Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 16-11-2016 Uruchomiony przez krzylew (18-11-2016 12:34:32) Uruchomiony z C:\Users\krzylew\Desktop Windows 10 Pro (X64) (2015-08-20 12:57:52) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-2561400256-4022948847-1981891818-500 - Administrator - Disabled) Gość (S-1-5-21-2561400256-4022948847-1981891818-501 - Limited - Disabled) Konto domyślne (S-1-5-21-2561400256-4022948847-1981891818-503 - Limited - Disabled) krzylew (S-1-5-21-2561400256-4022948847-1981891818-1001 - Administrator - Enabled) => C:\Users\krzylew ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) µTorrent (HKU\S-1-5-21-2561400256-4022948847-1981891818-1001\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated) AIO_CDA_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden AIO_CDA_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden Aktualizacje NVIDIA 2.13.0.21 (Version: 2.13.0.21 - NVIDIA Corporation) Hidden America's Army: Proving Grounds Beta (HKLM-x32\...\Steam App 203290) (Version: - U.S. Army) Ansel (Version: 375.70 - NVIDIA Corporation) Hidden Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.23.58 - Avira Operations GmbH & Co. KG) Avira Launcher (HKLM-x32\...\{82dc2ab6-088f-4e0a-8e27-bb829481d3bc}) (Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG) Hidden Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden C3100 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden c3100_Help (x32 Version: 82.0.256.000 - Hewlett-Packard) Hidden COMODO Firewall (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}) (Version: 7.0.55655.4142 - COMODO Security Solutions Inc.) Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve) Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden DVDStyler v2.9.4 (HKLM-x32\...\DVDStyler_is1) (Version: - ) ELAN Touchpad 15.13.3.1_X64_WHQL (HKLM\...\Elantech) (Version: 15.13.3.1 - ELAN Microelectronic Corp.) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden Fraps (HKLM-x32\...\Fraps) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden GPL Ghostscript (HKLM\...\GPL Ghostscript 9.16) (Version: 9.16 - Artifex Software Inc.) GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd) Heroes of Might & Magic III HD Edition (HKLM-x32\...\Heroes of Might & Magic III HD Edition_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter) Heroes of Might and Magic III - Złota Edycja (HKLM-x32\...\{8B743AA0-53B2-11D2-808A-00600895FB43}) (Version: 1.0 - ) HIS Picture Upload (HKLM-x32\...\{584C0CE9-B3E6-4C6D-8812-04D5AAADF5BC}) (Version: 1.0.0 - HIS) HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP LaserJet Professional CP1020 Series (HKLM\...\HP LaserJet Professional CP1020 Series) (Version: - ) HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - ) HP Photosmart All-In-One Driver Software (HKLM\...\{4F6C1178-3FC0-44BB-8F9A-28D8516DFEE2}) (Version: 14.0 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.20.1447 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) KB9X Radio Switch Driver (HKLM\...\5AADE1068CF70DD983F763B20CF2CAAB72883915) (Version: 1.1.0.0 - ENE TECHNOLOGY INC.) LOOT (HKLM-x32\...\LOOT) (Version: 0.6.0 - LOOT Development Team) Malwarebytes Anti-Malware wersja 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden MathType 6 (HKLM-x32\...\DSMT6) (Version: 6.9 - Design Science, Inc.) MD5Check 3.0 (HKLM-x32\...\MD5Check_is1) (Version: - ) MediaHuman YouTube to MP3 Converter wersja 3.9.8 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.9.8 - ) Medieval 2 Total War Gold version 1.05 (HKLM-x32\...\{8241AE65-BF38-4C3F-B0AF-6E9983A4516C}_is1) (Version: 1.05 - vol1) Microsoft Office Language Pack 2010 - Polish/Polski (HKLM\...\Office14.OMUI.pl-pl) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) MOS Full Install version 1.6.2 (HKLM-x32\...\{CF78D28A-188D-4EC8-8C61-E9659ADC41FA}_is1) (Version: 1.6.2 - MOS) Mozilla Firefox 50.0 (x86 pl) (HKLM-x32\...\Mozilla Firefox 50.0 (x86 pl)) (Version: 50.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.0.6152 - Mozilla) MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia) Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia) Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7 - Notepad++ Team) NVIDIA GeForce Experience 3.0.7.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.0.7.34 - NVIDIA Corporation) NVIDIA Oprogramowanie systemu PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) NVIDIA Sterownik graficzny 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.70 - NVIDIA Corporation) NvNodejs (Version: 3.0.7.34 - NVIDIA Corporation) Hidden NvTelemetry (Version: 1.0.0.0 - NVIDIA Corporation) Hidden Obsługa programów Apple (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Pakiet sterowników systemu Windows - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia) Pakiet sterowników systemu Windows - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia) Pakiet sterowników systemu Windows - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia) Panel sterowania NVIDIA 375.70 (Version: 375.70 - NVIDIA Corporation) Hidden PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge) PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.310.0 - Tracker Software Products (Canada) Ltd.) PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.) Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.42.1045 - Qualcomm Atheros) Hidden Qualcomm Atheros Killer E220x Drivers (Version: 1.1.42.1045 - Qualcomm Atheros) Hidden Qualcomm Atheros Network Manager (Version: 1.1.42.1045 - Qualcomm Atheros) Hidden Qualcomm Atheros Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.42.1045 - Qualcomm Atheros) Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 5.1.38.0 - Razer Inc.) Razer Diamondback 3G (HKLM-x32\...\{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}) (Version: 5.01 - Razer USA Ltd.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) REAPER (x64) (HKLM\...\REAPER) (Version: - ) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.) Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden SCM (HKLM\...\{614FD4D7-78CE-43E0-88E1-F6DE78069B9A}) (Version: 13.013.09262 - Application) SHIELD Streaming (Version: 7.1.0320 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 3.0.7.34 - NVIDIA Corporation) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) Sid.Meiers.Civilization.VI.REPACK-KaOs Uninstaller v3.0 (HKLM-x32\...\Sid.Meiers.Civilization.VI.REPACK-KaOs_is1) (Version: 3.0 - KaOsKrew) Skyrim Performance Monitor (HKLM-x32\...\{84AEB93A-ECBB-4568-8F59-D4516EF59079}) (Version: 3.66 - SirGarnon on Skyrim Nexus) SlimDX Runtime .NET 2.0 (January 2012) (HKLM-x32\...\{014A2868-BE56-4888-A16C-693989B8F153}) (Version: 2.0.13.43 - SlimDX Group) SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.05 - Creative Technology Limited) Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp) Third Age - Total War 3.0 (Part 1of2) (HKU\S-1-5-21-2561400256-4022948847-1981891818-1001\...\Third Age - Total War 3.0 (Part 1of2)) (Version: - ) Third Age - Total War 3.0 (Part 2of2) (HKU\S-1-5-21-2561400256-4022948847-1981891818-1001\...\Third Age - Total War 3.0 (Part 2of2)) (Version: - ) Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden Total War - Rome II (HKLM-x32\...\Total War - Rome II_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter) TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 0.3.0.5 - Wrye & Wrye Bash Development Team) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-2561400256-4022948847-1981891818-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\krzylew\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll => Brak p (dane wartości zawierają 4 znaków więcej). CustomCLSID: HKU\S-1-5-21-2561400256-4022948847-1981891818-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\krzylew\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll => Brak p (dane wartości zawierają 4 znaków więcej). CustomCLSID: HKU\S-1-5-21-2561400256-4022948847-1981891818-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\krzylew\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll => Brak p (dane wartości zawierają 4 znaków więcej). ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {19E2096B-2BB7-4104-879D-10853C0EF1D1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA Task: {1C5CEE87-A398-4525-9079-07E8539F9F6A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-11-10] (Microsoft Corporation) Task: {1FAC86DA-8D2F-439C-9AD0-3832AF38C069} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-24] (NVIDIA Corporation) Task: {23EF068E-34F5-46D5-9768-DA3A312ADA6E} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-10-19] () Task: {26B87873-8161-4ABE-8189-C1AA3C33FE85} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA Task: {295711A9-1B93-4CEC-8A23-E79D3F5E3593} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-10-24] (NVIDIA Corporation) Task: {2BD03FA9-BD3E-48C2-81D7-A6D7A3072944} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated) Task: {2E1708EE-3D02-4FF8-AFB9-645110CD3BD1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA Task: {36924565-FE11-47C0-990A-7DECF1A974D8} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-09-26] (COMODO) Task: {440A1391-C022-4D09-B70A-D84E257CA70F} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-09-26] (COMODO) Task: {4618F4A3-AD8C-4DCC-8667-1B7D755503E2} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-26] (COMODO) Task: {6C6C0C2B-A4C7-430E-8D2C-395C7594DF67} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA Task: {78DE3297-F136-4AE5-9505-2267C78FADA0} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-10-17] (Intel Corporation) Task: {7F3C558E-FA4A-49F1-B750-980B24622766} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-01] (Google Inc.) Task: {83B6790C-6BBF-4FF9-B7A8-9FF3ED7E0C50} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA Task: {8B98C32A-51A7-433B-BB2B-A5CB23EFA704} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA Task: {90540618-77CD-45F1-9916-9F47F12263EE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA Task: {996EB790-510B-4D6B-B683-058DDE9CD825} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-24] (NVIDIA Corporation) Task: {9B19C450-4060-415A-B5DA-2753B7959DB2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA Task: {A07648B4-B907-4B0C-B252-2DEE0C43D473} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA Task: {ACBB8657-64F2-459B-BF4D-045F74A2FC92} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-24] (NVIDIA Corporation) Task: {BD1E02BA-137F-427D-AC60-3AF95D992AC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-01] (Google Inc.) Task: {BDBE1A31-AB67-47B2-B004-5FD5EF451DCA} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-26] (COMODO) Task: {C3339980-6F11-447C-92FD-D870EB3ADD2B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA Task: {CB7EAC86-1E30-477C-AD40-825BE709DF7D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA Task: {EFD8513B-84DE-4BC9-8FC4-E79D8A459650} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-24] (NVIDIA Corporation) Task: {F22AA117-7DC7-4E32-9D39-50EC27045137} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-10-17] (Intel Corporation) Task: {F62AC7EC-03E7-4366-B295-89059D4B062A} - System32\Tasks\MSI_Dragoon Gaming Center => C:\Program Files (x86)\MSI\Dragoon Gaming Center\Dragoon Gaming Center.exe Task: {FE2668AF-2DB1-4A1C-AAD0-D9797DEECEF5} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-10-24] (NVIDIA Corporation) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Skróty ============================= (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) Shortcut: C:\Users\krzylew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Third Age - Total War 3.0 (Part 2of2)\Third Age - Total War.lnk -> C:\Program Files (x86)\Medieval 2 Total War Gold\mods\Third_Age_3\Third Age.bat () ==================== Załadowane moduły (filtrowane) ============== 2015-08-20 09:17 - 2015-08-20 09:17 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll 2012-12-24 05:53 - 2015-05-27 11:04 - 00129024 _____ () C:\WINDOWS\System32\HPCP1020LM.DLL 2014-10-27 22:20 - 2012-08-31 15:03 - 00288768 _____ () C:\WINDOWS\System32\HP1100LM.DLL 2014-10-27 22:19 - 2016-04-19 13:01 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1100PP.DLL 2016-10-24 18:58 - 2016-09-30 05:25 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll 2016-10-24 18:58 - 2016-09-30 05:25 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2016-10-24 18:58 - 2016-09-30 05:25 - 00419896 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll 2014-11-06 00:04 - 2015-10-07 17:08 - 00076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe 2014-10-31 23:27 - 2014-10-31 23:27 - 00183488 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe 2015-12-07 17:25 - 2016-10-25 21:17 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-11-08 22:23 - 2016-11-08 22:23 - 02495776 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-11-08 22:23 - 2016-11-08 22:23 - 02495776 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-07-17 23:35 - 2016-11-02 19:37 - 00401896 _____ () C:\WINDOWS\system32\igfxTray.exe 2015-09-30 20:19 - 2015-09-30 20:19 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-11-08 22:23 - 2016-11-08 22:23 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-11-08 22:22 - 2016-11-08 22:22 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-11-08 22:23 - 2016-11-08 22:23 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-09-30 20:20 - 2015-09-30 20:20 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-07-10 12:00 - 2015-07-10 17:35 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll 2015-09-02 12:23 - 2012-11-01 10:23 - 00089600 _____ () C:\WINDOWS\SYSTEM32\CmdRtr64.DLL 2015-09-02 12:23 - 2012-11-01 10:21 - 00325120 _____ () C:\WINDOWS\SYSTEM32\APOMgr64.DLL 2014-04-17 10:02 - 2014-04-17 10:02 - 00300544 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe 2016-08-16 21:00 - 2016-08-16 21:01 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2016-08-16 21:00 - 2016-08-16 21:01 - 13475840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2016-08-16 21:00 - 2016-08-16 21:01 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll 2016-03-03 22:15 - 2016-03-03 22:16 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2016-10-24 18:58 - 2016-09-29 18:20 - 00500792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node 2016-10-24 18:58 - 2016-09-29 18:20 - 00255936 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node 2016-10-24 18:58 - 2016-09-29 18:20 - 02801208 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node 2016-10-24 18:58 - 2016-09-29 18:20 - 00244672 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node 2016-10-24 18:58 - 2016-09-29 18:20 - 00430648 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node 2016-10-24 18:58 - 2016-09-29 18:20 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node 2016-10-24 18:58 - 2016-09-29 18:20 - 00373696 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node 2016-10-24 18:58 - 2016-09-30 05:25 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2014-10-16 23:19 - 2013-08-08 12:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\HelpPane.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\NvContainerRecovery.bat:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\Updreg.EXE:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\aadcloudap.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\aadtb.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\accountaccessor.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ActiveSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\adhsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AdmTmpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\advapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\APHostService.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\apisetschema.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\apphelp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppIdPolicyEngineApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ApplicationFrame.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppointmentApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppReadiness.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\apprepapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\apprepsync.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppxAllUserStore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppXApplicabilityBlob.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppxApplicabilityEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppxSip.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppxSysprep.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\audiodg.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\authfwcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AzureSettingSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\basesrv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BCP47Langs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\bcryptprimitives.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BFE.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BingMaps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\blackbox.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\browcli.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\browser.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\browserbroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\browser_broker.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cabinet.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CallHistoryClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\catsrvut.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ccdcmbwux64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CellularAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cemapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\certca.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\certcli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\certmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Chakra.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Chakradiag.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ChatApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CheckNetIsolation.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ChezSC64.DLL:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\cic.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Clipc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ClipSVC.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ClipUp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cloudAP.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cmdl32.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cmintegrator.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cmipnpinstall.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\COLORCNV.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\common_clang64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\comuid.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\configmanager2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\configurationclient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ContactApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CoreMessaging.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CoreUIComponents.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CredProvDataModel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\credprovhost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\credprovs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\credssp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CryptoWinRT.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cryptsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cryptui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\csrsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3d10level9.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_47.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DafPrintProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DAMediaManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DAMM.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DaOtpCredentialProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\das.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DataSenseHandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DavSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dbgcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dbgeng.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DbgModel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dccw.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dcomp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\deviceaccess.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\deviceassociation.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DeviceEnroller.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DevicePairing.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\devmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\diagperf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\diagtrack_win.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\diagtrack_wininternal.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\difx64.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\directmanipulation.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Display.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dlnashext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dmcertinst.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dmcsps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dmdskmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dmenrollengine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DMRServer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\domgmt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dosvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dot3gpui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dot3mm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dot3ui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DPTopologyApp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DPTopologyAppv2_0.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dssvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dui70.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\duser.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dwmredir.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\eapp3hst.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\eappcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\eappgnui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\eapphost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\eappprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\eapsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\edgehtml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeManagerObj.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EDPCleanup.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\efswrt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\els.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EmailApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\enrollmentapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\enterprisecsps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ETDCoInstaller.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\ETDCoInstaller01000.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EthernetMediaManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ExecModelClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\expand.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ExSMime.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\extrac32.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ExtrasXmlParser.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\f3ahvoas.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fhcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fhengine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fhsettingsprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\filemgmt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\FingerprintEnrollment.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\FirewallAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fontdrvhost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\FontProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fphc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fwbase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fwcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fwpolicyiomgr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\FWPUCLNT.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\FwRemoteSvr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\GamePanel.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Geolocation.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\GfxResources.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\GfxUIEx.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Gfxv2_0.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Gfxv4_0.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\gpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\gpedit.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\gpprefcl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\gpscript.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hevcdecoder.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hlink.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hnetcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hpbcoins32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hpbcoins64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\HPCP1020LM.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hpotiop1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hpovst01.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hpowiav1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hppdcompio.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hppldcoi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\HPSIsvc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hpz3lw71.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\httpprxm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\httpprxp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\HttpsDataSource.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\iassvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ieproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ieui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ig75icd64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igc64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igd10idpp64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igd10iumd64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igd11dxva64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igd12umd64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igdail64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igdbcl64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igdde64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igdfcl64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igdmcl64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igdmd64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igdrcl64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igdumdim64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igdusc64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfx11cmrt64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxcmjit64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxcmrt64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxCoIn_v4531.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\igfxCPL.cpl:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxCUIService.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxCUIServicePS.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxDH.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxDHLib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxDHLibv2_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxDI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxDILib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxDILibv2_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxDTCM.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxEM.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxEMLib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxEMLibv2_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxexps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxext.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxHK.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\igfxLHM.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxLHMLib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxLHMLibv2_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxOSP.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxSDK.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxSDKLib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxSDKLibv2_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxTray.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\iglhcp64.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\iglhsip64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\IKEEXT.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ImplatSetup.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\inetpp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\InputService.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\IntelCpHDCPSvc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\IntelOpenCL64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiMCComp64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUMS64.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\internetmail.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\IoTAssignedAccessLockFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ipsecsnp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\IPSECSVC.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ipsmsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\JpMapControl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\jscript9diag.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\KBDAZE.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\KBDAZEL.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\KBDAZST.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\kbdgeoqw.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\kerberos.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\kernel32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\KnobsCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\KnobsCsp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ksproxy.ax:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LegacyNetUX.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LegacyNetUXHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LicenseManagerShellext.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\licensingdiag.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\localspl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LocationApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LocationCrowdsource.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LocationFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LocationFrameworkInternalPS.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LocationGeofences.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LocationPeCell.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LocationPeIP.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LocationPermissions.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LocationPeWiFi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LocationWebproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LocationWiFiAdapter.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LockAppBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LockAppHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LogonController.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\lsass.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Magnification.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Magnify.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\makecab.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MapConfiguration.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MapControlCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MapsStore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MbaeApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MbaeParserTask.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MBCfg64.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\MBCfg64.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\MBMediaManager.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\mbsmsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MCRecvSrc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mcupdate_GenuineIntel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MDEServer.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MDMAppInstaller.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mdmmigrator.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MessagingDataModel2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfh264enc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfpmp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mftranscode.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfvdsp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MFWMAAEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MiracastReceiver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mmc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mmcbase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mmcndmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mmcshext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mmsys.cpl:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\modernexecserver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mos.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\moshost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MosHostClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\moshostcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MP3DMOD.DLL:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\MP43DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MP4SDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MPG4DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MpSigStub.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mqrt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mqsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MrmCoreR.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MrmIndexer.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MSAJApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mscms.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msctfuimanager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msdt.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msdtc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msdtckrm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msdtctm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msftedit.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msmpeg2adec.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MSMPEG2ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msnetobj.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msscntrs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msscp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingFacility.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mssph.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mssphtb.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mssvp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msvcp_win.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mswsock.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msxml3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mtxoci.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MusNotification.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MusNotificationUx.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MusUpdateHandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mycomput.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NAPCRYPT.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NaturalLanguage6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ncryptprov.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ncryptsslp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ncsi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ndfapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\netapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\netcenter.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\netcfgx.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\netman.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetSetupEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetSetupShim.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetSetupSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\netshell.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetworkCollectionAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetworkDesktopSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetworkUXBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ngccredprov.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NgcCtnrGidsHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ngckeyenum.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ngcsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ninput.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nlasvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nlmgp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nmwcdcoclsx64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NotificationController.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NotificationObjFactory.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ntprint.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvapi64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvaudcap64v.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvcompiler.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvcuda.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvcuvid.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvd3dumx.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvdispco6435362.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvdispco6435891.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvdispco6435906.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvdispco6437557.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvdispco6437563.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvdispco6437570.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6435362.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6435891.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6435906.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6437557.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6437563.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6437570.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvEncMFTH264.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvEncodeAPI64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvfatbinaryLoader.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NvFBC64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NvIFR64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NvIFROpenGL.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvinitx.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvoglshim64.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\nvoglv64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvopencl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvptxJitCompiler.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvumdshimx.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvwgf2umx.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\odbcconf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\oemlicense.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\oleacc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\oleacchooks.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\oleaut32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\omadmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\omadmclient.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\OneBackupHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\OpcServices.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\OpenAL32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\OpenCL.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PackageStateRoaming.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PeerDist.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PeerDistSh.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PeerDistSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PhoneCallHistoryApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PhotoScreensaver.scr:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PimIndexMaintenance.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PimIndexMaintenanceClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Pimstore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\pku2u.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PlayToReceiver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\pmcsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\pnpclean.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\policymanager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\polstore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PortChanger.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\POSyncServices.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PresentationHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PresentationHostProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PrintDialogs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PrintDialogs3D.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\printfilterpipelinesvc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\profext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\propsys.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provdatastore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provhandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provisioningcsp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provops.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ProvPluginEng.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provtool.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ProximityService.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PsmServiceExtHost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\psmsrv.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\puiapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\puiobj.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\qdvd.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\quartz.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RADCUI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rasgcw.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rasman.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rasmans.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RasMediaManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rdbui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rdpcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rdpcorets.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rdpinput.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rdpudd.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rdvidcrl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RDXService.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RDXTaskFactory.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RecoveryDrive.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ReInfo.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\remoteaudioendpoint.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RemoteNaturalLanguage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RESAMPLEDMO.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\resutils.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RMActivate.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RMActivate_isv.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RMActivate_ssp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RMActivate_ssp_isv.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rpcss.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rsaenh.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\RTMediaFrame.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\samlib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\scapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SCardDlg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\schedsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sdengin2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sdrsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sdshext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SearchIndexer.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SecConfig.efi:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\seclogon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\secproc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\secproc_isv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SensorDataService.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SensorsApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sessionmsg.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\SettingMonitor.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Geolocation.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Notifications.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_nt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\setupapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\shacct.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SharedStartModel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SharedStartModelShim.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\ShareHost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sharemediacpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SHCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\shsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\shutdownux.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SIHClient.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\SmartcardCredentialProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SmiEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SmsRouterSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\spcompat.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SpeechPal.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sppcext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sppobjs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sppsvc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sppwinob.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sqmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SRHInproc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\srmclient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\srmscan.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\srvcli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SSShim.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\StikyNot.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\storewuauth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SubscriptionMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sxs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\syncmlhook.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\syncutil.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sysmain.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerServer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.Handlers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\taskcomp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\taskeng.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Taskmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\taskschd.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\tbauth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\tcpmon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\tetheringclient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\tetheringservice.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\TextInputFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\tileobjserver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\TokenBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\TokenBrokerCookies.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\tpmvsc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\tsmf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\TSWorkspace.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\twinapi.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ubpm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ucrtbase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\udhisapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\uDWM.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UIRibbon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UIRibbonRes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\unimdm.tsp:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Unistore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\updatehandlers.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\upnpcont.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\upnphost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\usbaaplrc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UserDataAccountApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UserDataLanguageUtil.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UserDataService.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UserDataTimeUtil.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UserDataTypeHelperUtil.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\userenv.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\UserLanguagesCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\usermgr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\usermgrcli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UserMgrProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\usocore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UXInit.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\uxtheme.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Vault.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\vaultcli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\vaultsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\VCardParser.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\vds.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\vdsutil.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\VEEventDispatcher.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\verifiergui.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\VEStoreEventHandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\VIDRESZR.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\vssapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\vsstrace.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\VSSVC.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\vss_ps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\vulkaninfo-1-1-0-26-0.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\vulkaninfo.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WalletService.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wbengine.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wcmcsp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wcnwiz.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wdc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01007.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01011.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wdigest.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WebcamUi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\webservices.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\werconcpl.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\wermgr.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\werui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wfapigp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wiaaut.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wiarpc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wifinetworkmanager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wifiprofilessettinghandler.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\win32kbase.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winbici.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winbrand.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Windows.AccountsControl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.Desktop.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.OneCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.ProxyStub.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Enumeration.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Midi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Picker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.PointOfService.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Scanners.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Usb.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.Preview.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Management.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Audio.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Editing.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Import.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.MediaControl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Connectivity.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.HostName.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Proximity.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Speech.Pal.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepository.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepositoryClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\windows.storage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.Search.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BioFeedback.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Cred.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Logon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.PicturePassword.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Shell.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecsExt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecsRaw.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wininit.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winipcfile.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winipcsecproc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winmsipc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WinSAT.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winsku.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winspool.drv:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WinUSBCoInstaller.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\wkscli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WLanConn.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wlangpui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WlanMediaManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WlanMM.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wlanmsm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wlanpref.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wlanui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wldp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wlidcli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wlidprov.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\WMADMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WMADMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WMALFXGFXDSP.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WMASF.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wmdrmdev.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wmdrmsdk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WMNetMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wmp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WMPDMC.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WmpDui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WMPhoto.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wmploc.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wmpmde.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wmpps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WMVCORE.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WMVDECOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WMVENCOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WMVSDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WMVSENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WMVXENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\workfolderssvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Wpc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wpccpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WpcMon.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WpcWebSync.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wpdshext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WPDShServiceObj.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wpninprc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wpr.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WPTaskScheduler.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wpx.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wrap_oal.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WSClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WsmAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WsmAuto.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\wsmprovhost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WsmWmiPl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wsp_fs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wsp_health.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wsqmcons.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WSService.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WSShared.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WSSync.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wuautoappupdate.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WUDFPlatform.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\WUDFx.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WUDFx02000.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wudriver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wusa.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wuuhext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WwaApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wwancfg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XblAuthManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XboxNetApiSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XpsDocumentTargetPrint.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XpsFilt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XpsPrint.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xpsrchvw.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xpsservices.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ztrace_maps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AdmTmpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\advapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\apphelp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AppIdPolicyEngineApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\appmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepsync.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxAllUserStore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxPackaging.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxSip.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\authfwcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\azroleui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BCP47Langs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\bcryptprimitives.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BingMaps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\blackbox.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\browcli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\cabinet.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CallHistoryClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvut.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\cemapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\certca.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\certcli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\certmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakra.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakradiag.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ChatApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CheckNetIsolation.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ChezSC32.DLL:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\cic.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Clipc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdl32.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\cmipnpinstall.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\COLORCNV.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\common_clang32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\comuid.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ContactApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreMessaging.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreUIComponents.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CredProvDataModel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovhost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\credssp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10level9.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_47.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\DafPrintProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\DbgModel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dcomp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceaccess.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceassociation.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairing.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\devmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\directmanipulation.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Display.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dlnashext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dmdskmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3gpui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3ui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\drmmgrtn.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dui70.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\duser.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\eapp3hst.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\eappcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\eappgnui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\eapphost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\eappprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\easwrt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\edgehtml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\efswrt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\els.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\EmailApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\EncDec.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ExecModelClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\expand.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ExSMime.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\extrac32.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\filemgmt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\findnetprinters.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\fontdrvhost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\fwbase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\fwcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\FWPUCLNT.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\GamePanel.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Geolocation.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\gpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\gpedit.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\GPhotos.scr:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\gpprefcl.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\gpscript.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\hevcdecoder.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\hlink.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\hnetcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\hppccompio.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\iassvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\IdCtrls.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ieproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ieui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ig75icd32.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\igc32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igd10idpp32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igd10iumd32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igd11dxva32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igd12umd32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igdail32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igdbcl32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igdde32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igdfcl32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igdmcl32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igdmd32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igdrcl32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igdumdim32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igdusc32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igfx11cmrt32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxcmjit32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxcmrt32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxexps32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\iglhcp32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\iglhsip32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\InputService.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\IntelOpenCL32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\IoTAssignedAccessLockFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsecsnp.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsmsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\JpMapControl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\KBDAZE.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\KBDAZEL.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\KBDAZST.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\kbdgeoqw.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\kerberos.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\kernel32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ksproxy.ax:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\licensingdiag.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\LogonController.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Magnification.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Magnify.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\makecab.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MapConfiguration.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MapControlCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MBCfg32.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\MBCfg32.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\mbsmsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MCRecvSrc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MessagingDataModel2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MFCaptureEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfh264enc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfpmp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mftranscode.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfvdsp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mmc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcbase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcndmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcshext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mmsys.cpl:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mos.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MosHostClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MP3DMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MP43DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MP4SDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MPG4DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mqrt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAJApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mscms.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfuimanager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msftedit.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2adec.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msnetobj.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msorcl32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mspaint.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msscntrs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msscp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mssph.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mssphtb.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mssvp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcp_win.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mswsock.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxoci.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mycomput.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NAPCRYPT.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NaturalLanguage6.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptprov.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptsslp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\netapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\netcenter.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\netcfgx.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupShim.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\netshell.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NetworkCollectionAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ninput.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmgp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NotificationObjFactory.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ntprint.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvaudcap32v.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvcompiler.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvcuda.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvcuvid.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvd3dum.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvEncMFTH264.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvEncodeAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NvFBC.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NvIFR.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NvIFROpenGL.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvinit.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvoglshim32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvoglv32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvopencl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvumdshim.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvwgf2um.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\oemlicense.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacchooks.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\oleaut32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\OpcServices.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenAL32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenCL.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\PackageStateRoaming.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\PeerDist.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\PeerDistSh.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoScreensaver.scr:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Pimstore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\pku2u.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\PnkBstrA.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\policymanager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\polstore.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\POSyncServices.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\PresentationHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\PresentationHostProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintConfig.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintDialogs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\profext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\propsys.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\provcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\puiapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\puiobj.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\pwrshplugin.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\qdvd.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\qedit.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\quartz.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\rasgcw.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\rasman.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvidcrl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\ReInfo.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ResDefA.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\resutils.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_isv.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_ssp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\rsaenh.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\RTMediaFrame.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\samlib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SCardDlg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFilterHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchIndexer.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_isv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingMonitor.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\setupapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\shacct.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ShareHost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SHCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\shsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\sppcext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\sqmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SRH.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\SRHInproc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\srmclient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\srvcli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SSShim.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\StructuredQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\sxs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\taskcomp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\taskeng.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Taskmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\taskschd.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\tbauth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\tetheringclient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\TextInputFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\tsmf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ucrtbase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\udhisapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbonRes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdm.tsp:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Unistore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\upnpcont.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\upnphost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\usbceip.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\usercpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataAccountApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\userenv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\usermgrcli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UserMgrProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\usoapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UXInit.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\uxtheme.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Vault.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\vaultcli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\VCardParser.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\VEEventDispatcher.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\verifiergui.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\VIDRESZR.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\vssapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\vsstrace.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-26-0.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\vulkaninfo.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wcnwiz.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wdc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wdigest.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WebcamUi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\webservices.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wermgr.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\werui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wfapigp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wiaaut.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wimgapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\winbrand.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.Preview.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Import.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Proximity.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepository.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\windows.storage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.Search.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Http.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\winipcfile.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\winipcsecproc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\winmsipc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\winsku.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\winspool.drv:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wkscli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wlancfg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WLanConn.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wlangpui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WlanMM.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanmsm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanpref.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wlansec.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wldp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidprov.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WMASF.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmdev.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmsdk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WMNetMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wmp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPDMC.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WmpDui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPhoto.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wmploc.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVCORE.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVDECOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVENCOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVXENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Wpc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wpdshext.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShServiceObj.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wrap_oal.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WSClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAgent.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAuto.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wsmprovhost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmWmiPl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_fs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_health.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WSShared.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WSSync.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wudriver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsFilt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsPrint.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsrchvw.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsservices.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ztrace_maps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\afd.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\avgntflt.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\avipbb.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\avkmgr.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\avnetflt.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\bowser.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\bridge.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\BthAvrcpTg.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\BthLEEnum.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthport.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\buttonconverter.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ccdcmbx64.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dfsc.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\Dot4.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\Dot4Prt.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\Dot4usb.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\e2xw10x64.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ETD.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\fastfat.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\fvevol.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\genericusbfn.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\gpuenergydrv.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\Hamdrv.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\hdaudbus.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\HdAudio.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\igdkmd64.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\intelaud.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\iwdbus.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecdd.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecpkg.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\netbt.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\netio.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvlddmkm.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvpciflt.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvvad64v.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\nwifi.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\pccsmcfdx64.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\pci.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\pdc.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\portcls.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\rasl2tp.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\rmcast.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\scfilter.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\serial.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv2.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\srvnet.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudmdm.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\stornvme.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\tdx.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\tm.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\usb8023.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbaapl64.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbd.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbhub.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBHUB3.SYS:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbport.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbscan.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbser.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbser_lowerfltx64.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBSTOR.SYS:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\Wdf01000.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdiWiFi.sys:$CmdTcID [64] AlternateDataStreams: C:\Users\krzylew\Desktop\10984147_1170339909659608_1131012075125167291_n.jpg:$CmdTcID [64] AlternateDataStreams: C:\Users\krzylew\Desktop\10984147_1170339909659608_1131012075125167291_n.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\krzylew\Desktop\11894596_1707988252758304_910417226881953348_o.jpg:$CmdTcID [64] AlternateDataStreams: C:\Users\krzylew\Desktop\11894596_1707988252758304_910417226881953348_o.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\krzylew\Desktop\11949477_10200870788048321_9087792311627909264_n.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\krzylew\Desktop\1913394_10205241504700753_139364887961264017_o.jpg:$CmdTcID [64] AlternateDataStreams: C:\Users\krzylew\Desktop\1913394_10205241504700753_139364887961264017_o.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\krzylew\Desktop\AdvancedComputationalFluidDynamics_MS.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\krzylew\Desktop\Aerodynamics_Majewski_test_2_problems.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\krzylew\Desktop\Aerodynamics_Szumbarski_midterm_examination_problems.pdf:$CmdTcID [64] AlternateDataStreams: C:\Users\krzylew\Desktop\Aerodynamics_Szumbarski_midterm_examination_problems.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\krzylew\Desktop\ALLEN CARR.doc:$CmdZnID [26] AlternateDataStreams: C:\Users\krzylew\Desktop\CFD-TrainingExamples.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\krzylew\Desktop\cfd_zad3_solution.jpg:$CmdTcID [64] AlternateDataStreams: C:\Users\krzylew\Desktop\cfd_zad3_solution.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\krzylew\Desktop\ComputationalFluidDynamics_20140910.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\krzylew\Desktop\eVic-VTwo-Mini-Manual.pdf:$CmdTcID [64] AlternateDataStreams: C:\Users\krzylew\Desktop\eVic-VTwo-Mini-Manual.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\krzylew\Desktop\FiberFreaksWicks.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\krzylew\Desktop\FRST64.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\krzylew\Desktop\FRST64.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\krzylew\Desktop\fwdcfd2.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\krzylew\Desktop\fwdcfd2.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\krzylew\Desktop\fwdcfd3mostimportantsolutionto3question.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\krzylew\Desktop\HARRISON'S NOTES.pdf:$CmdTcID [64] AlternateDataStreams: C:\Users\krzylew\Desktop\HARRISON'S NOTES.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\krzylew\Desktop\kartaKodow.jpg:$CmdTcID [130] AlternateDataStreams: C:\Users\krzylew\Desktop\kartaKodow.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\krzylew\Desktop\LAB-2.docx:$CmdTcID [64] AlternateDataStreams: C:\Users\krzylew\Desktop\LAB-2.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\krzylew\Desktop\LAB-2_r.pdf:$CmdTcID [64] AlternateDataStreams: C:\Users\krzylew\Desktop\LAB-2_r.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\krzylew\Desktop\LAB-3.docx:$CmdTcID [64] AlternateDataStreams: C:\Users\krzylew\Desktop\LAB-3.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\krzylew\Desktop\LAB-3.pdf:$CmdTcID [64] AlternateDataStreams: C:\Users\krzylew\Desktop\LAB-3.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\krzylew\Desktop\LAB-5-1.docx:$CmdTcID [64] AlternateDataStreams: C:\Users\krzylew\Desktop\LAB-5-1.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\krzylew\Desktop\LAB-5.docx:$CmdTcID [64] AlternateDataStreams: C:\Users\krzylew\Desktop\LAB-5.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\krzylew\Desktop\LAB-5.pdf:$CmdTcID [64] AlternateDataStreams: C:\Users\krzylew\Desktop\LAB-5.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\krzylew\Desktop\LectureNotes-TurbulenceModeling-3.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\krzylew\Desktop\lfzb5xbo.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\krzylew\Desktop\lfzb5xbo.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\krzylew\Desktop\Majewski_answers.pdf:$CmdTcID [64] AlternateDataStreams: C:\Users\krzylew\Desktop\Majewski_answers.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\krzylew\Desktop\Robbins Anthony - Obudź w Sobie Olbrzyma.pdf:$CmdTcID [64] AlternateDataStreams: C:\Users\krzylew\Desktop\Robbins Anthony - Obudź w Sobie Olbrzyma.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\krzylew\Desktop\sem_7_inz_v4.pdf:$CmdTcID [64] AlternateDataStreams: C:\Users\krzylew\Desktop\sem_7_inz_v4.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\krzylew\Desktop\Training examples CFD.pdf:$CmdZnID [26] ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: ========================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2013-08-22 14:25 - 2016-10-09 18:02 - 00005996 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 0.0.0.0 a.ads1.msn.com 0.0.0.0 a.rad.msn.com 0.0.0.0 ads1.msn.com 0.0.0.0 b.ads1.msn.com 0.0.0.0 b.rad.msn.com 0.0.0.0 live.rads.msn.com 0.0.0.0 rad.msn.com ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-2561400256-4022948847-1981891818-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\krzylew\Pictures\sailing_boat_close_up.jpg DNS Servers: 192.168.192.168 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk" HKLM\...\StartupApproved\Run: => "Radio Manager" HKLM\...\StartupApproved\Run32: => "Diamondback" HKLM\...\StartupApproved\Run32: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "KiesTrayAgent" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui" HKLM\...\StartupApproved\Run32: => "iSkysoft Helper Compact.exe" HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe" HKLM\...\StartupApproved\Run32: => "HP Software Update" HKU\S-1-5-21-2561400256-4022948847-1981891818-1001\...\StartupApproved\Run: => "DAEMON Tools Lite" HKU\S-1-5-21-2561400256-4022948847-1981891818-1001\...\StartupApproved\Run: => "KiesPreload" ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{F1744C4E-A42E-4010-A05E-C0894C53E161}] => (Allow) LPort=161 FirewallRules: [{F6F5B74F-2FE7-487D-BCAD-96C55FAF3841}] => (Allow) LPort=427 FirewallRules: [{FBD8857A-FCD6-48F0-877D-C2FADFD01476}] => (Allow) LPort=9100 FirewallRules: [{30D6CA16-23AF-44D4-92FA-F71C35EAE1A9}] => (Allow) C:\Users\krzylew\AppData\Local\Temp\7zS7ECE\ProductInst64.exe FirewallRules: [{129BABFC-B2C7-43B3-8019-4918C9747E6F}] => (Allow) C:\Users\krzylew\AppData\Local\Temp\7zS7ECE\ProductInst64.exe FirewallRules: [{DF92184C-D192-4ED5-8E93-8E0B9A494D42}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe FirewallRules: [{0C449899-CA97-420B-ADB1-4BA1450C1285}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe FirewallRules: [{4D8160E8-8667-4B2C-811E-DB199734D0C5}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{07F66E47-DC03-4BF3-80B9-909F273E7A29}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{280518B3-970B-40C8-9B8C-B4F14583EA9C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{232ECFD8-C2C9-4507-903A-5C13668CA115}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{4821F982-E374-4C85-993A-FCE60B902009}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{40C4F31B-4A1A-45DF-B7DA-0219E27D9217}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{E9EA587B-BF06-4F27-8C3F-B18E79B473BD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\America's Army\AAPG\Binaries\AALauncher32.exe FirewallRules: [{DBF0418C-AD43-4988-8699-A478521B6648}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\America's Army\AAPG\Binaries\AALauncher32.exe FirewallRules: [UDP Query User{CED5C17D-8EE3-4D00-AFF3-8029DBF96CF4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{758DBD88-33E0-4D69-8B82-C08CBC659327}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{DF9E4130-40F9-4F18-860B-C3236EE8F315}C:\program files (x86)\medieval 2 total war gold\medieval2.exe] => (Allow) C:\program files (x86)\medieval 2 total war gold\medieval2.exe FirewallRules: [TCP Query User{79B800E7-438D-48E2-9AE2-AAC4C23B1CB0}C:\program files (x86)\medieval 2 total war gold\medieval2.exe] => (Allow) C:\program files (x86)\medieval 2 total war gold\medieval2.exe FirewallRules: [{69E9513F-42E9-43E7-9AC3-EA4FD49957AD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe FirewallRules: [{1C04574B-D7EA-419B-A107-225B22DC5AD7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe FirewallRules: [{06BEF193-F2DC-48D7-AE1E-067F5D64C31A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{D1F8D3D3-575A-495C-81FE-9AF58BD2733B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [UDP Query User{D9673CEC-D079-43D3-B3A1-AC62460DFD85}C:\program files (x86)\r.g. mechanics\far cry 4\bin\farcry4.exe] => (Allow) C:\program files (x86)\r.g. mechanics\far cry 4\bin\farcry4.exe FirewallRules: [TCP Query User{EF22AAD8-A4D7-41E5-BFA5-46F0C9ED60D0}C:\program files (x86)\r.g. mechanics\far cry 4\bin\farcry4.exe] => (Allow) C:\program files (x86)\r.g. mechanics\far cry 4\bin\farcry4.exe FirewallRules: [UDP Query User{A70B1B28-FC62-477A-8C1A-DD13721BC71E}C:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe FirewallRules: [TCP Query User{A6B271DE-6405-41BD-BE6F-0EF6EA4F23C1}C:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe FirewallRules: [{7BD31435-E463-4515-817D-FAA0D4442A19}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{9A151FF5-CFDC-49DF-B886-A4CF749A349C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{256DB27E-8112-4BCE-8DDF-32A87D0F37CB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{43F12F16-1B09-47A9-BF08-6BE30E222638}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{28FCC427-C139-406A-9E51-76B30C242354}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{5058E8C9-8519-45D5-829E-EDE03D204EC7}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{B6C753D4-D9A2-488A-9918-2063AA93784D}] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{32D08559-3D6C-4F94-8D0A-E26452AAFEDE}] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [UDP Query User{9D05F65F-56B6-4790-B553-6DFF80454787}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [TCP Query User{D1DF85AA-6C76-4B57-A85E-2657C6C4A9D5}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{DF142897-3610-4FE6-8A3C-F0B0E5DCF120}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{12E8CA44-1100-4F75-BA4E-29B1D0B48232}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{55ACF271-A876-4F37-8B7E-9F440D9EA013}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{E55068BF-0192-41D3-88CE-0DB5D32BE6C5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{F03D67C7-AE73-463F-B798-9B150569488D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{7EE00FF1-C2A7-4C4C-BEEA-9E4DF58CEB5B}] => (Allow) C:\Users\krzylew\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{BFED91CC-6CD4-4054-A799-7F418175D7B2}] => (Allow) C:\Users\krzylew\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{52900A84-C25E-4AFF-9487-163E882D4AB6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\America's Army\AAPG\Binaries\AALauncher32.exe FirewallRules: [{1576F3BE-8F7B-4D92-99F9-4BAD4F46061F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\America's Army\AAPG\Binaries\AALauncher32.exe FirewallRules: [{D1BB2429-8362-4E80-8CA3-CEFCFF89C2A5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\America's Army\AAPG\Binaries\Win32\AALauncher32.exe FirewallRules: [{918783B2-EB52-4A08-9DEA-E973B748231A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\America's Army\AAPG\Binaries\Win32\AALauncher32.exe FirewallRules: [{84C87C61-FCBE-4BFD-A1EF-0FD327B221EB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{F74137D2-2AC2-4727-8100-CF7EDA3E652B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{84DC2F40-8E0F-4A4B-80CF-EA277D38497D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{7DF073E9-1E81-4658-AEB2-2D2A8062BF45}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{019698AF-B615-4BE9-B497-8CF7DB3EC30B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{4C9A7481-1BBE-4EFC-A456-507B3BE1FE9B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{C2DC553B-83F4-4A28-864B-F1C78DFD8889}C:\users\krzylew\appdata\roaming\25assist\armyops\system\armyops.exe] => (Allow) C:\users\krzylew\appdata\roaming\25assist\armyops\system\armyops.exe FirewallRules: [UDP Query User{A941F8CF-3145-4692-A68A-18E4E5A9114A}C:\users\krzylew\appdata\roaming\25assist\armyops\system\armyops.exe] => (Allow) C:\users\krzylew\appdata\roaming\25assist\armyops\system\armyops.exe FirewallRules: [TCP Query User{CE223FE2-D66D-4469-9AA5-9E72D65E34A5}C:\program files (x86)\xcom 2\binaries\win64\xcom2.exe] => (Block) C:\program files (x86)\xcom 2\binaries\win64\xcom2.exe FirewallRules: [UDP Query User{7509FB7B-F6D0-4E9F-B14A-E666392B7D28}C:\program files (x86)\xcom 2\binaries\win64\xcom2.exe] => (Block) C:\program files (x86)\xcom 2\binaries\win64\xcom2.exe FirewallRules: [{BAA0DBE8-33DF-4D8A-87DD-3C58AF04B199}] => (Allow) C:\Users\krzylew\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{3D4E4811-CC83-4435-B78E-5A0BC207241E}] => (Allow) C:\Users\krzylew\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{CC7865C7-4233-4314-9E79-9C0E18996EDF}] => (Allow) C:\Users\krzylew\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{9D35EB96-559A-4652-8DBA-2CB53643375C}] => (Allow) C:\Users\krzylew\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{B8B50690-666D-43D8-B601-671BB1045116}] => (Allow) C:\Users\krzylew\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{80F93E11-AB10-4CC6-B5D6-3D6E9DA6118D}] => (Allow) C:\Users\krzylew\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{D9F1F55B-CA18-49E2-BE88-42A08B6DB310}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{BBEEB0F9-3428-4F99-8C9C-2AA8AEF511EA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{9F4AB913-680D-46A4-90FA-BE665232BB6C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{AF567D73-F3AF-484A-8867-41E9B5FD9DCC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{BC86A2B7-F232-483D-951F-D7BD98479284}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{9A413B97-B8E2-43D6-8DBA-BF37E06AE4B4}C:\program files (x86)\r.g. mechanics\total war - rome ii\rome2.exe] => (Block) C:\program files (x86)\r.g. mechanics\total war - rome ii\rome2.exe FirewallRules: [UDP Query User{97E354B3-91E7-4AD3-BAD1-70EF5311E494}C:\program files (x86)\r.g. mechanics\total war - rome ii\rome2.exe] => (Block) C:\program files (x86)\r.g. mechanics\total war - rome ii\rome2.exe FirewallRules: [TCP Query User{2616F212-C5C7-4855-AF5B-0A4927BD3E1D}C:\program files\ansys inc\v172\framework\bin\win64\ansysfww.exe] => (Allow) C:\program files\ansys inc\v172\framework\bin\win64\ansysfww.exe FirewallRules: [UDP Query User{3BB50003-0B59-4EFD-BB54-886101E53375}C:\program files\ansys inc\v172\framework\bin\win64\ansysfww.exe] => (Allow) C:\program files\ansys inc\v172\framework\bin\win64\ansysfww.exe FirewallRules: [TCP Query User{FDFF1E47-974A-4D74-A004-CE0C16F8DF71}C:\program files\ansys inc\v172\rsm\bin\ans.rsm.jmhost.exe] => (Allow) C:\program files\ansys inc\v172\rsm\bin\ans.rsm.jmhost.exe FirewallRules: [UDP Query User{11B752AF-911C-4AD9-90D5-2AC269A56347}C:\program files\ansys inc\v172\rsm\bin\ans.rsm.jmhost.exe] => (Allow) C:\program files\ansys inc\v172\rsm\bin\ans.rsm.jmhost.exe FirewallRules: [TCP Query User{8346C6A4-4746-401A-A4AD-D7CE689A53C7}C:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe] => (Allow) C:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe FirewallRules: [UDP Query User{D646C262-EF14-45EC-9A11-65F4F9C65568}C:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe] => (Allow) C:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe FirewallRules: [{6C70B36D-CC4A-4B5A-B452-3D3C51B7A59E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{4755B624-387A-4E4F-B168-54A189D49C6B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{3966A5F8-895D-4EC0-8731-969F14BD6203}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{9C77579E-72DD-4F97-BA11-B4079BD2D189}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{13FB35FB-B90E-4310-8AF6-46C9E64158D3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{08920EC1-C178-48C3-8DF7-C31E91409FEA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{F3602957-1FB5-485E-A7F5-0BF634ACD278}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe FirewallRules: [{2A1F5CD9-1BCC-4A04-AE67-EBC00C3F9FE9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{0C2BEF76-9B46-410C-A2AF-B6F07962B86A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{6DAAB775-5584-4E9E-8434-EC80013B9172}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{1C648C58-D37D-48DC-814C-38070BD2255D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe FirewallRules: [{B5F81085-8048-4761-AD6A-FFB0D35E47E6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{94E27D4B-5C7D-483B-BE64-00D77884355A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{2E06B590-203F-4C44-A342-4B306FF9C19E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{E01F9CE0-0253-4A75-B856-FBD10178A274}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{EE92A858-07DC-4869-9151-3130E3A2051D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{0E0F023D-3231-469A-901E-1F311259C6A3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{324E6FD8-1A9B-4150-8FB5-E65B6E4776AC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{AA276A9B-298B-41A7-8023-C8D4DB8358AD}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{C3844CB7-262F-4084-B1C4-BCA2A7CDF773}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Punkty Przywracania systemu ========================= 02-11-2016 19:37:23 Windows Update 09-11-2016 20:04:48 Windows Update 17-11-2016 15:52:11 Zaplanowany punkt kontrolny ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= Name: Radio Switch Device Description: Radio Switch Device Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: ENE TECHNOLOGY INC. Service: mshidumdf Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (11/18/2016 12:23:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: krzylew-laptop) Description: Aktywacja aplikacji Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp nie powiodła się. Błąd: -2147024769. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (11/18/2016 09:42:21 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: krzylew-laptop) Description: Aktywacja aplikacji Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp nie powiodła się. Błąd: -2147024769. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (11/18/2016 09:33:40 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (11/18/2016 08:45:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: krzylew-laptop) Description: Aktywacja aplikacji Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp nie powiodła się. Błąd: -2147024769. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (11/18/2016 12:41:13 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: krzylew-laptop) Description: Aktywacja aplikacji Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp nie powiodła się. Błąd: -2147024769. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (11/18/2016 12:32:25 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (11/18/2016 12:29:26 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (11/18/2016 12:46:55 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (11/18/2016 12:27:12 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (11/18/2016 12:11:55 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla „C:\Users\krzylew\Desktop\esetsmartinstaller_plk.exe”. Błąd w pliku manifestu lub w pliku zasad „” w wierszu . Wersja składnika wymagana przez aplikację powoduje konflikt z inną wersją składnika, która jest już aktywna. Składniki powodujące konflikt: Składnik 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.17184_none_f41d7a705752bce6.manifest. Składnik 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.17184_none_3bcab1476bcee5ec.manifest. Dziennik System: ============= Error: (11/18/2016 09:43:27 AM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} i identyfikatorem aplikacji APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Niedostępny (Niedostępny). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. Error: (11/18/2016 09:43:27 AM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} i identyfikatorem aplikacji APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Niedostępny (Niedostępny). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. Error: (11/18/2016 09:43:27 AM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} i identyfikatorem aplikacji APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Niedostępny (Niedostępny). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. Error: (11/18/2016 09:43:26 AM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} i identyfikatorem aplikacji APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Niedostępny (Niedostępny). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. Error: (11/18/2016 09:43:26 AM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} i identyfikatorem aplikacji APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Niedostępny (Niedostępny). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. Error: (11/18/2016 09:43:26 AM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} i identyfikatorem aplikacji APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Niedostępny (Niedostępny). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. Error: (11/18/2016 09:43:25 AM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} i identyfikatorem aplikacji APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Niedostępny (Niedostępny). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. Error: (11/18/2016 09:43:25 AM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} i identyfikatorem aplikacji APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Niedostępny (Niedostępny). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. Error: (11/18/2016 09:43:24 AM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} i identyfikatorem aplikacji APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Niedostępny (Niedostępny). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. Error: (11/18/2016 09:43:24 AM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} i identyfikatorem aplikacji APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń SID (S-1-5-19) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Niedostępny (Niedostępny). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. CodeIntegrity: =================================== Date: 2016-11-18 12:33:28.886 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-11-18 12:23:38.195 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-11-18 10:24:04.747 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-11-18 09:40:20.013 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-11-18 09:30:55.737 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-11-18 09:22:56.003 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-11-18 09:11:44.384 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-11-18 01:21:12.292 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-11-18 01:14:12.851 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-11-18 00:26:52.161 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\guard64.dll because the set of per-page image hashes could not be found on the system. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz Procent pamięci w użyciu: 58% Całkowita pamięć fizyczna: 8112.65 MB Dostępna pamięć fizyczna: 3361.92 MB Całkowita pamięć wirtualna: 16304.65 MB Dostępna pamięć wirtualna: 11618.97 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:222.01 GB) (Free:26.07 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== Koniec Addition.txt ============================