Résultats de l'Analyse supplémentaire de Farbar Recovery Scan Tool (x86) Version: 23-11-2016 Exécuté par Power2Go 11 promo (25-11-2016 12:42:00) Exécuté depuis C:\Users\Power2Go 11 promo\Desktop Microsoft Windows 7 Édition Starter Service Pack 1 (X86) (2016-10-08 19:55:30) Mode d'amorçage: Normal ========================================================== ==================== Comptes: ============================= Administrateur (S-1-5-21-1541472888-895532398-2178115478-500 - Administrator - Disabled) barrow 2 & widen (S-1-5-21-1541472888-895532398-2178115478-1000 - Administrator - Enabled) => C:\Users\barrow 2 & widen Invité (S-1-5-21-1541472888-895532398-2178115478-501 - Limited - Disabled) Power2Go 11 promo (S-1-5-21-1541472888-895532398-2178115478-1001 - Administrator - Enabled) => C:\Users\Power2Go 11 promo ==================== Centre de sécurité ======================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.) AV: COMODO Cloud Antivirus (Disabled - Up to date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2} AS: COMODO Sandbox (Disabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programmes installés ====================== (Seuls les logiciels publicitaires ('adware') avec la marque 'caché' ('Hidden') sont susceptibles d'être ajoutés au fichier fixlist.txt pour qu'ils ne soient plus masqués. Les programmes publicitaires devront être désinstallés manuellement.) 7-Zip 16.04 (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) Acer Crystal Eye webcam Ver:1.1.192.810 (HKLM\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.192.810 - Chicony Electronics Co.,Ltd.) Acer ePower Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated) Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated) Acer Registration (HKLM\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated) Acer VCM (HKLM\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated) Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.) Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated) Adobe Reader 9.1 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated) AndroidInstaller (Version: 1.00.022 - Nom de votre société) Hidden Apowersoft Online Launcher version 1.4.5 (HKU\S-1-5-21-1541472888-895532398-2178115478-1001\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.4.5 - APOWERSOFT LIMITED) Assistant de connexion Windows Live (HKLM\...\{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}) (Version: 5.000.818.5 - Microsoft Corporation) Assistant Mise à niveau de Windows 10 (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.) AutoIt v3.3.14.2 (HKLM\...\AutoItv3) (Version: 3.3.14.2 - AutoIt Team) BDAntiRansomware (HKLM\...\{BE40AB1F-558F-4434-B72F-461EF97E7796}_is1) (Version: 1.0.12.1 - Bitdefender) Bitdefender 60-Second Virus Scanner (HKLM\...\{CCEA2053-D975-4E38-AC09-4D5E6DAC6B6F}) (Version: 1.0.3.76 - Bitdefender) Boost (HKU\S-1-5-21-1541472888-895532398-2178115478-1001\...\Boost 1.0.2) (Version: 1.0.2 - Reason Software Company Inc.) <==== ATTENTION Boost (Version: 1.0.2 - Reason Software Company Inc.) Hidden <==== ATTENTION Chromodo (HKLM\...\Chromodo) (Version: 52.15.25.665 - Comodo) COMODO Cloud Antivirus (HKLM\...\COMODO Cloud Antivirus_list_uninstall) (Version: 1.7.402730.374 - COMODO) COMODO Cloud Antivirus (Version: 1.7.374.0 - COMODO) Hidden Comodo Dragon (HKLM\...\Comodo Dragon) (Version: 52.15.25.664 - Comodo) CyberLink LabelPrint 2.5 (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0.10521 - CyberLink Corp.) CyberLink Power2Go 11 (HKLM\...\{7A3F32E0-D8E1-40C1-8E1B-1F5693F2ADE0}) (Version: 11.0.1013.0 - CyberLink Corp.) CyberLink WaveEditor 2 (HKLM\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.8205.0 - CyberLink Corp.) EaseUS EverySync 3.0 (HKLM\...\EaseUS EverySync_is1) (Version: - EaseUS) EaseUS Partition Master 11.9 (HKLM\...\EaseUS Partition Master_is1) (Version: - EaseUS) EaseUS Todo Backup Free 9.2 (HKLM\...\EaseUS Todo Backup_is1) (Version: 9.2 - CHENGDU YIWO Tech Development Co., Ltd) EaseUS Todo PCTrans 9.0 (HKLM\...\EaseUS Todo PCTrans_is1) (Version: - EaseUS) e-Carte Bleue LCL (HKLM\...\{DB981AC8-910B-4C0E-8250-829243E85934}) (Version: 5.6.0.0 - e-Carte Bleue LCL) ENE USB Card Reader Driver (HKLM\...\3B29FD3CCF1F5B855DA0C521597413EBABE97DFB) (Version: 5.89.0.70 - ENE) eSobi v2 (HKLM\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.) eSobi v2 (Version: 2.0.4.000274 - esobi Inc.) Hidden ETDWare PS/2-X86 11.6.4.001_WHQL (HKLM\...\Elantech) (Version: 11.6.4.001 - ELAN Microelectronic Corp.) EVEREST Ultimate Edition v5.50 (HKLM\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.) Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version: - FreeDownloadManager.ORG) Galerie de photos Windows Live (Version: 14.0.8117.416 - Microsoft Corporation) Hidden GeekBuddy (Version: 4.29.207 - Comodo Security Solutions Inc) Hidden Google Chrome (HKLM\...\{77CD02E9-7F33-33D9-B5CB-13C332E0E575}) (Version: 54.0.2840.99 - Google, Inc.) Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.) Identity Card (HKLM\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated) Installation Windows Live (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) Installation Windows Live (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2117 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.5.1001 - Intel Corporation) Internet Security Essentials (HKLM\...\ComodoIse) (Version: 1.1.400604.29 - Comodo) ISO to USB (HKLM\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version: - isotousb.com) Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Laplink PCmover Professional (HKLM\...\{06D3FAB0-9DDE-40A9-B130-D6B8003B104D}) (Version: 10.01.648 - Laplink Software, Inc.) Launch Manager (HKLM\...\LManager) (Version: 4.0.14 - Acer Inc.) Logiciel pour périphérique à chipset Intel® (Version: 10.0.27 - Intel(R) Corporation) Hidden Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.) Macrium Reflect Free Edition (Version: 6.2.1549 - Paramount Software (UK) Ltd.) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.5.2 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 50.0 (x86 fr) (HKLM\...\Mozilla Firefox 50.0 (x86 fr)) (Version: 50.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.0.0.6152 - Mozilla) Multi Virus Cleaner 2017 (HKLM\...\Multi Virus Cleaner 2017_is1) (Version: 17.3.5 - AxBx) MyWinLocker (Version: 3.1.212.0 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.) MyWinLocker Suite (Version: 3.1.212.0 - Egis Technology Inc.) Hidden Outil de téléchargement Windows Live (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Panda Cloud Cleaner (HKLM\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.9 - Panda Security) Panda USB Vaccine 1.0.1.16 (HKLM\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6171 - Realtek Semiconductor Corp.) RogueKiller version 12.8.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.8.1.0 - Adlice Software) Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden Unchecky v1.0.1 (HKLM\...\Unchecky) (Version: 1.0.1 - RaMMicHaeL) Welcome Center (HKLM\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated) Win32DiskImager version 0.9.5 (HKLM\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers) Windows Live FolderShare (HKLM\...\{76810709-A7D3-468D-9167-A1780C1E766C}) (Version: 14.0.8117.416 - Microsoft Corporation) Wondershare Filmora(Build 7.5.0) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software) Wondershare Helper Compact 2.5.0 (HKLM\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.0 - Wondershare) Wondershare TidyMyMusic(Build 1.5.0.1) (HKLM\...\Wondershare TidyMyMusic_is1) (Version: 1.5.0.1 - Wondershare Software) ZebHelpProcess 2016 (HKLM\...\ZebHelpProcess_is1) (Version: 2015 - Nicolas Coolman) ==================== Personnalisé CLSID (Avec liste blanche): ========================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Tâches planifiées (Avec liste blanche) ============= (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) Task: {114E62F7-5A43-4727-BCDF-A4E7E7FA75A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-05] (Adobe Systems Incorporated) Task: {1E4A408B-8347-4350-AEAC-D63481ECE662} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation) Task: {7089C146-3A46-467A-B7DE-C3C357A86B67} - System32\Tasks\{3FE4FA56-B019-4F16-A61D-3CDC8B31C0F2} => pcalua.exe -a G:\start.exe -d G:\ Task: {7FCCBD3B-43FF-492A-82BE-72A385EC4FED} - System32\Tasks\Boost => C:\Users\Power2Go 11 promo\AppData\Roaming\Reason\Boost\boost.exe [2013-12-27] (Reason Software Company Inc.) Task: {9FD1F42C-D7FC-4B82-A14F-BDB00020D0D6} - System32\Tasks\{6848CD13-085C-450A-A985-F50011F476FD} => pcalua.exe -a "C:\Users\barrow 2 & widen\Downloads\devoir.exe" -d "C:\Users\barrow 2 & widen\Downloads" Task: {C5FF3427-B388-4AC0-A5C2-0EDFEBD5F54B} - System32\Tasks\{B977D14B-07F1-4B68-9648-A18954293BDE} => pcalua.exe -a V:\FUR-Tools\Virtualbox-install\VitrualBox-install.exe -d V:\FUR-Tools\Virtualbox-install Task: {D6678260-760D-4A84-8A61-A039F665FDDB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-11-05] (Google Inc.) Task: {DEBA87F4-7C49-4726-8B78-6CE4A760C8B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-11-05] (Google Inc.) Task: {FE0C4D39-72A2-41A0-8808-C615EEB45D54} - System32\Tasks\PandaUSBVaccine => C:\Program Files\Panda USB Vaccine\RunInteractiveWin.exe [2010-06-01] () (Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Raccourcis ============================= (Les éléments sont susceptibles d'être inscrits dans le fichier fixlist.txt afin d'être supprimés ou restaurés.) ShortcutWithArgument: C:\Users\Power2Go 11 promo\Desktop\AdsFix_Donate.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN ShortcutWithArgument: C:\Users\Power2Go 11 promo\Desktop\Pre_Scan_Donate.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN ==================== Modules chargés (Avec liste blanche) ============== 2016-07-18 19:25 - 2016-07-18 19:25 - 03590904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareShellExtension.dll 2010-09-17 08:18 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files\Launch Manager\CdDirIo.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00080936 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CodeLog.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 01296424 _____ () C:\Program Files\EaseUS\Todo Backup\bin\libxml2.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00060968 _____ () C:\Program Files\EaseUS\Todo Backup\bin\zlib1.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00017448 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CompressFile.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00088616 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00024768 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CmcTbProxy.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00188608 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CMCPipeCenter.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00173760 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CMCAdapt.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00056512 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TBInfo.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00018112 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll 2016-10-10 07:30 - 2016-10-10 07:30 - 00128192 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ActivationOnline.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00085184 _____ () C:\Program Files\EaseUS\Todo Backup\bin\logsys.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00030760 _____ () C:\Program Files\EaseUS\Todo Backup\bin\DiskSearchImg.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00068136 _____ () C:\Program Files\EaseUS\Todo Backup\bin\MountImg.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00158248 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ImgFile.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00281128 _____ () C:\Program Files\EaseUS\Todo Backup\bin\DsImgFile.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00072232 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CheckImg.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00139816 _____ () C:\Program Files\EaseUS\Todo Backup\bin\vhdvmdk.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00040128 _____ () C:\Program Files\EaseUS\Todo Backup\bin\BootDriver.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00769064 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ExImage.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00193064 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EmailBackupSize.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00443944 _____ () C:\Program Files\EaseUS\Todo Backup\bin\AndroidImage.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00148008 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EnumDisk.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00076840 _____ () C:\Program Files\EaseUS\Todo Backup\bin\FatLib.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00207912 _____ () C:\Program Files\EaseUS\Todo Backup\bin\NTFSLib.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00114880 _____ () C:\Program Files\EaseUS\Todo Backup\bin\FileStorage.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00169512 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CloudInterface.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00501800 _____ () C:\Program Files\EaseUS\Todo Backup\bin\StorageMgr.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00024616 _____ () C:\Program Files\EaseUS\Todo Backup\bin\GetDriverInfo.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00020520 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CorrectMbr.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00032296 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EnumTapeDevice.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00034856 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TbTapeBrowse.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00064040 _____ () C:\Program Files\EaseUS\Todo Backup\bin\RegLib.dll 2016-10-10 07:30 - 2016-10-10 07:30 - 00026816 _____ () C:\Program Files\EaseUS\Todo Backup\bin\AccountManager.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00059944 _____ () C:\Program Files\EaseUS\Todo Backup\bin\NasOperator.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00220864 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EmailBrowser.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00077864 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CloudOperator.dll 2016-10-10 07:30 - 2016-10-10 07:30 - 00021184 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ActiveOnline.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00136232 _____ () C:\Program Files\EaseUS\Todo Backup\bin\VMConfig.dll 2016-10-10 07:30 - 2016-10-10 07:31 - 00020008 _____ () C:\Program Files\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00043048 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TbDataSwap.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00432320 _____ () C:\Program Files\EaseUS\Todo Backup\bin\uexper.dll 2010-07-20 13:54 - 2010-07-20 13:54 - 00411648 _____ () C:\Program Files\Acer\Android Manager\FRA.dll 2016-07-18 19:25 - 2016-07-18 19:25 - 08063200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe 2016-07-18 19:25 - 2016-07-18 19:25 - 02454224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\RCF.dll 2016-07-18 19:25 - 2016-07-18 19:25 - 00122632 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_filesystem-vc140-mt-1_61.dll 2016-07-18 19:25 - 2016-07-18 19:25 - 00026880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_system-vc140-mt-1_61.dll 2016-07-18 19:25 - 2016-07-18 19:25 - 00055560 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_date_time-vc140-mt-1_61.dll 2016-07-18 19:25 - 2016-07-18 19:25 - 00099072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_thread-vc140-mt-1_61.dll 2016-07-18 19:25 - 2016-07-18 19:25 - 00035584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_chrono-vc140-mt-1_61.dll 2016-07-18 19:25 - 2016-07-18 19:25 - 00403712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_locale-vc140-mt-1_61.dll 2016-07-18 19:25 - 2016-07-18 19:25 - 01888488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\HtmlFramework.dll 2016-07-18 19:25 - 2016-07-18 19:25 - 00869624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTrayDefaultSkin.dll 2016-10-09 07:20 - 2016-06-20 13:48 - 01506304 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll 2016-10-09 07:20 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll 2016-10-11 15:53 - 2016-10-11 15:53 - 00877056 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\platforms\qwindows.dll 2016-10-11 15:52 - 2016-10-11 15:52 - 00308416 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\GarbageGather.dll 2016-10-11 15:52 - 2016-10-11 15:52 - 00118464 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\FHProcess.dll 2016-10-11 15:53 - 2016-10-11 15:53 - 00014336 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\fsclog.dll 2016-10-11 15:52 - 2016-10-11 15:52 - 00174784 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\BigFileGather.dll 2016-10-11 15:52 - 2016-10-11 15:52 - 00088256 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\EnumVolumes.dll 2016-10-11 15:52 - 2016-10-11 15:52 - 00224960 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\FragAnalysis.dll 2016-10-11 15:53 - 2016-10-11 15:53 - 00024064 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\imageformats\qico.dll 2016-10-11 15:53 - 2016-10-11 15:53 - 00023552 _____ () C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\imageformats\qgif.dll 2016-10-10 07:31 - 2016-10-10 07:31 - 00278720 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe 2016-10-10 07:31 - 2016-10-10 07:31 - 00224808 _____ () C:\Program Files\EaseUS\Todo Backup\bin\SmartBackup.dll 2016-11-16 12:29 - 2016-10-13 13:32 - 00634648 _____ () C:\Program Files\CyberLink\Power2Go11\CLMediaLibrary.dll 2016-10-20 16:46 - 2016-10-20 16:46 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e676d4d4f9d659b596668c1e8f9b0450\IsdiInterop.ni.dll 2010-09-17 08:04 - 2012-06-12 15:06 - 00059904 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (Avec liste blanche) ========= (Si un élément est inclus dans le fichier fixlist.txt, seul le flux de données additionnel (ADS - Alternate Data Stream) sera supprimé.) AlternateDataStreams: C:\Windows\bfsvc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\twain_32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\aaclient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\accessibilitycpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\acppage.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ActionCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ActionCenterCPL.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ActionQueue.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\activeds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\actxprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adsldp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aitagent.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\amstream.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appwiz.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\audiodev.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AuthFWSnapin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\autochk.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\autoconv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\autofmt.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\autoplay.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\avifil32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AxInstSv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\azroles.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\azroleui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AzSqlExt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\basecsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\batmeter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcdboot.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcdsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BFE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\biocpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bitsadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bitsperf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BlbEvents.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BootMan.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bootres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\browcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\browser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\browseui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bthprops.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Bubbles.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cabinet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cabview.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\calc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\capiprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cca.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cdosys.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\centel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\certenc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CertEnroll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\certmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CertPolEng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\certprop.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\certutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cfgmgr32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\clusapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cmd.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cmstp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cngprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\comdlg32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\credui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptdlg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cscapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cscdll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cscript.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\C_ISCII.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d11.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dbgeng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dbghelp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\defaultlocationcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\desk.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DeviceCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DevicePairingFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dfrgui.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dhcpcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dhcpcore6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dhcpcsvc6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DiagCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diagperf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diskpart.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diskraid.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Display.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\djoin.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dnsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dnscacheugc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dnscmmc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dnsrslvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dosx.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3api.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3cfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3msm.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\dot3svc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3ui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dpapiprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dpnaddr.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\dpnet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dpx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\drvstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dsauth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DShowRdpFilter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dskquoui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dsuiext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dwmredir.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxdiagn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DXP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DXPTaskRingtone.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DxpTaskSync.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eapp3hst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eappgnui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eapphost.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\efscore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EhStorAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\elsTrans.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\epmntdrv.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\esent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eudcedit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EuEpmGdi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EuGdiDrv.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Faultrep.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\fbnative.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fde.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fdeploy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\findstr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FirewallControlPanel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fms.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fontext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fphc.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\framedyn.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\framedynos.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fsutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ftp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fveapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fveapibase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSCOVER.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSMON.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSSVC.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSTIFF.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\g711codc.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gameux.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\GeneIcon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\GSCoinst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hal.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\halacpi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\halmacpi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hbaapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hgcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hgprint.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\httpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iasacct.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iasrad.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iasrecst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\icaapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iccvid.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ifsutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\imagehlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\imapi2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\imapi2fs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\imm32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetmib1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\intl.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iologmsg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IPHLPAPI.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iphlpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iprtrmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ipsmsnap.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\iscsicli.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iscsium.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\isoburn.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\itircl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iyuv_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDBLR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDBULG.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDCZ1.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDGEO.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDGKL.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDGR1.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDINBEN.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\KBDINHIN.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDINKAN.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDINMAR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDINORI.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDINTAM.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\KBDINTEL.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kbdlk41a.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDLT1.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDMAORI.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDMON.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDNEPR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDPO.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDRU.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDRU1.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDSF.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDSG.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDTAJIK.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDTAT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDTUF.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDTUQ.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDTURME.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDUGHR1.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDUS.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDYAK.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KMSVC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kstvtune.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Kswdmcap.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ksxbar.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ListSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\localsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\logagent.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\logoncli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LogonUI.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lpksetup.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lpremove.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lsm.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lsmproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\luainstall.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\main.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\manage-bde.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mcbuilder.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MCEWMDRMNDBootstrap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mciavi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mciqtz32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MdSched.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MediaMetadataHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfc40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfc40u.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfc42.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfc42u.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MFPlay.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfreadwrite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\migisol.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mimefilt.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\mmcndmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MMDevAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mmsys.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mobsync.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Mpeg2Data.ax:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\mpg2splt.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mprapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mprddm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MPSSVC.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSAC3ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msasn1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mscms.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msconfig.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mscoree.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdmo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdrm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdtctm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSDvbNP.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msftedit.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msieftp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msinfo32.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSNP.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msorcl32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msrle32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msscntrs.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mssph.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mssphtb.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\mssrch.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mssvp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mstask.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msutb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msvcrt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msvfw32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msvidc32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msyuv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mtxclu.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\muifontsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MuiUnattend.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MultiDigiMon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mydocs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Mystify.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NAPCRYPT.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\napdsnap.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\NAPHLPR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Narrator.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NaturalLanguage6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ncryptui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\net1.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netbtugc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netcenter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netcfg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netcfgx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netcorehc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netdiagfx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netevent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netfxperf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netid.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netiohlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netiougc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netjoin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netlogon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netplwiz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netshell.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\netutils.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\networkexplorer.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\networkmap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nltest.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nrpsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nshipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nshwfp.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\nslookup.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntlanman.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntprint.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntshrui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\objsel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ocsetapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ocsetup.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbc32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbcconf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbccp32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbccr32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbccu32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbcjt32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\odbctrac.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\oleacc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\olethk32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\onex.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\onexui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\OnLineIDCpl.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\OobeFldr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\OpcServices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\OxpsConverter.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pdh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pdhui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PerfCenterCPL.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\perfmon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\perfts.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PhotoScreensaver.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\photowiz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pifmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PkgMgr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pla.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pnidui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PnPUnattend.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PortableDeviceApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PortableDeviceStatus.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PortableDeviceSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\powercfg.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\powercpl.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PresentationHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PresentationHostProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\prevhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PrintIsolationProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\printui.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\prncache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\prnfldr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\prntvpt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\profprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\propsys.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\proquota.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\provsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\psisdecd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\psisrndr.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\puiobj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\QAGENT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\QAGENTRT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qcap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\QCLIPROV.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qdv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\QSHVHOST.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\QSVRMGMT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Query.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\QUTIL.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RacEngn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\raschap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasmans.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasppp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rastapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpcfgex.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpcorekmts.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpd3d.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\rdpdd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RDPENCDD.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\rdpencom.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RDPREFDD.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdprefdrvapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpwsx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdrmemptylst.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ReAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ReAgentc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\recdisc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\recovery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\regapi.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RelPost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\remotepg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\repair-bde.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\resutils.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Ribbons.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\riched20.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\riched32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RMActivate.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RMActivate_isv.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\RMActivate_ssp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RMActivate_ssp_isv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Robocopy.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RpcRtRemote.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rpcss.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rtutils.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\runonce.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\samcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\samlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\samsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sbe.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scansetting.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scecli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\schedcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scrrun.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdclt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdengin2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdrsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SearchFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SearchIndexer.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SearchProtocolHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\secproc.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\secproc_isv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\secproc_ssp.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\secproc_ssp_isv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SessEnv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sethc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\setupapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\setupcl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\setupcln.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\setupempdrv03.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\setupugc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shacct.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sharemediacpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shdocvw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shgina.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shimgvw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shlwapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shunimpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shwebsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sisbkup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\slui.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\slwga.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SmartcardCredentialProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SmiEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SndVol.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SndVolSSO.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spbcd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spinstall.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spoolsv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spopk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sppc.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\sppcomapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sppinst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sppnp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sppobjs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sppsvc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sppuinotify.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sppwinob.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spreview.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spwizeng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spwizres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spwizui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sqlcese30.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sqlsrv32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sqmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srchadmin.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\srrstr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srvcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srvsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sscore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ssText3d.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\stobject.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\StructuredQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sud.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sxs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SyncCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\synceng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\syncui.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\sysclass.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sysdm.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sysmon.ocx:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\syssetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\systemcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\t2embed.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tabcal.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TabletPC.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TabSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\takeown.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tapisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\taskbarcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\taskcomp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\taskmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\taskschd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tbs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tcpipcfg.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\termmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\themecpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\themeui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\thumbcache.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\timedate.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tlscsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tquery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TRAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tsbyuv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tsmf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\twext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tzutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ucrtbase.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\UIRibbon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UIRibbonRes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\umb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\umpnpmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\umpo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\unattend.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\unimdm.tsp:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\unimdmat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\unlodctr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\untfs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\upnp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UserAccountControlSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\usercpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\userenv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\utildll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\uxlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VAN.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Vault.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vaultsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VBICodec.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vbisurf.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vds.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vdsbas.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vdsutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vfwwdm32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vpnike.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vpnikeapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vssapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VSSVC.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\w32tm.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WavDest.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wavemsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wbemcomn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wbengine.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wcncsvc.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\wdc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Wdfres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wdiasqmmodule.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wdmaud.drv:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\webio.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\webservices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\werconcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WerFaultSecure.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wevtsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WFS.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wiadefui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wiarpc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wiaservc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wiavideo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wimgapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wimserv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wincredprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WindowsAnytimeUpgrade.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WindowsAnytimeUpgradeResults.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winmm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinSAT.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinSATAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinSCard.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winspool.drv:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wisptis.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wkscli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wkssvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlangpui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlanmsm.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\wlanpref.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlanui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Wldap32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmdrmdev.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmdrmnet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmicmiplugin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMNetMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmpdxm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmpeffects.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMPEncEn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmpps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmpshell.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmpsrcwp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVCORE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Wpc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpccpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpdbusenum.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WPDShServiceObj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WPDSp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpdwcn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpd_ci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wscapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wscript.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSDApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wsdchngr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wshbth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wshirda.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wshom.ocx:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wsmplpxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WsmRes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wsnmp32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wsqmcons.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSTPager.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wtsapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WUDFCoinstaller.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WUDFHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WUDFPlatform.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WUDFSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WUDFx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wusa.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wwanconn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wwanprotdim.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wwansvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xmllite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XpsRasterService.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xpsservices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\zipfldr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\1394ohci.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\acpi.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\acpipmi.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\amdsata.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\amdxata.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ataport.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\cdrom.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\CompositeBus.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\disk.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\Diskdump.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\dxgmms1.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ETD.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\eubakup.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\EUBKMON.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\eudskacs.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\EuFdDisk.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\fs_rec.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\fvevol.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\GeneStor.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\hdaudbus.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\HdAudio.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\hidclass.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\hidparse.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\hidusb.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\hwpolicy.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\iaStor.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\iaStorV.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\IPMIDrv.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\kbdhid.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ks.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\L1C63x86.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mpio.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\msahci.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\msdsm.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\msiscsi.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ndisuio.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ndiswan.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ndproxy.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\netbt.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\netio.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\NETwsn00.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\nvraid.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\nvstor.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\pci.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\rdbss.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\RDPCDD.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\rdyboost.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\RNDISMP.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\sbp2port.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\scfilter.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\scsiport.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\sffp_sd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tdi.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tdpipe.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tdtcp.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\termdd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbFlt.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tunnel.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\udfs.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\umbus.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usb8023.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\USBCAMD.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\USBCAMD2.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usbcir.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usbrpm.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usbvideo.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\vhdmp.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\volmgr.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\volsnap.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\wanarp.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\Wdf01000.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\WdfLdr.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\winusb.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\WUDFPf.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\WUDFRd.sys:$CmdTcID [64] AlternateDataStreams: C:\Users\barrow 2 & widen\Desktop\adsfix_3_03.11.2016.1.exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Desktop\BDPUARLauncher_FR.exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Desktop\BDUSBImmunizerLauncher.exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Desktop\BootkitRemoval_x64.exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Desktop\BootkitRemoval_x86.exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Desktop\Pre_Scan.exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Desktop\Rem-VBSworm.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\barrow 2 & widen\Desktop\RSIT.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\barrow 2 & widen\Desktop\RSIT.exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Desktop\ZHPDiag3.exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\60Second_en_us.exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\adsfix_3_03.11.2016.1.exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\adwcleaner_6.030.exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\army.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\army.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\BDAntiRansomwareSetup.exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\ccav_installer(1).exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\ccav_installer(2).exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\ccav_installer.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\ccav_installer.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\ccav_installer.exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\cispremium_installer.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\cispremium_installer.exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\cmd_fw_installer_6113_c7.exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\CyberLink_PhotoDirector_Downloader(1).exe:$CmdTcID [64] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\CyberLink_PhotoDirector_Downloader(1).exe:$CmdZnID [26] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\CyberLink_PhotoDirector_Downloader.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\CyberLink_PhotoDirector_Downloader.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\dencopy.rar:$CmdZnID [26] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\devoir.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\devoir.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\DriveSecurityPortable_1.0.paf.exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\DSInstall.exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\EmsisoftEmergencyKit.exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\epm.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\epm.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\epm.exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\fdm5_x86_setup.exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\FYDLoad_inflvto_3.exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\iobituninstaller.exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\JRT.exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\kcfallout.rar:$CmdZnID [26] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\marmiton-install.exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\metallic.rar:$CmdZnID [26] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\mystandart.rar:$CmdZnID [26] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\pctrans_trial.exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\PortableApps.com_Platform_Setup_14.2.paf(1).exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\PortableApps.com_Platform_Setup_14.2.paf.exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\processclose_1.0.0.3 (1).exe:$CmdTcID [64] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\processclose_1.0.0.3 (1).exe:$CmdZnID [26] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\processclose_1.0.0.3 (2).exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\processclose_1.0.0.3(1).exe:$CmdZnID [26] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\processclose_1.0.0.3(1).exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\processclose_1.0.0.3(2).exe:$CmdZnID [26] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\processclose_1.0.0.3(2).exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\processclose_1.0.0.3(3).exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\SkypePortable_7.29.0.102_online.paf.exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\ssskin.rar:$CmdZnID [26] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\UsbFix_9.001 (1).exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\UsbFix_9.001 (2).exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\UsbFix_9.001(1).exe:BDU [0] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\vst_dhlb.rar:$CmdZnID [26] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\xpsoft.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\xpsoft.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\xpsolive.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\xpsolive.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\xpssilver.exe:$CmdTcID [130] AlternateDataStreams: C:\Users\barrow 2 & widen\Downloads\xpssilver.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\barrow 2 & widen\Documents\PhotoDirector_8.0.2031.59859_GM2_Essential_PTD160719-10.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Power2Go 11 promo\Desktop\FRST.exe:BDU [0] AlternateDataStreams: C:\Users\Power2Go 11 promo\Desktop\pre-scan_6_02.11.2016.1.exe:BDU [0] AlternateDataStreams: C:\Users\Power2Go 11 promo\Desktop\quickdiag_2_02.11.2016.1.exe:BDU [0] AlternateDataStreams: C:\Users\Power2Go 11 promo\Desktop\ZHPDiag3.exe:BDU [0] AlternateDataStreams: C:\Users\Power2Go 11 promo\Downloads\adwcleaner_6.030.exe:BDU [0] AlternateDataStreams: C:\Users\Power2Go 11 promo\Downloads\apowersoft-online-launcher.exe:BDU [0] AlternateDataStreams: C:\Users\Power2Go 11 promo\Downloads\EasyUEFI_Free.exe:BDU [0] AlternateDataStreams: C:\Users\Power2Go 11 promo\Downloads\EmsisoftEmergencyKit.exe:BDU [0] AlternateDataStreams: C:\Users\Power2Go 11 promo\Downloads\installboost.exe:BDU [0] AlternateDataStreams: C:\Users\Power2Go 11 promo\Downloads\Quick Uploader.exe:BDU [0] AlternateDataStreams: C:\Users\Power2Go 11 promo\Downloads\setup(1).exe:BDU [0] AlternateDataStreams: C:\Users\Power2Go 11 promo\Downloads\Windows10Upgrade24074.exe:BDU [0] ==================== Mode sans échec (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le "AlternateShell" sera restauré.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" ==================== Association (Avec liste blanche) =============== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé.) ==================== Internet Explorer sites de confiance/sensibles =============== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre.) ==================== Hosts contenu: ========================== (Si nécessaire, la commande Hosts: peut être incluse dans le fichier fixlist.txt afin de réinitialiser le fichier hosts.) 2009-07-14 03:04 - 2016-11-22 21:29 - 00002034 _RASH C:\Windows\system32\Drivers\etc\hosts 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com 0.0.0.0 cdn.appround.biz 0.0.0.0 cdn.bigspeedpro.com 0.0.0.0 cdn.bispd.com Il y a 4 plus de lignes. ==================== Autres zones ============================ (Actuellement, il n'y a pas de correction automatique pour cette section.) HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Le Pare-feu est activé. ==================== MSCONFIG/TASK MANAGER éléments désactivés == ==================== RèglesPare-feu (Avec liste blanche) =============== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) FirewallRules: [{8FEA8AC3-9A0F-4337-B8D4-9DA468CAB606}] => (Allow) C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe FirewallRules: [{A04B5DB6-B36D-4533-A1BA-F3F2DBDD9BDD}] => (Allow) C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe ==================== Points de restauration ========================= 21-11-2016 18:42:39 Installed AdAwareInstaller. 22-11-2016 03:38:22 Installed Boost 22-11-2016 03:44:31 Before Boost ==================== Éléments en erreur du Gestionnaire de périphériques ============= Name: Unknown Device Description: Unknown Device Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Contrôleur hôte USB standard) Service: Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Erreurs du Journal des événements: ========================= Erreurs Application: ================== Error: (11/21/2016 06:48:03 PM) (Source: MsiInstaller) (EventID: 11606) (User: barrow2etwiden) Description: Product: AdAwareInstaller -- Error 1606. Could not access network location \Ad-Aware Antivirus\11.12.945.9202. Error: (11/21/2016 06:48:03 PM) (Source: MsiInstaller) (EventID: 11606) (User: barrow2etwiden) Description: Product: AdAwareInstaller -- Error 1606. Could not access network location \Ad-Aware Antivirus\11.12.945.9202. Error: (11/20/2016 08:11:24 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Le programme adsfix_3_18.11.2016.1.exe version 18.11.2016.1 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance. ID de processus : 1414 Heure de début : 01d242e6df6419de Heure de fin : 109 Chemin d’accès de l’application : C:\Users\Power2Go 11 promo\Desktop\adsfix_3_18.11.2016.1.exe ID de rapport : Error: (11/19/2016 07:40:51 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005, Accès refusé. . Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur. Opération : Données du rédacteur en cours de collecte Contexte : ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220} Nom du rédacteur: System Writer ID d’instance du rédacteur: {f13cc692-c515-483b-b5ba-8c40320936db} Error: (11/17/2016 12:22:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nom de l’application défaillante RogueKiller.exe, version : 12.8.1.0, horodatage : 0x5829760d Nom du module défaillant : psdprotect.dll, version : 3.1.212.0, horodatage : 0x4bfd066b Code d’exception : 0x40000015 Décalage d’erreur : 0x0000b1f3 ID du processus défaillant : 0x68c Heure de début de l’application défaillante : 0x01d240264fc3504d Chemin d’accès de l’application défaillante : C:\Program Files\RogueKiller\RogueKiller.exe Chemin d’accès du module défaillant: C:\Program Files\EgisTec MyWinLocker\x86\psdprotect.dll ID de rapport : 17ade89f-acb8-11e6-bf9d-d8c6d4ba6fd2 Error: (11/16/2016 12:30:09 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Échec de la création d’un point de restauration (Processus = C:\Users\POWER2~1\AppData\Local\Temp\RarSFX0\LPrint\Setup.exe -l1036 /z/pichk /z/PATH"C:\Program Files\CyberLink" ; Description = Configuré LabelPrint ; Erreur = 0x8007043c). Error: (11/11/2016 02:23:09 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: La création du contexte d’activation a échoué pour « J:\backup data - sosvirus backup disk (usb)\BootkitRemoval_x64.exe ». Assembly dépendant Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. Error: (11/11/2016 02:06:59 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: La création du contexte d’activation a échoué pour « J:\backup data - sosvirus backup disk (usb)\BootkitRemoval_x64.exe ». Assembly dépendant Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. Error: (11/11/2016 01:55:15 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: La création du contexte d’activation a échoué pour « C:\Users\barrow 2 & widen\Desktop\BootkitRemoval_x64.exe ». Assembly dépendant Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. Error: (11/11/2016 01:30:58 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: La création du contexte d’activation a échoué pour « L:\HitmanPro_x64.exe ». Assembly dépendant Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. Erreurs système: ============= Error: (11/25/2016 07:34:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Le service Ad-Aware Service 11 s’est terminé de façon inattendue pour la 1ème fois. CodeIntegrity: =================================== Date: 2016-11-25 12:37:56.068 Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Windows\System32\iseguard32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système. Date: 2016-11-25 12:37:56.030 Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Windows\System32\CcavGuard32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système. Date: 2016-11-25 10:20:20.873 Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Windows\System32\iseguard32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système. Date: 2016-11-25 10:20:20.825 Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Windows\System32\CcavGuard32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système. Date: 2016-11-25 09:54:39.440 Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Windows\System32\iseguard32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système. Date: 2016-11-25 09:54:39.377 Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Windows\System32\CcavGuard32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système. Date: 2016-11-23 07:00:47.873 Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Windows\System32\iseguard32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système. Date: 2016-11-23 07:00:47.858 Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Windows\System32\CcavGuard32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système. Date: 2016-11-22 21:28:28.750 Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Windows\System32\iseguard32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système. Date: 2016-11-22 21:28:28.750 Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume3\Windows\System32\CcavGuard32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système. ==================== Infos Mémoire =========================== Processeur: Intel(R) Atom(TM) CPU N450 @ 1.66GHz Pourcentage de mémoire utilisée: 89% Mémoire physique - RAM - totale: 1013.09 MB Mémoire physique - RAM - disponible: 107.15 MB Mémoire virtuelle totale: 2037.09 MB Mémoire virtuelle disponible: 582.86 MB ==================== Lecteurs ================================ Drive c: (Acer) (Fixed) (Total:215.78 GB) (Free:75.92 GB) NTFS ==>[système avec composants d'amorçage (obtenu depuis lecteur)] Drive d: (Verbatim) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF Drive e: (PARTED MAGI) (Removable) (Total:57.89 GB) (Free:38.92 GB) FAT32 Drive g: (COMPANION) (Removable) (Total:30.02 GB) (Free:1.82 GB) FAT32 Drive h: (CLONEZILLA) (Removable) (Total:1.86 GB) (Free:0.2 GB) FAT32 Drive i: (UUI) (Removable) (Total:7.26 GB) (Free:0.26 GB) FAT32 Drive j: (OTLPE_7 USB) (Removable) (Total:3.75 GB) (Free:0.34 GB) NTFS Drive l: (HITMANPRO) (Removable) (Total:57.55 GB) (Free:26.07 GB) FAT32 Drive m: (FRAMAKEY SA) (Removable) (Total:28.78 GB) (Free:11.03 GB) FAT32 Drive o: (PARTED MAGI) (Removable) (Total:15 GB) (Free:1.16 GB) FAT32 Drive q: (FRAMAKEY MI) (Removable) (Total:14.41 GB) (Free:4.09 GB) FAT32 Drive r: (PARTED MAGI) (Removable) (Total:3.74 GB) (Free:0.43 GB) FAT32 Drive s: () (Removable) (Total:1.83 GB) (Free:1.71 GB) FAT Drive u: (séjour pari) (Removable) (Total:117.02 GB) (Free:8.26 GB) exFAT Drive v: (FRAMAKEY UB) (Removable) (Total:57.64 GB) (Free:50.17 GB) FAT32 ==================== MBR & Table des partitions ================== ======================================================== Disk: 0 (Size: 232.9 GB) (Disk ID: B7B45E2D) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Active) - (Size=4.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=215.8 GB) - (Type=OF Extended) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.4 GB) (Disk ID: 6088C201) Partition 1: (Active) - (Size=14.4 GB) - (Type=0B) ======================================================== Disk: 2 (Size: 57.7 GB) (Disk ID: 720E7790) Partition 1: (Active) - (Size=57.7 GB) - (Type=0B) ======================================================== Disk: 3 (Size: 1.8 GB) (Disk ID: 08148028) Partition 1: (Not Active) - (Size=1.8 GB) - (Type=06) ======================================================== Disk: 4 (Size: 30 GB) (Disk ID: 25C8BCC2) Partition 1: (Active) - (Size=30 GB) - (Type=0C) ======================================================== Disk: 8 (Size: 117 GB) (Disk ID: 1056A957) Partition 1: (Active) - (Size=117 GB) - (Type=07 NTFS) ======================================================== Disk: 9 (Size: 57.9 GB) (Disk ID: 027CE1A0) Partition 1: (Active) - (Size=57.9 GB) - (Type=0C) ======================================================== Disk: 10 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: 319FE485) Partition 1: (Active) - (Size=15 GB) - (Type=0C) ======================================================== Disk: 11 (MBR Code: Windows 7 or 8) (Size: 7.3 GB) (Disk ID: 0C26E2E5) Partition 1: (Active) - (Size=7.3 GB) - (Type=0C) ======================================================== Disk: 12 (Size: 1.9 GB) (Disk ID: 555925CE) Partition 1: (Active) - (Size=1.9 GB) - (Type=0B) ======================================================== Disk: 13 (MBR Code: Windows 7 or 8) (Size: 3.8 GB) (Disk ID: 319FE471) Partition 1: (Active) - (Size=3.8 GB) - (Type=0C) ======================================================== Disk: 14 (MBR Code: Windows 7 or 8) (Size: 57.7 GB) (Disk ID: CA6D68A4) Partition 1: (Active) - (Size=57.7 GB) - (Type=0B) ======================================================== Disk: 15 (Size: 3.8 GB) (Disk ID: 0020526A) Partition 1: (Active) - (Size=3.8 GB) - (Type=07 NTFS) ======================================================== Disk: 16 (Size: 28.8 GB) (Disk ID: A716E9AC) Partition 1: (Active) - (Size=28.8 GB) - (Type=0B) ==================== Fin de Addition.txt ============================