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gameux.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hbaapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\heciudlg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hgcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\httpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iasacct.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iasrad.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iasrecst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\icardagt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\icardres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iccvid.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ifsutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\igd10umd32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\igdumd32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\imagehlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\imapi2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\imapi2fs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\imm32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\inetmib1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\infocardapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\intl.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iologmsg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\IPHLPAPI.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iprtrmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ipsmsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iscsicli.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iscsium.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\isoburn.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\itircl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iTVData.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iyuv_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDBASH.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDBLR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDBULG.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDCZ1.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDGEO.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDGKL.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDGR1.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDINBEN.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDINHIN.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDINKAN.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDINMAR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDINORI.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDINTAM.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDINTEL.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\kbdlk41a.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDLT1.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDMAORI.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDMON.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDNEPR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDPO.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDRU.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDRU1.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDSF.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDSG.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDTAJIK.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDTAT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDTUF.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDTUQ.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDTURME.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDUGHR1.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDUS.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDYAK.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\kstvtune.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Kswdmcap.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ksxbar.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\localsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\logagent.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\logoncli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\lsmproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\luainstall.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\main.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mcbuilder.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MCEWMDRMNDBootstrap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mciavi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mciqtz32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MediaMetadataHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mesoludlg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfc40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfc40u.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfc42.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfc42u.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MFPlay.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfreadwrite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\migisol.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mimefilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MMDevAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mmsys.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mobsync.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Mpeg2Data.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mpg2splt.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mprapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mprddm.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\MSAC3ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msasn1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mscoree.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mscorier.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mscories.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msdmo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msdrm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSDvbNP.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msftedit.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msieftp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSNP.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msrle32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mstask.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msutb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msvcrt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msvfw32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msvidc32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msyuv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mtxclu.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\muifontsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MuiUnattend.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\mydocs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Mystify.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NAPCRYPT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\napdsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NAPHLPR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NaturalLanguage6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ncryptui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\net1.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netcenter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netcfgx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netcorehc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netdiagfx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netevent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netfxperf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netid.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netiohlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netiougc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netjoin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netlogon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netplwiz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netshell.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netutils.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\networkexplorer.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\networkmap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nshipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nshwfp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nslookup.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntlanman.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntshrui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\objsel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ocsetapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ocsetup.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbc32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbcconf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbccp32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbccr32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbccu32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbcjt32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbctrac.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\oleacc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\olethk32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\onex.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\onexui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\OnLineIDCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\OobeFldr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\OpcServices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\osk.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PerfCenterCPL.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\perfts.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PhotoScreensaver.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\photowiz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pifmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PkgMgr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pmcsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pnidui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceStatus.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\powercfg.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\powercpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ppcsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PresentationHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PresentationHostProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\prevhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\printui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\prncache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\prnfldr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\prntvpt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\propsys.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\proquota.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\provsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\psisdecd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\psisrndr.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\puiobj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PushPrinterConnections.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\QAGENT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\qcap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\QCLIPROV.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\qdv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\QSHVHOST.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\QSVRMGMT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\QUTIL.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RacEngn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\raschap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rasppp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rastapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\rdpd3d.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rdpencom.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rdpendp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rdprefdrvapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ReAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ReAgentc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\regapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\remotepg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\resutils.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Ribbons.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\riched20.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\riched32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RMActivate.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_isv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_ssp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Robocopy.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RpcRtRemote.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rtutils.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\runonce.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\samcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sbe.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\scansetting.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\scecli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\schedcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\schtasks.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\scrptadm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\scrrun.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SearchFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\secproc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\secproc_isv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\secproc_ssp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\secproc_ssp_isv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SensorsCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SessEnv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sethc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\setupapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\setupcln.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\setupugc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SFFXComm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shacct.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shgina.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shimgvw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shlwapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shunimpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shwebsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sisbkup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\slwga.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\SndVol.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SndVolSSO.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\spbcd.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\spopk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\spp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sppc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sppcomapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sppinst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\spwizeng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\spwizres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sqlcese30.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sqlsrv32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sqmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\srchadmin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\srvcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sscore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ssText3d.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\stobject.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sud.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sxs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SyncCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\synceng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\syncui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sysdm.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\syssetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\systemcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\takeown.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tapisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\taskcomp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\taskeng.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\taskmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\taskschd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tcpipcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tcpmonui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\termmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\themecpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\thumbcache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\timedate.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tlscsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TRAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tsbyuv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tsmf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TSWorkspace.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\twext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tzutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UIRibbon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UIRibbonRes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\unimdm.tsp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\unimdmat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\unlodctr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\untfs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\upnp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UserAccountControlSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\usercpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\userenv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\userinit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\utildll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\uxlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\VAN.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Vault.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\VBICodec.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vbisurf.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vdsbas.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vfwwdm32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\vpnikeapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vssapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\w32tm.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wavemsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wbemcomn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wcncsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wdmaud.drv:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wdscore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\webservices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WerFaultSecure.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wiadefui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wiavideo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wimgapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wimserv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wincredprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winmm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WinSATAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WinSCard.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winspool.drv:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wkscli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlangpui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlanpref.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlanui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmdrmdev.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmdrmnet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMNetMgr.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\wmpdxm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmpeffects.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMPEncEn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmpps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmpshell.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmpsrcwp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVCORE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Wpc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WPDShServiceObj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WPDSp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wpdwcn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wscapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wscript.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WSDApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wsdchngr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wshbth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wshirda.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wshom.ocx:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wsnmp32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WSTPager.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wtsapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wusa.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xmllite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XpsRasterService.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xpsservices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\zipfldr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\1394ohci.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\acpi.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\acpipmi.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ADIHdAud.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\amdsata.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\amdxata.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ataport.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\cdrom.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\Classpnp.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\CompositeBus.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\csc.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\Diskdump.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\e1c62x64.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\fltMgr.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\fs_rec.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\fvevol.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\hdaudbus.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\HdAudio.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\HECIx64.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\hidclass.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\hidparse.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\hidusb.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\HpSAMD.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\hwpolicy.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\iaStorV.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\igdkmd64.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ipfltdrv.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\IPMIDrv.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\iusb3hcs.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\iusb3hub.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\iusb3xhc.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\kbdhid.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ks.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mpio.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\msahci.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\msdsm.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\msiscsi.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\msrpc.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ndisuio.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ndiswan.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ndproxy.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\NETwNs64.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\nvraid.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\nvstor.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\pacer.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\pci.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\rasl2tp.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\raspptp.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\rdbss.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\rdpdr.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\rdyboost.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\rimmpx64.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\RNDISMP.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\sbp2port.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\scfilter.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\scsiport.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\sdbus.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\sffp_sd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\storvsc.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tdi.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\tdtcp.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\TeeDriverx64.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\termdd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbFlt.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tunnel.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\udfs.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\umbus.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usb8023.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\USBCAMD2.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usbcir.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usbrpm.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usbvideo.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\vhdmp.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\vmbus.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\VMBusHID.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\vms3cap.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\vmstorfl.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\volmgr.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\volsnap.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\wanarp.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\Wdf01000.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\WdfLdr.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\winhv.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\winusb.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\WUDFPf.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\WUDFRd.sys:$CmdTcID [64] ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-2924517680-291123336-3497316216-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 91.227.216.1 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Zapora systemu Windows [funkcja wyłączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == MSCONFIG\startupreg: picon => "C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe" -startup MSCONFIG\startupreg: sterownikiaux => C:\Users\Dell\AppData\Roaming\TCPSVCS.EXE ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{11810EE2-30CE-48B8-B891-8D167E0DF501}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E3F7DB5F-4609-43CC-973E-305D69684E93}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{7160BB0C-5B26-4DDB-B380-80D6B1290984}] => (Allow) LPort=9422 FirewallRules: [{52C16437-C5EE-4208-85C2-4414204D4213}] => (Allow) LPort=9245 FirewallRules: [{372865B2-EA81-430D-BD24-D113AB9C19FC}] => (Allow) LPort=9246 FirewallRules: [{342D5E6B-87E3-4F36-AF01-BD8B0B2AB0A5}] => (Allow) LPort=9247 FirewallRules: [{FF2EF1A5-BB5E-4C19-A9A1-9A95A34502F8}] => (Allow) LPort=1433 FirewallRules: [{62BE5C1D-8DA6-4519-B5D1-D044E2C6C86D}] => (Allow) LPort=1434 FirewallRules: [{817D818F-EB52-48B6-BB9F-A0E8A178EE6E}] => (Allow) %ProgramFiles%\Microsoft SQL Server\MSSQL10_50.FIRMATEC\MSSQL\Binn\sqlservr.exe ==================== Punkty Przywracania systemu ========================= 03-11-2017 12:40:21 Windows Update 04-11-2017 14:00:22 Restore Point Created by FRST ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= Name: 802.11 n WLAN Description: 802.11 n WLAN Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Dziennik System: ============= Error: (11/04/2017 02:07:54 PM) (Source: BROWSER) (EventID: 8032) (User: ) Description: Usługa przeglądarki zbyt wiele razy nie zdołała pobrać listy kopii zapasowych w transporcie \Device\NetBT_Tcpip_{DAFD860E-4771-4932-A10A-2ED24B02F2E4}. Przeglądarka zapasowa jest zatrzymywana. Error: (11/04/2017 02:01:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi risdpcie z powodu następującego błędu: System Windows nie może zweryfikować podpisu cyfrowego tego pliku. Ostatnia zmiana sprzętu lub oprogramowania mogła spowodować zainstalowanie pliku, który jest niepoprawnie podpisany lub uszkodzony. Możliwe także, że jest to złośliwe oprogramowanie pochodzące z nieznanego źródła. Error: (11/04/2017 02:01:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi rimmptsk z powodu następującego błędu: System Windows nie może zweryfikować podpisu cyfrowego tego pliku. Ostatnia zmiana sprzętu lub oprogramowania mogła spowodować zainstalowanie pliku, który jest niepoprawnie podpisany lub uszkodzony. Możliwe także, że jest to złośliwe oprogramowanie pochodzące z nieznanego źródła. Error: (11/04/2017 02:00:54 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT) Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN. Ścieżka modułu: C:\Windows\system32\Rtlihvs.dll Error: (11/04/2017 02:00:54 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT) Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN. Ścieżka modułu: C:\Windows\system32\Rtlihvs.dll Error: (11/04/2017 02:00:53 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: ZARZĄDZANIE NT) Description: Nastąpiło nieoczekiwane zatrzymanie modułu rozszerzalności sieci WLAN. Ścieżka modułu: C:\Windows\system32\Rtlihvs.dll Error: (11/04/2017 02:00:52 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Windows Search, ale ta akcja nie powiodła się przy następującym błędzie: Jedno wystąpienie usługi już działa. . CodeIntegrity: =================================== Date: 2017-11-04 14:01:21.832 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\risdpe64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-11-04 14:01:21.792 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\risdpe64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-11-04 14:01:21.742 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimmpx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-11-04 14:01:21.702 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimmpx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz Procent pamięci w użyciu: 53% Całkowita pamięć fizyczna: 3982.45 MB Dostępna pamięć fizyczna: 1858.72 MB Całkowita pamięć wirtualna: 7963.08 MB Dostępna pamięć wirtualna: 5601.16 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:64.83 GB) (Free:25.44 GB) NTFS Drive d: () (Fixed) (Total:46.86 GB) (Free:46.77 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 8637081D) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=64.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=46.9 GB) - (Type=07 NTFS) ==================== Koniec Addition.txt ============================