Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 01-01-2017 Uruchomiony przez Damian (05-01-2017 08:40:38) Uruchomiony z C:\Users\Damian\Downloads Windows 10 Home Wersja 1607 (X64) (2016-09-26 10:34:36) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-3933859105-196285215-2267922907-500 - Administrator - Disabled) Damian (S-1-5-21-3933859105-196285215-2267922907-1001 - Administrator - Enabled) => C:\Users\Damian Gość (S-1-5-21-3933859105-196285215-2267922907-501 - Limited - Disabled) Konto domyślne (S-1-5-21-3933859105-196285215-2267922907-503 - Limited - Disabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: COMODO Antivirus (Enabled - Up to date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D} AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) 64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden 7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov) Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated) Aktualizacje NVIDIA 2.11.4.0 (Version: 2.11.4.0 - NVIDIA Corporation) Hidden Ansel (Version: 372.54 - NVIDIA Corporation) Hidden Astroburn Lite (HKLM\...\Astroburn Lite) (Version: 2.0.0.0204 - Disc Soft Ltd) Brother MFL-Pro Suite MFC-J6920DW (HKLM-x32\...\{6A367B4D-2E1C-4843-9FF0-A1DF1DEAB1E6}) (Version: 1.0.0.0 - Brother Industries, Ltd.) BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Bullzip PDF Printer 10.10.0.2307 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.10.0.2307 - Bullzip) calibre 64bit (HKLM\...\{9825E222-549C-44FA-A285-D1123AD63519}) (Version: 2.76.0 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform) Centrum obsługi urządzeń z systemem Windows Mobile (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation) Common Desktop Agent (Version: 1.62.0 - OEM) Hidden COMODO Internet Security Premium (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}) (Version: 7.0.55655.4142 - COMODO Security Solutions Inc.) CorelDRAW Graphics Suite X5 - BR (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - CZ (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - IPM HSE (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - NL (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - PL (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - RU (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Home & Student Suite X5 - Extra Content (HKLM-x32\...\_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}) (Version: - Corel Corporation) CorelDRAW Home & Student Suite X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Home & Student Suite X5 (x32 Version: 15.1 - Corel Corporation) Hidden CorelDRAW(R) Home & Student Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation) CrystalDiskInfo 7.0.0 Shizuku Edition (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.0 - Crystal Dew World) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) Didger 4 (HKLM-x32\...\{92B03523-95ED-4E6F-A380-638EF1ED7CE3}) (Version: 4.0.2136.0 - Golden Software, Inc.) DJ_AIO_06_K209a-z_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Firebird 2.5.0.26074 (x64) (HKLM-x32\...\Firebird 2.5.0.26074 (x64)) (Version: 2.5.0.26074 - The Firebird Project) Firebird 2.5.0.26074 (x64) (Version: 2.5.0.26074 - The Firebird Project) Hidden Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries) Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries) Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries) Garmin Trip and Waypoint Manager v5 (HKLM-x32\...\{414A373B-59DF-4102-94CA-9FE9A74CBDDA}) (Version: 5.0.0.0 - Garmin Ltd or its subsidiaries) Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries) Geo-Trans (HKLM-x32\...\{95841D3C-C2AD-47C7-A953-E75DD3861EFF}) (Version: 5.68.0.0 - GEO-SYSTEM sp. z o.o.) Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden HP Deskjet Ink Advant K209a-z All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{6051912A-F7B8-445C-A99D-81AA4C118836}) (Version: 14.0 - HP) HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4248 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.3.34 - Intel Corporation) Internet Manager (HKLM-x32\...\Internet Manager) (Version: 22.001.18.13.49 - Huawei Technologies Co.,Ltd) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation) JetBrains PyCharm Community Edition 4.5.3 (HKLM-x32\...\PyCharm Community Edition 4.5.3) (Version: 141.1899 - JetBrains s.r.o.) K209a-z (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden kED 2.1.4.0 (HKLM-x32\...\kED_is1) (Version: - ) Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.82 - Logitech) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office 2013 dla Użytkowników Domowych i Małych Firm - pl-pl (HKLM\...\HomeBusinessRetail - pl-pl) (Version: 15.0.4885.1001 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation) NVIDIA Oprogramowanie systemu PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) NVIDIA Sterownik graficzny 372.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.54 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4885.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4885.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4885.1001 - Microsoft Corporation) Hidden Oracle Database 11g Express Edition (HKLM-x32\...\InstallShield_{05A7B662-80A3-4EB9-AE1D-89A62449431C}) (Version: 11.2.0 - Oracle Corporation) Oracle Database 11g Express Edition (Version: 11.2.0 - Oracle Corporation) Hidden Orange Connection (HKLM-x32\...\Orange Connection) (Version: 23.015.05.01.159 - Huawei Technologies Co.,Ltd) Panel sterowania NVIDIA 372.54 (Version: 372.54 - NVIDIA Corporation) Hidden Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK) (Version: 10.0.50903 - Microsoft Corporation) Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version: - Kakao Corp.) Python 3.4.3 (HKLM-x32\...\{CCD588A7-8D55-49F1-A30C-47FAB40889ED}) (Version: 3.4.16490 - Python Software Foundation) qBittorrent 3.3.10 (HKLM-x32\...\qBittorrent) (Version: 3.3.10 - The qBittorrent project) QGIS 2.18 2.18.0 Las (HKLM\...\QGIS 2.18) (Version: - QGIS Development Team) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications) Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.21 - Qualcomm Atheros) RAKSSQL (HKLM-x32\...\RAKSSQL) (Version: 2016.1.71010 - RAKS Sp. z o.o.) RAKSSQL (x32 Version: 2016.1.71010 - RAKS Sp. z o.o.) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21247 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.58.01(2014-10-20) - Samsung Electronics Co., Ltd.) Samsung ML-2160 Series (HKLM-x32\...\Samsung ML-2160 Series) (Version: 1.23 (2015-04-08) - Samsung Electronics Co., Ltd.) Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.0.15 - Samsung Electronics Co., Ltd.) Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.) Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-3933859105-196285215-2267922907-1001\...\Spotify) (Version: 1.0.42.151.g19de0aa6 - Spotify AB) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Strater 5 (Version: 5.1.746 - Golden Software, LLC) Hidden Strater 5 (HKLM-x32\...\Strater 5) (Version: 5.1.746 - Golden Software) System Requirements Lab Detection (HKLM-x32\...\{AA78AB27-EC76-4F4E-B877-14A3DFC05828}) (Version: 6.1.4.0 - Husdawg, LLC) System TL+ - angielsko-polski, wyd.4 (HKLM-x32\...\System TL+ - angielsko-polski, wyd.4) (Version: - ) Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH) Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.) VVVVVV (HKLM-x32\...\Steam App 70300) (Version: - Terry Cavanagh) WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin) WinRAR 5.11 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {07E4431B-1CD6-4FA0-9B76-26DFAAFA44FC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2016-09-27] (Safer-Networking Ltd.) Task: {0D83B61C-B076-48DF-96E3-31D49B14C899} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA Task: {156786AC-8AE3-43E4-A090-07287E2A6F64} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-27] (COMODO) Task: {16BB4D14-36BC-4FDD-B19B-24731EACF70B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-30] (Piriform Ltd) Task: {1C95882A-1D92-4744-8FB0-C19FA1E5F1B3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA Task: {1FEE3342-012D-4AEF-9FAC-04866507DEBE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {31AD6EFE-FAB3-46AD-9CC0-D71407FEC83E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA Task: {3B4FFFFF-B8F0-430C-A024-51A80C7FA9CD} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-27] (COMODO) Task: {3BA3C6B1-6347-4656-8785-BE32D92CA357} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {3FA2CA9B-253A-431A-947B-BB92AB051011} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {4C3C6C58-0AF9-43D7-82C1-A7A959DB115B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {50714814-9DC5-4602-BD07-A1C17233469F} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {5090963D-78FF-4D79-B841-7E0CDEDC16E6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA Task: {514F8650-03DE-4C21-82EA-B6725BA9A9F5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA Task: {57046E31-C4CF-4BE0-99A3-EC606D726BA6} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {5751B07E-4A6C-4FB7-996A-8E98D84245E4} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {58434C37-C24E-44D7-BC9A-73E048AE1520} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) Task: {5B6ACF79-2178-4279-B035-B3EAA6B9AD79} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {5C0AA426-88B3-409B-A170-BF0B6F8FAD19} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {5DBEFA09-9EA9-45CC-8D96-22560827EB97} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-12-14] (Microsoft Corporation) Task: {5E6E6BC0-4514-41FB-B974-5F583C5ED6D2} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA Task: {60D43C39-FE75-4907-BD6E-B3A680DD3C8D} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-27] (COMODO) Task: {65BFBB0E-4A54-456F-B314-F8F40AB4DDE7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {66E0F881-5B00-4E85-9B18-8B7CA67B7806} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-09-27] (Safer-Networking Ltd.) Task: {6A28D1A4-15B2-4200-9307-620BF0E45F15} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {79AE08AA-BEDB-41C3-981A-3D928572837A} - System32\Tasks\{3EABC93E-6127-4C8D-BDAC-CAF330C3C242} => pcalua.exe -a C:\Users\Damian\Downloads\Gmw_setup_10\Setup.exe -d C:\Users\Damian\Downloads\Gmw_setup_10 Task: {7EF3E61D-A2CC-453B-8932-AEAAC59F94AC} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {83645BE2-B546-4E25-8415-1615EFB1A8A9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-12-19] (Microsoft Corporation) Task: {8701B720-AFFD-4CD8-8448-3E46B095E716} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA Task: {8999BD1F-75EA-4D84-BE48-D73B80200308} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {8E007731-4874-4026-9AD4-697DE8B3D08A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {9875452A-ABC0-4309-9BDB-FE86AD294CB8} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-09-27] (COMODO) Task: {9CABC6CC-F6AC-4BFD-B55A-5BF5ACDDCC8B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.) Task: {9D39B992-8C23-4C3B-8823-110A300ABD98} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Brak pliku <==== UWAGA Task: {9D4D3B49-6E66-4A26-A96F-AAFB960B8057} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-09-27] (COMODO) Task: {A08A24CA-9F69-47A5-A5D6-3AAEAD620FF5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-12-19] (Microsoft Corporation) Task: {A4F58DFB-40A9-453B-B40B-6A78D6F57ED3} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {A8216421-FCAC-469F-ACF0-06A20C5B9B87} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {AAFE7F15-237D-454F-BC17-A34D6D6DB170} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {AB2CED9C-1CC3-4AFF-A0F7-BE1DAE6CDBD9} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe Task: {AC3A96B1-D323-44FA-92FA-1A20E3B4DDF9} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {ACB3BDD0-6A5D-4A8E-9D48-7A33DEF88CE0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA Task: {BC15E50D-FEBB-4AB5-9AFF-8A6F9234CAC0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA Task: {C398AE07-670E-47D6-A26D-C86E7C168E39} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA Task: {C54CB0F7-515C-43C8-BD2B-491EC11268B1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {CA119C24-25C3-4D19-BE28-1539ED15E71E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA Task: {D05905DE-BADC-4F71-BE0B-E354F67B3E72} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-09-27] (Safer-Networking Ltd.) Task: {D0C46B1B-AB29-4285-BD6E-DAB8241DF664} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {D8AC4061-C56D-4156-8486-88C2D3E8F187} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {EA736C83-2C4E-4129-9106-D2AE135F4E27} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.) Task: {EB65C8A4-C49B-4A4C-95D3-E463613E8B6A} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {ED6C5C38-0643-45E3-AC6B-61E40F55DDB4} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-27] (COMODO) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) ==================== Skróty ============================= (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) ShortcutWithArgument: C:\Users\Damian\Desktop\App Launcher for Messenger.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=bllmngcdibgbgjnginpehneeofhbmdjm ShortcutWithArgument: C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\App Launcher for Messenger.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=bllmngcdibgbgjnginpehneeofhbmdjm ShortcutWithArgument: C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome1.exe (Google Inc.) -> --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl ==================== Załadowane moduły (filtrowane) ============== 2016-02-22 15:01 - 2016-06-14 21:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2015-12-22 11:33 - 2016-06-14 21:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-06-07 08:00 - 2016-06-14 21:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-02-22 15:01 - 2016-06-14 21:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2014-01-15 04:42 - 2016-02-17 11:03 - 00351824 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe 2016-03-31 08:52 - 2016-10-03 08:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll 2015-09-25 10:49 - 2016-02-17 11:02 - 00651856 _____ () C:\ProgramData\Orange Connection\OnlineUpdate\ouc.exe 2016-01-13 10:05 - 2016-01-13 10:04 - 00678480 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe 2016-06-07 08:00 - 2016-06-14 21:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2016-06-07 08:00 - 2016-06-14 21:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-02-04 13:52 - 2016-06-14 21:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-06-07 08:00 - 2016-06-14 21:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2015-04-08 08:59 - 2015-05-07 11:51 - 00022528 _____ () C:\WINDOWS\System32\ssj1mlm.dll 2014-10-23 07:06 - 2016-05-24 08:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-12-14 08:55 - 2016-12-14 08:55 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-09-26 11:22 - 2016-08-11 13:27 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-12-14 08:55 - 2016-12-14 08:55 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-12-14 08:55 - 2016-12-14 08:55 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-09-26 11:37 - 2016-09-26 11:37 - 01864384 _____ () C:\Users\Damian\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll 2015-10-15 08:07 - 2015-10-15 08:07 - 00415128 _____ () C:\WINDOWS\system32\igfxTray.exe 2016-09-26 12:17 - 2016-09-26 12:17 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-12-14 08:55 - 2016-12-14 08:55 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-12-14 07:38 - 2016-12-14 07:39 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2016-12-14 07:38 - 2016-12-14 07:39 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2016-12-14 07:38 - 2016-12-14 07:39 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2016-12-14 07:38 - 2016-12-14 07:39 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll 2014-09-08 12:39 - 2014-09-08 12:39 - 00464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe 2014-09-08 12:38 - 2014-09-08 12:38 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll 2016-12-13 08:11 - 2016-12-13 08:11 - 03810816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1612.3341.0_x64__8wekyb3d8bbwe\Calculator.exe 2016-11-09 07:54 - 2016-11-09 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-11-09 07:54 - 2016-11-09 07:54 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-11-09 07:54 - 2016-11-09 07:54 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-11-09 07:54 - 2016-11-09 07:54 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-11-09 07:54 - 2016-11-09 07:54 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-06-24 21:57 - 2015-08-10 13:49 - 00133184 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe 2016-06-07 08:00 - 2016-06-14 21:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-06-07 08:00 - 2016-06-14 21:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2016-12-12 08:36 - 2016-12-08 09:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll 2016-12-12 08:36 - 2016-12-08 09:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll 2013-04-15 17:39 - 2016-03-16 11:25 - 00073912 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav 2015-04-08 08:59 - 2015-05-07 11:51 - 01604096 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\ssj1mdu.dll 2016-12-13 08:12 - 2016-12-13 08:12 - 31164504 _____ () C:\Users\Damian\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.186\pepflashplayer.dll 2015-08-11 07:44 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2015-08-11 07:44 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2015-08-11 07:44 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2015-08-11 07:44 - 2016-09-27 12:02 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2015-09-25 10:49 - 2013-08-31 06:44 - 02417152 _____ () C:\ProgramData\Orange Connection\OnlineUpdate\QtCore4.dll 2015-09-25 10:49 - 2013-08-31 06:46 - 01148416 _____ () C:\ProgramData\Orange Connection\OnlineUpdate\QtNetwork4.dll 2015-09-25 10:49 - 2009-01-10 19:32 - 00011362 _____ () C:\ProgramData\Orange Connection\OnlineUpdate\mingwm10.dll 2015-09-25 10:49 - 2009-06-23 03:42 - 00043008 _____ () C:\ProgramData\Orange Connection\OnlineUpdate\libgcc_s_dw2-1.dll 2016-01-13 10:05 - 2013-12-19 03:20 - 00011362 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll 2016-01-13 10:05 - 2013-12-19 03:20 - 00043008 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll 2016-01-13 10:05 - 2013-12-19 03:20 - 02417152 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll 2016-01-13 10:05 - 2013-12-19 03:20 - 01148416 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll 2014-07-24 10:19 - 2013-12-10 06:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2016-10-03 08:36 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2015-07-29 08:13 - 2016-06-14 21:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2015-03-17 01:34 - 2015-03-17 01:34 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\pl_pl\AcroTray.pol 2016-09-20 07:17 - 2016-09-20 07:17 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll 2015-03-17 01:34 - 2015-03-17 01:34 - 00151552 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Locale\pl_pl\PDFMaker\PDFMOfficeAddin.POL 2016-09-26 11:37 - 2016-09-26 11:37 - 01383616 _____ () C:\Users\Damian\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) AlternateDataStreams: C:\WINDOWS\cadkasdeinst01e.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\py.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\pyw.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\aadcloudap.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\aadtb.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AboveLockAppHost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AccountsRt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\ActivationManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AdobePDF.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AdobePDFUI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppCapture.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppContracts.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppointmentApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppReadiness.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\apprepapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\apprepsync.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AudioSrvPolicyManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AzureSettingSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BackgroundMediaPolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\bcastdvr.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BcastDVRHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\BingMaps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BrCiImg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\brciser.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\BRCOI13Q.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BrFaxTxAppRun64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BrJDec.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BrNetSti.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Brnsplg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\browserbroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BrSNMP64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BrUsi13a.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BrWi213a.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BrWiaNCp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CastLaunch.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cdp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cdpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cdpusersvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ceutil.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Chakra.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\ChatApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\ClipUp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cloudAP.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostCommon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cmintegrator.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cngkeyhelper.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\common_clang64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ConsoleLogon.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\ContactApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CoreMessaging.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CoreUIComponents.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\credprovhost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\credprovs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\credprovslegacy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cryptngc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CryptoWinRT.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3D12.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_33.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_34.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_35.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_36.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_37.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_47.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_33.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_34.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_35.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_36.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_37.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx11_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx11_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx9_24.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx9_25.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx9_26.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx9_27.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx9_28.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx9_29.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx9_30.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\d3dx9_31.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx9_32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx9_33.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx9_34.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx9_35.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx9_36.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_37.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DataExchange.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DataSenseHandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\daxexec.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ddcvt5.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ddmon5-64x.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ddraw.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\desksc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\deviceaccess.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DeviceCensus.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DeviceCenter.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\DeviceEnroller.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DeviceFlows.DataModel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DevicePairing.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DevicePairingFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DeviceReactivation.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dialclient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dialserver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\difx64.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\discan.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Display.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DisplayManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dmcertinst.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dmenrollengine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DolbyDecMFT.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\domgmt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dosvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dpapisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DPTopologyApp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DPTopologyAppv2_0.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DrvInfo.ini:$CmdZnID [26] AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dsreg.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\dsregcmd.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dwmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\EAMProgressHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\edgehtml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EditBufferTestHook.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeManagerObj.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EDPCleanup.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\eed_ec.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\eed_sl.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\efsext.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\efswrt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EmailApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\enterprisecsps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ErrorDetails.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\ErrorDetailsUpdate.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Family.Authentication.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Family.Client.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Family.SyncEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ffbroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fhcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\FlightSettings.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fontdrvhost.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\FontProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\FrameServer.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\FSClient.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fvewiz.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\GamePanel.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\gdi32full.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Geolocation.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\GfxResources.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\GfxUIEx.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Gfxv2_0.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Gfxv4_0.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hal.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\hevcdecoder.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\HPBMINI.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\HttpsDataSource.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hvax64.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hvix64.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hvloader.efi:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hvloader.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\icsvcext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\ieproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\ig75icd64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igc64.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\igd10idpp64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igd10iumd64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igd11dxva64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igd12umd64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igdail64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igdbcl64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igdde64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igdfcl64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igdmcl64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igdmd64.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\igdrcl64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igdumdim64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igdusc64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfx11cmrt64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxcmjit64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxcmrt64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxCoIn_v4156.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxCoIn_v4248.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\igfxCPL.cpl:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxCUIService.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxCUIServicePS.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxDH.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxDHLib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxDHLibv2_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxDI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxDILib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxDILibv2_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxDTCM.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxEM.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxEMLib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxEMLibv2_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxexps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxext.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxHK.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxLHM.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxLHMLib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxLHMLibv2_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxOSP.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxSDK.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxSDKLib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxSDKLibv2_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxTray.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\iglhcp64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\iglhsip64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\imapi2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\indexeddbserver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\InputLocaleManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\InputService.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\InstallAgentUserBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\IntelCpHDCPSvc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\IntelOpenCL64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiLogServer64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiMCComp64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUMS64.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUtils64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\JpMapControl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\KMMON.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\KMMON.DLL:$CmdZnID [26] AlternateDataStreams: C:\WINDOWS\system32\LaunchWinApp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\LkmdfCoInst.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LMouFiltCoInst.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\localspl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LocationFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LockAppBroker.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\LogonController.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LsaIso.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MapConfiguration.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MapControlCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MapGeocoder.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MapRouter.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MapsBtSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MapsStore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO4064.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO3064.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mbsmsapi.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\MCRecvSrc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MDMAppInstaller.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfaudiocnv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfksproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfmkvsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfsensorgroup.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\migisol.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MiracastReceiver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\modernexecserver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mos.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\moshost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\moshostcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MosStorage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mprapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\MrmCoreR.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MSAC3ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MSAudDecMFT.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\msdtctm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msftedit.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\mshtmlmedia.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\msvcp110.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msvcr110.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\MSVideoDSP.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MSVPXENC.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MusNotification.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MusUpdateHandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NaturalLanguage6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ncsi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\NetSetupEngine.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\NetSetupShim.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\NetSetupSvc.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\netshell.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\NetworkCollectionAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetworkDesktopSettings.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetworkUXBroker.dll:$CmdTcID [32] AlternateDataStreams: C:\WINDOWS\system32\NfcRadioMedia.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ngccredprov.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NgcCtnr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NgcCtnrGidsHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ngcsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nlasvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NMAA.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NotificationController.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NPSM.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NSSRH64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvapi64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvaudcap64v.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvcompiler.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvcuda.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\nvcuvid.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvdispco6437254.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6437254.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvEncMFTH264.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvEncodeAPI64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvfatbinaryLoader.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NvFBC64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NvIFR64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NvIFROpenGL.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvoglv64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvopencl.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\nvptxJitCompiler.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\odbcconf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\offlinesam.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\oleaut32.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\OneBackupHandler.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\OpenCL.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PimIndexMaintenance.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PlayToReceiver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\policymanager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\powertracker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PrintWSDAHost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provops.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ProvSysprep.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PsmServiceExtHost.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\puiobj.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rapiproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rapistub.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rasmans.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rdpcore.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\rdpcorets.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\RdpGroupPolicyExtension.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rdpudd.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\RDXService.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RDXTaskFactory.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RelPost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RemoteNaturalLanguage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ReportingCSP.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ResetEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\resutils.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RjvMDMConfig.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RMapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rshx32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RTMediaFrame.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\sbe.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SBuySupplies.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ScanCoInstall.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ScanCoInstall.dll:$CmdZnID [26] AlternateDataStreams: C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SearchIndexer.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SecConfig.efi:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\securekernel.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Sens.dll:$CmdTcID [32] AlternateDataStreams: C:\WINDOWS\system32\SensorsApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SensorService.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Flights.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_nt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SharedStartModel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ShareHost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\shdocvw.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\skci.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\smartscreen.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SpaceAgent.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SpaceControl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\spaceman.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SpeechPal.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sppcext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sppobjs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sppsvc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sppwinob.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SRHInproc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ssj1mci.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ssj1mci.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\ssj1mlm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SyncSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\TextInputFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\timedate.cpl:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\TokenBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\TpmCoreProvisioning.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\TSWorkspace.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\twinapi.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\twinui.pcshell.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ubpm.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UIRibbonRes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\unimdm.tsp:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\updatepolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\uReFS.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UserDataTimeUtil.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UserDeviceRegistration.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\usermgr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UserMgrProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\usocore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\vccorlib110.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\VEStoreEventHandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\VPNv2CSP.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\vulkaninfo-1-1-0-11-1.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\vulkaninfo.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wcescommproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wc_storage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01007.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WebcamUi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\wer.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\weretw.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wifinetworkmanager.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\wifitask.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\win32kbase.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.AccountsControl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.Desktop.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.LowLevel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Midi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Perception.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Picker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.PointOfService.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Printers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Radios.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Scanners.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Sensors.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Usb.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Energy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.Input.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Management.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Audio.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Devices.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Editing.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Import.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.MediaControl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Ocr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Connectivity.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.HostName.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Perception.Stub.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepository.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepositoryClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\windows.storage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BioFeedback.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Cred.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.CredDialogController.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Logon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Shell.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Diagnostics.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wininetlui.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WinUSBCoInstaller.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WlanMediaManager.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wmcoinst-070531-0952.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wmp.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wmpps.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WordBreakers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WpAXHolder.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\WpcRefreshTask.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\WpcTok.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\WpcWebFilter.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wpx.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wscui.cpl:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wsp_fs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wsp_health.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wsp_sr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wuuhext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine2_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine2_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine2_10.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine2_2.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\xactengine2_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine2_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine2_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine2_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine2_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine2_8.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine2_9.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_4.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XblAuthManager.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\xinput1_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xinput1_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xinput1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xpsrchvw.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\aadtb.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AboveLockAppHost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenterCPL.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\ActivationManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AppCapture.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AppContracts.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepsync.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxPackaging.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthExt.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\autoplay.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundMediaPolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\bcastdvr.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BcastDVRHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BingMaps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\biwinrt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BrDctF2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BrDctF2L.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BrDctF2S.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BRLM03A.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BRLMW03A.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BROSNMP.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BRPRTINK.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BRRBI13A.EXE:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BRTCPCON.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BtnCtlsU.ocx:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\bzDCT.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\bzFlRdr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CBLCtlsU.ocx:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\cdp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ceutil.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakra.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakradiag.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\chartv.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\ChatApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ClipboardServer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\cmifw.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\cngkeyhelper.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.OCX:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\common_clang32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ContactApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreMessaging.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreUIComponents.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CredProvDataModel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovhost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovslegacy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptngc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CryptoWinRT.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3D12.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_33.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_34.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_35.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_36.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_37.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_47.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_33.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_34.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_35.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_36.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_37.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_24.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_25.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_26.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_27.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_28.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_29.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_30.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_31.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_33.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_34.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_35.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_36.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_37.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\DataExchange.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\daxexec.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ddraw.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairing.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dialclient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\DisplayManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dlnashext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dmenrollengine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\DolbyDecMFT.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dsreg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dtdump.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\edgehtml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\EditBufferTestHook.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\EditCtlsU.ocx:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\efsext.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\efswrt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\EmailApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetails.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ExLvwU.ocx:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\findnetprinters.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\fontdrvhost.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\fontext.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\FSClient.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32full.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Geolocation.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\hevcdecoder.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\ieproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\ig75icd32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igc32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igd10idpp32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igd10iumd32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igd11dxva32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igd12umd32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igdail32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igdbcl32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igdde32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igdfcl32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igdmcl32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igdmd32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igdrcl32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igdumdim32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igdusc32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igfx11cmrt32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxcmjit32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxcmrt32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxexps32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\iglhcp32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\iglhsip32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\InputLocaleManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\InputService.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgent.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\IntelOpenCL32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\JpMapControl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9diag.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchWinApp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\LblCtlsU.ocx:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManagerApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppBroker.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\LogonController.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MapConfiguration.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MapControlCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MapGeocoder.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MapRouter.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MapsBtSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mbsmsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MCRecvSrc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfaudiocnv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfksproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsensorgroup.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\migisol.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MiracastReceiver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mos.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MosStorage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mprapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAC3ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mscomctl.ocx:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcuiu.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msftedit.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmlmedia.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mspaint.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVPXENC.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxclu.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NaturalLanguage6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupApi.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupEngine.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupShim.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\netshell.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NetworkCollectionAgent.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\ngccredprov.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NMAA.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NPSM.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NSSearch.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvaudcap32v.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvcompiler.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvcuda.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvcuvid.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvEncMFTH264.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvEncodeAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NvFBC.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NvIFR.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NvIFROpenGL.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvoglv32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvopencl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\offlinesam.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\oleaut32.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenCL.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToReceiver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\policymanager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintDialogs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\pwrshplugin.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\rapi.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\rapiproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\rapistub.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpcore.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\RTMediaFrame.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchIndexer.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SessEnv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SETDC23.tmp:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\setupugc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ShareHost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVolSSO.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\sppcext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\StoreAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\systemcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\TabStripCtlU.ocx:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\TempSignedLicenseExchangeTask.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\TextInputFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\tsmf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbonRes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdm.tsp:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\updatepolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\uReFS.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\usercpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataAccountApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UserMgrProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-11-1.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\vulkaninfo.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wcescommproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\weretw.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\win32k.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\win32kfull.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Energy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Import.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepository.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\windows.storage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Http.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wininetlui.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WinRtTracing.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wlancfg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wmp.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WordBreakers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WpcWebFilter.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wscui.cpl:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_fs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_health.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_sr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WwaApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_10.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_8.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_9.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsrchvw.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\afd.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\bowser.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\BrSerIb.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\BrUsbSib.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\btath_bus.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\BthLEEnum.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthpan.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthport.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\capimg.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\cmimcext.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\crashdmp.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dam.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dfsc.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dtsoftbus01.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ew_cdcacm.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ew_jubusenum.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ew_wwanecm.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\fastfat.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\fvevol.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\grmngen.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\grmnusb.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidclass.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\igdkmd64.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\iorate.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\LEqdUsb.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\LHidEqd.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\LHidFilt.Sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\LMouFilt.Sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\MegaSas2i.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\modem.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvvad64v.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\pci.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdbss.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\SETD669.tmp:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\spaceport.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv2.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudmdm.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\storahci.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\stornvme.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\tm.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\tpm.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbscan.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\wcifs.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdiWiFi.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhvr.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\xboxgip.sys:$CmdTcID [64] AlternateDataStreams: C:\Users\Damian\Desktop\0009_001.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Desktop\launch.jnlp:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Anderson John Robert - Uczenie sie i pamiec [ebook].rar:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\BH162GDIWin8x64_2001PL.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\BrMain480.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Damian\Downloads\BrMain480.exe:$CmdZnID [29] AlternateDataStreams: C:\Users\Damian\Downloads\calibre-64bit-2.76.0.msi:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Dawkins Richard - Bóg urojony [ebook] (1).rar:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Dawkins Richard - Bóg urojony [ebook].rar:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Dawkins Richard - Wspinaczka na szczyt nieprawdopodobienstwa [ebook].rar:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\esetsmartinstaller_plk.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Damian\Downloads\esetsmartinstaller_plk.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Feynman Richard P. - A co ciebie obchodzi, co myślą inni_ (1988).mobi:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Feynman Richard P. - Pan raczy żartować, panie Feynman! (1985).mobi:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Feynmana wykłady z Fizyki - QED, osobliwa teoria światła i materii.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Feynmana wykłady z fizyki - t 1.1.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Feynmana wykłady z fizyki - t 1.2.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\FRST64.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Damian\Downloads\FRST64.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\gt568.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Damian\Downloads\gt568.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Hearthstone-Setup.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Damian\Downloads\Hearthstone-Setup.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Ingram Jay - Płonący dom Odkrywając tajemnice mózgu [ebook].rar:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Jeszcze krotsza historia.mobi:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Klasyfikacje-i-nazewnictwo-gruntow.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\MINER czynsz.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\MINER Energia.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\MINER zużycie woda.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\nadchodzi-osobliwosc-ray-kurzweil-Ebookpoint.pl.mobi:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\PN_ISO.doc:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Seismic reflections of rock properties.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Stephen Hawking - Krótka historia czasu.mobi:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\urząd pismo przewodnie.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Ustawa z dnia 17 maja 1989 r. Prawo geodezyjne i kartograficzne..pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\uuwsmmcr.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Damian\Downloads\uuwsmmcr.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Wspinaczka na szczyt nieprawdop - Dawkins Richard.mobi:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Wszechswiat z niczego.mobi:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Zasady sporządzania dokumentacji geologiczno-inżynierskich.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Public\Desktop\Post Win10 Spybot-install.exe:$CmdTcID [64] ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com Wykryto więcej niż wyliczono: 7924 witryn. IE restricted site: HKU\S-1-5-21-3933859105-196285215-2267922907-1001\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-3933859105-196285215-2267922907-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3933859105-196285215-2267922907-1001\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-3933859105-196285215-2267922907-1001\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-3933859105-196285215-2267922907-1001\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-3933859105-196285215-2267922907-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-3933859105-196285215-2267922907-1001\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-3933859105-196285215-2267922907-1001\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-3933859105-196285215-2267922907-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3933859105-196285215-2267922907-1001\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-3933859105-196285215-2267922907-1001\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-3933859105-196285215-2267922907-1001\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-3933859105-196285215-2267922907-1001\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-3933859105-196285215-2267922907-1001\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-3933859105-196285215-2267922907-1001\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-3933859105-196285215-2267922907-1001\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-3933859105-196285215-2267922907-1001\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-3933859105-196285215-2267922907-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-3933859105-196285215-2267922907-1001\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-3933859105-196285215-2267922907-1001\...\123simsen.com -> www.123simsen.com Wykryto więcej niż wyliczono: 7925 witryn. ==================== Hosts - zawartość: ========================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-14 03:34 - 2016-12-28 11:10 - 00453966 ____R C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com Wykryto więcej niż wyliczono: 15575 linii. ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-3933859105-196285215-2267922907-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Damian\AppData\Local\Microsoft\Windows\Themes\img2.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: BrHelp => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: CDAServer => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe MSCONFIG\startupreg: ControlCenter4 => "C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe" /autorun MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: GoogleChromeAutoLaunch_3F2E34BF7A244698209604940BA7FE5B => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Damian\AppData\Roaming\Spotify\SpotifyWebHelper.exe" MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "ControlCenter4" HKLM\...\StartupApproved\Run32: => "BrHelp" HKLM\...\StartupApproved\Run32: => "BrStsMon00" HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0" HKU\S-1-5-21-3933859105-196285215-2267922907-1001\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-3933859105-196285215-2267922907-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3933859105-196285215-2267922907-1001\...\StartupApproved\Run: => "Spotify Web Helper" HKU\S-1-5-21-3933859105-196285215-2267922907-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-3933859105-196285215-2267922907-1001\...\StartupApproved\Run: => "DAEMON Tools Lite" ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808 FirewallRules: [UDP Query User{29C3D07B-86E0-40DB-884B-3EE6D267B325}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => C:\program files (x86)\samsung\easy printer manager\ids.application.exe FirewallRules: [TCP Query User{91AE9DEC-94A7-434D-9D43-C28219FDBCAC}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => C:\program files (x86)\samsung\easy printer manager\ids.application.exe FirewallRules: [UDP Query User{4A55D049-6B89-4F5A-B11D-79591DA55410}C:\users\damian\appdata\roaming\spotify\spotify.exe] => C:\users\damian\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{A6A48B1C-3D27-4965-8023-EBF473D709C7}C:\users\damian\appdata\roaming\spotify\spotify.exe] => C:\users\damian\appdata\roaming\spotify\spotify.exe FirewallRules: [{291B1CEB-EB70-4A3E-8A11-88BAFCF4D008}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{85D1FBCB-89C0-4876-9A9A-6019C6AC75B6}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{A0C929EF-1F5C-4923-BEF1-9D9E39893DED}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{60990188-F01E-41D8-9E06-7DFE2C1C8602}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{F481E03D-2F8B-45A2-914B-2919690166E0}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{1124F1D1-5658-404A-8CF2-C66E47D3A8CD}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{6CF1047B-A6C0-4AEF-BD17-FC2D1470BAF7}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{CD5C1070-8D1D-4685-9F10-24854A8D54B3}] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{5C4BDB5D-DC1F-413D-97E5-6EDCBDE94D1E}] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{1C4D135C-5BCA-4DD9-B801-7EC739C2CAE7}] => C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe FirewallRules: [{6AC15051-F8EC-4C28-A904-CA5BA5DD3DA0}] => C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe FirewallRules: [{FFD53863-2B4F-43F6-A86A-408046C46A4D}] => C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe FirewallRules: [{92B0F292-E3F8-499D-A67A-90AFCD6B7E04}] => C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe FirewallRules: [{4A838102-6282-43A4-9CA3-46904D65A1D8}] => C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe FirewallRules: [{19A8D72F-F00E-44F7-B6D2-4F07A412294E}] => C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe FirewallRules: [{DD9BCDF9-E716-4FA3-A33E-8C4E7102488C}] => C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe FirewallRules: [{6A7D4664-046C-4CA8-B82A-DAB43EC24BEA}] => C:\Program Files (x86)\Steam\steamapps\common\vvvvvv\VVVVVV.exe FirewallRules: [{5A315969-E312-4ADF-92B1-95A34E900B6B}] => C:\Program Files (x86)\Steam\steamapps\common\vvvvvv\VVVVVV.exe FirewallRules: [{8CC97C77-8EDB-4F13-89D5-6B8789D56B87}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{4345CB87-A9A8-41C0-A0AD-13D855FA3D07}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{07282BA4-658E-4E5A-BDF9-B32341D8855B}] => C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{2A2D04FD-5512-4399-825D-5516359C1D4F}] => C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{96E15F17-02DE-40F7-BB35-50721E56AEB6}] => C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{20D6BFBD-3A82-419E-A51F-BA281BBD49BF}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{086A32C1-7B30-499C-A434-CC36B3A9C42D}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{A822EAEA-14D8-4CA3-BB40-3586E2FE79E8}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{59E239E7-2DA9-411D-80F9-F9FCE026A825}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{FB1F8BD7-C9A4-411B-B7FC-242CC3366E4E}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{08880781-D019-45A1-BFCD-C836B7FBCEB7}] => C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe FirewallRules: [{CB632DB7-DC27-4E35-B48B-5A4548488F59}] => C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{E75D1643-834D-4CAE-83EC-6954A10519AE}] => C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{C2317EB3-A040-4DEA-870B-2F463D075E97}] => C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{DF34CCD2-8BFF-4B60-BAD5-C5CC9EC59088}] => C:\Program Files (x86)\Brother\Brmfl13c\FAXRX.EXE FirewallRules: [{36FDE592-FB8A-4224-9BD3-3C1FFE38929F}] => LPort=54925 FirewallRules: [{BC1C369D-57BE-46B6-9C74-0FEF4C7EF21C}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{1E5C85BD-36DB-4E1D-B224-474D36ABD52F}] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [{18DF46B2-0E19-42A6-9354-D00C9156F064}] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Punkty Przywracania systemu ========================= UWAGA: Przywracanie systemu jest wyłączone ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (01/04/2017 03:31:29 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "c:\program files (x86)\spybot - search & destroy 2\SDTasks.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files (x86)\spybot - search & destroy 2\SDTasks.dll" w wierszu 2. Element główny pliku manifestu musi być zmontowany. Error: (01/04/2017 03:31:29 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "c:\program files (x86)\spybot - search & destroy 2\SDWinLogon.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files (x86)\spybot - search & destroy 2\SDWinLogon.dll" w wierszu 2. Element główny pliku manifestu musi być zmontowany. Error: (01/04/2017 03:31:28 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "c:\program files (x86)\spybot - search & destroy 2\Tools.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files (x86)\spybot - search & destroy 2\Tools.dll" w wierszu 2. Element główny pliku manifestu musi być zmontowany. Error: (01/04/2017 03:31:27 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "c:\program files (x86)\spybot - search & destroy 2\SDImmunizeLibrary.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files (x86)\spybot - search & destroy 2\SDImmunizeLibrary.dll" w wierszu 2. Element główny pliku manifestu musi być zmontowany. Error: (01/04/2017 03:31:27 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "c:\program files (x86)\spybot - search & destroy 2\SDHookDrv64.sys". Błąd w pliku manifestu lub w pliku zasad "c:\program files (x86)\spybot - search & destroy 2\SDHookDrv64.sys" w wierszu 2. Element główny pliku manifestu musi być zmontowany. Error: (01/04/2017 03:31:27 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "c:\program files (x86)\spybot - search & destroy 2\SDScanLibrary.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files (x86)\spybot - search & destroy 2\SDScanLibrary.dll" w wierszu 2. Element główny pliku manifestu musi być zmontowany. Error: (01/04/2017 03:31:27 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "c:\program files (x86)\spybot - search & destroy 2\SDLicense.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files (x86)\spybot - search & destroy 2\SDLicense.dll" w wierszu 2. Element główny pliku manifestu musi być zmontowany. Error: (01/04/2017 03:31:27 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "c:\program files (x86)\spybot - search & destroy 2\SDResources.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files (x86)\spybot - search & destroy 2\SDResources.dll" w wierszu 2. Element główny pliku manifestu musi być zmontowany. Error: (01/04/2017 03:31:26 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "c:\program files (x86)\spybot - search & destroy 2\SDLists.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program files (x86)\spybot - search & destroy 2\SDLists.dll" w wierszu 2. Element główny pliku manifestu musi być zmontowany. Error: (01/04/2017 03:31:26 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "c:\program files (x86)\spybot - search & destroy 2\SDHookDrv32.sys". Błąd w pliku manifestu lub w pliku zasad "c:\program files (x86)\spybot - search & destroy 2\SDHookDrv32.sys" w wierszu 2. Element główny pliku manifestu musi być zmontowany. Dziennik System: ============= Error: (01/04/2017 01:28:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi eapihdrv z powodu następującego błędu: Nastąpiło zablokowanie ładowania sterownika Error: (01/04/2017 01:28:27 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Damian\AppData\Local\Temp\ehdrv.sys Error: (01/04/2017 01:28:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi eapihdrv z powodu następującego błędu: Nastąpiło zablokowanie ładowania sterownika Error: (01/04/2017 01:28:27 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Damian\AppData\Local\Temp\ehdrv.sys Error: (01/04/2017 01:28:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi eapihdrv z powodu następującego błędu: Nastąpiło zablokowanie ładowania sterownika Error: (01/04/2017 01:28:27 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Damian\AppData\Local\Temp\ehdrv.sys Error: (01/04/2017 01:27:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi eapihdrv z powodu następującego błędu: Nastąpiło zablokowanie ładowania sterownika Error: (01/04/2017 01:27:54 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Damian\AppData\Local\Temp\ehdrv.sys Error: (01/04/2017 01:27:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi eapihdrv z powodu następującego błędu: Nastąpiło zablokowanie ładowania sterownika Error: (01/04/2017 01:27:54 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Damian\AppData\Local\Temp\ehdrv.sys CodeIntegrity: =================================== Date: 2016-09-26 12:34:01.173 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-09-26 12:33:56.336 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-09-26 12:33:56.083 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-09-26 12:28:57.012 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz Procent pamięci w użyciu: 57% Całkowita pamięć fizyczna: 8119.36 MB Dostępna pamięć fizyczna: 3457.36 MB Całkowita pamięć wirtualna: 16311.36 MB Dostępna pamięć wirtualna: 9767.88 MB ==================== Dyski ================================ Drive c: (OS) (Fixed) (Total:118.46 GB) (Free:28.61 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: BE18E23C) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=118.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) ==================== Koniec Addition.txt ============================