Publicité
Publicité
Format du document : text/plain
Prévisualisation
Résultats de l'Analyse supplémentaire de Farbar Recovery Scan Tool (x86) Version: 23-11-2016
Exécuté par Power2Go 11 promo (25-11-2016 12:42:00)
Exécuté depuis C:\Users\Power2Go 11 promo\Desktop
Microsoft Windows 7 Édition Starter Service Pack 1 (X86) (2016-10-08 19:55:30)
Mode d'amorçage: Normal
==========================================================
==================== Comptes: =============================
Administrateur (S-1-5-21-1541472888-895532398-2178115478-500 - Administrator - Disabled)
barrow 2 & widen (S-1-5-21-1541472888-895532398-2178115478-1000 - Administrator - Enabled) => C:\Users\barrow 2 & widen
Invité (S-1-5-21-1541472888-895532398-2178115478-501 - Limited - Disabled)
Power2Go 11 promo (S-1-5-21-1541472888-895532398-2178115478-1001 - Administrator - Enabled) => C:\Users\Power2Go 11 promo
==================== Centre de sécurité ========================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.)
AV: COMODO Cloud Antivirus (Disabled - Up to date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2}
AS: COMODO Sandbox (Disabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Programmes installés ======================
(Seuls les logiciels publicitaires ('adware') avec la marque 'caché' ('Hidden') sont susceptibles d'être ajoutés au fichier fixlist.txt pour qu'ils ne soient plus masqués. Les programmes publicitaires devront être désinstallés manuellement.)
7-Zip 16.04 (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Acer Crystal Eye webcam Ver:1.1.192.810 (HKLM\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.192.810 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Registration (HKLM\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer VCM (HKLM\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
AndroidInstaller (Version: 1.00.022 - Nom de votre société) Hidden
Apowersoft Online Launcher version 1.4.5 (HKU\S-1-5-21-1541472888-895532398-2178115478-1001\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.4.5 - APOWERSOFT LIMITED)
Assistant de connexion Windows Live (HKLM\...\{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}) (Version: 5.000.818.5 - Microsoft Corporation)
Assistant Mise à niveau de Windows 10 (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.)
AutoIt v3.3.14.2 (HKLM\...\AutoItv3) (Version: 3.3.14.2 - AutoIt Team)
BDAntiRansomware (HKLM\...\{BE40AB1F-558F-4434-B72F-461EF97E7796}_is1) (Version: 1.0.12.1 - Bitdefender)
Bitdefender 60-Second Virus Scanner (HKLM\...\{CCEA2053-D975-4E38-AC09-4D5E6DAC6B6F}) (Version: 1.0.3.76 - Bitdefender)
Boost (HKU\S-1-5-21-1541472888-895532398-2178115478-1001\...\Boost 1.0.2) (Version: 1.0.2 - Reason Software Company Inc.) <==== ATTENTION
Boost (Version: 1.0.2 - Reason Software Company Inc.) Hidden <==== ATTENTION
Chromodo (HKLM\...\Chromodo) (Version: 52.15.25.665 - Comodo)
COMODO Cloud Antivirus (HKLM\...\COMODO Cloud Antivirus_list_uninstall) (Version: 1.7.402730.374 - COMODO)
COMODO Cloud Antivirus (Version: 1.7.374.0 - COMODO) Hidden
Comodo Dragon (HKLM\...\Comodo Dragon) (Version: 52.15.25.664 - Comodo)
CyberLink LabelPrint 2.5 (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0.10521 - CyberLink Corp.)
CyberLink Power2Go 11 (HKLM\...\{7A3F32E0-D8E1-40C1-8E1B-1F5693F2ADE0}) (Version: 11.0.1013.0 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.8205.0 - CyberLink Corp.)
EaseUS EverySync 3.0 (HKLM\...\EaseUS EverySync_is1) (Version: - EaseUS)
EaseUS Partition Master 11.9 (HKLM\...\EaseUS Partition Master_is1) (Version: - EaseUS)
EaseUS Todo Backup Free 9.2 (HKLM\...\EaseUS Todo Backup_is1) (Version: 9.2 - CHENGDU YIWO Tech Development Co., Ltd)
EaseUS Todo PCTrans 9.0 (HKLM\...\EaseUS Todo PCTrans_is1) (Version: - EaseUS)
e-Carte Bleue LCL (HKLM\...\{DB981AC8-910B-4C0E-8250-829243E85934}) (Version: 5.6.0.0 - e-Carte Bleue LCL)
ENE USB Card Reader Driver (HKLM\...\3B29FD3CCF1F5B855DA0C521597413EBABE97DFB) (Version: 5.89.0.70 - ENE)
eSobi v2 (HKLM\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (Version: 2.0.4.000274 - esobi Inc.) Hidden
ETDWare PS/2-X86 11.6.4.001_WHQL (HKLM\...\Elantech) (Version: 11.6.4.001 - ELAN Microelectronic Corp.)
EVEREST Ultimate Edition v5.50 (HKLM\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version: - FreeDownloadManager.ORG)
Galerie de photos Windows Live (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
GeekBuddy (Version: 4.29.207 - Comodo Security Solutions Inc) Hidden
Google Chrome (HKLM\...\{77CD02E9-7F33-33D9-B5CB-13C332E0E575}) (Version: 54.0.2840.99 - Google, Inc.)
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
Identity Card (HKLM\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Installation Windows Live (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Installation Windows Live (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2117 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.5.1001 - Intel Corporation)
Internet Security Essentials (HKLM\...\ComodoIse) (Version: 1.1.400604.29 - Comodo)
ISO to USB (HKLM\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version: - isotousb.com)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Laplink PCmover Professional (HKLM\...\{06D3FAB0-9DDE-40A9-B130-D6B8003B104D}) (Version: 10.01.648 - Laplink Software, Inc.)
Launch Manager (HKLM\...\LManager) (Version: 4.0.14 - Acer Inc.)
Logiciel pour périphérique à chipset Intel® (Version: 10.0.27 - Intel(R) Corporation) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.2.1549 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 50.0 (x86 fr) (HKLM\...\Mozilla Firefox 50.0 (x86 fr)) (Version: 50.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.0.0.6152 - Mozilla)
Multi Virus Cleaner 2017 (HKLM\...\Multi Virus Cleaner 2017_is1) (Version: 17.3.5 - AxBx)
MyWinLocker (Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (Version: 3.1.212.0 - Egis Technology Inc.) Hidden
Outil de téléchargement Windows Live (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Panda Cloud Cleaner (HKLM\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.9 - Panda Security)
Panda USB Vaccine 1.0.1.16 (HKLM\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6171 - Realtek Semiconductor Corp.)
RogueKiller version 12.8.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.8.1.0 - Adlice Software)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Unchecky v1.0.1 (HKLM\...\Unchecky) (Version: 1.0.1 - RaMMicHaeL)
Welcome Center (HKLM\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Win32DiskImager version 0.9.5 (HKLM\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Live FolderShare (HKLM\...\{76810709-A7D3-468D-9167-A1780C1E766C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Wondershare Filmora(Build 7.5.0) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.5.0 (HKLM\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.0 - Wondershare)
Wondershare TidyMyMusic(Build 1.5.0.1) (HKLM\...\Wondershare TidyMyMusic_is1) (Version: 1.5.0.1 - Wondershare Software)
ZebHelpProcess 2016 (HKLM\...\ZebHelpProcess_is1) (Version: 2015 - Nicolas Coolman)
==================== Personnalisé CLSID (Avec liste blanche): ==========================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Tâches planifiées (Avec liste blanche) =============
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
Task: {114E62F7-5A43-4727-BCDF-A4E7E7FA75A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-05] (Adobe Systems Incorporated)
Task: {1E4A408B-8347-4350-AEAC-D63481ECE662} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)
Task: {7089C146-3A46-467A-B7DE-C3C357A86B67} - System32\Tasks\{3FE4FA56-B019-4F16-A61D-3CDC8B31C0F2} => pcalua.exe -a G:\start.exe -d G:\
Task: {7FCCBD3B-43FF-492A-82BE-72A385EC4FED} - System32\Tasks\Boost => C:\Users\Power2Go 11 promo\AppData\Roaming\Reason\Boost\boost.exe [2013-12-27] (Reason Software Company Inc.)
Task: {9FD1F42C-D7FC-4B82-A14F-BDB00020D0D6} - System32\Tasks\{6848CD13-085C-450A-A985-F50011F476FD} => pcalua.exe -a "C:\Users\barrow 2 & widen\Downloads\devoir.exe" -d "C:\Users\barrow 2 & widen\Downloads"
Task: {C5FF3427-B388-4AC0-A5C2-0EDFEBD5F54B} - System32\Tasks\{B977D14B-07F1-4B68-9648-A18954293BDE} => pcalua.exe -a V:\FUR-Tools\Virtualbox-install\VitrualBox-install.exe -d V:\FUR-Tools\Virtualbox-install
Task: {D6678260-760D-4A84-8A61-A039F665FDDB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-11-05] (Google Inc.)
Task: {DEBA87F4-7C49-4726-8B78-6CE4A760C8B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-11-05] (Google Inc.)
Task: {FE0C4D39-72A2-41A0-8808-C615EEB45D54} - System32\Tasks\PandaUSBVaccine => C:\Program Files\Panda USB Vaccine\RunInteractiveWin.exe [2010-06-01] ()
(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Raccourcis =============================
(Les éléments sont susceptibles d'être inscrits dans le fichier fixlist.txt afin d'être supprimés ou restaurés.)
ShortcutWithArgument: C:\Users\Power2Go 11 promo\Desktop\AdsFix_Donate.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN
ShortcutWithArgument: C:\Users\Power2Go 11 promo\Desktop\Pre_Scan_Donate.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN
==================== Modules chargés (Avec liste blanche) ==============
2016-07-18 19:25 - 2016-07-18 19:25 - 03590904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareShellExtension.dll
2010-09-17 08:18 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files\Launch Manager\CdDirIo.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00080936 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CodeLog.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 01296424 _____ () C:\Program Files\EaseUS\Todo Backup\bin\libxml2.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00060968 _____ () C:\Program Files\EaseUS\Todo Backup\bin\zlib1.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00017448 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CompressFile.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00088616 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00024768 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CmcTbProxy.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00188608 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CMCPipeCenter.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00173760 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CMCAdapt.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00056512 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TBInfo.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00018112 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll
2016-10-10 07:30 - 2016-10-10 07:30 - 00128192 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ActivationOnline.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00085184 _____ () C:\Program Files\EaseUS\Todo Backup\bin\logsys.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00030760 _____ () C:\Program Files\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00068136 _____ () C:\Program Files\EaseUS\Todo Backup\bin\MountImg.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00158248 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ImgFile.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00281128 _____ () C:\Program Files\EaseUS\Todo Backup\bin\DsImgFile.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00072232 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CheckImg.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00139816 _____ () C:\Program Files\EaseUS\Todo Backup\bin\vhdvmdk.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00040128 _____ () C:\Program Files\EaseUS\Todo Backup\bin\BootDriver.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00769064 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ExImage.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00193064 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00443944 _____ () C:\Program Files\EaseUS\Todo Backup\bin\AndroidImage.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00148008 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EnumDisk.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00076840 _____ () C:\Program Files\EaseUS\Todo Backup\bin\FatLib.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00207912 _____ () C:\Program Files\EaseUS\Todo Backup\bin\NTFSLib.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00114880 _____ () C:\Program Files\EaseUS\Todo Backup\bin\FileStorage.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00169512 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CloudInterface.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00501800 _____ () C:\Program Files\EaseUS\Todo Backup\bin\StorageMgr.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00024616 _____ () C:\Program Files\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00020520 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CorrectMbr.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00032296 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00034856 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00064040 _____ () C:\Program Files\EaseUS\Todo Backup\bin\RegLib.dll
2016-10-10 07:30 - 2016-10-10 07:30 - 00026816 _____ () C:\Program Files\EaseUS\Todo Backup\bin\AccountManager.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00059944 _____ () C:\Program Files\EaseUS\Todo Backup\bin\NasOperator.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00220864 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EmailBrowser.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00077864 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CloudOperator.dll
2016-10-10 07:30 - 2016-10-10 07:30 - 00021184 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ActiveOnline.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00136232 _____ () C:\Program Files\EaseUS\Todo Backup\bin\VMConfig.dll
2016-10-10 07:30 - 2016-10-10 07:31 - 00020008 _____ () C:\Program Files\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00043048 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TbDataSwap.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00432320 _____ () C:\Program Files\EaseUS\Todo Backup\bin\uexper.dll
2010-07-20 13:54 - 2010-07-20 13:54 - 00411648 _____ () C:\Program Files\Acer\Android Manager\FRA.dll
2016-07-18 19:25 - 2016-07-18 19:25 - 08063200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe
2016-07-18 19:25 - 2016-07-18 19:25 - 02454224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\RCF.dll
2016-07-18 19:25 - 2016-07-18 19:25 - 00122632 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_filesystem-vc140-mt-1_61.dll
2016-07-18 19:25 - 2016-07-18 19:25 - 00026880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_system-vc140-mt-1_61.dll
2016-07-18 19:25 - 2016-07-18 19:25 - 00055560 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_date_time-vc140-mt-1_61.dll
2016-07-18 19:25 - 2016-07-18 19:25 - 00099072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_thread-vc140-mt-1_61.dll
2016-07-18 19:25 - 2016-07-18 19:25 - 00035584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_chrono-vc140-mt-1_61.dll
2016-07-18 19:25 - 2016-07-18 19:25 - 00403712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_locale-vc140-mt-1_61.dll
2016-07-18 19:25 - 2016-07-18 19:25 - 01888488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\HtmlFramework.dll
2016-07-18 19:25 - 2016-07-18 19:25 - 00869624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTrayDefaultSkin.dll
2016-10-09 07:20 - 2016-06-20 13:48 - 01506304 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-10-09 07:20 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-10-11 15:53 - 2016-10-11 15:53 - 00877056 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\platforms\qwindows.dll
2016-10-11 15:52 - 2016-10-11 15:52 - 00308416 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\GarbageGather.dll
2016-10-11 15:52 - 2016-10-11 15:52 - 00118464 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\FHProcess.dll
2016-10-11 15:53 - 2016-10-11 15:53 - 00014336 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\fsclog.dll
2016-10-11 15:52 - 2016-10-11 15:52 - 00174784 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\BigFileGather.dll
2016-10-11 15:52 - 2016-10-11 15:52 - 00088256 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\EnumVolumes.dll
2016-10-11 15:52 - 2016-10-11 15:52 - 00224960 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\FragAnalysis.dll
2016-10-11 15:53 - 2016-10-11 15:53 - 00024064 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\imageformats\qico.dll
2016-10-11 15:53 - 2016-10-11 15:53 - 00023552 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\imageformats\qgif.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00278720 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe
2016-10-10 07:31 - 2016-10-10 07:31 - 00224808 _____ () C:\Program Files\EaseUS\Todo Backup\bin\SmartBackup.dll
2016-11-16 12:29 - 2016-10-13 13:32 - 00634648 _____ () C:\Program Files\CyberLink\Power2Go11\CLMediaLibrary.dll
2016-10-20 16:46 - 2016-10-20 16:46 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e676d4d4f9d659b596668c1e8f9b0450\IsdiInterop.ni.dll
2010-09-17 08:04 - 2012-06-12 15:06 - 00059904 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (Avec liste blanche) =========
(Si un élément est inclus dans le fichier fixlist.txt, seul le flux de données additionnel (ADS - Alternate Data Stream) sera supprimé.)
AlternateDataStreams: C:\Windows\bfsvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\twain_32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\aaclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\accessibilitycpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\acppage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ActionCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ActionQueue.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\activeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adsldp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aitagent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\amstream.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiodev.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AuthFWSnapin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\autochk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\autoconv.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\autofmt.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\autoplay.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\avifil32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AxInstSv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\azroles.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\azroleui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AzSqlExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\batmeter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcdboot.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcdsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BFE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\biocpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bitsadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bitsperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BlbEvents.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BootMan.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bootres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\browcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\browser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\browseui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bthprops.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Bubbles.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cabinet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cabview.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\calc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\capiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cca.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cdosys.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\centel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certenc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CertPolEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cfgmgr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cmstp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cngprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptdlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cscdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\C_ISCII.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dbghelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\defaultlocationcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\desk.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DeviceCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DevicePairingFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dfrgui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dhcpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dhcpcsvc6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DiagCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diagperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diskpart.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diskraid.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\djoin.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dnscacheugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dnscmmc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dnsrslvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dosx.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dot3api.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dot3cfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dot3msm.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dot3svc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dot3ui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dpapiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dpnaddr.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dpnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dpx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dsauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DShowRdpFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dskquoui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dsuiext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmredir.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxdiagn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DXP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DXPTaskRingtone.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DxpTaskSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\eapp3hst.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\eappgnui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\eapphost.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\efscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EhStorAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\elsTrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\epmntdrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\eudcedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EuEpmGdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EuGdiDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Faultrep.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\fbnative.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fdeploy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\findstr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FirewallControlPanel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fms.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fphc.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\framedyn.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\framedynos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fsutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ftp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FXSCOVER.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FXSMON.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FXSSVC.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FXSTIFF.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\g711codc.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\GeneIcon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\GSCoinst.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hal.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\halacpi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\halmacpi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hbaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hgprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\httpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iasacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iasrad.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iasrecst.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iccvid.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ifsutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\imagehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\imapi2fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\imm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetmib1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\intl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iologmsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IPHLPAPI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iphlpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ipsmsnap.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iscsicli.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iscsium.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\isoburn.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\itircl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iyuv_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDBLR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDBULG.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDCZ1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDGEO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDGKL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDGR1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDINBEN.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\KBDINHIN.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDINKAN.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDINMAR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDINORI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDINTAM.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\KBDINTEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kbdlk41a.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDLT1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDMAORI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDMON.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDNEPR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDPO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDRU.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDRU1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDSF.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDSG.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDTAJIK.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDTAT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDTUF.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDTUQ.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDTURME.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDUGHR1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDUS.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDYAK.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KMSVC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kstvtune.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Kswdmcap.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksxbar.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ListSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\localsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\logagent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\logoncli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\LogonUI.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lpksetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lpremove.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsmproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\luainstall.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\main.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\manage-bde.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mcbuilder.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MCEWMDRMNDBootstrap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mciavi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mciqtz32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MdSched.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MediaMetadataHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfc40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfc40u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfc42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfc42u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mimefilt.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mmcndmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MMDevAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mmsys.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mobsync.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Mpeg2Data.ax:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mpg2splt.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MPSSVC.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msasn1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msconfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscoree.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdmo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdtctm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSDvbNP.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msieftp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msinfo32.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSNP.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msorcl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msrle32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msscntrs.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mssphtb.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstask.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msvcrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msvfw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msvidc32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msyuv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mtxclu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\muifontsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MuiUnattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MultiDigiMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mydocs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Mystify.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NAPCRYPT.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\napdsnap.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\NAPHLPR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Narrator.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\net1.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netbtugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netcenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netcfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netcfgx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netcorehc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netdiagfx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netevent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netfxperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netid.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netiohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netjoin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netlogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netplwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netshell.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\netutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\networkexplorer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\networkmap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nltest.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nrpsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nshipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nshwfp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nslookup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntlanman.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntprint.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\objsel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ocsetapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ocsetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\odbc32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\odbccp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\odbccr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\odbccu32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\odbcjt32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\odbctrac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\olethk32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\onex.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\onexui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\OnLineIDCpl.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\OobeFldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\OpcServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\OxpsConverter.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pdhui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PerfCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\perfmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\perfts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PhotoScreensaver.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\photowiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pifmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PkgMgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pla.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pnidui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PnPUnattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PortableDeviceApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PortableDeviceStatus.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PortableDeviceSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\powercfg.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\powercpl.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PresentationHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PresentationHostProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\prevhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PrintIsolationProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\printui.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\prncache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\prnfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\prntvpt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\propsys.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\proquota.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\provsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\psisdecd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\psisrndr.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\QAGENT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\QAGENTRT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qcap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\QCLIPROV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qdv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\QSHVHOST.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\QSVRMGMT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Query.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\QUTIL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RacEngn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\raschap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rasmans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rasppp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rastapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpcfgex.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpcorekmts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpd3d.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\rdpdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RDPENCDD.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RDPREFDD.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdprefdrvapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpwsx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdrmemptylst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\recdisc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\recovery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\regapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RelPost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\remotepg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\repair-bde.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Ribbons.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\riched20.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\riched32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RMActivate.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RMActivate_isv.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RMActivate_ssp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RMActivate_ssp_isv.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Robocopy.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RpcRtRemote.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpcss.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rtutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\runonce.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\samcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\samsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scansetting.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scecli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schedcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scrrun.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdengin2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdrsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secproc.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\secproc_isv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secproc_ssp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\secproc_ssp_isv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sethc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setupapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setupcl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setupcln.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setupempdrv03.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sharemediacpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shdocvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shgina.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shimgvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shlwapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shunimpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shwebsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sisbkup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\slui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\slwga.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SmartcardCredentialProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SmiEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SndVol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spbcd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spinstall.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spoolsv.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spopk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppc.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\sppcomapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppinst.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppsvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppuinotify.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppwinob.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spreview.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwizeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwizres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwizui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sqlcese30.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sqlsrv32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sqmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srchadmin.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\srrstr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srvcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srvsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ssText3d.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sxs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SyncCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\synceng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\syncui.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\sysclass.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sysdm.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sysmon.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\syssetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\systemcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\t2embed.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tabcal.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TabletPC.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TabSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\takeown.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tapisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\taskbarcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\taskcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\taskmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\taskschd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tbs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tcpipcfg.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\termmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\themeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\thumbcache.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\timedate.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tlscsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TRAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tsbyuv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\twext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tzutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ucrtbase.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\umb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\umpnpmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\umpo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\unattend.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\unimdmat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\unlodctr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\untfs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\upnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UserAccountControlSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\userenv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\utildll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\uxlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VAN.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Vault.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vaultsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VBICodec.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vbisurf.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vds.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vdsbas.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vdsutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vfwwdm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vpnike.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vpnikeapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vssapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VSSVC.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\w32tm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WavDest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wavemsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wbemcomn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wbengine.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wcncsvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wdc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Wdfres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdiasqmmodule.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdmaud.drv:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\webservices.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\werconcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WerFaultSecure.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wevtsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WFS.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wiadefui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wiarpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wiaservc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wiavideo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wimgapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wimserv.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wincredprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsAnytimeUpgrade.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsAnytimeUpgradeResults.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSAT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSATAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wisptis.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wkscli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wkssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlangpui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlanmsm.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wlanpref.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Wldap32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmdev.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmicmiplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMNetMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPEncEn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpsrcwp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVCORE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Wpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpccpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpdbusenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WPDShServiceObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WPDSp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpdwcn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpd_ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSDApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsdchngr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wshbth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wshirda.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wshom.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsmplpxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsnmp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsqmcons.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSTPager.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wtsapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WUDFCoinstaller.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WUDFHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WUDFPlatform.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WUDFSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WUDFx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wusa.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wwanconn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wwanprotdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xmllite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XpsRasterService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xpsservices.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\1394ohci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\acpi.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\acpipmi.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\amdsata.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\amdxata.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ataport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\cdrom.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\CompositeBus.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\disk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\Diskdump.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ETD.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\eubakup.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\EUBKMON.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\eudskacs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\EuFdDisk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\fs_rec.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\fvevol.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\GeneStor.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\hdaudbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\HdAudio.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\hidclass.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\hidparse.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\hidusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\hwpolicy.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\iaStor.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\iaStorV.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\IPMIDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\kbdhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ks.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\L1C63x86.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mpio.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\msahci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\msdsm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\msiscsi.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndisuio.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndiswan.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndproxy.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\netbt.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\netio.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\NETwsn00.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\nvraid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\nvstor.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\pci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rdbss.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\RDPCDD.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rdyboost.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\RNDISMP.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\sbp2port.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\scfilter.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\scsiport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\sffp_sd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tdi.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tdpipe.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tdtcp.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\termdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbFlt.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tunnel.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\udfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\umbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usb8023.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\USBCAMD.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\USBCAMD2.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbcir.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbrpm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbvideo.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\vhdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\volmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\volsnap.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\wanarp.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\Wdf01000.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\WdfLdr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\winusb.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFPf.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFRd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\barrow 2 & widen\Desktop\adsfix_3_03.11.2016.1.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Desktop\BDPUARLauncher_FR.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Desktop\BDUSBImmunizerLauncher.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Desktop\BootkitRemoval_x64.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Desktop\BootkitRemoval_x86.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Desktop\Pre_Scan.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Desktop\Rem-VBSworm.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Desktop\RSIT.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Desktop\RSIT.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Desktop\ZHPDiag3.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\60Second_en_us.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\adsfix_3_03.11.2016.1.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\adwcleaner_6.030.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\army.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\army.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\BDAntiRansomwareSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\ccav_installer(1).exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\ccav_installer(2).exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\ccav_installer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\ccav_installer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\ccav_installer.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\cispremium_installer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\cispremium_installer.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\cmd_fw_installer_6113_c7.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\CyberLink_PhotoDirector_Downloader(1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\CyberLink_PhotoDirector_Downloader(1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\CyberLink_PhotoDirector_Downloader.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\CyberLink_PhotoDirector_Downloader.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\dencopy.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\devoir.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\devoir.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\DriveSecurityPortable_1.0.paf.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\DSInstall.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\EmsisoftEmergencyKit.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\epm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\epm.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\epm.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\fdm5_x86_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\FYDLoad_inflvto_3.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\iobituninstaller.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\JRT.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\kcfallout.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\marmiton-install.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\metallic.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\mystandart.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\pctrans_trial.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\PortableApps.com_Platform_Setup_14.2.paf(1).exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\PortableApps.com_Platform_Setup_14.2.paf.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\processclose_1.0.0.3 (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\processclose_1.0.0.3 (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\processclose_1.0.0.3 (2).exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\processclose_1.0.0.3(1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\processclose_1.0.0.3(1).exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\processclose_1.0.0.3(2).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\processclose_1.0.0.3(2).exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\processclose_1.0.0.3(3).exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\SkypePortable_7.29.0.102_online.paf.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\ssskin.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\UsbFix_9.001 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\UsbFix_9.001 (2).exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\UsbFix_9.001(1).exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\vst_dhlb.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\xpsoft.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\xpsoft.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\xpsolive.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\xpsolive.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\xpssilver.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\xpssilver.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Documents\PhotoDirector_8.0.2031.59859_GM2_Essential_PTD160719-10.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Power2Go 11 promo\Desktop\FRST.exe:BDU [0]
AlternateDataStreams: C:\Users\Power2Go 11 promo\Desktop\pre-scan_6_02.11.2016.1.exe:BDU [0]
AlternateDataStreams: C:\Users\Power2Go 11 promo\Desktop\quickdiag_2_02.11.2016.1.exe:BDU [0]
AlternateDataStreams: C:\Users\Power2Go 11 promo\Desktop\ZHPDiag3.exe:BDU [0]
AlternateDataStreams: C:\Users\Power2Go 11 promo\Downloads\adwcleaner_6.030.exe:BDU [0]
AlternateDataStreams: C:\Users\Power2Go 11 promo\Downloads\apowersoft-online-launcher.exe:BDU [0]
AlternateDataStreams: C:\Users\Power2Go 11 promo\Downloads\EasyUEFI_Free.exe:BDU [0]
AlternateDataStreams: C:\Users\Power2Go 11 promo\Downloads\EmsisoftEmergencyKit.exe:BDU [0]
AlternateDataStreams: C:\Users\Power2Go 11 promo\Downloads\installboost.exe:BDU [0]
AlternateDataStreams: C:\Users\Power2Go 11 promo\Downloads\Quick Uploader.exe:BDU [0]
AlternateDataStreams: C:\Users\Power2Go 11 promo\Downloads\setup(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Power2Go 11 promo\Downloads\Windows10Upgrade24074.exe:BDU [0]
==================== Mode sans échec (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le "AlternateShell" sera restauré.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
==================== Association (Avec liste blanche) ===============
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé.)
==================== Internet Explorer sites de confiance/sensibles ===============
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre.)
==================== Hosts contenu: ==========================
(Si nécessaire, la commande Hosts: peut être incluse dans le fichier fixlist.txt afin de réinitialiser le fichier hosts.)
2009-07-14 03:04 - 2016-11-22 21:29 - 00002034 _RASH C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
Il y a 4 plus de lignes.
==================== Autres zones ============================
(Actuellement, il n'y a pas de correction automatique pour cette section.)
HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Le Pare-feu est activé.
==================== MSCONFIG/TASK MANAGER éléments désactivés ==
==================== RèglesPare-feu (Avec liste blanche) ===============
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
FirewallRules: [{8FEA8AC3-9A0F-4337-B8D4-9DA468CAB606}] => (Allow) C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{A04B5DB6-B36D-4533-A1BA-F3F2DBDD9BDD}] => (Allow) C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe
==================== Points de restauration =========================
21-11-2016 18:42:39 Installed AdAwareInstaller.
22-11-2016 03:38:22 Installed Boost
22-11-2016 03:44:31 Before Boost
==================== Éléments en erreur du Gestionnaire de périphériques =============
Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Contrôleur hôte USB standard)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
==================== Erreurs du Journal des événements: =========================
Erreurs Application:
==================
Error: (11/21/2016 06:48:03 PM) (Source: MsiInstaller) (EventID: 11606) (User: barrow2etwiden)
Description: Product: AdAwareInstaller -- Error 1606. Could not access network location \Ad-Aware Antivirus\11.12.945.9202.
Error: (11/21/2016 06:48:03 PM) (Source: MsiInstaller) (EventID: 11606) (User: barrow2etwiden)
Description: Product: AdAwareInstaller -- Error 1606. Could not access network location \Ad-Aware Antivirus\11.12.945.9202.
Error: (11/20/2016 08:11:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Le programme adsfix_3_18.11.2016.1.exe version 18.11.2016.1 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.
ID de processus : 1414
Heure de début : 01d242e6df6419de
Heure de fin : 109
Chemin d’accès de l’application : C:\Users\Power2Go 11 promo\Desktop\adsfix_3_18.11.2016.1.exe
ID de rapport :
Error: (11/19/2016 07:40:51 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005, Accès refusé.
.
Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.
Opération :
Données du rédacteur en cours de collecte
Contexte :
ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
Nom du rédacteur: System Writer
ID d’instance du rédacteur: {f13cc692-c515-483b-b5ba-8c40320936db}
Error: (11/17/2016 12:22:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante RogueKiller.exe, version : 12.8.1.0, horodatage : 0x5829760d
Nom du module défaillant : psdprotect.dll, version : 3.1.212.0, horodatage : 0x4bfd066b
Code d’exception : 0x40000015
Décalage d’erreur : 0x0000b1f3
ID du processus défaillant : 0x68c
Heure de début de l’application défaillante : 0x01d240264fc3504d
Chemin d’accès de l’application défaillante : C:\Program Files\RogueKiller\RogueKiller.exe
Chemin d’accès du module défaillant: C:\Program Files\EgisTec MyWinLocker\x86\psdprotect.dll
ID de rapport : 17ade89f-acb8-11e6-bf9d-d8c6d4ba6fd2
Error: (11/16/2016 12:30:09 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Échec de la création d’un point de restauration (Processus = C:\Users\POWER2~1\AppData\Local\Temp\RarSFX0\LPrint\Setup.exe -l1036 /z/pichk /z/PATH"C:\Program Files\CyberLink" ; Description = Configuré LabelPrint ; Erreur = 0x8007043c).
Error: (11/11/2016 02:23:09 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: La création du contexte d’activation a échoué pour « J:\backup data - sosvirus backup disk (usb)\BootkitRemoval_x64.exe ».
Assembly dépendant Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.
Error: (11/11/2016 02:06:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: La création du contexte d’activation a échoué pour « J:\backup data - sosvirus backup disk (usb)\BootkitRemoval_x64.exe ».
Assembly dépendant Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.
Error: (11/11/2016 01:55:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: La création du contexte d’activation a échoué pour « C:\Users\barrow 2 & widen\Desktop\BootkitRemoval_x64.exe ».
Assembly dépendant Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.
Error: (11/11/2016 01:30:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: La création du contexte d’activation a échoué pour « L:\HitmanPro_x64.exe ».
Assembly dépendant Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.
Erreurs système:
=============
Error: (11/25/2016 07:34:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Ad-Aware Service 11 s’est terminé de façon inattendue pour la 1ème fois.
CodeIntegrity:
===================================
Date: 2016-11-25 12:37:56.068
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Windows\System32\iseguard32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2016-11-25 12:37:56.030
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Windows\System32\CcavGuard32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2016-11-25 10:20:20.873
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Windows\System32\iseguard32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2016-11-25 10:20:20.825
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Windows\System32\CcavGuard32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2016-11-25 09:54:39.440
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Windows\System32\iseguard32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2016-11-25 09:54:39.377
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Windows\System32\CcavGuard32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2016-11-23 07:00:47.873
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Windows\System32\iseguard32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2016-11-23 07:00:47.858
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Windows\System32\CcavGuard32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2016-11-22 21:28:28.750
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Windows\System32\iseguard32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2016-11-22 21:28:28.750
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Windows\System32\CcavGuard32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
==================== Infos Mémoire ===========================
Processeur: Intel(R) Atom(TM) CPU N450 @ 1.66GHz
Pourcentage de mémoire utilisée: 89%
Mémoire physique - RAM - totale: 1013.09 MB
Mémoire physique - RAM - disponible: 107.15 MB
Mémoire virtuelle totale: 2037.09 MB
Mémoire virtuelle disponible: 582.86 MB
==================== Lecteurs ================================
Drive c: (Acer) (Fixed) (Total:215.78 GB) (Free:75.92 GB) NTFS ==>[système avec composants d'amorçage (obtenu depuis lecteur)]
Drive d: (Verbatim) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF
Drive e: (PARTED MAGI) (Removable) (Total:57.89 GB) (Free:38.92 GB) FAT32
Drive g: (COMPANION) (Removable) (Total:30.02 GB) (Free:1.82 GB) FAT32
Drive h: (CLONEZILLA) (Removable) (Total:1.86 GB) (Free:0.2 GB) FAT32
Drive i: (UUI) (Removable) (Total:7.26 GB) (Free:0.26 GB) FAT32
Drive j: (OTLPE_7 USB) (Removable) (Total:3.75 GB) (Free:0.34 GB) NTFS
Drive l: (HITMANPRO) (Removable) (Total:57.55 GB) (Free:26.07 GB) FAT32
Drive m: (FRAMAKEY SA) (Removable) (Total:28.78 GB) (Free:11.03 GB) FAT32
Drive o: (PARTED MAGI) (Removable) (Total:15 GB) (Free:1.16 GB) FAT32
Drive q: (FRAMAKEY MI) (Removable) (Total:14.41 GB) (Free:4.09 GB) FAT32
Drive r: (PARTED MAGI) (Removable) (Total:3.74 GB) (Free:0.43 GB) FAT32
Drive s: () (Removable) (Total:1.83 GB) (Free:1.71 GB) FAT
Drive u: (séjour pari) (Removable) (Total:117.02 GB) (Free:8.26 GB) exFAT
Drive v: (FRAMAKEY UB) (Removable) (Total:57.64 GB) (Free:50.17 GB) FAT32
==================== MBR & Table des partitions ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: B7B45E2D)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=4.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=215.8 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.4 GB) (Disk ID: 6088C201)
Partition 1: (Active) - (Size=14.4 GB) - (Type=0B)
========================================================
Disk: 2 (Size: 57.7 GB) (Disk ID: 720E7790)
Partition 1: (Active) - (Size=57.7 GB) - (Type=0B)
========================================================
Disk: 3 (Size: 1.8 GB) (Disk ID: 08148028)
Partition 1: (Not Active) - (Size=1.8 GB) - (Type=06)
========================================================
Disk: 4 (Size: 30 GB) (Disk ID: 25C8BCC2)
Partition 1: (Active) - (Size=30 GB) - (Type=0C)
========================================================
Disk: 8 (Size: 117 GB) (Disk ID: 1056A957)
Partition 1: (Active) - (Size=117 GB) - (Type=07 NTFS)
========================================================
Disk: 9 (Size: 57.9 GB) (Disk ID: 027CE1A0)
Partition 1: (Active) - (Size=57.9 GB) - (Type=0C)
========================================================
Disk: 10 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: 319FE485)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)
========================================================
Disk: 11 (MBR Code: Windows 7 or 8) (Size: 7.3 GB) (Disk ID: 0C26E2E5)
Partition 1: (Active) - (Size=7.3 GB) - (Type=0C)
========================================================
Disk: 12 (Size: 1.9 GB) (Disk ID: 555925CE)
Partition 1: (Active) - (Size=1.9 GB) - (Type=0B)
========================================================
Disk: 13 (MBR Code: Windows 7 or 8) (Size: 3.8 GB) (Disk ID: 319FE471)
Partition 1: (Active) - (Size=3.8 GB) - (Type=0C)
========================================================
Disk: 14 (MBR Code: Windows 7 or 8) (Size: 57.7 GB) (Disk ID: CA6D68A4)
Partition 1: (Active) - (Size=57.7 GB) - (Type=0B)
========================================================
Disk: 15 (Size: 3.8 GB) (Disk ID: 0020526A)
Partition 1: (Active) - (Size=3.8 GB) - (Type=07 NTFS)
========================================================
Disk: 16 (Size: 28.8 GB) (Disk ID: A716E9AC)
Partition 1: (Active) - (Size=28.8 GB) - (Type=0B)
==================== Fin de Addition.txt ============================
Exécuté par Power2Go 11 promo (25-11-2016 12:42:00)
Exécuté depuis C:\Users\Power2Go 11 promo\Desktop
Microsoft Windows 7 Édition Starter Service Pack 1 (X86) (2016-10-08 19:55:30)
Mode d'amorçage: Normal
==========================================================
==================== Comptes: =============================
Administrateur (S-1-5-21-1541472888-895532398-2178115478-500 - Administrator - Disabled)
barrow 2 & widen (S-1-5-21-1541472888-895532398-2178115478-1000 - Administrator - Enabled) => C:\Users\barrow 2 & widen
Invité (S-1-5-21-1541472888-895532398-2178115478-501 - Limited - Disabled)
Power2Go 11 promo (S-1-5-21-1541472888-895532398-2178115478-1001 - Administrator - Enabled) => C:\Users\Power2Go 11 promo
==================== Centre de sécurité ========================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.)
AV: COMODO Cloud Antivirus (Disabled - Up to date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2}
AS: COMODO Sandbox (Disabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Programmes installés ======================
(Seuls les logiciels publicitaires ('adware') avec la marque 'caché' ('Hidden') sont susceptibles d'être ajoutés au fichier fixlist.txt pour qu'ils ne soient plus masqués. Les programmes publicitaires devront être désinstallés manuellement.)
7-Zip 16.04 (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Acer Crystal Eye webcam Ver:1.1.192.810 (HKLM\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.192.810 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Registration (HKLM\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer VCM (HKLM\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
AndroidInstaller (Version: 1.00.022 - Nom de votre société) Hidden
Apowersoft Online Launcher version 1.4.5 (HKU\S-1-5-21-1541472888-895532398-2178115478-1001\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.4.5 - APOWERSOFT LIMITED)
Assistant de connexion Windows Live (HKLM\...\{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}) (Version: 5.000.818.5 - Microsoft Corporation)
Assistant Mise à niveau de Windows 10 (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.)
AutoIt v3.3.14.2 (HKLM\...\AutoItv3) (Version: 3.3.14.2 - AutoIt Team)
BDAntiRansomware (HKLM\...\{BE40AB1F-558F-4434-B72F-461EF97E7796}_is1) (Version: 1.0.12.1 - Bitdefender)
Bitdefender 60-Second Virus Scanner (HKLM\...\{CCEA2053-D975-4E38-AC09-4D5E6DAC6B6F}) (Version: 1.0.3.76 - Bitdefender)
Boost (HKU\S-1-5-21-1541472888-895532398-2178115478-1001\...\Boost 1.0.2) (Version: 1.0.2 - Reason Software Company Inc.) <==== ATTENTION
Boost (Version: 1.0.2 - Reason Software Company Inc.) Hidden <==== ATTENTION
Chromodo (HKLM\...\Chromodo) (Version: 52.15.25.665 - Comodo)
COMODO Cloud Antivirus (HKLM\...\COMODO Cloud Antivirus_list_uninstall) (Version: 1.7.402730.374 - COMODO)
COMODO Cloud Antivirus (Version: 1.7.374.0 - COMODO) Hidden
Comodo Dragon (HKLM\...\Comodo Dragon) (Version: 52.15.25.664 - Comodo)
CyberLink LabelPrint 2.5 (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0.10521 - CyberLink Corp.)
CyberLink Power2Go 11 (HKLM\...\{7A3F32E0-D8E1-40C1-8E1B-1F5693F2ADE0}) (Version: 11.0.1013.0 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.8205.0 - CyberLink Corp.)
EaseUS EverySync 3.0 (HKLM\...\EaseUS EverySync_is1) (Version: - EaseUS)
EaseUS Partition Master 11.9 (HKLM\...\EaseUS Partition Master_is1) (Version: - EaseUS)
EaseUS Todo Backup Free 9.2 (HKLM\...\EaseUS Todo Backup_is1) (Version: 9.2 - CHENGDU YIWO Tech Development Co., Ltd)
EaseUS Todo PCTrans 9.0 (HKLM\...\EaseUS Todo PCTrans_is1) (Version: - EaseUS)
e-Carte Bleue LCL (HKLM\...\{DB981AC8-910B-4C0E-8250-829243E85934}) (Version: 5.6.0.0 - e-Carte Bleue LCL)
ENE USB Card Reader Driver (HKLM\...\3B29FD3CCF1F5B855DA0C521597413EBABE97DFB) (Version: 5.89.0.70 - ENE)
eSobi v2 (HKLM\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (Version: 2.0.4.000274 - esobi Inc.) Hidden
ETDWare PS/2-X86 11.6.4.001_WHQL (HKLM\...\Elantech) (Version: 11.6.4.001 - ELAN Microelectronic Corp.)
EVEREST Ultimate Edition v5.50 (HKLM\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version: - FreeDownloadManager.ORG)
Galerie de photos Windows Live (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
GeekBuddy (Version: 4.29.207 - Comodo Security Solutions Inc) Hidden
Google Chrome (HKLM\...\{77CD02E9-7F33-33D9-B5CB-13C332E0E575}) (Version: 54.0.2840.99 - Google, Inc.)
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
Identity Card (HKLM\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Installation Windows Live (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Installation Windows Live (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2117 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.5.1001 - Intel Corporation)
Internet Security Essentials (HKLM\...\ComodoIse) (Version: 1.1.400604.29 - Comodo)
ISO to USB (HKLM\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version: - isotousb.com)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Laplink PCmover Professional (HKLM\...\{06D3FAB0-9DDE-40A9-B130-D6B8003B104D}) (Version: 10.01.648 - Laplink Software, Inc.)
Launch Manager (HKLM\...\LManager) (Version: 4.0.14 - Acer Inc.)
Logiciel pour périphérique à chipset Intel® (Version: 10.0.27 - Intel(R) Corporation) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.2.1549 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 50.0 (x86 fr) (HKLM\...\Mozilla Firefox 50.0 (x86 fr)) (Version: 50.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.0.0.6152 - Mozilla)
Multi Virus Cleaner 2017 (HKLM\...\Multi Virus Cleaner 2017_is1) (Version: 17.3.5 - AxBx)
MyWinLocker (Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (Version: 3.1.212.0 - Egis Technology Inc.) Hidden
Outil de téléchargement Windows Live (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Panda Cloud Cleaner (HKLM\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.9 - Panda Security)
Panda USB Vaccine 1.0.1.16 (HKLM\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6171 - Realtek Semiconductor Corp.)
RogueKiller version 12.8.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.8.1.0 - Adlice Software)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Unchecky v1.0.1 (HKLM\...\Unchecky) (Version: 1.0.1 - RaMMicHaeL)
Welcome Center (HKLM\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Win32DiskImager version 0.9.5 (HKLM\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Live FolderShare (HKLM\...\{76810709-A7D3-468D-9167-A1780C1E766C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Wondershare Filmora(Build 7.5.0) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.5.0 (HKLM\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.0 - Wondershare)
Wondershare TidyMyMusic(Build 1.5.0.1) (HKLM\...\Wondershare TidyMyMusic_is1) (Version: 1.5.0.1 - Wondershare Software)
ZebHelpProcess 2016 (HKLM\...\ZebHelpProcess_is1) (Version: 2015 - Nicolas Coolman)
==================== Personnalisé CLSID (Avec liste blanche): ==========================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Tâches planifiées (Avec liste blanche) =============
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
Task: {114E62F7-5A43-4727-BCDF-A4E7E7FA75A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-05] (Adobe Systems Incorporated)
Task: {1E4A408B-8347-4350-AEAC-D63481ECE662} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)
Task: {7089C146-3A46-467A-B7DE-C3C357A86B67} - System32\Tasks\{3FE4FA56-B019-4F16-A61D-3CDC8B31C0F2} => pcalua.exe -a G:\start.exe -d G:\
Task: {7FCCBD3B-43FF-492A-82BE-72A385EC4FED} - System32\Tasks\Boost => C:\Users\Power2Go 11 promo\AppData\Roaming\Reason\Boost\boost.exe [2013-12-27] (Reason Software Company Inc.)
Task: {9FD1F42C-D7FC-4B82-A14F-BDB00020D0D6} - System32\Tasks\{6848CD13-085C-450A-A985-F50011F476FD} => pcalua.exe -a "C:\Users\barrow 2 & widen\Downloads\devoir.exe" -d "C:\Users\barrow 2 & widen\Downloads"
Task: {C5FF3427-B388-4AC0-A5C2-0EDFEBD5F54B} - System32\Tasks\{B977D14B-07F1-4B68-9648-A18954293BDE} => pcalua.exe -a V:\FUR-Tools\Virtualbox-install\VitrualBox-install.exe -d V:\FUR-Tools\Virtualbox-install
Task: {D6678260-760D-4A84-8A61-A039F665FDDB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-11-05] (Google Inc.)
Task: {DEBA87F4-7C49-4726-8B78-6CE4A760C8B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-11-05] (Google Inc.)
Task: {FE0C4D39-72A2-41A0-8808-C615EEB45D54} - System32\Tasks\PandaUSBVaccine => C:\Program Files\Panda USB Vaccine\RunInteractiveWin.exe [2010-06-01] ()
(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Raccourcis =============================
(Les éléments sont susceptibles d'être inscrits dans le fichier fixlist.txt afin d'être supprimés ou restaurés.)
ShortcutWithArgument: C:\Users\Power2Go 11 promo\Desktop\AdsFix_Donate.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN
ShortcutWithArgument: C:\Users\Power2Go 11 promo\Desktop\Pre_Scan_Donate.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN
==================== Modules chargés (Avec liste blanche) ==============
2016-07-18 19:25 - 2016-07-18 19:25 - 03590904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareShellExtension.dll
2010-09-17 08:18 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files\Launch Manager\CdDirIo.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00080936 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CodeLog.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 01296424 _____ () C:\Program Files\EaseUS\Todo Backup\bin\libxml2.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00060968 _____ () C:\Program Files\EaseUS\Todo Backup\bin\zlib1.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00017448 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CompressFile.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00088616 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00024768 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CmcTbProxy.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00188608 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CMCPipeCenter.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00173760 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CMCAdapt.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00056512 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TBInfo.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00018112 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll
2016-10-10 07:30 - 2016-10-10 07:30 - 00128192 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ActivationOnline.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00085184 _____ () C:\Program Files\EaseUS\Todo Backup\bin\logsys.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00030760 _____ () C:\Program Files\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00068136 _____ () C:\Program Files\EaseUS\Todo Backup\bin\MountImg.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00158248 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ImgFile.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00281128 _____ () C:\Program Files\EaseUS\Todo Backup\bin\DsImgFile.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00072232 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CheckImg.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00139816 _____ () C:\Program Files\EaseUS\Todo Backup\bin\vhdvmdk.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00040128 _____ () C:\Program Files\EaseUS\Todo Backup\bin\BootDriver.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00769064 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ExImage.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00193064 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00443944 _____ () C:\Program Files\EaseUS\Todo Backup\bin\AndroidImage.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00148008 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EnumDisk.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00076840 _____ () C:\Program Files\EaseUS\Todo Backup\bin\FatLib.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00207912 _____ () C:\Program Files\EaseUS\Todo Backup\bin\NTFSLib.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00114880 _____ () C:\Program Files\EaseUS\Todo Backup\bin\FileStorage.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00169512 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CloudInterface.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00501800 _____ () C:\Program Files\EaseUS\Todo Backup\bin\StorageMgr.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00024616 _____ () C:\Program Files\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00020520 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CorrectMbr.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00032296 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00034856 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00064040 _____ () C:\Program Files\EaseUS\Todo Backup\bin\RegLib.dll
2016-10-10 07:30 - 2016-10-10 07:30 - 00026816 _____ () C:\Program Files\EaseUS\Todo Backup\bin\AccountManager.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00059944 _____ () C:\Program Files\EaseUS\Todo Backup\bin\NasOperator.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00220864 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EmailBrowser.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00077864 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CloudOperator.dll
2016-10-10 07:30 - 2016-10-10 07:30 - 00021184 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ActiveOnline.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00136232 _____ () C:\Program Files\EaseUS\Todo Backup\bin\VMConfig.dll
2016-10-10 07:30 - 2016-10-10 07:31 - 00020008 _____ () C:\Program Files\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00043048 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TbDataSwap.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00432320 _____ () C:\Program Files\EaseUS\Todo Backup\bin\uexper.dll
2010-07-20 13:54 - 2010-07-20 13:54 - 00411648 _____ () C:\Program Files\Acer\Android Manager\FRA.dll
2016-07-18 19:25 - 2016-07-18 19:25 - 08063200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe
2016-07-18 19:25 - 2016-07-18 19:25 - 02454224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\RCF.dll
2016-07-18 19:25 - 2016-07-18 19:25 - 00122632 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_filesystem-vc140-mt-1_61.dll
2016-07-18 19:25 - 2016-07-18 19:25 - 00026880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_system-vc140-mt-1_61.dll
2016-07-18 19:25 - 2016-07-18 19:25 - 00055560 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_date_time-vc140-mt-1_61.dll
2016-07-18 19:25 - 2016-07-18 19:25 - 00099072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_thread-vc140-mt-1_61.dll
2016-07-18 19:25 - 2016-07-18 19:25 - 00035584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_chrono-vc140-mt-1_61.dll
2016-07-18 19:25 - 2016-07-18 19:25 - 00403712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_locale-vc140-mt-1_61.dll
2016-07-18 19:25 - 2016-07-18 19:25 - 01888488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\HtmlFramework.dll
2016-07-18 19:25 - 2016-07-18 19:25 - 00869624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTrayDefaultSkin.dll
2016-10-09 07:20 - 2016-06-20 13:48 - 01506304 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-10-09 07:20 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-10-11 15:53 - 2016-10-11 15:53 - 00877056 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\platforms\qwindows.dll
2016-10-11 15:52 - 2016-10-11 15:52 - 00308416 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\GarbageGather.dll
2016-10-11 15:52 - 2016-10-11 15:52 - 00118464 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\FHProcess.dll
2016-10-11 15:53 - 2016-10-11 15:53 - 00014336 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\fsclog.dll
2016-10-11 15:52 - 2016-10-11 15:52 - 00174784 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\BigFileGather.dll
2016-10-11 15:52 - 2016-10-11 15:52 - 00088256 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\EnumVolumes.dll
2016-10-11 15:52 - 2016-10-11 15:52 - 00224960 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\FragAnalysis.dll
2016-10-11 15:53 - 2016-10-11 15:53 - 00024064 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\imageformats\qico.dll
2016-10-11 15:53 - 2016-10-11 15:53 - 00023552 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\imageformats\qgif.dll
2016-10-10 07:31 - 2016-10-10 07:31 - 00278720 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe
2016-10-10 07:31 - 2016-10-10 07:31 - 00224808 _____ () C:\Program Files\EaseUS\Todo Backup\bin\SmartBackup.dll
2016-11-16 12:29 - 2016-10-13 13:32 - 00634648 _____ () C:\Program Files\CyberLink\Power2Go11\CLMediaLibrary.dll
2016-10-20 16:46 - 2016-10-20 16:46 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e676d4d4f9d659b596668c1e8f9b0450\IsdiInterop.ni.dll
2010-09-17 08:04 - 2012-06-12 15:06 - 00059904 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (Avec liste blanche) =========
(Si un élément est inclus dans le fichier fixlist.txt, seul le flux de données additionnel (ADS - Alternate Data Stream) sera supprimé.)
AlternateDataStreams: C:\Windows\bfsvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\twain_32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\aaclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\accessibilitycpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\acppage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ActionCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ActionQueue.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\activeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adsldp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aitagent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\amstream.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiodev.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AuthFWSnapin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\autochk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\autoconv.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\autofmt.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\autoplay.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\avifil32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AxInstSv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\azroles.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\azroleui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AzSqlExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\batmeter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcdboot.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcdsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BFE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\biocpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bitsadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bitsperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BlbEvents.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BootMan.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bootres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\browcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\browser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\browseui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bthprops.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Bubbles.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cabinet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cabview.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\calc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\capiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cca.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cdosys.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\centel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certenc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CertPolEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cfgmgr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cmstp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cngprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptdlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cscdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\C_ISCII.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dbghelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\defaultlocationcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\desk.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DeviceCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DevicePairingFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dfrgui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dhcpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dhcpcsvc6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DiagCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diagperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diskpart.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diskraid.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\djoin.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dnscacheugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dnscmmc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dnsrslvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dosx.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dot3api.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dot3cfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dot3msm.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dot3svc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dot3ui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dpapiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dpnaddr.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dpnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dpx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dsauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DShowRdpFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dskquoui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dsuiext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmredir.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxdiagn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DXP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DXPTaskRingtone.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DxpTaskSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\eapp3hst.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\eappgnui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\eapphost.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\efscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EhStorAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\elsTrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\epmntdrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\eudcedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EuEpmGdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EuGdiDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Faultrep.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\fbnative.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fdeploy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\findstr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FirewallControlPanel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fms.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fphc.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\framedyn.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\framedynos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fsutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ftp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FXSCOVER.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FXSMON.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FXSSVC.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FXSTIFF.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\g711codc.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\GeneIcon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\GSCoinst.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hal.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\halacpi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\halmacpi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hbaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hgprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\httpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iasacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iasrad.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iasrecst.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iccvid.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ifsutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\imagehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\imapi2fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\imm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetmib1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\intl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iologmsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IPHLPAPI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iphlpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ipsmsnap.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iscsicli.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iscsium.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\isoburn.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\itircl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iyuv_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDBLR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDBULG.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDCZ1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDGEO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDGKL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDGR1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDINBEN.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\KBDINHIN.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDINKAN.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDINMAR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDINORI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDINTAM.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\KBDINTEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kbdlk41a.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDLT1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDMAORI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDMON.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDNEPR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDPO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDRU.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDRU1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDSF.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDSG.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDTAJIK.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDTAT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDTUF.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDTUQ.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDTURME.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDUGHR1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDUS.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDYAK.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KMSVC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kstvtune.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Kswdmcap.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksxbar.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ListSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\localsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\logagent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\logoncli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\LogonUI.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lpksetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lpremove.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsmproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\luainstall.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\main.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\manage-bde.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mcbuilder.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MCEWMDRMNDBootstrap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mciavi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mciqtz32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MdSched.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MediaMetadataHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfc40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfc40u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfc42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfc42u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mimefilt.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mmcndmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MMDevAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mmsys.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mobsync.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Mpeg2Data.ax:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mpg2splt.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MPSSVC.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msasn1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msconfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscoree.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdmo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdtctm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSDvbNP.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msieftp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msinfo32.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSNP.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msorcl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msrle32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msscntrs.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mssphtb.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstask.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msvcrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msvfw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msvidc32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msyuv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mtxclu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\muifontsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MuiUnattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MultiDigiMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mydocs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Mystify.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NAPCRYPT.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\napdsnap.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\NAPHLPR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Narrator.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\net1.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netbtugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netcenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netcfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netcfgx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netcorehc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netdiagfx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netevent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netfxperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netid.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netiohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netjoin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netlogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netplwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netshell.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\netutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\networkexplorer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\networkmap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nltest.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nrpsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nshipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nshwfp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nslookup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntlanman.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntprint.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\objsel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ocsetapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ocsetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\odbc32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\odbccp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\odbccr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\odbccu32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\odbcjt32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\odbctrac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\olethk32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\onex.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\onexui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\OnLineIDCpl.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\OobeFldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\OpcServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\OxpsConverter.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pdhui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PerfCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\perfmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\perfts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PhotoScreensaver.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\photowiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pifmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PkgMgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pla.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pnidui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PnPUnattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PortableDeviceApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PortableDeviceStatus.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PortableDeviceSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\powercfg.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\powercpl.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PresentationHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PresentationHostProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\prevhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PrintIsolationProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\printui.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\prncache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\prnfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\prntvpt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\propsys.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\proquota.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\provsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\psisdecd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\psisrndr.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\QAGENT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\QAGENTRT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qcap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\QCLIPROV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qdv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\QSHVHOST.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\QSVRMGMT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Query.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\QUTIL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RacEngn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\raschap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rasmans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rasppp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rastapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpcfgex.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpcorekmts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpd3d.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\rdpdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RDPENCDD.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RDPREFDD.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdprefdrvapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpwsx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdrmemptylst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\recdisc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\recovery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\regapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RelPost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\remotepg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\repair-bde.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Ribbons.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\riched20.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\riched32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RMActivate.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RMActivate_isv.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RMActivate_ssp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RMActivate_ssp_isv.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Robocopy.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RpcRtRemote.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpcss.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rtutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\runonce.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\samcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\samsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scansetting.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scecli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schedcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scrrun.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdengin2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdrsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secproc.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\secproc_isv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secproc_ssp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\secproc_ssp_isv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sethc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setupapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setupcl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setupcln.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setupempdrv03.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sharemediacpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shdocvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shgina.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shimgvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shlwapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shunimpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shwebsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sisbkup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\slui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\slwga.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SmartcardCredentialProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SmiEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SndVol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spbcd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spinstall.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spoolsv.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spopk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppc.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\sppcomapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppinst.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppsvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppuinotify.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppwinob.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spreview.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwizeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwizres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwizui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sqlcese30.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sqlsrv32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sqmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srchadmin.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\srrstr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srvcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srvsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ssText3d.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sxs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SyncCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\synceng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\syncui.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\sysclass.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sysdm.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sysmon.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\syssetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\systemcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\t2embed.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tabcal.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TabletPC.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TabSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\takeown.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tapisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\taskbarcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\taskcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\taskmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\taskschd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tbs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tcpipcfg.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\termmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\themeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\thumbcache.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\timedate.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tlscsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TRAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tsbyuv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\twext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tzutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ucrtbase.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\umb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\umpnpmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\umpo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\unattend.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\unimdmat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\unlodctr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\untfs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\upnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UserAccountControlSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\userenv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\utildll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\uxlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VAN.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Vault.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vaultsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VBICodec.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vbisurf.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vds.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vdsbas.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vdsutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vfwwdm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vpnike.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vpnikeapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vssapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VSSVC.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\w32tm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WavDest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wavemsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wbemcomn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wbengine.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wcncsvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wdc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Wdfres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdiasqmmodule.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdmaud.drv:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\webservices.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\werconcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WerFaultSecure.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wevtsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WFS.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wiadefui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wiarpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wiaservc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wiavideo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wimgapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wimserv.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wincredprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsAnytimeUpgrade.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsAnytimeUpgradeResults.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSAT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSATAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wisptis.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wkscli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wkssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlangpui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlanmsm.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wlanpref.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Wldap32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmdev.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmicmiplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMNetMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPEncEn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpsrcwp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVCORE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Wpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpccpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpdbusenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WPDShServiceObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WPDSp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpdwcn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpd_ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSDApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsdchngr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wshbth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wshirda.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wshom.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsmplpxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsnmp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsqmcons.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSTPager.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wtsapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WUDFCoinstaller.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WUDFHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WUDFPlatform.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WUDFSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WUDFx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wusa.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wwanconn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wwanprotdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xmllite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XpsRasterService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xpsservices.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\1394ohci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\acpi.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\acpipmi.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\amdsata.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\amdxata.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ataport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\cdrom.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\CompositeBus.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\disk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\Diskdump.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ETD.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\eubakup.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\EUBKMON.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\eudskacs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\EuFdDisk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\fs_rec.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\fvevol.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\GeneStor.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\hdaudbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\HdAudio.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\hidclass.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\hidparse.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\hidusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\hwpolicy.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\iaStor.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\iaStorV.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\IPMIDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\kbdhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ks.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\L1C63x86.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mpio.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\msahci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\msdsm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\msiscsi.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndisuio.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndiswan.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndproxy.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\netbt.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\netio.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\NETwsn00.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\nvraid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\nvstor.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\pci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rdbss.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\RDPCDD.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rdyboost.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\RNDISMP.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\sbp2port.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\scfilter.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\scsiport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\sffp_sd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tdi.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tdpipe.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tdtcp.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\termdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbFlt.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tunnel.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\udfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\umbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usb8023.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\USBCAMD.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\USBCAMD2.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbcir.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbrpm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbvideo.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\vhdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\volmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\volsnap.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\wanarp.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\Wdf01000.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\WdfLdr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\winusb.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFPf.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFRd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\barrow 2 & widen\Desktop\adsfix_3_03.11.2016.1.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Desktop\BDPUARLauncher_FR.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Desktop\BDUSBImmunizerLauncher.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Desktop\BootkitRemoval_x64.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Desktop\BootkitRemoval_x86.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Desktop\Pre_Scan.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Desktop\Rem-VBSworm.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Desktop\RSIT.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Desktop\RSIT.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Desktop\ZHPDiag3.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\60Second_en_us.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\adsfix_3_03.11.2016.1.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\adwcleaner_6.030.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\army.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\army.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\BDAntiRansomwareSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\ccav_installer(1).exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\ccav_installer(2).exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\ccav_installer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\ccav_installer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\ccav_installer.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\cispremium_installer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\cispremium_installer.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\cmd_fw_installer_6113_c7.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\CyberLink_PhotoDirector_Downloader(1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\CyberLink_PhotoDirector_Downloader(1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\CyberLink_PhotoDirector_Downloader.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\CyberLink_PhotoDirector_Downloader.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\dencopy.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\devoir.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\devoir.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\DriveSecurityPortable_1.0.paf.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\DSInstall.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\EmsisoftEmergencyKit.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\epm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\epm.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\epm.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\fdm5_x86_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\FYDLoad_inflvto_3.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\iobituninstaller.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\JRT.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\kcfallout.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\marmiton-install.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\metallic.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\mystandart.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\pctrans_trial.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\PortableApps.com_Platform_Setup_14.2.paf(1).exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\PortableApps.com_Platform_Setup_14.2.paf.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\processclose_1.0.0.3 (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\processclose_1.0.0.3 (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\processclose_1.0.0.3 (2).exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\processclose_1.0.0.3(1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\processclose_1.0.0.3(1).exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\processclose_1.0.0.3(2).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\processclose_1.0.0.3(2).exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\processclose_1.0.0.3(3).exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\SkypePortable_7.29.0.102_online.paf.exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\ssskin.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\UsbFix_9.001 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\UsbFix_9.001 (2).exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\UsbFix_9.001(1).exe:BDU [0]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\vst_dhlb.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\xpsoft.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\xpsoft.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\xpsolive.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\xpsolive.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\xpssilver.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\xpssilver.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\barrow 2 & widen\Documents\PhotoDirector_8.0.2031.59859_GM2_Essential_PTD160719-10.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Power2Go 11 promo\Desktop\FRST.exe:BDU [0]
AlternateDataStreams: C:\Users\Power2Go 11 promo\Desktop\pre-scan_6_02.11.2016.1.exe:BDU [0]
AlternateDataStreams: C:\Users\Power2Go 11 promo\Desktop\quickdiag_2_02.11.2016.1.exe:BDU [0]
AlternateDataStreams: C:\Users\Power2Go 11 promo\Desktop\ZHPDiag3.exe:BDU [0]
AlternateDataStreams: C:\Users\Power2Go 11 promo\Downloads\adwcleaner_6.030.exe:BDU [0]
AlternateDataStreams: C:\Users\Power2Go 11 promo\Downloads\apowersoft-online-launcher.exe:BDU [0]
AlternateDataStreams: C:\Users\Power2Go 11 promo\Downloads\EasyUEFI_Free.exe:BDU [0]
AlternateDataStreams: C:\Users\Power2Go 11 promo\Downloads\EmsisoftEmergencyKit.exe:BDU [0]
AlternateDataStreams: C:\Users\Power2Go 11 promo\Downloads\installboost.exe:BDU [0]
AlternateDataStreams: C:\Users\Power2Go 11 promo\Downloads\Quick Uploader.exe:BDU [0]
AlternateDataStreams: C:\Users\Power2Go 11 promo\Downloads\setup(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Power2Go 11 promo\Downloads\Windows10Upgrade24074.exe:BDU [0]
==================== Mode sans échec (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le "AlternateShell" sera restauré.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
==================== Association (Avec liste blanche) ===============
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé.)
==================== Internet Explorer sites de confiance/sensibles ===============
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre.)
==================== Hosts contenu: ==========================
(Si nécessaire, la commande Hosts: peut être incluse dans le fichier fixlist.txt afin de réinitialiser le fichier hosts.)
2009-07-14 03:04 - 2016-11-22 21:29 - 00002034 _RASH C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
Il y a 4 plus de lignes.
==================== Autres zones ============================
(Actuellement, il n'y a pas de correction automatique pour cette section.)
HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Le Pare-feu est activé.
==================== MSCONFIG/TASK MANAGER éléments désactivés ==
==================== RèglesPare-feu (Avec liste blanche) ===============
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
FirewallRules: [{8FEA8AC3-9A0F-4337-B8D4-9DA468CAB606}] => (Allow) C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{A04B5DB6-B36D-4533-A1BA-F3F2DBDD9BDD}] => (Allow) C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe
==================== Points de restauration =========================
21-11-2016 18:42:39 Installed AdAwareInstaller.
22-11-2016 03:38:22 Installed Boost
22-11-2016 03:44:31 Before Boost
==================== Éléments en erreur du Gestionnaire de périphériques =============
Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Contrôleur hôte USB standard)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
==================== Erreurs du Journal des événements: =========================
Erreurs Application:
==================
Error: (11/21/2016 06:48:03 PM) (Source: MsiInstaller) (EventID: 11606) (User: barrow2etwiden)
Description: Product: AdAwareInstaller -- Error 1606. Could not access network location \Ad-Aware Antivirus\11.12.945.9202.
Error: (11/21/2016 06:48:03 PM) (Source: MsiInstaller) (EventID: 11606) (User: barrow2etwiden)
Description: Product: AdAwareInstaller -- Error 1606. Could not access network location \Ad-Aware Antivirus\11.12.945.9202.
Error: (11/20/2016 08:11:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Le programme adsfix_3_18.11.2016.1.exe version 18.11.2016.1 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.
ID de processus : 1414
Heure de début : 01d242e6df6419de
Heure de fin : 109
Chemin d’accès de l’application : C:\Users\Power2Go 11 promo\Desktop\adsfix_3_18.11.2016.1.exe
ID de rapport :
Error: (11/19/2016 07:40:51 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005, Accès refusé.
.
Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.
Opération :
Données du rédacteur en cours de collecte
Contexte :
ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
Nom du rédacteur: System Writer
ID d’instance du rédacteur: {f13cc692-c515-483b-b5ba-8c40320936db}
Error: (11/17/2016 12:22:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante RogueKiller.exe, version : 12.8.1.0, horodatage : 0x5829760d
Nom du module défaillant : psdprotect.dll, version : 3.1.212.0, horodatage : 0x4bfd066b
Code d’exception : 0x40000015
Décalage d’erreur : 0x0000b1f3
ID du processus défaillant : 0x68c
Heure de début de l’application défaillante : 0x01d240264fc3504d
Chemin d’accès de l’application défaillante : C:\Program Files\RogueKiller\RogueKiller.exe
Chemin d’accès du module défaillant: C:\Program Files\EgisTec MyWinLocker\x86\psdprotect.dll
ID de rapport : 17ade89f-acb8-11e6-bf9d-d8c6d4ba6fd2
Error: (11/16/2016 12:30:09 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Échec de la création d’un point de restauration (Processus = C:\Users\POWER2~1\AppData\Local\Temp\RarSFX0\LPrint\Setup.exe -l1036 /z/pichk /z/PATH"C:\Program Files\CyberLink" ; Description = Configuré LabelPrint ; Erreur = 0x8007043c).
Error: (11/11/2016 02:23:09 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: La création du contexte d’activation a échoué pour « J:\backup data - sosvirus backup disk (usb)\BootkitRemoval_x64.exe ».
Assembly dépendant Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.
Error: (11/11/2016 02:06:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: La création du contexte d’activation a échoué pour « J:\backup data - sosvirus backup disk (usb)\BootkitRemoval_x64.exe ».
Assembly dépendant Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.
Error: (11/11/2016 01:55:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: La création du contexte d’activation a échoué pour « C:\Users\barrow 2 & widen\Desktop\BootkitRemoval_x64.exe ».
Assembly dépendant Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.
Error: (11/11/2016 01:30:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: La création du contexte d’activation a échoué pour « L:\HitmanPro_x64.exe ».
Assembly dépendant Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.
Erreurs système:
=============
Error: (11/25/2016 07:34:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Ad-Aware Service 11 s’est terminé de façon inattendue pour la 1ème fois.
CodeIntegrity:
===================================
Date: 2016-11-25 12:37:56.068
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Windows\System32\iseguard32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2016-11-25 12:37:56.030
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Windows\System32\CcavGuard32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2016-11-25 10:20:20.873
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Windows\System32\iseguard32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2016-11-25 10:20:20.825
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Windows\System32\CcavGuard32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2016-11-25 09:54:39.440
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Windows\System32\iseguard32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2016-11-25 09:54:39.377
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Windows\System32\CcavGuard32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2016-11-23 07:00:47.873
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Windows\System32\iseguard32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2016-11-23 07:00:47.858
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Windows\System32\CcavGuard32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2016-11-22 21:28:28.750
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Windows\System32\iseguard32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
Date: 2016-11-22 21:28:28.750
Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Windows\System32\CcavGuard32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.
==================== Infos Mémoire ===========================
Processeur: Intel(R) Atom(TM) CPU N450 @ 1.66GHz
Pourcentage de mémoire utilisée: 89%
Mémoire physique - RAM - totale: 1013.09 MB
Mémoire physique - RAM - disponible: 107.15 MB
Mémoire virtuelle totale: 2037.09 MB
Mémoire virtuelle disponible: 582.86 MB
==================== Lecteurs ================================
Drive c: (Acer) (Fixed) (Total:215.78 GB) (Free:75.92 GB) NTFS ==>[système avec composants d'amorçage (obtenu depuis lecteur)]
Drive d: (Verbatim) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF
Drive e: (PARTED MAGI) (Removable) (Total:57.89 GB) (Free:38.92 GB) FAT32
Drive g: (COMPANION) (Removable) (Total:30.02 GB) (Free:1.82 GB) FAT32
Drive h: (CLONEZILLA) (Removable) (Total:1.86 GB) (Free:0.2 GB) FAT32
Drive i: (UUI) (Removable) (Total:7.26 GB) (Free:0.26 GB) FAT32
Drive j: (OTLPE_7 USB) (Removable) (Total:3.75 GB) (Free:0.34 GB) NTFS
Drive l: (HITMANPRO) (Removable) (Total:57.55 GB) (Free:26.07 GB) FAT32
Drive m: (FRAMAKEY SA) (Removable) (Total:28.78 GB) (Free:11.03 GB) FAT32
Drive o: (PARTED MAGI) (Removable) (Total:15 GB) (Free:1.16 GB) FAT32
Drive q: (FRAMAKEY MI) (Removable) (Total:14.41 GB) (Free:4.09 GB) FAT32
Drive r: (PARTED MAGI) (Removable) (Total:3.74 GB) (Free:0.43 GB) FAT32
Drive s: () (Removable) (Total:1.83 GB) (Free:1.71 GB) FAT
Drive u: (séjour pari) (Removable) (Total:117.02 GB) (Free:8.26 GB) exFAT
Drive v: (FRAMAKEY UB) (Removable) (Total:57.64 GB) (Free:50.17 GB) FAT32
==================== MBR & Table des partitions ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: B7B45E2D)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=4.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=215.8 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.4 GB) (Disk ID: 6088C201)
Partition 1: (Active) - (Size=14.4 GB) - (Type=0B)
========================================================
Disk: 2 (Size: 57.7 GB) (Disk ID: 720E7790)
Partition 1: (Active) - (Size=57.7 GB) - (Type=0B)
========================================================
Disk: 3 (Size: 1.8 GB) (Disk ID: 08148028)
Partition 1: (Not Active) - (Size=1.8 GB) - (Type=06)
========================================================
Disk: 4 (Size: 30 GB) (Disk ID: 25C8BCC2)
Partition 1: (Active) - (Size=30 GB) - (Type=0C)
========================================================
Disk: 8 (Size: 117 GB) (Disk ID: 1056A957)
Partition 1: (Active) - (Size=117 GB) - (Type=07 NTFS)
========================================================
Disk: 9 (Size: 57.9 GB) (Disk ID: 027CE1A0)
Partition 1: (Active) - (Size=57.9 GB) - (Type=0C)
========================================================
Disk: 10 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: 319FE485)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)
========================================================
Disk: 11 (MBR Code: Windows 7 or 8) (Size: 7.3 GB) (Disk ID: 0C26E2E5)
Partition 1: (Active) - (Size=7.3 GB) - (Type=0C)
========================================================
Disk: 12 (Size: 1.9 GB) (Disk ID: 555925CE)
Partition 1: (Active) - (Size=1.9 GB) - (Type=0B)
========================================================
Disk: 13 (MBR Code: Windows 7 or 8) (Size: 3.8 GB) (Disk ID: 319FE471)
Partition 1: (Active) - (Size=3.8 GB) - (Type=0C)
========================================================
Disk: 14 (MBR Code: Windows 7 or 8) (Size: 57.7 GB) (Disk ID: CA6D68A4)
Partition 1: (Active) - (Size=57.7 GB) - (Type=0B)
========================================================
Disk: 15 (Size: 3.8 GB) (Disk ID: 0020526A)
Partition 1: (Active) - (Size=3.8 GB) - (Type=07 NTFS)
========================================================
Disk: 16 (Size: 28.8 GB) (Disk ID: A716E9AC)
Partition 1: (Active) - (Size=28.8 GB) - (Type=0B)
==================== Fin de Addition.txt ============================