Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja: 08-01-2017 Uruchomiony przez Damian (09-01-2017 09:03:18) Uruchomiony z C:\Users\Damian\Downloads\FRST64 Windows 10 Home Wersja 1607 (X64) (2016-09-26 10:34:36) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-3933859105-196285215-2267922907-500 - Administrator - Disabled) Damian (S-1-5-21-3933859105-196285215-2267922907-1001 - Administrator - Enabled) => C:\Users\Damian Gość (S-1-5-21-3933859105-196285215-2267922907-501 - Limited - Disabled) Konto domyślne (S-1-5-21-3933859105-196285215-2267922907-503 - Limited - Disabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: COMODO Antivirus (Enabled - Up to date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D} AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) 64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden 7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov) Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated) Aktualizacje NVIDIA 2.11.4.0 (Version: 2.11.4.0 - NVIDIA Corporation) Hidden Ansel (Version: 372.54 - NVIDIA Corporation) Hidden Brother MFL-Pro Suite MFC-J6920DW (HKLM-x32\...\{6A367B4D-2E1C-4843-9FF0-A1DF1DEAB1E6}) (Version: 1.0.0.0 - Brother Industries, Ltd.) BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Bullzip PDF Printer 10.10.0.2307 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.10.0.2307 - Bullzip) calibre 64bit (HKLM\...\{9825E222-549C-44FA-A285-D1123AD63519}) (Version: 2.76.0 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform) Centrum obsługi urządzeń z systemem Windows Mobile (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation) Common Desktop Agent (Version: 1.62.0 - OEM) Hidden COMODO Internet Security Premium (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}) (Version: 7.0.55655.4142 - COMODO Security Solutions Inc.) CorelDRAW Graphics Suite X5 - BR (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - CZ (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - IPM HSE (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - NL (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - PL (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - RU (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Home & Student Suite X5 - Extra Content (HKLM-x32\...\_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}) (Version: - Corel Corporation) CorelDRAW Home & Student Suite X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Home & Student Suite X5 (x32 Version: 15.1 - Corel Corporation) Hidden CorelDRAW(R) Home & Student Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation) CrystalDiskInfo 7.0.0 Shizuku Edition (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.0 - Crystal Dew World) Didger 4 (HKLM-x32\...\{92B03523-95ED-4E6F-A380-638EF1ED7CE3}) (Version: 4.0.2136.0 - Golden Software, Inc.) DJ_AIO_06_K209a-z_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Firebird 2.5.0.26074 (x64) (HKLM-x32\...\Firebird 2.5.0.26074 (x64)) (Version: 2.5.0.26074 - The Firebird Project) Firebird 2.5.0.26074 (x64) (Version: 2.5.0.26074 - The Firebird Project) Hidden Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries) Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries) Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries) Garmin Trip and Waypoint Manager v5 (HKLM-x32\...\{414A373B-59DF-4102-94CA-9FE9A74CBDDA}) (Version: 5.0.0.0 - Garmin Ltd or its subsidiaries) Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries) Geo-Trans (HKLM-x32\...\{95841D3C-C2AD-47C7-A953-E75DD3861EFF}) (Version: 5.68.0.0 - GEO-SYSTEM sp. z o.o.) Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden HP Deskjet Ink Advant K209a-z All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{6051912A-F7B8-445C-A99D-81AA4C118836}) (Version: 14.0 - HP) HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4248 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.3.34 - Intel Corporation) Internet Manager (HKLM-x32\...\Internet Manager) (Version: 22.001.18.13.49 - Huawei Technologies Co.,Ltd) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.1.0.26 - IObit) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation) JetBrains PyCharm Community Edition 4.5.3 (HKLM-x32\...\PyCharm Community Edition 4.5.3) (Version: 141.1899 - JetBrains s.r.o.) K209a-z (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden kED 2.1.4.0 (HKLM-x32\...\kED_is1) (Version: - ) Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.82 - Logitech) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office 2013 dla Użytkowników Domowych i Małych Firm - pl-pl (HKLM\...\HomeBusinessRetail - pl-pl) (Version: 15.0.4885.1001 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation) NVIDIA Oprogramowanie systemu PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) NVIDIA Sterownik graficzny 372.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.54 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4885.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4885.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4885.1001 - Microsoft Corporation) Hidden Oracle Database 11g Express Edition (HKLM-x32\...\InstallShield_{05A7B662-80A3-4EB9-AE1D-89A62449431C}) (Version: 11.2.0 - Oracle Corporation) Oracle Database 11g Express Edition (Version: 11.2.0 - Oracle Corporation) Hidden Orange Connection (HKLM-x32\...\Orange Connection) (Version: 23.015.05.01.159 - Huawei Technologies Co.,Ltd) Panel sterowania NVIDIA 372.54 (Version: 372.54 - NVIDIA Corporation) Hidden Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK) (Version: 10.0.50903 - Microsoft Corporation) Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version: - Kakao Corp.) Python 3.4.3 (HKLM-x32\...\{CCD588A7-8D55-49F1-A30C-47FAB40889ED}) (Version: 3.4.16490 - Python Software Foundation) qBittorrent 3.3.10 (HKLM-x32\...\qBittorrent) (Version: 3.3.10 - The qBittorrent project) QGIS 2.18 2.18.0 Las (HKLM\...\QGIS 2.18) (Version: - QGIS Development Team) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications) Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.21 - Qualcomm Atheros) RAKSSQL (HKLM-x32\...\RAKSSQL) (Version: 2016.1.71010 - RAKS Sp. z o.o.) RAKSSQL (x32 Version: 2016.1.71010 - RAKS Sp. z o.o.) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21247 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.58.01(2014-10-20) - Samsung Electronics Co., Ltd.) Samsung ML-2160 Series (HKLM-x32\...\Samsung ML-2160 Series) (Version: 1.23 (2015-04-08) - Samsung Electronics Co., Ltd.) Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.0.15 - Samsung Electronics Co., Ltd.) Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.) Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-3933859105-196285215-2267922907-1001\...\Spotify) (Version: 1.0.42.151.g19de0aa6 - Spotify AB) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Strater 5 (Version: 5.1.746 - Golden Software, LLC) Hidden Strater 5 (HKLM-x32\...\Strater 5) (Version: 5.1.746 - Golden Software) System Requirements Lab Detection (HKLM-x32\...\{AA78AB27-EC76-4F4E-B877-14A3DFC05828}) (Version: 6.1.4.0 - Husdawg, LLC) System TL+ - angielsko-polski, wyd.4 (HKLM-x32\...\System TL+ - angielsko-polski, wyd.4) (Version: - ) Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH) Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.) VVVVVV (HKLM-x32\...\Steam App 70300) (Version: - Terry Cavanagh) WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin) WinRAR 5.11 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {07E4431B-1CD6-4FA0-9B76-26DFAAFA44FC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2016-09-27] (Safer-Networking Ltd.) Task: {156786AC-8AE3-43E4-A090-07287E2A6F64} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-27] (COMODO) Task: {16BB4D14-36BC-4FDD-B19B-24731EACF70B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-30] (Piriform Ltd) Task: {1FEE3342-012D-4AEF-9FAC-04866507DEBE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {31AD6EFE-FAB3-46AD-9CC0-D71407FEC83E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA Task: {3B4FFFFF-B8F0-430C-A024-51A80C7FA9CD} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-27] (COMODO) Task: {3BA3C6B1-6347-4656-8785-BE32D92CA357} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {3FA2CA9B-253A-431A-947B-BB92AB051011} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {4C3C6C58-0AF9-43D7-82C1-A7A959DB115B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {50714814-9DC5-4602-BD07-A1C17233469F} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {57046E31-C4CF-4BE0-99A3-EC606D726BA6} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {5751B07E-4A6C-4FB7-996A-8E98D84245E4} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {58434C37-C24E-44D7-BC9A-73E048AE1520} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) Task: {5B6ACF79-2178-4279-B035-B3EAA6B9AD79} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {5C0AA426-88B3-409B-A170-BF0B6F8FAD19} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {5DBEFA09-9EA9-45CC-8D96-22560827EB97} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-12-14] (Microsoft Corporation) Task: {60D43C39-FE75-4907-BD6E-B3A680DD3C8D} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-27] (COMODO) Task: {65BFBB0E-4A54-456F-B314-F8F40AB4DDE7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {66E0F881-5B00-4E85-9B18-8B7CA67B7806} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-09-27] (Safer-Networking Ltd.) Task: {6A28D1A4-15B2-4200-9307-620BF0E45F15} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {79AE08AA-BEDB-41C3-981A-3D928572837A} - System32\Tasks\{3EABC93E-6127-4C8D-BDAC-CAF330C3C242} => pcalua.exe -a C:\Users\Damian\Downloads\Gmw_setup_10\Setup.exe -d C:\Users\Damian\Downloads\Gmw_setup_10 Task: {7EF3E61D-A2CC-453B-8932-AEAAC59F94AC} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {83645BE2-B546-4E25-8415-1615EFB1A8A9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-12-19] (Microsoft Corporation) Task: {8999BD1F-75EA-4D84-BE48-D73B80200308} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {8E007731-4874-4026-9AD4-697DE8B3D08A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {9875452A-ABC0-4309-9BDB-FE86AD294CB8} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-09-27] (COMODO) Task: {9CABC6CC-F6AC-4BFD-B55A-5BF5ACDDCC8B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.) Task: {9D4D3B49-6E66-4A26-A96F-AAFB960B8057} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-09-27] (COMODO) Task: {A08A24CA-9F69-47A5-A5D6-3AAEAD620FF5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-12-19] (Microsoft Corporation) Task: {A4F58DFB-40A9-453B-B40B-6A78D6F57ED3} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {A8216421-FCAC-469F-ACF0-06A20C5B9B87} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {AAFE7F15-237D-454F-BC17-A34D6D6DB170} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {AB2CED9C-1CC3-4AFF-A0F7-BE1DAE6CDBD9} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe Task: {AC3A96B1-D323-44FA-92FA-1A20E3B4DDF9} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {B69E53E0-1C83-4EE1-B47F-43361ACEBCA7} - System32\Tasks\Uninstaller_SkipUac_Damian => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2017-01-05] (IObit) Task: {C54CB0F7-515C-43C8-BD2B-491EC11268B1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {D05905DE-BADC-4F71-BE0B-E354F67B3E72} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-09-27] (Safer-Networking Ltd.) Task: {D0C46B1B-AB29-4285-BD6E-DAB8241DF664} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {D8AC4061-C56D-4156-8486-88C2D3E8F187} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {EA736C83-2C4E-4129-9106-D2AE135F4E27} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.) Task: {EB65C8A4-C49B-4A4C-95D3-E463613E8B6A} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {ED6C5C38-0643-45E3-AC6B-61E40F55DDB4} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-27] (COMODO) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Damian.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe ==================== Skróty ============================= (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) ==================== Załadowane moduły (filtrowane) ============== 2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-12-14 08:55 - 2016-12-14 08:55 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-09-26 11:22 - 2016-08-11 13:27 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-04-08 08:59 - 2015-05-07 11:51 - 00022528 _____ () C:\WINDOWS\System32\ssj1mlm.dll 2013-04-15 17:39 - 2016-03-16 11:25 - 00073912 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav 2014-01-15 04:42 - 2016-02-17 11:03 - 00351824 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe 2014-10-23 07:06 - 2016-05-24 08:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2016-02-22 15:01 - 2016-06-14 21:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2015-12-22 11:33 - 2016-06-14 21:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-06-07 08:00 - 2016-06-14 21:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-02-22 15:01 - 2016-06-14 21:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2016-03-31 08:52 - 2016-10-03 08:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll 2016-01-13 10:05 - 2016-01-13 10:04 - 00678480 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe 2015-09-25 10:49 - 2016-02-17 11:02 - 00651856 _____ () C:\ProgramData\Orange Connection\OnlineUpdate\ouc.exe 2016-12-14 08:55 - 2016-12-14 08:55 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-09-26 11:37 - 2016-09-26 11:37 - 01864384 _____ () C:\Users\Damian\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll 2015-10-15 08:07 - 2015-10-15 08:07 - 00415128 _____ () C:\WINDOWS\system32\igfxTray.exe 2016-06-07 08:00 - 2016-06-14 21:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2016-06-07 08:00 - 2016-06-14 21:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-06-07 08:00 - 2016-06-14 21:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-02-04 13:52 - 2016-06-14 21:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-06-07 08:00 - 2016-06-14 21:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-06-07 08:00 - 2016-06-14 21:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2016-09-26 12:17 - 2016-09-26 12:17 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-12-14 08:55 - 2016-12-14 08:55 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-11-09 07:54 - 2016-11-09 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-11-09 07:54 - 2016-11-09 07:54 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-11-09 07:54 - 2016-11-09 07:54 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-11-09 07:54 - 2016-11-09 07:54 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-11-09 07:54 - 2016-11-09 07:54 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-06-24 21:57 - 2015-08-10 13:49 - 00133184 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe 2016-12-14 07:38 - 2016-12-14 07:39 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2016-12-14 07:38 - 2016-12-14 07:39 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2016-12-14 07:38 - 2016-12-14 07:39 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2016-12-14 07:38 - 2016-12-14 07:39 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll 2016-12-12 08:36 - 2016-12-08 09:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll 2016-12-12 08:36 - 2016-12-08 09:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll 2014-09-08 12:39 - 2014-09-08 12:39 - 00464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe 2014-09-08 12:38 - 2014-09-08 12:38 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll 2017-01-05 09:14 - 2016-06-21 19:30 - 00442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl 2017-01-05 09:14 - 2016-06-21 19:29 - 00210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl 2017-01-05 09:14 - 2016-06-21 19:29 - 00059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl 2015-08-11 07:44 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2015-08-11 07:44 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2015-08-11 07:44 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2015-08-11 07:44 - 2016-09-27 12:02 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2016-01-13 10:05 - 2013-12-19 03:20 - 00011362 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll 2016-01-13 10:05 - 2013-12-19 03:20 - 00043008 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll 2016-01-13 10:05 - 2013-12-19 03:20 - 02417152 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll 2016-01-13 10:05 - 2013-12-19 03:20 - 01148416 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll 2015-09-25 10:49 - 2013-08-31 06:44 - 02417152 _____ () C:\ProgramData\Orange Connection\OnlineUpdate\QtCore4.dll 2015-09-25 10:49 - 2013-08-31 06:46 - 01148416 _____ () C:\ProgramData\Orange Connection\OnlineUpdate\QtNetwork4.dll 2015-09-25 10:49 - 2009-01-10 19:32 - 00011362 _____ () C:\ProgramData\Orange Connection\OnlineUpdate\mingwm10.dll 2015-09-25 10:49 - 2009-06-23 03:42 - 00043008 _____ () C:\ProgramData\Orange Connection\OnlineUpdate\libgcc_s_dw2-1.dll 2015-07-29 08:13 - 2016-06-14 21:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2014-07-24 10:19 - 2013-12-10 06:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) AlternateDataStreams: C:\WINDOWS\cadkasdeinst01e.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\py.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\pyw.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\aadcloudap.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\aadtb.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AboveLockAppHost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AccountsRt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\ActivationManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AdobePDF.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AdobePDFUI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppCapture.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppContracts.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppointmentApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppReadiness.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\apprepapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\apprepsync.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AudioSrvPolicyManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AzureSettingSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BackgroundMediaPolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\bcastdvr.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BcastDVRHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\BingMaps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BrCiImg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\brciser.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\BRCOI13Q.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BrFaxTxAppRun64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BrJDec.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BrNetSti.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Brnsplg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\browserbroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BrSNMP64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BrUsi13a.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BrWi213a.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BrWiaNCp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CastLaunch.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cdp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cdpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cdpusersvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ceutil.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Chakra.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\ChatApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\ClipUp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cloudAP.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostCommon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cmintegrator.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cngkeyhelper.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\common_clang64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ConsoleLogon.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\ContactApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CoreMessaging.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CoreUIComponents.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\credprovhost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\credprovs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\credprovslegacy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cryptngc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CryptoWinRT.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3D12.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_33.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_34.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_35.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_36.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_37.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_47.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_33.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_34.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_35.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_36.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_37.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx11_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx11_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx9_24.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx9_25.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx9_26.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx9_27.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx9_28.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx9_29.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx9_30.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\d3dx9_31.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx9_32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx9_33.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx9_34.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx9_35.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx9_36.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_37.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DataExchange.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DataSenseHandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\daxexec.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ddcvt5.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ddmon5-64x.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ddraw.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\desksc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\deviceaccess.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DeviceCensus.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DeviceCenter.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\DeviceEnroller.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DeviceFlows.DataModel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DevicePairing.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DevicePairingFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DeviceReactivation.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dialclient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dialserver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\difx64.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\discan.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Display.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DisplayManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dmcertinst.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dmenrollengine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DolbyDecMFT.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\domgmt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dosvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dpapisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DPTopologyApp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DPTopologyAppv2_0.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DrvInfo.ini:$CmdZnID [26] AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dsreg.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\dsregcmd.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dwmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\EAMProgressHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\edgehtml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EditBufferTestHook.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeManagerObj.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EDPCleanup.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\eed_ec.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\eed_sl.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\efsext.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\efswrt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EmailApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\enterprisecsps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ErrorDetails.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\ErrorDetailsUpdate.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Family.Authentication.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Family.Client.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Family.SyncEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ffbroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fhcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\FlightSettings.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fontdrvhost.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\FontProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\FrameServer.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\FSClient.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fvewiz.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\GamePanel.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\gdi32full.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Geolocation.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\GfxResources.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\GfxUIEx.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Gfxv2_0.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Gfxv4_0.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hal.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\hevcdecoder.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\HPBMINI.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\HttpsDataSource.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hvax64.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hvix64.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hvloader.efi:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hvloader.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\icsvcext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\ieproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\ig75icd64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igc64.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\igd10idpp64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igd10iumd64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igd11dxva64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igd12umd64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igdail64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igdbcl64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igdde64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igdfcl64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igdmcl64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igdmd64.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\igdrcl64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igdumdim64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igdusc64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfx11cmrt64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxcmjit64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxcmrt64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxCoIn_v4156.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxCoIn_v4248.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\igfxCPL.cpl:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxCUIService.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxCUIServicePS.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxDH.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxDHLib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxDHLibv2_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxDI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxDILib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxDILibv2_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxDTCM.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxEM.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxEMLib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxEMLibv2_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxexps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxext.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxHK.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxLHM.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxLHMLib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxLHMLibv2_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxOSP.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxSDK.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxSDKLib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxSDKLibv2_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxTray.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\iglhcp64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\iglhsip64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\imapi2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\indexeddbserver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\InputLocaleManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\InputService.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\InstallAgentUserBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\IntelCpHDCPSvc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\IntelOpenCL64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiLogServer64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiMCComp64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUMS64.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUtils64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\JpMapControl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\KMMON.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\KMMON.DLL:$CmdZnID [26] AlternateDataStreams: C:\WINDOWS\system32\LaunchWinApp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\LkmdfCoInst.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LMouFiltCoInst.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\localspl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LocationFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LockAppBroker.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\LogonController.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LsaIso.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MapConfiguration.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MapControlCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MapGeocoder.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MapRouter.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MapsBtSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MapsStore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO4064.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO3064.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mbsmsapi.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\MCRecvSrc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MDMAppInstaller.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfaudiocnv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfksproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfmkvsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfsensorgroup.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\migisol.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MiracastReceiver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\modernexecserver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mos.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\moshost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\moshostcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MosStorage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mprapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\MrmCoreR.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MSAC3ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MSAudDecMFT.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\msdtctm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msftedit.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\mshtmlmedia.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\msvcp110.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msvcr110.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\MSVideoDSP.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MSVPXENC.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MusNotification.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MusUpdateHandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NaturalLanguage6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ncsi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\NetSetupEngine.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\NetSetupShim.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\NetSetupSvc.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\netshell.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\NetworkCollectionAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetworkDesktopSettings.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetworkUXBroker.dll:$CmdTcID [32] AlternateDataStreams: C:\WINDOWS\system32\NfcRadioMedia.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ngccredprov.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NgcCtnr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NgcCtnrGidsHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ngcsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nlasvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NMAA.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NotificationController.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NPSM.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NSSRH64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvapi64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvaudcap64v.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvcompiler.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvcuda.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\nvcuvid.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvdispco6437254.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6437254.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvEncMFTH264.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvEncodeAPI64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvfatbinaryLoader.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NvFBC64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NvIFR64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NvIFROpenGL.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvoglv64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvopencl.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\nvptxJitCompiler.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\odbcconf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\offlinesam.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\oleaut32.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\OneBackupHandler.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\OpenCL.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PimIndexMaintenance.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PlayToReceiver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\policymanager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\powertracker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PrintWSDAHost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provops.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ProvSysprep.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PsmServiceExtHost.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\puiobj.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rapiproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rapistub.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rasmans.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rdpcore.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\rdpcorets.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\RdpGroupPolicyExtension.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rdpudd.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\RDXService.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RDXTaskFactory.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RelPost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RemoteNaturalLanguage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ReportingCSP.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ResetEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\resutils.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RjvMDMConfig.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RMapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rshx32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RTMediaFrame.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\sbe.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SBuySupplies.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ScanCoInstall.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ScanCoInstall.dll:$CmdZnID [26] AlternateDataStreams: C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SearchIndexer.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SecConfig.efi:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\securekernel.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Sens.dll:$CmdTcID [32] AlternateDataStreams: C:\WINDOWS\system32\SensorsApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SensorService.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Flights.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_nt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SharedStartModel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ShareHost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\shdocvw.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\skci.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\smartscreen.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SpaceAgent.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SpaceControl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\spaceman.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SpeechPal.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sppcext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sppobjs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sppsvc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sppwinob.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SRHInproc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ssj1mci.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ssj1mci.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\ssj1mlm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SyncSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\TextInputFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\timedate.cpl:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\TokenBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\TpmCoreProvisioning.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\TSWorkspace.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\twinapi.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\twinui.pcshell.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ubpm.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UIRibbonRes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\unimdm.tsp:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\updatepolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\uReFS.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UserDataTimeUtil.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UserDeviceRegistration.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\usermgr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UserMgrProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\usocore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\vccorlib110.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\VEStoreEventHandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\VPNv2CSP.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\vulkaninfo-1-1-0-11-1.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\vulkaninfo.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wcescommproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wc_storage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01007.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WebcamUi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\wer.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\weretw.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wifinetworkmanager.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\wifitask.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\win32kbase.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.AccountsControl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.Desktop.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.LowLevel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Midi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Perception.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Picker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.PointOfService.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Printers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Radios.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Scanners.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Sensors.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Usb.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Energy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.Input.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Management.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Audio.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Devices.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Editing.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Import.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.MediaControl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Ocr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Connectivity.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.HostName.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Perception.Stub.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepository.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepositoryClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\windows.storage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BioFeedback.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Cred.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.CredDialogController.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Logon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Shell.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Diagnostics.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wininetlui.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WinUSBCoInstaller.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WlanMediaManager.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wmcoinst-070531-0952.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wmp.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wmpps.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WordBreakers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WpAXHolder.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\WpcRefreshTask.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\WpcTok.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\WpcWebFilter.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wpx.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wscui.cpl:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wsp_fs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wsp_health.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wsp_sr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wuuhext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine2_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine2_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine2_10.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine2_2.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\xactengine2_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine2_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine2_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine2_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine2_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine2_8.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine2_9.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_4.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XblAuthManager.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\xinput1_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xinput1_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xinput1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xpsrchvw.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\aadtb.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AboveLockAppHost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenterCPL.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\ActivationManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AppCapture.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AppContracts.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepsync.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxPackaging.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthExt.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\autoplay.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundMediaPolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\bcastdvr.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BcastDVRHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BingMaps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\biwinrt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BrDctF2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BrDctF2L.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BrDctF2S.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BRLM03A.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BRLMW03A.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BROSNMP.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BRPRTINK.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BRRBI13A.EXE:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BRTCPCON.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BtnCtlsU.ocx:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\bzDCT.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\bzFlRdr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CBLCtlsU.ocx:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\cdp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ceutil.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakra.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakradiag.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\chartv.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\ChatApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ClipboardServer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\cmifw.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\cngkeyhelper.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.OCX:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\common_clang32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ContactApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreMessaging.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreUIComponents.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CredProvDataModel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovhost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovslegacy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptngc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CryptoWinRT.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3D12.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_33.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_34.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_35.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_36.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_37.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_47.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_33.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_34.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_35.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_36.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_37.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_24.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_25.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_26.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_27.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_28.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_29.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_30.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_31.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_33.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_34.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_35.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_36.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_37.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\DataExchange.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\daxexec.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ddraw.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairing.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dialclient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\DisplayManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dlnashext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dmenrollengine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\DolbyDecMFT.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dsreg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dtdump.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\edgehtml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\EditBufferTestHook.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\EditCtlsU.ocx:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\efsext.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\efswrt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\EmailApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetails.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ExLvwU.ocx:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\findnetprinters.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\fontdrvhost.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\fontext.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\FSClient.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32full.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Geolocation.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\hevcdecoder.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\ieproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\ig75icd32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igc32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igd10idpp32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igd10iumd32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igd11dxva32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igd12umd32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igdail32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igdbcl32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igdde32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igdfcl32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igdmcl32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igdmd32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igdrcl32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igdumdim32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igdusc32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igfx11cmrt32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxcmjit32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxcmrt32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxexps32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\iglhcp32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\iglhsip32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\InputLocaleManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\InputService.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgent.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\IntelOpenCL32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\JpMapControl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9diag.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchWinApp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\LblCtlsU.ocx:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManagerApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppBroker.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\LogonController.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MapConfiguration.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MapControlCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MapGeocoder.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MapRouter.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MapsBtSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mbsmsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MCRecvSrc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfaudiocnv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfksproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsensorgroup.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\migisol.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MiracastReceiver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mos.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MosStorage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mprapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAC3ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mscomctl.ocx:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcuiu.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msftedit.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmlmedia.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mspaint.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVPXENC.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxclu.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NaturalLanguage6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupApi.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupEngine.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupShim.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\netshell.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NetworkCollectionAgent.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\ngccredprov.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NMAA.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NPSM.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NSSearch.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvaudcap32v.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvcompiler.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvcuda.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvcuvid.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvEncMFTH264.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvEncodeAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NvFBC.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NvIFR.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NvIFROpenGL.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvoglv32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvopencl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\offlinesam.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\oleaut32.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenCL.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToReceiver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\policymanager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintDialogs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\pwrshplugin.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\rapi.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\rapiproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\rapistub.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpcore.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\RTMediaFrame.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchIndexer.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SessEnv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SETDC23.tmp:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\setupugc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ShareHost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVolSSO.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\sppcext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\StoreAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\systemcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\TabStripCtlU.ocx:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\TempSignedLicenseExchangeTask.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\TextInputFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\tsmf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbonRes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdm.tsp:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\updatepolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\uReFS.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\usercpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataAccountApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UserMgrProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-11-1.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\vulkaninfo.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wcescommproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\weretw.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\win32k.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\win32kfull.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Energy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Import.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepository.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\windows.storage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Http.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wininetlui.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WinRtTracing.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wlancfg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wmp.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WordBreakers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WpcWebFilter.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wscui.cpl:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_fs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_health.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_sr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WwaApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_10.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_8.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_9.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsrchvw.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\afd.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\bowser.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\BrSerIb.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\BrUsbSib.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\btath_bus.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\BthLEEnum.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthpan.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthport.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\capimg.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\cmimcext.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\crashdmp.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dam.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dfsc.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dtsoftbus01.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ew_cdcacm.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ew_jubusenum.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ew_wwanecm.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\fastfat.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\fvevol.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\grmngen.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\grmnusb.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidclass.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\igdkmd64.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\iorate.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\LEqdUsb.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\LHidEqd.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\LHidFilt.Sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\LMouFilt.Sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\MegaSas2i.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\modem.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvvad64v.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\pci.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdbss.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\SETD669.tmp:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\spaceport.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv2.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudmdm.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\storahci.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\stornvme.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\tm.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\tpm.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbscan.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\wcifs.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdiWiFi.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhvr.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\xboxgip.sys:$CmdTcID [64] AlternateDataStreams: C:\Users\Damian\Desktop\0009_001.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Desktop\launch.jnlp:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Desktop\TH 09 B143_MINER-PBG_wyburzenia.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Anderson John Robert - Uczenie sie i pamiec [ebook].rar:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\BH162GDIWin8x64_2001PL.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\BrMain480.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Damian\Downloads\BrMain480.exe:$CmdZnID [29] AlternateDataStreams: C:\Users\Damian\Downloads\calibre-64bit-2.76.0.msi:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Cigbreak Free_v2.0_apkpure.com.apk:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Dawkins Richard - Bóg urojony [ebook] (1).rar:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Dawkins Richard - Bóg urojony [ebook].rar:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Dawkins Richard - Wspinaczka na szczyt nieprawdopodobienstwa [ebook].rar:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\DTLiteInstaller.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Damian\Downloads\DTLiteInstaller.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\esetsmartinstaller_plk.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Damian\Downloads\esetsmartinstaller_plk.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\F-SecureOnlineScanner.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Damian\Downloads\F-SecureOnlineScanner.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Feynman Richard P. - A co ciebie obchodzi, co myślą inni_ (1988).mobi:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Feynman Richard P. - Pan raczy żartować, panie Feynman! (1985).mobi:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Feynmana wykłady z Fizyki - QED, osobliwa teoria światła i materii.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Feynmana wykłady z fizyki - t 1.1.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Feynmana wykłady z fizyki - t 1.2.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\gt568.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Damian\Downloads\gt568.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Hearthstone-Setup.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Damian\Downloads\Hearthstone-Setup.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\HitmanPro_x64.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Damian\Downloads\HitmanPro_x64.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Ingram Jay - Płonący dom Odkrywając tajemnice mózgu [ebook].rar:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\iobituninstaller.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Damian\Downloads\iobituninstaller.exe:$CmdZnID [29] AlternateDataStreams: C:\Users\Damian\Downloads\Jeszcze krotsza historia.mobi:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Klasyfikacje-i-nazewnictwo-gruntow.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\MINER czynsz.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\MINER Energia.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\MINER zużycie woda.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\nadchodzi-osobliwosc-ray-kurzweil-Ebookpoint.pl.mobi:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\PN_ISO.doc:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Seismic reflections of rock properties.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\SPTD2inst-v211-x64.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Damian\Downloads\SPTD2inst-v211-x64.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Stephen Hawking - Krótka historia czasu.mobi:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\urząd pismo przewodnie.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Ustawa z dnia 17 maja 1989 r. Prawo geodezyjne i kartograficzne..pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\uuwsmmcr.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Damian\Downloads\uuwsmmcr.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Wspinaczka na szczyt nieprawdop - Dawkins Richard.mobi:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Wszechswiat z niczego.mobi:$CmdZnID [26] AlternateDataStreams: C:\Users\Damian\Downloads\Zasady sporządzania dokumentacji geologiczno-inżynierskich.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\Public\Desktop\Post Win10 Spybot-install.exe:$CmdTcID [64] ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\123simsen.com -> www.123simsen.com Wykryto więcej niż wyliczono: 7924 witryn. ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-14 03:34 - 2017-01-09 08:33 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-3933859105-196285215-2267922907-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Damian\AppData\Local\Microsoft\Windows\Themes\img2.jpg HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: BrHelp => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: CDAServer => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe MSCONFIG\startupreg: ControlCenter4 => "C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe" /autorun MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: GoogleChromeAutoLaunch_3F2E34BF7A244698209604940BA7FE5B => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Damian\AppData\Roaming\Spotify\SpotifyWebHelper.exe" MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "ControlCenter4" HKLM\...\StartupApproved\Run32: => "BrHelp" HKLM\...\StartupApproved\Run32: => "BrStsMon00" HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0" HKU\S-1-5-21-3933859105-196285215-2267922907-1001\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-3933859105-196285215-2267922907-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3933859105-196285215-2267922907-1001\...\StartupApproved\Run: => "Spotify Web Helper" HKU\S-1-5-21-3933859105-196285215-2267922907-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-3933859105-196285215-2267922907-1001\...\StartupApproved\Run: => "DAEMON Tools Lite" ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808 FirewallRules: [UDP Query User{29C3D07B-86E0-40DB-884B-3EE6D267B325}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => C:\program files (x86)\samsung\easy printer manager\ids.application.exe FirewallRules: [TCP Query User{91AE9DEC-94A7-434D-9D43-C28219FDBCAC}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => C:\program files (x86)\samsung\easy printer manager\ids.application.exe FirewallRules: [UDP Query User{4A55D049-6B89-4F5A-B11D-79591DA55410}C:\users\damian\appdata\roaming\spotify\spotify.exe] => C:\users\damian\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{A6A48B1C-3D27-4965-8023-EBF473D709C7}C:\users\damian\appdata\roaming\spotify\spotify.exe] => C:\users\damian\appdata\roaming\spotify\spotify.exe FirewallRules: [{291B1CEB-EB70-4A3E-8A11-88BAFCF4D008}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{85D1FBCB-89C0-4876-9A9A-6019C6AC75B6}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{A0C929EF-1F5C-4923-BEF1-9D9E39893DED}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{60990188-F01E-41D8-9E06-7DFE2C1C8602}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{F481E03D-2F8B-45A2-914B-2919690166E0}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{1124F1D1-5658-404A-8CF2-C66E47D3A8CD}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{6CF1047B-A6C0-4AEF-BD17-FC2D1470BAF7}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{CD5C1070-8D1D-4685-9F10-24854A8D54B3}] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{5C4BDB5D-DC1F-413D-97E5-6EDCBDE94D1E}] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{1C4D135C-5BCA-4DD9-B801-7EC739C2CAE7}] => C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe FirewallRules: [{6AC15051-F8EC-4C28-A904-CA5BA5DD3DA0}] => C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe FirewallRules: [{FFD53863-2B4F-43F6-A86A-408046C46A4D}] => C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe FirewallRules: [{92B0F292-E3F8-499D-A67A-90AFCD6B7E04}] => C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe FirewallRules: [{4A838102-6282-43A4-9CA3-46904D65A1D8}] => C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe FirewallRules: [{19A8D72F-F00E-44F7-B6D2-4F07A412294E}] => C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe FirewallRules: [{DD9BCDF9-E716-4FA3-A33E-8C4E7102488C}] => C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe FirewallRules: [{6A7D4664-046C-4CA8-B82A-DAB43EC24BEA}] => C:\Program Files (x86)\Steam\steamapps\common\vvvvvv\VVVVVV.exe FirewallRules: [{5A315969-E312-4ADF-92B1-95A34E900B6B}] => C:\Program Files (x86)\Steam\steamapps\common\vvvvvv\VVVVVV.exe FirewallRules: [{8CC97C77-8EDB-4F13-89D5-6B8789D56B87}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{4345CB87-A9A8-41C0-A0AD-13D855FA3D07}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{07282BA4-658E-4E5A-BDF9-B32341D8855B}] => C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{2A2D04FD-5512-4399-825D-5516359C1D4F}] => C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{96E15F17-02DE-40F7-BB35-50721E56AEB6}] => C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{20D6BFBD-3A82-419E-A51F-BA281BBD49BF}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{086A32C1-7B30-499C-A434-CC36B3A9C42D}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{A822EAEA-14D8-4CA3-BB40-3586E2FE79E8}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{59E239E7-2DA9-411D-80F9-F9FCE026A825}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{FB1F8BD7-C9A4-411B-B7FC-242CC3366E4E}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{08880781-D019-45A1-BFCD-C836B7FBCEB7}] => C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe FirewallRules: [{CB632DB7-DC27-4E35-B48B-5A4548488F59}] => C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{E75D1643-834D-4CAE-83EC-6954A10519AE}] => C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{C2317EB3-A040-4DEA-870B-2F463D075E97}] => C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{DF34CCD2-8BFF-4B60-BAD5-C5CC9EC59088}] => C:\Program Files (x86)\Brother\Brmfl13c\FAXRX.EXE FirewallRules: [{36FDE592-FB8A-4224-9BD3-3C1FFE38929F}] => LPort=54925 FirewallRules: [{BC1C369D-57BE-46B6-9C74-0FEF4C7EF21C}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{1E5C85BD-36DB-4E1D-B224-474D36ABD52F}] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [{18DF46B2-0E19-42A6-9354-D00C9156F064}] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Punkty Przywracania systemu ========================= ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (01/09/2017 08:53:50 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury QueryFullProcessImageNameW. hr = 0x80070006, Nieprawidłowe dojście. . Operacja: Wykonywanie operacji asynchronicznej Kontekst: Stan bieżący: DoSnapshotSet Error: (01/09/2017 08:53:35 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez Usługi kryptograficzne nie powiodło się. Details: AddLegacyDriverFiles: Unable to back up image of binary Protokół LLDP (Link-Layer Discovery Protocol) firmy Microsoft. System Error: Odmowa dostępu. . Error: (01/09/2017 08:53:20 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury QueryFullProcessImageNameW. hr = 0x80070006, Nieprawidłowe dojście. . Operacja: Wykonywanie operacji asynchronicznej Kontekst: Stan bieżący: DoSnapshotSet Error: (01/09/2017 08:53:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez Usługi kryptograficzne nie powiodło się. Details: AddLegacyDriverFiles: Unable to back up image of binary Protokół LLDP (Link-Layer Discovery Protocol) firmy Microsoft. System Error: Odmowa dostępu. . Error: (01/09/2017 08:52:56 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas badania interfejsu IVssWriterCallback. hr = 0x80070005, Odmowa dostępu. . To jest często spowodowane przez niepoprawne ustawienia zabezpieczeń w procesie zapisującym lub żądającym. Operacja: Zbieranie danych modułu zapisującego Kontekst: Identyfikator klasy modułu zapisującego: {e8132975-6f93-4464-a53e-1050253ae220} Nazwa modułu zapisującego: System Writer Identyfikator wystąpienia modułu zapisującego: {cebf2dca-7b32-4758-b90b-fa099cb7a11d} Error: (01/09/2017 08:29:07 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Google\Chrome\Application\chrome1.exe". Nie można odnaleźć zestawu zależnego 45.0.2454.85,language="*",type="win32",version="45.0.2454.85". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (01/09/2017 08:29:01 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury QueryFullProcessImageNameW. hr = 0x80070006, Nieprawidłowe dojście. . Operacja: Wykonywanie operacji asynchronicznej Kontekst: Stan bieżący: DoSnapshotSet Error: (01/09/2017 08:28:37 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez Usługi kryptograficzne nie powiodło się. Details: AddLegacyDriverFiles: Unable to back up image of binary Protokół LLDP (Link-Layer Discovery Protocol) firmy Microsoft. System Error: Odmowa dostępu. . Error: (01/09/2017 08:28:35 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas badania interfejsu IVssWriterCallback. hr = 0x80070005, Odmowa dostępu. . To jest często spowodowane przez niepoprawne ustawienia zabezpieczeń w procesie zapisującym lub żądającym. Operacja: Zbieranie danych modułu zapisującego Kontekst: Identyfikator klasy modułu zapisującego: {e8132975-6f93-4464-a53e-1050253ae220} Nazwa modułu zapisującego: System Writer Identyfikator wystąpienia modułu zapisującego: {4705445d-b8cb-46b7-84c3-422ff20ead26} Error: (01/09/2017 08:22:27 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Google\Chrome\Application\chrome1.exe". Nie można odnaleźć zestawu zależnego 45.0.2454.85,language="*",type="win32",version="45.0.2454.85". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Dziennik System: ============= Error: (01/09/2017 08:35:24 AM) (Source: DCOM) (EventID: 10016) (User: ZARZĄDZANIE NT) Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} i identyfikatorem aplikacji APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} użytkownikowi ZARZĄDZANIE NT\SYSTEM o identyfikatorze zabezpieczeń SID (S-1-5-18) z adresu LocalHost (użycie LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Niedostępny (Niedostępny). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. Error: (01/09/2017 08:35:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Internet Manager. RunOuc z powodu następującego błędu: Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie. Error: (01/09/2017 08:35:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Internet Manager. RunOuc. Error: (01/09/2017 08:35:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Orange Connection. RunOuc z powodu następującego błędu: Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie. Error: (01/09/2017 08:35:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Orange Connection. RunOuc. Error: (01/09/2017 08:35:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa NetTcpActivator zależy od usługi NetTcpPortSharing, której nie można uruchomić z powodu następującego błędu: Nie można uruchomić określonej usługi, ponieważ jest ona wyłączona lub ponieważ nie są włączone skojarzone z nią urządzenia. Error: (01/09/2017 08:28:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Intel(R) Management and Security Application Local Management Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (01/09/2017 08:28:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Intel(R) Dynamic Application Loader Host Interface Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (01/09/2017 08:28:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa OracleXETNSListener niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (01/09/2017 08:28:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Protexis Licensing V2 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. CodeIntegrity: =================================== Date: 2016-09-26 12:34:01.173 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-09-26 12:33:56.336 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-09-26 12:33:56.083 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-09-26 12:28:57.012 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz Procent pamięci w użyciu: 39% Całkowita pamięć fizyczna: 8119.36 MB Dostępna pamięć fizyczna: 4879.24 MB Całkowita pamięć wirtualna: 16311.36 MB Dostępna pamięć wirtualna: 12408.99 MB ==================== Dyski ================================ Drive c: (OS) (Fixed) (Total:118.46 GB) (Free:29.25 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: BE18E23C) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=118.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) ==================== Koniec Addition.txt ============================