Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Preventivní kontrola, podezřelé chování

Patříte mezi Vzorné návštěvníky? Pak je tato sekce pro vás.

Moderátor: Moderátoři

Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Zpráva
Autor
Max_cz
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 191
Registrován: 20 pro 2005 22:14
Kontaktovat uživatele:

Preventivní kontrola, podezřelé chování

#1 Příspěvek od Max_cz »

Dobrý večer,

mám nově 4 měsíce PC pro práci a při vyhledávání na googlu se mi stává, že mi to vyhodí, že z mé sítě je velké vytížení sítě a ať potvrdím, že nejsem robot... Nebo že hodně stahuji atd... Přitom se nic takové neděje, standartní požadavky na vyhledávání. Je možné se podívat na RSIT log? Mnohokrát děkuji

Kód: Vybrat vše

Logfile of random's system information tool 1.14 (written by random/random) 
Run by Max_cz at 2017-02-02 20:36:09
Microsoft Windows 10 Pro 
System drive C: has 398 GB (82%) free of 488 GB
Total RAM: 32699 MB (88% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:36:13, on 02.02.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe
C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
C:\Program Files\trend micro\Max_cz_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=
O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AAHM\1.00.25\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
O23 - Service: AsusFanControlService - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsusFanControlService\1.08.17\AsusFanControlService.exe
O23 - Service: COMODO Internet Security Helper Service (CmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) - Unknown owner - C:\Windows\system32\IntelCpHDCPSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark - C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: RelevantKnowledge - TMRG,  Inc. - C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

--
End of file - 8883 bytes

======Enumerating Processes======

C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe"
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\igfxCUIService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
"C:\Program Files\Tablet\Wacom\WTabletServicePro.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dashost.exe
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe"
"C:\Program Files (x86)\ASUS\AsusFanControlService\1.08.17\AsusFanControlService.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe"
"C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe"
"C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k appmodel
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe" /ModeAvMonitor -Embedding
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe"
C:\Windows\System32\WinLogon.exe -SpecialSession
C:\Windows\System32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe 
C:\Windows\system32\sihost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup
"C:\Program Files\COMODO\COMODO Internet Security\cistray.exe"
C:\Windows\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe"
"C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe" -schedule
"C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe"
"C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe"
"C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe" -onlytray
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
"C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe" ⼜½
"C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe" 
"C:\Program Files\Tablet\Wacom\WacomHost.exe" "C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe" au
"C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe" au
"C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe" 
"C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe" 
"C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe" 
"C:\Program Files\Windows Defender\MSASCuiL.exe" 
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
C:\Program Files\CCleaner\CCleaner64.exe
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
"C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe" 
C:\Windows\System32\fontdrvhost.exe
"C:\Program Files\COMODO\COMODO Internet Security\cis.exe" --alertsUI
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --enable-npn-http --use-system-ssl --prerender=disabled
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 "--database=C:\Users\Max_cz\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Max_cz\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=55.0.2883.87 --handshake-handle=0x318
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=4728 --on-initialized-event-handle=916 --parent-handle=924 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --enable-features="AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,*DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/site-engagement-eager/AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Control9/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/Default/DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Default/InstanceID/Enabled/MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/StandardR7/ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Control/StrictSecureCookies/Enabled/SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/TranslateServerStudy/Default/TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_60/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --supports-dual-gpus=false --gpu-driver-bug-workarounds=6,17,18,21,37,65 --gpu-vendor-id=0x10de --gpu-device-id=0x1c03 --gpu-driver-vendor=NVIDIA --gpu-driver-version=21.21.13.7290 --gpu-driver-date=9-16-2016 --service-request-channel-token=B52F9656A279F14895A3F5DD6AD7373C --mojo-platform-channel-handle=1616 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,*DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Control9/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Default/*InstanceID/Enabled/MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Control/StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_60/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --primordial-pipe-token=505071CBD919560AE95B5A4E82573840 --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=505071CBD919560AE95B5A4E82573840 --mojo-platform-channel-handle=2668 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,*DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Control9/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Default/*InstanceID/Enabled/MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Control/StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_60/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --primordial-pipe-token=3F2A0C8F1C9C9F2C2ED5624D91958F1D --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=3F2A0C8F1C9C9F2C2ED5624D91958F1D --mojo-platform-channel-handle=2592 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,*DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Control9/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Default/*InstanceID/Enabled/MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Control/StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_60/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --primordial-pipe-token=365435CAA2306C97B5697032CD2C3C31 --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=365435CAA2306C97B5697032CD2C3C31 --mojo-platform-channel-handle=2696 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,*DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Control9/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Default/*InstanceID/Enabled/MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Control/StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_60/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --primordial-pipe-token=DBAA654AFA0E4961E1F263C456C905FD --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=DBAA654AFA0E4961E1F263C456C905FD --mojo-platform-channel-handle=2820 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,*DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Control9/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/*EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Default/*InstanceID/Enabled/*MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/*PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Control/*StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_60/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=9FD6E777114FFD05199A1D65127AD2D1 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=9FD6E777114FFD05199A1D65127AD2D1 --mojo-platform-channel-handle=9200 /prefetch:1
C:\Windows\system32\ApplicationFrameHost.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca
C:\Windows\system32\AUDIODG.EXE 0x7f4
"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
"C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x64__8wekyb3d8bbwe\Video.UI.exe" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-c256c330-affa-4ce7-9528-28c3ee3d5c9b -SystemEventPortName:HostProcess-c83b907a-5086-4bae-8de9-38ca5c35db15 -IoCancelEventPortName:HostProcess-04bc1a34-5973-4862-a826-c74947b1e18d -NonStateChangingEventPortName:HostProcess-3eb229ff-20a5-44a8-9996-db417d984fe3 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:083302a2-974d-43af-8236-3ea380d41488 -DeviceGroupId:WpdFsGroup
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,*DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Control9/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/*EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Default/*InstanceID/Enabled/*MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/*PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/*PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityChip/Enabled/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Control/*StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_60/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=7FB4615783D15C07B14358B412AD2E74 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=7FB4615783D15C07B14358B412AD2E74 --mojo-platform-channel-handle=8752 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,*DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Control9/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/*EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Default/*InstanceID/Enabled/*MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/*PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/*PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityChip/Enabled/*SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Control/*StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_60/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_18/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=50BA0D941E3C3498F03474DEA936E1ED --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=50BA0D941E3C3498F03474DEA936E1ED --mojo-platform-channel-handle=14168 /prefetch:1
"C:\Users\Max_cz\Downloads\RSITx64.exe" 
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe37_ Global\UsGthrCtrlFltPipeMssGthrPipe37 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" 
"C:\Windows\system32\SearchFilterHost.exe" 0 988 992 1000 8192 996 
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\update-S-1-5-21-497983172-942744989-883898907-1001.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\Windows\tasks\update-sys.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\AdobeAAMUpdater-1.0-DESKTOP-K1CDC3N-Max_cz - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
C:\Windows\system32\tasks\AURA - C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\ledcontrolservice.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\GPU Tweak II - C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe
C:\Windows\system32\tasks\update-S-1-5-21-497983172-942744989-883898907-1001 - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\Windows\system32\tasks\update-sys - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\Windows\system32\tasks\Microsoft\XblGameSave\XblGameSaveTask - %windir%\System32\XblGameSaveTask.exe standby
C:\Windows\system32\tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon - %windir%\System32\XblGameSaveTask.exe logon
C:\Windows\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\Windows\system32\sc.exe start wuauserv
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -upload
C:\Windows\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
C:\Windows\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup
C:\Windows\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - %ProgramFiles%\Windows Defender\MpCmdRun.exe Scan -ScheduleJob
C:\Windows\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification
C:\Windows\system32\tasks\Microsoft\Windows\WCM\WiFiTask - %SystemRoot%\System32\WiFiTask.exe
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install - %systemroot%\system32\usoclient.exe StartInstall
C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install - %systemroot%\system32\usoclient.exe StartInstall
C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Reboot - %systemroot%\system32\MusNotification.exe RebootDialog
C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Refresh Settings - %systemroot%\system32\usoclient.exe RefreshSettings
C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot - %systemroot%\system32\usoclient.exe ResumeUpdate
C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan - %systemroot%\system32\usoclient.exe StartScan
C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display - %systemroot%\system32\MusNotification.exe Display
C:\Windows\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot - %systemroot%\system32\MusNotification.exe ReadyToReboot
C:\Windows\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\Windows\system32\tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition - %SystemRoot%\system32\UpgradeSubscription.exe -e
C:\Windows\system32\tasks\Microsoft\Windows\Subscription\LicenseAcquisition - %SystemRoot%\system32\UpgradeSubscription.exe
C:\Windows\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500
C:\Windows\system32\tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask - %windir%\system32\speech_onecore\common\SpeechModelDownload.exe
C:\Windows\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\Windows\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\spaceman.exe /Work
C:\Windows\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\Windows\system32\tasks\Microsoft\Windows\SharedPC\Account Cleanup - %windir%\System32\rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\Windows\system32\tasks\Microsoft\Windows\NlaSvc\WiFiTask - %SystemRoot%\System32\WiFiTask.exe nla
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\Windows\system32\tasks\Microsoft\Windows\Management\Provisioning\Logon - %windir%\system32\ProvTool.exe /turn 5
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotificationWindows.exe
C:\Windows\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\Windows\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClient - %windir%\system32\dmclient.exe
C:\Windows\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload - %windir%\system32\dmclient.exe utcwnf
C:\Windows\system32\tasks\Microsoft\Windows\DUSM\dusmtask - %SystemRoot%\System32\dusmtask.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskFootprint\Diagnostics - %windir%\system32\disksnapshot.exe -z
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\Windows\system32\tasks\Microsoft\Windows\Device Information\Device - %windir%\system32\devicecensus.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Clip\License Validation - %SystemRoot%\system32\ClipUp.exe -p -s -o
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\Windows\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierdaily - %windir%\system32\AppHostRegistrationVerifier.exe
C:\Windows\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierinstall - %windir%\system32\AppHostRegistrationVerifier.exe
C:\Windows\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\Windows\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattelrunner.exe
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} - "C:\Program Files\COMODO\COMODO Internet Security\cistray.exe"
C:\Windows\system32\tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} - "C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe" --launchSchedule {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}
C:\Windows\system32\tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} - "C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe" --launchSchedule {A6D52E4F-569B-4756-B3D8-DF217313DA85}
C:\Windows\system32\tasks\ASUS\ASUS AISuiteIII - C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe -schedule
C:\Windows\system32\tasks\ASUS\ASUS DIPAwayMode - C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
C:\Windows\system32\tasks\ASUS\Ez Update - C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe -onlytray
C:\Windows\system32\tasks\ASUS\GpuFanHelper - C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe
C:\Windows\system32\tasks\ASUS\Push Notice Server Execute - C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
C:\Windows\system32\tasks\ASUS\USB 3.0 Boost Service - C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe

=========Google Chrome=========

C:\Users\Max_cz\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aaokklhiechmkdjlebebbbgcljmlbldl   
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace Google 0.9
Extension adecfhccdknoobplgempjhbojlbpahhn 1 SEO Profesional Toolbar 1.4.3
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Web Store 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bcjhihiojmommjlpafpnhapbphppicem   
Extension beglfmgglnjpeoohdehnfaojhdnjhhkl   
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0  
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension celnaknmndcdcjcagffhbhciignkeokb   
Extension ckibcdccnfeookdmbahgiakhnjcddpki 0  
Extension cmedhionkhpnakcndndgjdbohmhepckk 1 Adblock na Youtube™ 4.1.0
Extension coobgpohoikkiipiblmjeljniedjpjpf   
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension efaidnbmnnnibpcajpcglclefindmkaj 1 Adobe Acrobat 15.1.0.5
Extension elogjhomhhgkmpdagplgmdhgeiphphmf   
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky Google 1.1
Extension geeiaaobbiapamcbigbnpohapdadleeo   
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension hmjkmjkepdijhoojdojkdfohbdgmmhki 1 Google Keep – poznámky a seznamy 3.1.17042.1437
Extension inmmhkeajgflmokoaaoadgkhhmibjbpj 1 Invite All Friends on Facebook 1.7.9
Extension jhfiojdaegegaeiefilimljmbiegiebd 1 Přidávání a otevírání aplikací pro Ch... 2016.10.4.45193
Extension jkehbjjhlccmebnlppheedbgkemooame   
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension lmjegmlicamnimmfhcmpkclmigmmcbeh 1 Application Launcher for Drive (by Google) 3.2
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mfffpogegjflfpflabcdkioaeobkgjik 1 GaiaAuthExtension 0.0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf   
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension mihcahmgecmbnbcchbopgniflfhgnkff 1 Kontrola e-mailu Google 4.4.0
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.1
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.1
Extension nphgeidmkmbmehnihdconhbclfgcdodn   
Extension opnbmdkdflhjiclaoiiifmheknpccalb 1 Instagram for Chrome 6.0.5
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5516.1005.0.3
Homepage: https://www.seznam.cz/
default_search_provider.search_url: 
C:\Users\Max_cz\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage: 
default_search_provider.search_url: 

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj]
"Path"=


======Registry dump======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsDefender"=C:\Program Files\Windows Defender\MSASCuiL.exe [2016-10-04 631808]
"COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}"=C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-09-14 1610936]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-12-18 9288408]
"GoogleDriveSync"=C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2016-12-18 23818360]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Lightshot"=C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [2017-01-27 225944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open - "C:\Program Files (x86)\PSPad editor\PSPad.exe" "%1"

======List of files/folders created in the last 1 month======

2017-02-02 20:36:09 ----D---- C:\rsit
2017-02-02 20:36:09 ----D---- C:\Program Files\trend micro
2017-02-02 02:26:39 ----AD---- C:\Program Files\RawTherapee-5.0-gtk3
2017-02-01 22:59:37 ----D---- C:\Users\Max_cz\AppData\Roaming\Ubisoft
2017-02-01 22:58:18 ----D---- C:\ProgramData\Ubisoft
2017-02-01 22:58:08 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2017-02-01 22:58:08 ----A---- C:\Windows\system32\xactengine2_10.dll
2017-02-01 22:58:07 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2017-02-01 22:58:07 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2017-02-01 22:58:07 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2017-02-01 22:58:07 ----A---- C:\Windows\system32\d3dx9_36.dll
2017-02-01 22:58:07 ----A---- C:\Windows\system32\d3dx10_36.dll
2017-02-01 22:58:07 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2017-02-01 22:58:06 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2017-02-01 22:58:06 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2017-02-01 22:58:06 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2017-02-01 22:58:06 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2017-02-01 22:58:06 ----A---- C:\Windows\system32\xactengine2_9.dll
2017-02-01 22:58:06 ----A---- C:\Windows\system32\d3dx9_35.dll
2017-02-01 22:58:06 ----A---- C:\Windows\system32\d3dx10_35.dll
2017-02-01 22:58:06 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2017-02-01 22:58:05 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2017-02-01 22:58:05 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2017-02-01 22:58:05 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll
2017-02-01 22:58:05 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll
2017-02-01 22:58:05 ----A---- C:\Windows\system32\xactengine2_8.dll
2017-02-01 22:58:05 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2017-02-01 22:58:05 ----A---- C:\Windows\system32\d3dx10_34.dll
2017-02-01 22:58:05 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2017-02-01 22:58:04 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2017-02-01 22:58:04 ----A---- C:\Windows\SYSWOW64\d3dx9_34.dll
2017-02-01 22:58:04 ----A---- C:\Windows\system32\xinput1_3.dll
2017-02-01 22:58:04 ----A---- C:\Windows\system32\d3dx9_34.dll
2017-02-01 22:58:03 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2017-02-01 22:58:03 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2017-02-01 22:58:03 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2017-02-01 22:58:03 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2017-02-01 22:58:03 ----A---- C:\Windows\system32\xactengine2_7.dll
2017-02-01 22:58:03 ----A---- C:\Windows\system32\d3dx9_33.dll
2017-02-01 22:58:03 ----A---- C:\Windows\system32\d3dx10_33.dll
2017-02-01 22:58:03 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2017-02-01 22:58:02 ----A---- C:\Windows\SYSWOW64\xactengine2_6.dll
2017-02-01 22:58:02 ----A---- C:\Windows\system32\xactengine2_6.dll
2017-02-01 22:58:01 ----A---- C:\Windows\SYSWOW64\xactengine2_5.dll
2017-02-01 22:58:01 ----A---- C:\Windows\SYSWOW64\d3dx9_32.dll
2017-02-01 22:58:01 ----A---- C:\Windows\SYSWOW64\d3dx10.dll
2017-02-01 22:58:01 ----A---- C:\Windows\system32\xactengine2_5.dll
2017-02-01 22:58:01 ----A---- C:\Windows\system32\d3dx9_32.dll
2017-02-01 22:58:01 ----A---- C:\Windows\system32\d3dx10.dll
2017-02-01 22:58:00 ----A---- C:\Windows\SYSWOW64\xactengine2_4.dll
2017-02-01 22:58:00 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2017-02-01 22:58:00 ----A---- C:\Windows\system32\xactengine2_4.dll
2017-02-01 22:58:00 ----A---- C:\Windows\system32\x3daudio1_1.dll
2017-02-01 22:57:59 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2017-02-01 22:57:59 ----A---- C:\Windows\SYSWOW64\xactengine2_3.dll
2017-02-01 22:57:59 ----A---- C:\Windows\system32\xinput1_2.dll
2017-02-01 22:57:59 ----A---- C:\Windows\system32\xactengine2_3.dll
2017-02-01 22:57:58 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2017-02-01 22:57:58 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll
2017-02-01 22:57:58 ----A---- C:\Windows\system32\xinput1_1.dll
2017-02-01 22:57:58 ----A---- C:\Windows\system32\xactengine2_2.dll
2017-02-01 22:57:57 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll
2017-02-01 22:57:57 ----A---- C:\Windows\system32\xactengine2_1.dll
2017-02-01 22:57:55 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2017-02-01 22:57:55 ----A---- C:\Windows\system32\d3dx9_30.dll
2017-02-01 22:57:54 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll
2017-02-01 22:57:54 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll
2017-02-01 22:57:54 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2017-02-01 22:57:54 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2017-02-01 22:57:54 ----A---- C:\Windows\system32\xactengine2_0.dll
2017-02-01 22:57:54 ----A---- C:\Windows\system32\x3daudio1_0.dll
2017-02-01 22:57:54 ----A---- C:\Windows\system32\d3dx9_29.dll
2017-02-01 22:57:54 ----A---- C:\Windows\system32\d3dx9_28.dll
2017-02-01 22:57:53 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2017-02-01 22:57:53 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2017-02-01 22:57:53 ----A---- C:\Windows\SYSWOW64\d3dx9_25.dll
2017-02-01 22:57:53 ----A---- C:\Windows\system32\d3dx9_27.dll
2017-02-01 22:57:53 ----A---- C:\Windows\system32\d3dx9_26.dll
2017-02-01 22:57:53 ----A---- C:\Windows\system32\d3dx9_25.dll
2017-02-01 22:57:51 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2017-02-01 22:57:51 ----A---- C:\Windows\system32\d3dx9_24.dll
2017-02-01 22:56:18 ----D---- C:\Program Files (x86)\Ubisoft
2017-02-01 22:56:11 ----D---- C:\Users\Max_cz\AppData\Roaming\InstallShield
2017-02-01 21:56:17 ----D---- C:\Users\Max_cz\AppData\Roaming\New Version Available
2017-02-01 21:56:17 ----D---- C:\Program Files (x86)\RelevantKnowledge
2017-01-30 18:39:54 ----D---- C:\Windows\Downloaded Installations
2017-01-30 18:29:23 ----D---- C:\Users\Max_cz\AppData\Roaming\NVIDIA
2017-01-30 18:22:11 ----D---- C:\ProgramData\NVIDIA
2017-01-30 18:22:02 ----A---- C:\Windows\SYSWOW64\nvStreaming.exe
2017-01-30 18:22:00 ----D---- C:\Temp
2017-01-30 18:22:00 ----A---- C:\Windows\SYSWOW64\vulkaninfo.exe
2017-01-30 18:22:00 ----A---- C:\Windows\SYSWOW64\vulkan-1.dll
2017-01-30 18:22:00 ----A---- C:\Windows\system32\vulkaninfo.exe
2017-01-30 18:22:00 ----A---- C:\Windows\system32\vulkan-1.dll
2017-01-30 18:21:59 ----D---- C:\Program Files (x86)\VulkanRT
2017-01-30 18:21:55 ----A---- C:\Windows\system32\nvvsvc.exe
2017-01-30 18:21:55 ----A---- C:\Windows\system32\nvsvcr.dll
2017-01-30 18:21:55 ----A---- C:\Windows\system32\nvsvc64.dll
2017-01-30 18:21:55 ----A---- C:\Windows\system32\nvshext.dll
2017-01-30 18:21:55 ----A---- C:\Windows\system32\nvmctray.dll
2017-01-30 18:21:55 ----A---- C:\Windows\system32\nvcpl.dll
2017-01-30 18:21:55 ----A---- C:\Windows\system32\nv3dappshextr.dll
2017-01-30 18:21:55 ----A---- C:\Windows\system32\nv3dappshext.dll
2017-01-30 18:21:40 ----D---- C:\ProgramData\NVIDIA Corporation
2017-01-30 18:21:37 ----D---- C:\Program Files\NVIDIA Corporation
2017-01-30 18:21:37 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2017-01-27 22:16:05 ----D---- C:\Program Files (x86)\Skillbrains
2017-01-25 18:14:47 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2017-01-25 18:14:47 ----A---- C:\Windows\system32\poqexec.exe
2017-01-23 01:18:04 ----AD---- C:\Program Files (x86)\TeamViewer
2017-01-22 22:43:40 ----D---- C:\Users\Max_cz\AppData\Roaming\hugin
2017-01-22 22:42:33 ----AD---- C:\Program Files\Hugin
2017-01-11 00:01:21 ----A---- C:\Windows\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 00:01:21 ----A---- C:\Windows\system32\Windows.UI.Xaml.dll
2017-01-11 00:01:20 ----A---- C:\Windows\system32\Windows.Media.dll
2017-01-11 00:01:19 ----A---- C:\Windows\SYSWOW64\Windows.UI.Logon.dll
2017-01-11 00:01:19 ----A---- C:\Windows\SYSWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 00:01:19 ----A---- C:\Windows\SYSWOW64\StoreAgent.dll
2017-01-11 00:01:19 ----A---- C:\Windows\SYSWOW64\InstallAgentUserBroker.exe
2017-01-11 00:01:19 ----A---- C:\Windows\SYSWOW64\InstallAgent.exe
2017-01-11 00:01:19 ----A---- C:\Windows\system32\mfnetsrc.dll
2017-01-11 00:01:19 ----A---- C:\Windows\system32\mfmp4srcsnk.dll
2017-01-11 00:01:19 ----A---- C:\Windows\system32\mfcore.dll
2017-01-11 00:01:19 ----A---- C:\Windows\system32\d2d1.dll
2017-01-11 00:01:18 ----A---- C:\Windows\system32\rdpcore.dll
2017-01-11 00:01:18 ----A---- C:\Windows\system32\mstscax.dll
2017-01-11 00:01:18 ----A---- C:\Windows\system32\mfnetcore.dll
2017-01-11 00:01:18 ----A---- C:\Windows\system32\mfmpeg2srcsnk.dll
2017-01-11 00:01:18 ----A---- C:\Windows\system32\mfasfsrcsnk.dll
2017-01-11 00:01:18 ----A---- C:\Windows\system32\MCRecvSrc.dll
2017-01-11 00:01:18 ----A---- C:\Windows\system32\D3DCompiler_47.dll
2017-01-11 00:01:18 ----A---- C:\Windows\system32\aeinv.dll
2017-01-11 00:01:17 ----A---- C:\Windows\SYSWOW64\Windows.UI.CredDialogController.dll
2017-01-11 00:01:17 ----A---- C:\Windows\SYSWOW64\Windows.UI.Cred.dll
2017-01-11 00:01:17 ----A---- C:\Windows\SYSWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 00:01:17 ----A---- C:\Windows\SYSWOW64\Windows.UI.BioFeedback.dll
2017-01-11 00:01:17 ----A---- C:\Windows\SYSWOW64\offlinesam.dll
2017-01-11 00:01:17 ----A---- C:\Windows\system32\wuuhext.dll
2017-01-11 00:01:17 ----A---- C:\Windows\system32\wuaueng.dll
2017-01-11 00:01:17 ----A---- C:\Windows\system32\winlogon.exe
2017-01-11 00:01:17 ----A---- C:\Windows\system32\sppobjs.dll
2017-01-11 00:01:17 ----A---- C:\Windows\system32\samsrv.dll
2017-01-11 00:01:17 ----A---- C:\Windows\system32\rdpencom.dll
2017-01-11 00:01:17 ----A---- C:\Windows\system32\offlinesam.dll
2017-01-11 00:01:17 ----A---- C:\Windows\system32\lsasrv.dll
2017-01-11 00:01:17 ----A---- C:\Windows\system32\D3D12.dll
2017-01-11 00:01:16 ----A---- C:\Windows\SYSWOW64\shell32.dll
2017-01-11 00:01:16 ----A---- C:\Windows\SYSWOW64\msmpeg2vdec.dll
2017-01-11 00:01:16 ----A---- C:\Windows\SYSWOW64\aclui.dll
2017-01-11 00:01:16 ----A---- C:\Windows\system32\shell32.dll
2017-01-11 00:01:15 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2017-01-11 00:01:15 ----A---- C:\Windows\system32\wuapi.dll
2017-01-11 00:01:15 ----A---- C:\Windows\system32\msv1_0.dll
2017-01-11 00:01:15 ----A---- C:\Windows\system32\kerberos.dll
2017-01-11 00:01:15 ----A---- C:\Windows\system32\ImplatSetup.dll
2017-01-11 00:01:15 ----A---- C:\Windows\system32\drivers\cng.sys
2017-01-11 00:01:14 ----A---- C:\Windows\SYSWOW64\WinSCard.dll
2017-01-11 00:01:14 ----A---- C:\Windows\SYSWOW64\updatepolicy.dll
2017-01-11 00:01:14 ----A---- C:\Windows\SYSWOW64\MSVP9DEC.dll
2017-01-11 00:01:14 ----A---- C:\Windows\SYSWOW64\cryptui.dll
2017-01-11 00:01:14 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll
2017-01-11 00:01:14 ----A---- C:\Windows\system32\wow64.dll
2017-01-11 00:01:14 ----A---- C:\Windows\system32\WinSCard.dll
2017-01-11 00:01:14 ----A---- C:\Windows\system32\updatepolicy.dll
2017-01-11 00:01:14 ----A---- C:\Windows\system32\ScDeviceEnum.dll
2017-01-11 00:01:14 ----A---- C:\Windows\system32\cryptui.dll
2017-01-11 00:01:14 ----A---- C:\Windows\system32\certprop.dll
2017-01-11 00:01:13 ----A---- C:\Windows\SYSWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 00:01:13 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2017-01-11 00:01:13 ----A---- C:\Windows\SYSWOW64\indexeddbserver.dll
2017-01-11 00:01:13 ----A---- C:\Windows\SYSWOW64\Chakradiag.dll
2017-01-11 00:01:13 ----A---- C:\Windows\SYSWOW64\AudioSes.dll
2017-01-11 00:01:12 ----A---- C:\Windows\SYSWOW64\Windows.UI.Xaml.dll
2017-01-11 00:01:12 ----A---- C:\Windows\SYSWOW64\Chakra.dll
2017-01-11 00:01:12 ----A---- C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 00:01:11 ----A---- C:\Windows\SYSWOW64\mspaint.exe
2017-01-11 00:01:11 ----A---- C:\Windows\SYSWOW64\edgehtml.dll
2017-01-11 00:01:11 ----A---- C:\Windows\SYSWOW64\AzureSettingSyncProvider.dll
2017-01-11 00:01:11 ----A---- C:\Windows\system32\AzureSettingSyncProvider.dll
2017-01-11 00:01:10 ----A---- C:\Windows\SYSWOW64\twinui.dll
2017-01-11 00:01:10 ----A---- C:\Windows\system32\win32kbase.sys
2017-01-11 00:01:10 ----A---- C:\Windows\system32\SettingsHandlers_nt.dll
2017-01-11 00:01:10 ----A---- C:\Windows\system32\mspaint.exe
2017-01-11 00:01:10 ----A---- C:\Windows\system32\Chakra.dll
2017-01-11 00:01:09 ----A---- C:\Windows\SYSWOW64\winmde.dll
2017-01-11 00:01:09 ----A---- C:\Windows\system32\twinui.dll
2017-01-11 00:01:09 ----A---- C:\Windows\system32\msmpeg2vdec.dll
2017-01-11 00:01:09 ----A---- C:\Windows\system32\mshtml.dll
2017-01-11 00:01:09 ----A---- C:\Windows\system32\indexeddbserver.dll
2017-01-11 00:01:08 ----A---- C:\Windows\system32\winmde.dll
2017-01-11 00:01:08 ----A---- C:\Windows\system32\Windows.Storage.ApplicationData.dll
2017-01-11 00:01:08 ----A---- C:\Windows\system32\edgehtml.dll
2017-01-11 00:01:08 ----A---- C:\Windows\system32\aadcloudap.dll
2017-01-11 00:01:07 ----A---- C:\Windows\system32\aadtb.dll
2017-01-11 00:01:06 ----A---- C:\Windows\system32\AppVEntSubsystems64.dll
2017-01-11 00:01:05 ----A---- C:\Windows\SYSWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 00:01:05 ----A---- C:\Windows\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 00:01:05 ----A---- C:\Windows\system32\usocore.dll
2017-01-11 00:01:05 ----A---- C:\Windows\system32\rdpcorets.dll
2017-01-11 00:01:05 ----A---- C:\Windows\system32\LaunchWinApp.exe
2017-01-11 00:01:05 ----A---- C:\Windows\system32\AppVPublishing.dll
2017-01-11 00:01:05 ----A---- C:\Windows\system32\AppVOrchestration.dll
2017-01-11 00:01:05 ----A---- C:\Windows\system32\AppVIntegration.dll
2017-01-11 00:01:05 ----A---- C:\Windows\system32\AppVEntSubsystemController.dll
2017-01-11 00:01:05 ----A---- C:\Windows\system32\AppVClient.exe
2017-01-11 00:01:05 ----A---- C:\Windows\system32\AppVCatalog.dll
2017-01-11 00:01:04 ----A---- C:\Windows\SYSWOW64\remoteaudioendpoint.dll
2017-01-11 00:01:04 ----A---- C:\Windows\SYSWOW64\rdpcore.dll
2017-01-11 00:01:04 ----A---- C:\Windows\SYSWOW64\LaunchWinApp.exe
2017-01-11 00:01:04 ----A---- C:\Windows\system32\updatehandlers.dll
2017-01-11 00:01:04 ----A---- C:\Windows\system32\TransportDSA.dll
2017-01-11 00:01:04 ----A---- C:\Windows\system32\MSVP9DEC.dll
2017-01-11 00:01:04 ----A---- C:\Windows\system32\AppVShNotify.exe
2017-01-11 00:01:04 ----A---- C:\Windows\system32\AppVScripting.dll
2017-01-11 00:01:04 ----A---- C:\Windows\system32\AppVReporting.dll
2017-01-11 00:01:04 ----A---- C:\Windows\system32\AppVPolicy.dll
2017-01-11 00:01:04 ----A---- C:\Windows\system32\AppVManifest.dll
2017-01-11 00:01:04 ----A---- C:\Windows\system32\AppVEntVirtualization.dll
2017-01-11 00:01:04 ----A---- C:\Windows\system32\AppVEntStreamingManager.dll
2017-01-11 00:01:04 ----A---- C:\Windows\system32\AppVDllSurrogate.exe
2017-01-11 00:01:03 ----A---- C:\Windows\SYSWOW64\Windows.Media.dll
2017-01-11 00:01:03 ----A---- C:\Windows\SYSWOW64\SyncSettings.dll
2017-01-11 00:01:03 ----A---- C:\Windows\SYSWOW64\rdpencom.dll
2017-01-11 00:01:03 ----A---- C:\Windows\SYSWOW64\MSVPXENC.dll
2017-01-11 00:01:03 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2017-01-11 00:01:03 ----A---- C:\Windows\SYSWOW64\LogonController.dll
2017-01-11 00:01:03 ----A---- C:\Windows\SYSWOW64\CloudBackupSettings.dll
2017-01-11 00:01:03 ----A---- C:\Windows\system32\Windows.UI.Shell.dll
2017-01-11 00:01:03 ----A---- C:\Windows\system32\win32kfull.sys
2017-01-11 00:01:03 ----A---- C:\Windows\system32\win32k.sys
2017-01-11 00:01:03 ----A---- C:\Windows\system32\rdpudd.dll
2017-01-11 00:01:03 ----A---- C:\Windows\system32\OneBackupHandler.dll
2017-01-11 00:01:03 ----A---- C:\Windows\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 00:01:02 ----A---- C:\Windows\SYSWOW64\mfmp4srcsnk.dll
2017-01-11 00:01:02 ----A---- C:\Windows\SYSWOW64\mfcore.dll
2017-01-11 00:01:02 ----A---- C:\Windows\system32\Windows.UI.Logon.dll
2017-01-11 00:01:02 ----A---- C:\Windows\system32\SRHInproc.dll
2017-01-11 00:01:02 ----A---- C:\Windows\system32\SRH.dll
2017-01-11 00:01:02 ----A---- C:\Windows\system32\dosvc.dll
2017-01-11 00:01:02 ----A---- C:\Windows\system32\domgmt.dll
2017-01-11 00:01:02 ----A---- C:\Windows\system32\aclui.dll
2017-01-11 00:01:01 ----A---- C:\Windows\SYSWOW64\mfnetsrc.dll
2017-01-11 00:01:01 ----A---- C:\Windows\system32\StoreAgent.dll
2017-01-11 00:01:01 ----A---- C:\Windows\system32\SettingSyncHost.exe
2017-01-11 00:01:01 ----A---- C:\Windows\system32\SettingSyncCore.dll
2017-01-11 00:01:01 ----A---- C:\Windows\system32\InstallAgentUserBroker.exe
2017-01-11 00:01:01 ----A---- C:\Windows\system32\InstallAgent.exe
2017-01-11 00:01:01 ----A---- C:\Windows\system32\ClipUp.exe
2017-01-11 00:01:01 ----A---- C:\Windows\system32\audiosrv.dll
2017-01-11 00:01:01 ----A---- C:\Windows\system32\AudioSes.dll
2017-01-11 00:01:01 ----A---- C:\Windows\system32\AUDIOKSE.dll
2017-01-11 00:01:01 ----A---- C:\Windows\system32\AudioEng.dll
2017-01-11 00:01:01 ----A---- C:\Windows\system32\AudioEndpointBuilder.dll
2017-01-11 00:01:00 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2017-01-11 00:01:00 ----A---- C:\Windows\SYSWOW64\mfasfsrcsnk.dll
2017-01-11 00:01:00 ----A---- C:\Windows\system32\Windows.UI.CredDialogController.dll
2017-01-11 00:01:00 ----A---- C:\Windows\system32\wbiosrvc.dll
2017-01-11 00:01:00 ----A---- C:\Windows\system32\remoteaudioendpoint.dll
2017-01-11 00:01:00 ----A---- C:\Windows\system32\ie4uinit.exe
2017-01-11 00:01:00 ----A---- C:\Windows\system32\drivers\vhdmp.sys
2017-01-11 00:00:59 ----A---- C:\Windows\SYSWOW64\mfnetcore.dll
2017-01-11 00:00:59 ----A---- C:\Windows\SYSWOW64\mfmpeg2srcsnk.dll
2017-01-11 00:00:59 ----A---- C:\Windows\SYSWOW64\MCRecvSrc.dll
2017-01-11 00:00:59 ----A---- C:\Windows\system32\winsrv.dll
2017-01-11 00:00:59 ----A---- C:\Windows\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 00:00:59 ----A---- C:\Windows\system32\Windows.UI.BioFeedback.dll
2017-01-11 00:00:59 ----A---- C:\Windows\system32\SyncSettings.dll
2017-01-11 00:00:59 ----A---- C:\Windows\system32\securekernel.exe
2017-01-11 00:00:59 ----A---- C:\Windows\system32\fhsettingsprovider.dll
2017-01-11 00:00:59 ----A---- C:\Windows\system32\fhcfg.dll
2017-01-11 00:00:59 ----A---- C:\Windows\system32\drivers\pci.sys
2017-01-11 00:00:59 ----A---- C:\Windows\system32\CloudBackupSettings.dll
2017-01-11 00:00:59 ----A---- C:\Windows\system32\cloudAP.dll
2017-01-11 00:00:58 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-01-11 00:00:55 ----A---- C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 00:00:54 ----A---- C:\Windows\SYSWOW64\win32kfull.sys
2017-01-11 00:00:54 ----A---- C:\Windows\system32\AppXDeploymentServer.dll
2017-01-11 00:00:53 ----A---- C:\Windows\SYSWOW64\SettingSyncHost.exe
2017-01-11 00:00:53 ----A---- C:\Windows\SYSWOW64\SettingSyncCore.dll
2017-01-11 00:00:53 ----A---- C:\Windows\SYSWOW64\aadtb.dll
2017-01-11 00:00:53 ----A---- C:\Windows\system32\LogonController.dll
2017-01-11 00:00:52 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2017-01-11 00:00:51 ----A---- C:\Windows\system32\ConsoleLogon.dll
2017-01-11 00:00:51 ----A---- C:\Windows\system32\CloudExperienceHost.dll
2017-01-11 00:00:50 ----A---- C:\Windows\SYSWOW64\win32k.sys
2017-01-11 00:00:50 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2017-01-11 00:00:50 ----A---- C:\Windows\SYSWOW64\D3DCompiler_47.dll
2017-01-11 00:00:50 ----A---- C:\Windows\SYSWOW64\AppVEntSubsystems32.dll
2017-01-11 00:00:50 ----A---- C:\Windows\system32\MSVPXENC.dll
2017-01-11 00:00:49 ----A---- C:\Windows\SYSWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 00:00:49 ----A---- C:\Windows\system32\provengine.dll
2017-01-11 00:00:48 ----A---- C:\Windows\SYSWOW64\D3D12.dll
2017-01-11 00:00:48 ----A---- C:\Windows\system32\ProvPluginEng.dll
2017-01-11 00:00:48 ----A---- C:\Windows\system32\KnobsCsp.dll
2017-01-11 00:00:48 ----A---- C:\Windows\system32\KnobsCore.dll

======List of files/folders modified in the last 1 month======

2017-02-02 20:36:10 ----D---- C:\Windows\Temp
2017-02-02 20:36:09 ----RD---- C:\Program Files
2017-02-02 20:34:40 ----D---- C:\Users\Max_cz\AppData\Roaming\vlc
2017-02-02 20:33:48 ----D---- C:\Windows\Prefetch
2017-02-02 18:57:57 ----RD---- C:\Windows\Microsoft.NET
2017-02-02 18:57:52 ----D---- C:\Windows\system32\config
2017-02-02 18:49:22 ----D---- C:\Windows\system32\sru
2017-02-02 18:47:34 ----D---- C:\Windows\System32
2017-02-02 18:47:34 ----A---- C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-02 02:57:37 ----D---- C:\Windows\system32\SleepStudy
2017-02-02 02:57:35 ----D---- C:\Users\Max_cz\AppData\Roaming\uTorrent
2017-02-02 02:26:44 ----RSD---- C:\Windows\Fonts
2017-02-02 01:53:38 ----D---- C:\ProgramData\Package Cache
2017-02-01 22:58:18 ----HD---- C:\ProgramData
2017-02-01 22:58:08 ----D---- C:\Windows\SysWOW64
2017-02-01 22:57:57 ----RSD---- C:\Windows\assembly
2017-02-01 22:56:18 ----RD---- C:\Program Files (x86)
2017-02-01 22:56:17 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2017-02-01 22:51:49 ----D---- C:\Users\Max_cz\AppData\Roaming\FileZilla
2017-02-01 21:35:09 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-02-01 21:32:36 ----D---- C:\Windows\system32\Tasks
2017-02-01 21:30:50 ----D---- C:\Users\Max_cz\AppData\Roaming\Spotify
2017-02-01 21:28:24 ----D---- C:\ProgramData\ASUS
2017-02-01 21:26:44 ----SHD---- C:\System Volume Information
2017-02-01 21:22:25 ----D---- C:\Windows\system32\WDI
2017-02-01 20:01:51 ----HD---- C:\Program Files\WindowsApps
2017-02-01 20:01:51 ----D---- C:\Windows\AppReadiness
2017-01-30 23:11:31 ----A---- C:\Windows\GPU-Z.INI
2017-01-30 23:09:24 ----D---- C:\Program Files (x86)\ASUS
2017-01-30 22:42:06 ----D---- C:\Users\Max_cz\AppData\Roaming\PTGui
2017-01-30 18:40:11 ----SHD---- C:\Windows\Installer
2017-01-30 18:40:11 ----A---- C:\Windows\SYSWOW64\ASGT.exe
2017-01-30 18:39:54 ----D---- C:\Windows
2017-01-30 18:22:13 ----D---- C:\Windows\system32\catroot2
2017-01-30 18:22:12 ----D---- C:\Windows\INF
2017-01-30 18:22:00 ----A---- C:\Windows\SYSWOW64\vulkaninfo-1-1-0-26-0.exe
2017-01-30 18:22:00 ----A---- C:\Windows\system32\vulkaninfo-1-1-0-26-0.exe
2017-01-30 18:21:55 ----D---- C:\Windows\Help
2017-01-30 18:21:35 ----D---- C:\Windows\system32\DriverStore
2017-01-30 18:21:30 ----A---- C:\Windows\SYSWOW64\nvEncodeAPI.dll
2017-01-30 18:21:30 ----A---- C:\Windows\SYSWOW64\nvEncMFTH264.dll
2017-01-30 18:21:30 ----A---- C:\Windows\system32\NvIFR64.dll
2017-01-30 18:21:30 ----A---- C:\Windows\system32\NvFBC64.dll
2017-01-30 18:21:30 ----A---- C:\Windows\system32\nvapi64.dll
2017-01-30 18:21:29 ----A---- C:\Windows\SYSWOW64\nvptxJitCompiler.dll
2017-01-30 18:21:29 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2017-01-30 18:21:29 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2017-01-30 18:21:29 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2017-01-30 18:21:29 ----A---- C:\Windows\SYSWOW64\nvfatbinaryLoader.dll
2017-01-30 18:21:29 ----A---- C:\Windows\SYSWOW64\nvDecMFTMjpeg.dll
2017-01-30 18:21:29 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2017-01-30 18:21:29 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2017-01-30 18:21:29 ----A---- C:\Windows\system32\nvptxJitCompiler.dll
2017-01-30 18:21:29 ----A---- C:\Windows\system32\nvopencl.dll
2017-01-30 18:21:29 ----A---- C:\Windows\system32\nvfatbinaryLoader.dll
2017-01-30 18:21:29 ----A---- C:\Windows\system32\nvEncMFThevc.dll
2017-01-30 18:21:29 ----A---- C:\Windows\system32\nvdispco6437290.dll
2017-01-30 18:21:29 ----A---- C:\Windows\system32\nvDecMFTMjpeg.dll
2017-01-30 18:21:29 ----A---- C:\Windows\system32\nvcuvid.dll
2017-01-30 18:21:28 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2017-01-30 18:21:28 ----A---- C:\Windows\SYSWOW64\NvIFROpenGL.dll
2017-01-30 18:21:28 ----A---- C:\Windows\SYSWOW64\nvEncMFThevc.dll
2017-01-30 18:21:28 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2017-01-30 18:21:28 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2017-01-30 18:21:28 ----A---- C:\Windows\system32\nvoglv64.dll
2017-01-30 18:21:28 ----A---- C:\Windows\system32\nvmcumd.dll
2017-01-30 18:21:28 ----A---- C:\Windows\system32\NvIFROpenGL.dll
2017-01-30 18:21:28 ----A---- C:\Windows\system32\nvEncodeAPI64.dll
2017-01-30 18:21:28 ----A---- C:\Windows\system32\nvEncMFTH264.dll
2017-01-30 18:21:28 ----A---- C:\Windows\system32\nvdispgenco6437290.dll
2017-01-30 18:21:28 ----A---- C:\Windows\system32\nvcuda.dll
2017-01-30 18:21:28 ----A---- C:\Windows\system32\nvcompiler.dll
2017-01-29 21:31:12 ----D---- C:\Windows\LiveKernelReports
2017-01-27 22:16:10 ----D---- C:\Windows\Tasks
2017-01-25 18:28:47 ----D---- C:\Windows\CbsTemp
2017-01-25 18:28:46 ----D---- C:\Windows\WinSxS
2017-01-23 01:18:09 ----D---- C:\Users\Max_cz\AppData\Roaming\TeamViewer
2017-01-14 20:41:59 ----D---- C:\Program Files\TabletPlugins
2017-01-14 20:41:51 ----D---- C:\Program Files (x86)\TabletPlugins
2017-01-13 19:46:31 ----D---- C:\Windows\rescache
2017-01-11 00:47:04 ----RD---- C:\Windows\ImmersiveControlPanel
2017-01-11 00:47:04 ----D---- C:\Windows\system32\WinBioPlugIns
2017-01-11 00:47:04 ----D---- C:\Windows\system32\wbem
2017-01-11 00:47:04 ----D---- C:\Windows\system32\oobe
2017-01-11 00:47:04 ----D---- C:\Windows\ShellExperiences
2017-01-11 00:47:04 ----D---- C:\Windows\Provisioning
2017-01-11 00:47:04 ----D---- C:\Windows\PolicyDefinitions
2017-01-11 00:47:04 ----D---- C:\Program Files\Internet Explorer
2017-01-11 00:47:04 ----D---- C:\Program Files (x86)\Internet Explorer
2017-01-11 00:47:03 ----D---- C:\Windows\system32\drivers
2017-01-11 00:28:21 ----D---- C:\Windows\system32\MRT
2017-01-11 00:27:24 ----AC---- C:\Windows\system32\MRT.exe
2017-01-11 00:27:12 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2017-01-10 23:14:46 ----D---- C:\Windows\system32\NDF



Max_cz
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 191
Registrován: 20 pro 2005 22:14
Kontaktovat uživatele:

Re: Preventivní kontrola, podezřelé chování

#2 Příspěvek od Max_cz »

Kód: Vybrat vše

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-100; C:\Windows\system32\drivers\iorate.sys [2016-11-10 48992]
R1 AsIO;AsIO; SysWow64\drivers\AsIO.sys []
R1 AsUpIO;AsUpIO; SysWow64\drivers\AsUpIO.sys []
R1 cmderd;COMODO Internet Security Eradication Driver; C:\Windows\System32\DRIVERS\cmderd.sys [2016-09-08 40960]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\system32\DRIVERS\cmdguard.sys [2016-09-08 862648]
R1 cmdhlp;COMODO Internet Security Helper Driver; C:\Windows\system32\DRIVERS\cmdhlp.sys [2016-09-08 54336]
R1 ElRawDisk;ElRawDisk; \??\C:\Windows\system32\drivers\rsdrvx64.sys [2016-11-27 26024]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2016-09-08 147304]
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\Windows\System32\drivers\registry.sys [2016-07-16 70144]
R3 AiChargerPlus;AiChargerPlus; SysWow64\drivers\AiChargerPlus.sys []
R3 AndroidAFD;AndroidAFD; SysWow64\drivers\AndroidAFDx64.sys []
R3 asmthub3;@oem13.inf,%asmthub3_ServiceDescription%;ASMedia USB3 Hub Service; C:\Windows\System32\drivers\asmthub3.sys [2016-10-04 149240]
R3 asmtxhci;@oem12.inf,%asmtxhci_ServiceDescription%;ASMEDIA XHCI Service; C:\Windows\System32\drivers\asmtxhci.sys [2016-10-04 442104]
R3 ASUSFILTER;ASUSFILTER; SysWow64\drivers\ASUSFILTER.sys []
R3 hidkmdf;@oem19.inf,%hidkmdf.SVCDESC%;KMDF Driver; C:\Windows\System32\drivers\hidkmdf.sys [2016-12-16 32480]
R3 nvlddmkm;nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_bf2d88c4ea749bb8\nvlddmkm.sys [2017-01-30 14242880]
R4 IOMap;IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [2014-10-23 24824]
S0 megasas2i;megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [2016-10-11 64352]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\Windows\System32\drivers\scmbus.sys [2016-07-16 88416]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\Windows\System32\drivers\AcpiDev.sys [2016-07-16 18432]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\Windows\system32\drivers\applockerfltr.sys [2016-07-16 15360]
S3 AppvStrm;@%systemroot%\system32\drivers\AppvStrm.sys,-101; C:\Windows\system32\drivers\AppvStrm.sys [2016-10-04 127328]
S3 AppvVemgr;@%systemroot%\system32\drivers\AppvVemgr.sys,-101; C:\Windows\system32\drivers\AppvVemgr.sys [2016-07-16 157024]
S3 AppvVfs;@%systemroot%\system32\drivers\AppvVfs.sys,-101; C:\Windows\system32\drivers\AppvVfs.sys [2016-07-16 141152]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\Windows\system32\drivers\hvservice.sys [2016-10-04 73568]
S3 cht4iscsi;cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [2016-07-16 346976]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\Windows\System32\drivers\cht4vx64.sys [2016-07-16 2104160]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\Windows\System32\drivers\iagpio.sys [2016-07-16 33280]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [2016-07-16 64512]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\Windows\System32\drivers\IndirectKmd.sys [2016-07-16 35840]
S3 irda;IrDA; C:\Windows\system32\drivers\irda.sys [2016-07-16 120320]
S3 MbswMailbox;MbswMailbox; \??\C:\Program Files (x86)\ASUS\AI Suite III\690b33e1-0462-4e84-9bea-c7552b45432a.sys [2016-10-18 17208]
S3 MsSecFlt;@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001; C:\Windows\system32\drivers\mssecflt.sys [2016-07-16 179040]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\Windows\system32\drivers\NetAdapterCx.sys [2016-07-16 90624]
S3 scmdisk0101;@scmdisk0101.inf,%scmdisk0101.SvcDesc%;Microsoft NVDIMM-N disk driver; C:\Windows\System32\drivers\scmdisk0101.sys [2016-07-16 123904]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2016-07-16 123392]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension; C:\Windows\System32\Drivers\UcmTcpciCx.sys [2016-07-16 108544]
S4 UevAgentDriver;@%systemroot%\system32\drivers\UevAgentDriver.sys,-101; C:\Windows\system32\drivers\UevAgentDriver.sys [2016-07-16 40288]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 asComSvc;ASUS Com Service; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [2015-05-08 936728]
R2 asHmComSvc;ASUS HM Com Service; C:\Program Files (x86)\ASUS\AAHM\1.00.25\aaHMSvc.exe [2017-02-01 963544]
R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [2014-09-26 1360016]
R2 AsusFanControlService;AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.08.17\AsusFanControlService.exe [2017-02-01 2394072]
R2 CDPUserSvc_5dd9c65;CDPUserSvc_5dd9c65; C:\Windows\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
R2 CmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2016-09-14 5817256]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2017-01-30 1364024]
R2 OneSyncSvc_5dd9c65;Hostitel synchronizace_5dd9c65; C:\Windows\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [2017-01-30 426040]
R2 TeamViewer;TeamViewer 12; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2017-01-23 10351856]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2016-11-08 43696]
R3 TimeBrokerSvc;@%windir%\system32\TimeBrokerServer.dll,-1001; %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\TimeBrokerServer.dll
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=%SystemRoot%\System32\CDPUserSvc.dll
S2 RelevantKnowledge;RelevantKnowledge; C:\Program Files (x86)\RelevantKnowledge\rlservice.exe [2017-02-01 186136]
S3 cmdvirth;COMODO Virtual Service Manager; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2016-09-14 2271928]
S3 cplspcon;Intel(R) Content Protection HDCP Service; C:\Windows\system32\IntelCpHDCPSvc.exe [2016-06-02 439800]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; %SystemRoot%\System32\svchost.exe -k Camera;"ServiceDll"=%SystemRoot%\system32\FrameServer.dll
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [2016-10-04 342456]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\hvhostsvc.dll
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\irmon.dll
S3 MessagingService_5dd9c65;Služba zasílání zpráv_5dd9c65; C:\Windows\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 PimIndexMaintenanceSvc_5dd9c65;Data kontaktů_5dd9c65; C:\Windows\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\RMapi.dll
S3 Sense;@%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2016-10-04 2889896]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S4 AppVClient;@%systemroot%\system32\AppVClient.exe,-102; C:\Windows\system32\AppVClient.exe [2017-01-11 822624]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll"=%systemroot%\system32\Windows.SharedPC.AccountManager.dll
S4 UevAgentService;@%systemroot%\system32\AgentService.exe,-102; C:\Windows\system32\AgentService.exe [2016-07-16 1227264]

-----------------EOF-----------------

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Preventivní kontrola, podezřelé chování

#3 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Max_cz
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 191
Registrován: 20 pro 2005 22:14
Kontaktovat uživatele:

Re: Preventivní kontrola, podezřelé chování

#4 Příspěvek od Max_cz »

Kód: Vybrat vše

# AdwCleaner v6.043 - Log vytvořen 03/02/2017 v 00:19:46
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-02-02.4 [Server]
# Operační systém : Windows 10 Pro  (X64)
# Uživatelské jméno : Max_cz - DESKTOP-K1CDC3N
# Spuštěno z : C:\Users\Max_cz\Desktop\adwcleaner_6.043.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

[-] Služba smazána: RelevantKnowledge


***** [ Složky ] *****

[-] Složka smazána: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
[-] Složka smazána: C:\Program Files (x86)\RelevantKnowledge


***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****

[-] Klíč smazán: HKU\S-1-5-21-497983172-942744989-883898907-1001\Software\csastats
[-] Klíč smazán: HKU\S-1-5-21-497983172-942744989-883898907-1001\Software\ICSW1.23
[#] Klíč smazán po restartu: HKCU\Software\csastats
[#] Klíč smazán po restartu: HKCU\Software\ICSW1.23
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D08D9F98-1C78-4704-87E6-368B0023D831}
[#] Klíč smazán po restartu: [x64] HKCU\Software\csastats
[#] Klíč smazán po restartu: [x64] HKCU\Software\ICSW1.23


***** [ Prohlížeče ] *****

[-] [C:\Users\Max_cz\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazáno: icq.com
[-] [C:\Users\Max_cz\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazáno: isearch.avg.com
[-] [C:\Users\Max_cz\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazáno: pricegrabber.com
[-] [C:\Users\Max_cz\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazáno: smart-pc-fixer.en.softonic.com
[-] [C:\Users\Max_cz\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazáno: ask.com


*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2128 Bajty] - [03/02/2017 00:19:46]
C:\AdwCleaner\AdwCleaner[S0].txt - [2401 Bajty] - [03/02/2017 00:16:56]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2274 Bajty] ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Preventivní kontrola, podezřelé chování

#5 Příspěvek od Rudy »

Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Max_cz
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 191
Registrován: 20 pro 2005 22:14
Kontaktovat uživatele:

Re: Preventivní kontrola, podezřelé chování

#6 Příspěvek od Max_cz »

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by Max_cz (administrator) on DESKTOP-K1CDC3N (04-02-2017 00:22:53)
Running from C:\Users\Max_cz\Desktop
Loaded Profiles: Max_cz (Available Profiles: defaultuser0 & Max_cz)
Platform: Windows 10 Pro Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.25\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.08.17\AsusFanControlService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(TODO: <Company name>) C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Spotify Ltd) C:\Users\Max_cz\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
() C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tray\ColorMunki Photo Tray.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Spotify Ltd) C:\Users\Max_cz\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Max_cz\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Max_cz\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Max_cz\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Max_cz\Desktop\FRSTLauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-04] (Microsoft Corporation)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-09-14] (COMODO)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-01-27] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2017-02-03] (Sun Microsystems, Inc.)
HKU\S-1-5-21-497983172-942744989-883898907-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-18] (Piriform Ltd)
HKU\S-1-5-21-497983172-942744989-883898907-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-12-18] (Google)
HKU\S-1-5-21-497983172-942744989-883898907-1001\...\Run: [Spotify Web Helper] => C:\Users\Max_cz\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-01-27] (Spotify Ltd)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ColorMunki Gamma.lnk [2017-02-03]
ShortcutTarget: ColorMunki Gamma.lnk -> C:\Program Files (x86)\X-Rite\ColorMunki Photo\Gamma\CalibrationLoader.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ColorMunkiPhotoTray.exe.lnk [2017-02-03]
ShortcutTarget: ColorMunkiPhotoTray.exe.lnk -> C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tray\ColorMunki Photo Tray.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\i1Profiler Tray.lnk [2017-02-03]
ShortcutTarget: i1Profiler Tray.lnk -> C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\XRGamma.lnk [2017-02-03]
ShortcutTarget: XRGamma.lnk -> C:\Program Files (x86)\X-Rite\i1Profiler\XRGamma.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3a91b5ca-a6c0-45a6-85a7-8134d6749e99}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-497983172-942744989-883898907-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2017-02-03] (Sun Microsystems, Inc.)

FireFox:
========
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/","hxxp://www.google.cz/ig?hl=cs"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Max_cz\AppData\Local\Google\Chrome\User Data\Default [2017-02-04]
CHR Extension: (Prezentace Google) - C:\Users\Max_cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-04]
CHR Extension: (SEO Profesional Toolbar) - C:\Users\Max_cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\adecfhccdknoobplgempjhbojlbpahhn [2016-10-04]
CHR Extension: (Dokumenty Google) - C:\Users\Max_cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-04]
CHR Extension: (Disk Google) - C:\Users\Max_cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-04]
CHR Extension: (YouTube) - C:\Users\Max_cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-04]
CHR Extension: (Adblock na Youtube™) - C:\Users\Max_cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-10-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Max_cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-30]
CHR Extension: (Tabulky Google) - C:\Users\Max_cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-04]
CHR Extension: (Dokumenty Google offline) - C:\Users\Max_cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-04]
CHR Extension: (Google Keep – poznámky a seznamy) - C:\Users\Max_cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-01-31]
CHR Extension: (Invite All Friends on Facebook) - C:\Users\Max_cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmhkeajgflmokoaaoadgkhhmibjbpj [2017-02-01]
CHR Extension: (Přidávání a otevírání aplikací pro Ch...) - C:\Users\Max_cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhfiojdaegegaeiefilimljmbiegiebd [2016-10-04]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Max_cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-10-12]
CHR Extension: (Kontrola e-mailu Google) - C:\Users\Max_cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2016-10-04]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Max_cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Instagram for Chrome) - C:\Users\Max_cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2016-11-26]
CHR Extension: (Gmail) - C:\Users\Max_cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-04]
CHR Extension: (Chrome Media Router) - C:\Users\Max_cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16]
CHR HKU\S-1-5-21-497983172-942744989-883898907-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2015-05-08] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.25\aaHMSvc.exe [963544 2017-02-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-09-26] () [File not signed]
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.08.17\AsusFanControlService.exe [2394072 2017-02-01] (ASUSTeK Computer Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-09-14] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-09-14] (COMODO)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [439800 2016-06-02] (Intel Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2016-10-04] (Futuremark)
R2 hasplms; C:\Windows\system32\hasplms.exe [4608320 2017-02-03] (SafeNet Inc.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [365048 2016-06-02] (Intel Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-10-04] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2017-01-23] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [671696 2016-12-16] (Wacom Technology, Corp.)
R2 xrdd.exe; C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe [83312 2017-02-03] (X-Rite Inc.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2016-10-04] (ASUSTek Computer Inc.)
R3 AndroidAFD; C:\Windows\SysWow64\drivers\AndroidAFDx64.sys [28472 2016-10-04] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2016-10-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-24] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [40960 2016-09-08] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [862648 2016-09-08] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [54336 2016-09-08] (COMODO)
R3 colormunki; C:\Windows\System32\Drivers\colormunki_x64.sys [51600 2017-02-03] (Thesycon GmbH, Germany)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d65x64.sys [559080 2016-04-19] (Intel Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2016-11-27] (EldoS Corporation)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331608 2014-11-27] (SafeNet Inc.)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [147304 2016-09-08] (COMODO)
R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2014-10-23] (ASUSTeK Computer Inc.)
S3 MbswMailbox; C:\Program Files (x86)\ASUS\AI Suite III\690b33e1-0462-4e84-9bea-c7552b45432a.sys [17208 2016-10-18] ()
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_bf2d88c4ea749bb8\nvlddmkm.sys [14242880 2017-01-30] (NVIDIA Corporation)
R3 PdiPorts; C:\Windows\System32\drivers\PdiPorts.sys [19248 2017-02-03] (Portrait Displays, Inc.)
R3 WacHidRouterPro; C:\Windows\System32\drivers\wachidrouter.sys [119448 2016-12-16] (Wacom Technology)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R2 WinI2C-DDC; C:\Windows\system32\drivers\DDCDrv.sys [20832 2016-10-18] (Nicomsoft Ltd.)
R2 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [10240 2017-02-03] (Nicomsoft Ltd.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-04 00:22 - 2017-02-04 00:22 - 00018868 _____ C:\Users\Max_cz\Desktop\FRST.txt
2017-02-04 00:18 - 2017-02-04 00:19 - 00112640 _____ (forum.viry.cz) C:\Users\Max_cz\Desktop\FRSTLauncher.exe
2017-02-04 00:16 - 2017-02-04 00:22 - 00000000 ____D C:\FRST
2017-02-04 00:16 - 2017-02-04 00:16 - 02420736 _____ (Farbar) C:\Users\Max_cz\Desktop\FRST64.exe
2017-02-03 23:44 - 2017-02-03 23:43 - 04608320 _____ (SafeNet Inc.) C:\Windows\system32\hasplms.exe
2017-02-03 23:44 - 2017-02-03 23:43 - 04608320 _____ (SafeNet Inc.) C:\Windows\system32\aksllmtp.exe
2017-02-03 23:44 - 2014-11-27 10:04 - 00331608 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\hardlock.sys
2017-02-03 23:44 - 2014-11-27 10:04 - 00198088 _____ (Aladdin Knowledge Systems Ltd.) C:\Windows\SysWOW64\hlvdd.dll
2017-02-03 23:44 - 2014-11-27 10:04 - 00162136 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\aksfridge.sys
2017-02-03 23:44 - 2014-11-27 10:04 - 00091784 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\aksdf.sys
2017-02-03 23:43 - 2017-02-03 23:43 - 00145920 _____ (Nicomsoft Ltd.) C:\Windows\system32\DDCHelper.dll
2017-02-03 23:43 - 2017-02-03 23:43 - 00131584 _____ (Nicomsoft Ltd.) C:\Windows\SysWOW64\DDCHelper.dll
2017-02-03 23:43 - 2017-02-03 23:43 - 00125440 _____ (Nicomsoft Ltd.) C:\Windows\system32\DDCHelperX.dll
2017-02-03 23:43 - 2017-02-03 23:43 - 00108032 _____ (Nicomsoft Ltd.) C:\Windows\SysWOW64\DDCHelperX.dll
2017-02-03 23:43 - 2017-02-03 23:43 - 00010240 _____ (Nicomsoft Ltd.) C:\Windows\SysWOW64\Drivers\DDCDrv.sys
2017-02-03 23:43 - 2017-02-03 23:43 - 00001321 _____ C:\Users\Public\Desktop\i1Profiler.lnk
2017-02-03 23:37 - 2017-02-03 23:40 - 151061216 _____ (X-Rite ) C:\Users\Max_cz\Downloads\i1ProfilerSetup.exe
2017-02-03 23:23 - 2017-02-03 23:23 - 00067992 _____ C:\Users\Max_cz\Downloads\kalibrace.zip
2017-02-03 22:30 - 2017-02-03 23:55 - 00000000 ____D C:\Users\Max_cz\AppData\Roaming\X-Rite
2017-02-03 22:29 - 2017-02-03 22:29 - 00149280 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2017-02-03 22:29 - 2017-02-03 22:29 - 00145184 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2017-02-03 22:29 - 2017-02-03 22:29 - 00145184 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2017-02-03 22:29 - 2017-02-03 22:29 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-03 22:28 - 2017-02-03 23:54 - 00000428 _____ C:\Windows\Tasks\X-Rite Device Services Software Updater.job
2017-02-03 22:28 - 2017-02-03 22:28 - 00003036 _____ C:\Windows\System32\Tasks\X-Rite Device Services Software Updater
2017-02-03 22:26 - 2017-02-03 22:28 - 122378392 _____ (X-Rite ) C:\Users\Max_cz\Downloads\ColorMunkiPhotoSetup.exe
2017-02-03 22:24 - 2017-02-03 22:29 - 00411368 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deploytk.dll
2017-02-03 22:15 - 2017-02-03 22:15 - 00019248 _____ (Portrait Displays, Inc.) C:\Windows\system32\Drivers\pdiports.sys
2017-02-03 22:15 - 2017-02-03 22:15 - 00000000 ____D C:\Users\Max_cz\AppData\LocalLow\Sun
2017-02-03 22:15 - 2017-02-03 22:15 - 00000000 ____D C:\Program Files (x86)\My Program
2017-02-03 22:14 - 2017-02-03 23:44 - 00000000 ____D C:\ProgramData\X-Rite
2017-02-03 22:14 - 2017-02-03 22:28 - 00002328 _____ C:\Users\Public\Desktop\Photo.lnk
2017-02-03 22:06 - 2017-02-03 22:12 - 333610002 _____ C:\Users\Max_cz\Downloads\ColorMunkiPhoto_1-1-1_Win.zip
2017-02-03 21:58 - 2017-02-03 21:58 - 00938269 _____ C:\Users\Max_cz\Downloads\pm5_calibration_tester.zip
2017-02-03 21:48 - 2017-02-03 23:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X-Rite
2017-02-03 21:48 - 2017-02-03 23:42 - 00000000 ____D C:\Program Files (x86)\X-Rite
2017-02-03 21:48 - 2017-02-03 21:48 - 00051600 _____ (Thesycon GmbH, Germany) C:\Windows\system32\Drivers\i1iSis_x64.sys
2017-02-03 21:48 - 2017-02-03 21:48 - 00051600 _____ (Thesycon GmbH, Germany) C:\Windows\system32\Drivers\i1io2_x64.sys
2017-02-03 21:48 - 2017-02-03 21:48 - 00051600 _____ (Thesycon GmbH, Germany) C:\Windows\system32\Drivers\i1_x64.sys
2017-02-03 21:48 - 2017-02-03 21:48 - 00051600 _____ (Thesycon GmbH, Germany) C:\Windows\system32\Drivers\colormunki_x64.sys
2017-02-03 21:48 - 2017-02-03 21:48 - 00007808 _____ (GretagMacbeth LLC) C:\Windows\system32\Drivers\i1display_x64.sys
2017-02-03 21:48 - 2017-02-03 21:48 - 00001265 _____ C:\Users\Max_cz\Desktop\i1Diagnostics 4.lnk
2017-02-03 21:47 - 2017-02-03 21:48 - 10512856 _____ (X-Rite ) C:\Users\Max_cz\Downloads\i1Diagnostics-4.1.2-Installer.exe
2017-02-03 00:16 - 2017-02-03 00:19 - 00000000 ____D C:\AdwCleaner
2017-02-03 00:15 - 2017-02-03 00:15 - 04015056 _____ C:\Users\Max_cz\Desktop\adwcleaner_6.043.exe
2017-02-02 20:36 - 2017-02-02 20:36 - 00000000 ____D C:\rsit
2017-02-02 20:36 - 2017-02-02 20:36 - 00000000 ____D C:\Program Files\trend micro
2017-02-02 20:33 - 2017-02-02 20:33 - 01323520 _____ C:\Users\Max_cz\Downloads\RSITx64.exe
2017-02-02 20:29 - 2017-02-02 20:29 - 09647696 _____ (Crawler Group ) C:\Users\Max_cz\Downloads\SpywareTerminatorSetup.exe
2017-02-02 20:29 - 2017-02-02 20:29 - 00047814 _____ C:\Users\Max_cz\Downloads\Boardwalk-Empire-S03E08(0000238264).srt
2017-02-02 02:33 - 2017-02-02 02:33 - 00001353 _____ C:\Users\Max_cz\AppData\Local\recently-used.xbel
2017-02-02 02:26 - 2017-02-02 02:26 - 00000000 ____D C:\Users\Max_cz\AppData\Local\RawTherapee
2017-02-02 02:26 - 2017-02-02 02:26 - 00000000 ____D C:\Users\Max_cz\AppData\Local\gtk-3.0
2017-02-02 02:26 - 2017-02-02 02:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RawTherapee 5.0-gtk3
2017-02-02 02:26 - 2017-02-02 02:26 - 00000000 ____D C:\Program Files\RawTherapee-5.0-gtk3
2017-02-02 02:25 - 2017-02-02 02:26 - 20159387 _____ C:\Users\Max_cz\Downloads\RawTherapee_WinVista_64_5.0-gtk3_3.18_release.zip
2017-02-02 02:17 - 2017-02-02 02:17 - 00001423 _____ C:\Users\Max_cz\Downloads\HotPixelRemover.zip
2017-02-02 02:03 - 2017-02-02 02:03 - 00184852 _____ C:\Users\Max_cz\Downloads\MrawGui_1.5.rar
2017-02-02 01:52 - 2017-02-02 01:52 - 58602362 _____ C:\Users\Max_cz\Downloads\StarStaX-0.71_win64.zip
2017-02-02 01:46 - 2017-02-02 01:46 - 00553015 _____ C:\Users\Max_cz\Downloads\PixelFixer-1.17_64bit.zip
2017-02-01 22:59 - 2017-02-01 22:59 - 00000000 ____D C:\Users\Max_cz\AppData\Roaming\Ubisoft
2017-02-01 22:58 - 2017-02-01 22:58 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2017-02-01 22:58 - 2017-02-01 22:58 - 00000000 ____D C:\ProgramData\Ubisoft
2017-02-01 22:57 - 2017-02-01 22:57 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2017-02-01 22:57 - 2017-02-01 22:57 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2017-02-01 22:57 - 2017-02-01 22:57 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2017-02-01 22:57 - 2017-02-01 22:57 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2017-02-01 22:57 - 2017-02-01 22:57 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2017-02-01 22:57 - 2017-02-01 22:57 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2017-02-01 22:57 - 2017-02-01 22:57 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2017-02-01 22:57 - 2017-02-01 22:57 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2017-02-01 22:57 - 2017-02-01 22:57 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2017-02-01 22:57 - 2017-02-01 22:57 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2017-02-01 22:57 - 2017-02-01 22:57 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2017-02-01 22:57 - 2017-02-01 22:57 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2017-02-01 22:57 - 2017-02-01 22:57 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2017-02-01 22:57 - 2017-02-01 22:57 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2017-02-01 22:57 - 2017-02-01 22:57 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2017-02-01 22:57 - 2017-02-01 22:57 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2017-02-01 22:57 - 2017-02-01 22:57 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2017-02-01 22:57 - 2017-02-01 22:57 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2017-02-01 22:57 - 2017-02-01 22:57 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2017-02-01 22:57 - 2017-02-01 22:57 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2017-02-01 22:57 - 2017-02-01 22:57 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2017-02-01 22:57 - 2017-02-01 22:57 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2017-02-01 22:57 - 2017-02-01 22:57 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2017-02-01 22:57 - 2017-02-01 22:57 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2017-02-01 22:57 - 2017-02-01 22:57 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2017-02-01 22:57 - 2017-02-01 22:57 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2017-02-01 22:57 - 2017-02-01 22:57 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2017-02-01 22:57 - 2017-02-01 22:57 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2017-02-01 22:56 - 2017-02-01 22:56 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2017-02-01 22:27 - 2017-02-01 22:31 - 00000000 ____D C:\Users\Max_cz\Downloads\assasin cread cz
2017-02-01 22:26 - 2017-02-01 22:26 - 00027211 _____ C:\Users\Max_cz\Downloads\[CzT]Assassin_s_Creed_2008_CZ_.torrent
2017-02-01 22:01 - 2017-02-02 01:36 - 00000000 ____D C:\Users\Max_cz\AppData\Local\Screencast-O-Matic-v2
2017-02-01 22:01 - 2017-02-01 22:01 - 00000000 ____D C:\Users\Max_cz\Documents\Screencast-O-Matic
2017-02-01 22:01 - 2017-02-01 22:01 - 00000000 ____D C:\Users\Max_cz\AppData\Local\WebLaunchRecorder
2017-02-01 22:00 - 2017-02-01 22:00 - 00347584 _____ (Big Nerd Software, LLC) C:\Users\Max_cz\Downloads\WebLaunchRecorder.exe
2017-02-01 21:56 - 2017-02-01 21:56 - 00000000 ____D C:\Users\Max_cz\AppData\Roaming\New Version Available
2017-02-01 21:54 - 2017-02-01 21:55 - 06061416 _____ (SoftPerk Co., Ltd. ) C:\Users\Max_cz\Downloads\WebcamScreenVideoCaptureFree.exe
2017-02-01 21:39 - 2017-02-01 21:40 - 17956136 _____ C:\Users\Max_cz\Downloads\InstallScreencastOMatic-2.0.exe
2017-02-01 21:25 - 2017-02-01 21:26 - 116602337 _____ C:\Users\Max_cz\Downloads\AISuiteIII_V10159_DIP5_10390.zip
2017-01-30 23:09 - 2017-01-30 23:09 - 00003150 _____ C:\Windows\System32\Tasks\AURA
2017-01-30 18:40 - 2017-02-03 22:30 - 00003260 _____ C:\Windows\System32\Tasks\GPU Tweak II
2017-01-30 18:40 - 2017-01-30 18:40 - 00000000 ____D C:\Users\Max_cz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS
2017-01-30 18:39 - 2017-01-30 18:39 - 00000000 ____D C:\Windows\Downloaded Installations
2017-01-30 18:29 - 2017-01-30 18:29 - 00000000 ____D C:\Users\Max_cz\AppData\Roaming\NVIDIA
2017-01-30 18:22 - 2017-02-03 23:54 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-30 18:22 - 2017-01-30 18:22 - 00134712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-01-30 18:22 - 2017-01-30 18:22 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2017-01-30 18:22 - 2017-01-30 18:22 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-01-30 18:22 - 2017-01-30 18:22 - 00000000 ____D C:\Temp
2017-01-30 18:22 - 2016-09-09 19:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-01-30 18:22 - 2016-09-09 19:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
2017-01-30 18:21 - 2017-01-30 18:22 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-30 18:21 - 2017-01-30 18:21 - 01364024 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2017-01-30 18:21 - 2017-01-30 18:21 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-01-30 18:21 - 2017-01-30 18:21 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-30 18:21 - 2017-01-30 18:21 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-01-30 18:21 - 2016-09-16 23:54 - 07379415 _____ C:\Windows\system32\nvcoproc.bin
2017-01-30 18:21 - 2016-09-16 23:54 - 06384064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-01-30 18:21 - 2016-09-16 23:54 - 02475064 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-01-30 18:21 - 2016-09-16 23:54 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-01-30 18:21 - 2016-09-16 23:54 - 00548408 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-01-30 18:21 - 2016-09-16 23:54 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-01-30 18:21 - 2016-09-16 23:54 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-01-30 18:21 - 2016-09-16 23:54 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-01-27 22:18 - 2017-01-27 22:18 - 00000000 ____D C:\Users\Max_cz\Documents\Lightshot
2017-01-27 22:16 - 2017-01-30 18:18 - 00000422 _____ C:\Windows\Tasks\update-sys.job
2017-01-27 22:16 - 2017-01-30 18:18 - 00000422 _____ C:\Windows\Tasks\update-S-1-5-21-497983172-942744989-883898907-1001.job
2017-01-27 22:16 - 2017-01-27 22:16 - 00003408 _____ C:\Windows\System32\Tasks\update-S-1-5-21-497983172-942744989-883898907-1001
2017-01-27 22:16 - 2017-01-27 22:16 - 00003348 _____ C:\Windows\System32\Tasks\update-sys
2017-01-27 22:16 - 2017-01-27 22:16 - 00000424 _____ C:\Users\Max_cz\AppData\Local\UserProducts.xml
2017-01-27 22:16 - 2017-01-27 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2017-01-27 22:16 - 2017-01-27 22:16 - 00000000 ____D C:\Program Files (x86)\Skillbrains
2017-01-27 22:15 - 2017-01-27 22:15 - 02551888 _____ (Skillbrains ) C:\Users\Max_cz\Downloads\setup-lightshot.exe
2017-01-25 18:14 - 2017-01-25 18:14 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-01-25 18:14 - 2017-01-25 18:14 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-01-23 21:15 - 2017-01-23 21:15 - 00044288 _____ C:\Users\Max_cz\Downloads\Boardwalk-Empire-S03E07(0000238263).srt
2017-01-23 21:14 - 2017-01-23 21:14 - 00045843 _____ C:\Users\Max_cz\Downloads\Boardwalk-Empire-S03E06(0000238262).srt
2017-01-23 21:14 - 2017-01-23 21:14 - 00045166 _____ C:\Users\Max_cz\Downloads\Boardwalk-Empire-S03E05(0000238261).srt
2017-01-23 01:31 - 2017-01-23 01:31 - 06975096 _____ (Tim Kosse) C:\Users\Max_cz\Downloads\FileZilla_3.24.0_win64-setup.exe
2017-01-23 01:18 - 2017-01-23 01:19 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-01-23 01:18 - 2017-01-23 01:18 - 00001108 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-01-23 01:17 - 2017-01-23 01:17 - 12975024 _____ (TeamViewer GmbH) C:\Users\Max_cz\Downloads\TeamViewer_Setup_cs-ajem.exe
2017-01-22 22:59 - 2017-01-22 23:13 - 00000236 _____ C:\Users\Max_cz\AppData\Roaming\.ptbt1
2017-01-22 22:43 - 2017-01-22 23:09 - 00000000 ____D C:\Users\Max_cz\AppData\Roaming\hugin
2017-01-22 22:42 - 2017-01-22 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hugin
2017-01-22 22:42 - 2017-01-22 22:42 - 00000000 ____D C:\Program Files\Hugin
2017-01-22 22:40 - 2017-01-22 22:40 - 36245504 _____ C:\Users\Max_cz\Downloads\Hugin-2016.2.0-win64.msi
2017-01-21 18:45 - 2017-01-21 18:45 - 00044097 _____ C:\Users\Max_cz\Downloads\Boardwalk-Empire-S03E04(0000238260).srt
2017-01-21 18:43 - 2017-01-21 18:43 - 00040873 _____ C:\Users\Max_cz\Downloads\Boardwalk-Empire-S03E03(0000238259).srt
2017-01-20 20:55 - 2017-01-20 21:03 - 710504448 _____ C:\Users\Max_cz\Downloads\Bláznivá, zatracená láska (2011).avi
2017-01-20 20:54 - 2017-01-20 20:54 - 00014043 _____ C:\Users\Max_cz\Downloads\[CzT]Blazniva_zatracena_laska_Crazy_Stupid_Love_2011_.torrent
2017-01-20 20:40 - 2017-01-20 20:46 - 1012586156 _____ C:\Users\Max_cz\Downloads\Dieťa Bridget Jonesovej .avi
2017-01-20 20:40 - 2017-01-20 20:40 - 00019793 _____ C:\Users\Max_cz\Downloads\[CzT]Dite_Bridget_Jonesove_Bridget_Jones_s_Baby_2016_CZ_.torrent
2017-01-18 20:27 - 2017-01-18 20:27 - 00045435 _____ C:\Users\Max_cz\Downloads\Boardwalk-Empire-S03E01(0000238257).srt
2017-01-18 20:27 - 2017-01-18 20:27 - 00043832 _____ C:\Users\Max_cz\Downloads\Boardwalk-Empire-S03E02(0000238258).srt
2017-01-14 20:34 - 2017-01-14 20:38 - 327791467 _____ C:\Users\Max_cz\Downloads\CameraRaw_9_8.zip
2017-01-11 00:01 - 2017-01-11 00:01 - 23678464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 22563840 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 22224480 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 20969928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 19417600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 19413504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 17188864 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 13869056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 09131008 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 08129536 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 08075776 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 07626752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 07469056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 06664192 _____ (Microsoft Corporation) C:\Windows\system32\mspaint.exe
2017-01-11 00:01 - 2017-01-11 00:01 - 06474752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe
2017-01-11 00:01 - 2017-01-11 00:01 - 06285312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 06044160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 05611008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 05511680 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 05398016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 04749312 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 04612608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 04474368 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 04149248 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 04130440 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 03892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 03616768 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-01-11 00:01 - 2017-01-11 00:01 - 03134976 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 02748416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 02691072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 02482280 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 02317824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 02206496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 02169184 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystems64.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 02009600 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 01988560 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 01908224 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 01883648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 01852720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 01702392 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 01694712 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 01669984 _____ (Microsoft Corporation) C:\Windows\system32\AppVIntegration.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 01631232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 01631232 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 01600632 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 01557808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 01513472 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-01-11 00:01 - 2017-01-11 00:01 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 01454504 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 01400160 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystemController.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 01360464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 01356864 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2017-01-11 00:01 - 2017-01-11 00:01 - 01300600 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 01300480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 01277344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 01255936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 01235296 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 01231872 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVP9DEC.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 01121280 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 01071736 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 01054048 _____ (Microsoft Corporation) C:\Windows\system32\AppVPolicy.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 01005568 _____ (Microsoft Corporation) C:\Windows\system32\D3D12.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 01002496 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00992096 _____ (Microsoft Corporation) C:\Windows\system32\AppVManifest.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00947712 _____ (Microsoft Corporation) C:\Windows\system32\MSVP9DEC.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00942080 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00936960 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00883712 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00869888 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Cred.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00837632 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00822784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00822624 _____ (Microsoft Corporation) C:\Windows\system32\AppVClient.exe
2017-01-11 00:01 - 2017-01-11 00:01 - 00813408 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntStreamingManager.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00779616 _____ (Microsoft Corporation) C:\Windows\system32\AppVReporting.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00752992 _____ (Microsoft Corporation) C:\Windows\system32\AppVOrchestration.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00715104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2017-01-11 00:01 - 2017-01-11 00:01 - 00712192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00704352 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntVirtualization.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00696160 _____ (Microsoft Corporation) C:\Windows\system32\AppVPublishing.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2017-01-11 00:01 - 2017-01-11 00:01 - 00624048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-01-11 00:01 - 2017-01-11 00:01 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00590960 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00584544 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2017-01-11 00:01 - 2017-01-11 00:01 - 00571744 _____ (Microsoft Corporation) C:\Windows\system32\AppVCatalog.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00539648 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00534096 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00513376 _____ (Microsoft Corporation) C:\Windows\system32\TransportDSA.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00484584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00425984 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00418952 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00406368 _____ (Microsoft Corporation) C:\Windows\system32\AppVScripting.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00404832 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00382784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\OneBackupHandler.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00328008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00319288 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00263472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\indexeddbserver.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgentUserBroker.exe
2017-01-11 00:01 - 2017-01-11 00:01 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.CredDialogController.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00253952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00245600 _____ (Microsoft Corporation) C:\Windows\system32\offlinesam.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00241504 _____ (Microsoft Corporation) C:\Windows\system32\AppVShNotify.exe
2017-01-11 00:01 - 2017-01-11 00:01 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncSettings.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudBackupSettings.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-01-11 00:01 - 2017-01-11 00:01 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe
2017-01-11 00:01 - 2017-01-11 00:01 - 00218976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinesam.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00213504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2017-01-11 00:01 - 2017-01-11 00:01 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-01-11 00:01 - 2017-01-11 00:01 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ScDeviceEnum.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\indexeddbserver.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00190816 _____ (Microsoft Corporation) C:\Windows\system32\AppVDllSurrogate.exe
2017-01-11 00:01 - 2017-01-11 00:01 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2017-01-11 00:01 - 2017-01-11 00:01 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00136032 _____ (Microsoft Corporation) C:\Windows\system32\ImplatSetup.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00092512 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00089416 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00076984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2017-01-11 00:01 - 2017-01-11 00:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe
2017-01-11 00:01 - 2017-01-11 00:01 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe
2017-01-11 00:00 - 2017-01-11 00:01 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2017-01-11 00:00 - 2017-01-11 00:00 - 07816032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-01-11 00:00 - 2017-01-11 00:00 - 05061120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2017-01-11 00:00 - 2017-01-11 00:00 - 03733504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-01-11 00:00 - 2017-01-11 00:00 - 02998272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-01-11 00:00 - 2017-01-11 00:00 - 02275840 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2017-01-11 00:00 - 2017-01-11 00:00 - 01692672 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 00:00 - 2017-01-11 00:00 - 01469792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppVEntSubsystems32.dll
2017-01-11 00:00 - 2017-01-11 00:00 - 01292288 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
2017-01-11 00:00 - 2017-01-11 00:00 - 01201872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2017-01-11 00:00 - 2017-01-11 00:00 - 00980832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2017-01-11 00:00 - 2017-01-11 00:00 - 00886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2017-01-11 00:00 - 2017-01-11 00:00 - 00860672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2017-01-11 00:00 - 2017-01-11 00:00 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3D12.dll
2017-01-11 00:00 - 2017-01-11 00:00 - 00707584 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2017-01-11 00:00 - 2017-01-11 00:00 - 00640000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2017-01-11 00:00 - 2017-01-11 00:00 - 00509792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2017-01-11 00:00 - 2017-01-11 00:00 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\fhsettingsprovider.dll
2017-01-11 00:00 - 2017-01-11 00:00 - 00455520 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2017-01-11 00:00 - 2017-01-11 00:00 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\fhcfg.dll
2017-01-11 00:00 - 2017-01-11 00:00 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 00:00 - 2017-01-11 00:00 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BioFeedback.dll
2017-01-11 00:00 - 2017-01-11 00:00 - 00349184 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2017-01-11 00:00 - 2017-01-11 00:00 - 00341344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-11 00:00 - 2017-01-11 00:00 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2017-01-11 00:00 - 2017-01-11 00:00 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\SyncSettings.dll
2017-01-11 00:00 - 2017-01-11 00:00 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\CloudBackupSettings.dll
2017-01-11 00:00 - 2017-01-11 00:00 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\ConsoleLogon.dll
2017-01-11 00:00 - 2017-01-11 00:00 - 00241504 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHost.dll
2017-01-11 00:00 - 2017-01-11 00:00 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCore.dll
2017-01-11 00:00 - 2017-01-11 00:00 - 00147968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys
2017-01-11 00:00 - 2017-01-11 00:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-01-11 00:00 - 2017-01-11 00:00 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCsp.dll
2017-01-11 00:00 - 2017-01-11 00:00 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 00:00 - 2017-01-11 00:00 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\ProvPluginEng.dll
2017-01-10 22:35 - 2017-01-10 22:35 - 00013147 _____ C:\Users\Max_cz\Downloads\christmas-atn.atn
2017-01-06 17:16 - 2017-01-06 17:16 - 00087864 _____ C:\Users\Max_cz\Downloads\007-faktura-fototori-2017.pdf
2017-01-05 00:54 - 2017-01-05 00:58 - 788465323 _____ C:\Users\Max_cz\Downloads\rychlyprachy99.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-04 00:04 - 2016-12-20 19:56 - 00000000 ____D C:\Users\Max_cz\AppData\Roaming\Spotify
2017-02-04 00:04 - 2016-12-20 19:56 - 00000000 ____D C:\Users\Max_cz\AppData\Local\Spotify
2017-02-04 00:00 - 2016-10-03 18:47 - 02959850 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-04 00:00 - 2016-07-16 23:25 - 01296886 _____ C:\Windows\system32\perfh005.dat
2017-02-04 00:00 - 2016-07-16 23:25 - 00367790 _____ C:\Windows\system32\perfc005.dat
2017-02-03 23:55 - 2016-10-12 19:12 - 00000000 ___RD C:\Users\Max_cz\Disk Google
2017-02-03 23:55 - 2016-10-04 17:31 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-03 23:54 - 2016-10-03 18:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-03 23:54 - 2016-07-16 07:04 - 00262144 _____ C:\Windows\system32\config\BBI
2017-02-03 23:44 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\system32\setup
2017-02-03 23:44 - 2016-07-16 12:45 - 00000000 ____D C:\Windows\INF
2017-02-03 22:53 - 2016-10-03 18:42 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-02-03 22:32 - 2016-10-31 22:56 - 00000000 ____D C:\Users\Max_cz\AppData\Roaming\vlc
2017-02-03 22:15 - 2016-10-04 18:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-03 21:39 - 2016-10-03 19:14 - 00000000 ____D C:\Users\Max_cz\AppData\Local\Adobe
2017-02-03 00:20 - 2016-10-03 18:42 - 04880432 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-03 00:19 - 2016-10-03 18:45 - 00000000 ____D C:\Users\Max_cz
2017-02-02 21:34 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\AppReadiness
2017-02-02 02:57 - 2016-11-17 01:05 - 00000000 ____D C:\Users\Max_cz\AppData\Roaming\uTorrent
2017-02-02 01:53 - 2016-10-04 19:19 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-01 22:51 - 2016-10-12 20:00 - 00000000 ____D C:\Users\Max_cz\AppData\Roaming\FileZilla
2017-02-01 21:28 - 2016-10-04 18:08 - 00000000 ____D C:\ProgramData\ASUS
2017-02-01 21:27 - 2016-10-04 18:39 - 00000000 ____D C:\Windows\System32\Tasks\ASUS
2017-02-01 21:22 - 2016-10-21 21:17 - 00000000 ____D C:\Users\Max_cz\Desktop\test PC
2017-02-01 20:01 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-30 23:11 - 2016-10-04 19:22 - 00000022 _____ C:\Windows\GPU-Z.INI
2017-01-30 23:09 - 2016-10-04 18:08 - 00000000 ____D C:\Program Files (x86)\ASUS
2017-01-30 22:42 - 2016-10-03 19:59 - 00000000 ____D C:\Users\Max_cz\AppData\Roaming\PTGui
2017-01-30 19:47 - 2016-10-04 19:19 - 00000000 ____D C:\Users\Max_cz\Documents\3DMark
2017-01-30 18:40 - 2016-10-04 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2017-01-30 18:40 - 2016-06-27 18:08 - 00048640 _____ C:\Windows\SysWOW64\ASGT.exe
2017-01-30 18:25 - 2016-11-05 08:55 - 00000000 ____D C:\Users\Max_cz\Desktop\Zábava
2017-01-30 18:22 - 2016-09-09 19:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo-1-1-0-26-0.exe
2017-01-30 18:22 - 2016-09-09 19:24 - 00125216 _____ C:\Windows\system32\vulkaninfo-1-1-0-26-0.exe
2017-01-30 18:21 - 2016-09-23 23:18 - 34858040 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-01-30 18:21 - 2016-09-23 23:18 - 28253752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-01-30 18:21 - 2016-09-23 23:17 - 01028040 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-01-30 18:21 - 2016-09-23 23:17 - 00398904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-01-30 18:21 - 2016-09-23 23:16 - 02920904 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-01-30 18:21 - 2016-09-23 23:16 - 01931328 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437290.dll
2017-01-30 18:21 - 2016-09-23 23:16 - 00965576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-01-30 18:21 - 2016-09-23 23:16 - 00394816 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2017-01-30 18:21 - 2016-09-23 23:16 - 00357432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2017-01-30 18:21 - 2016-09-23 23:15 - 35191360 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-01-30 18:21 - 2016-09-23 22:51 - 40077248 _____ C:\Windows\system32\nvcompiler.dll
2017-01-30 18:21 - 2016-09-23 22:51 - 02560056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-01-30 18:21 - 2016-09-23 22:51 - 01593800 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437290.dll
2017-01-30 18:21 - 2016-09-23 22:51 - 00952376 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-01-30 18:21 - 2016-09-23 22:51 - 00903736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-01-30 18:21 - 2016-09-23 22:51 - 00448064 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-01-30 18:21 - 2016-09-23 22:43 - 09186728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-01-30 18:21 - 2016-09-23 22:43 - 00818688 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2017-01-30 18:21 - 2016-09-23 22:43 - 00703728 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-01-30 18:21 - 2016-09-23 22:43 - 00658408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2017-01-30 18:21 - 2016-09-23 22:43 - 00657056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2017-01-30 18:21 - 2016-09-23 22:43 - 00630912 _____ C:\Windows\system32\nvmcumd.dll
2017-01-30 18:21 - 2016-09-23 22:43 - 00592216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-01-30 18:21 - 2016-09-23 22:43 - 00407064 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-01-30 18:21 - 2016-09-23 22:43 - 00339152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-01-30 18:21 - 2016-09-23 22:42 - 03950536 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-01-30 18:21 - 2016-09-23 22:42 - 03488376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-01-30 18:21 - 2016-09-23 22:36 - 10972208 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-01-30 18:21 - 2016-09-23 22:36 - 10856424 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-01-30 18:21 - 2016-09-23 22:36 - 10393568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-01-30 18:21 - 2016-09-23 22:36 - 08964016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-01-30 18:21 - 2016-09-23 22:36 - 08776696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-01-30 18:21 - 2016-09-23 22:36 - 00817480 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2017-01-30 18:21 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\Help
2017-01-29 21:31 - 2016-10-04 17:31 - 00000000 __SHD C:\Users\Max_cz\IntelGraphicsProfiles
2017-01-29 21:31 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-01-25 18:28 - 2016-07-16 12:36 - 00000000 ____D C:\Windows\CbsTemp
2017-01-23 01:18 - 2016-10-31 21:33 - 00000000 ____D C:\Users\Max_cz\AppData\Roaming\TeamViewer
2017-01-21 08:44 - 2016-10-25 20:22 - 00000132 _____ C:\Users\Max_cz\AppData\Roaming\Adobe Formát PNG CS6 – předvolby
2017-01-19 21:46 - 2016-10-13 21:05 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-19 21:45 - 2016-10-13 21:05 - 00004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-14 20:41 - 2016-12-16 18:54 - 00000000 ____D C:\Program Files\TabletPlugins
2017-01-14 20:41 - 2016-12-16 18:54 - 00000000 ____D C:\Program Files (x86)\TabletPlugins
2017-01-14 20:41 - 2016-10-03 18:45 - 00000000 ____D C:\Users\Max_cz\AppData\Local\Packages
2017-01-13 19:46 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\rescache
2017-01-11 20:21 - 2016-10-03 18:45 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-11 00:47 - 2016-07-16 12:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-01-11 00:47 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2017-01-11 00:47 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\system32\oobe
2017-01-11 00:47 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\ShellExperiences
2017-01-11 00:47 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\Provisioning
2017-01-11 00:47 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-01-11 00:28 - 2016-10-04 17:44 - 00000000 ____D C:\Windows\system32\MRT
2017-01-11 00:27 - 2016-10-04 17:44 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-11 00:27 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-11 00:27 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 23:14 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2017-01-22 22:59 - 2017-01-22 23:13 - 0000236 _____ () C:\Users\Max_cz\AppData\Roaming\.ptbt1
2016-10-25 20:22 - 2017-01-21 08:44 - 0000132 _____ () C:\Users\Max_cz\AppData\Roaming\Adobe Formát PNG CS6 – předvolby
2016-12-02 17:40 - 2016-12-02 17:40 - 0001480 _____ () C:\Users\Max_cz\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2017-02-02 02:33 - 2017-02-02 02:33 - 0001353 _____ () C:\Users\Max_cz\AppData\Local\recently-used.xbel
2016-12-16 19:59 - 2016-12-16 19:59 - 0000017 _____ () C:\Users\Max_cz\AppData\Local\resmon.resmoncfg
2016-11-26 01:24 - 2016-11-23 13:19 - 0000570 _____ () C:\Users\Max_cz\AppData\Local\TroubleshooterConfig.json
2017-01-27 22:16 - 2017-01-27 22:16 - 0000003 _____ () C:\Users\Max_cz\AppData\Local\updater.log
2017-01-27 22:16 - 2017-01-27 22:16 - 0000424 _____ () C:\Users\Max_cz\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
2016-10-03 19:18 - 2016-10-03 19:20 - 0009728 _____ () C:\Users\Max_cz\AppData\Local\Temp\bassmod.dll
2016-11-27 17:01 - 2016-11-27 17:01 - 0986648 _____ (BlueStack Systems, Inc.) C:\Users\Max_cz\AppData\Local\Temp\BluestacksUninstaller.exe
2016-11-27 17:01 - 2016-11-23 13:27 - 0187416 _____ (BlueStack Systems) C:\Users\Max_cz\AppData\Local\Temp\HD-LibraryHandler.dll
2016-11-27 17:01 - 2016-11-23 13:25 - 0246808 _____ (BlueStack Systems) C:\Users\Max_cz\AppData\Local\Temp\HD-Logger-Native.dll
2016-11-06 17:47 - 2016-11-06 17:47 - 4430199 _____ (OpenSubtitles.org                                           ) C:\Users\Max_cz\AppData\Local\Temp\OSDownloader.exe
2016-12-16 18:53 - 2016-12-16 18:53 - 75786768 _____ () C:\Users\Max_cz\AppData\Local\Temp\Setup-Wacom.exe
2017-02-01 22:56 - 2008-03-27 00:59 - 0459400 ____R (Macrovision Corporation) C:\Users\Max_cz\AppData\Local\Temp\_isC9DC.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-30 21:18

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:476.45 GB) (Free:390.41 GB) NTFS
Drive d: (SSD scratch ) (Fixed) (Total:447.13 GB) (Free:440.13 GB) NTFS
Drive e: (WD blue) (Fixed) (Total:931.51 GB) (Free:787.72 GB) NTFS
Drive h: (WD blue (7200 raid)) (Fixed) (Total:931.51 GB) (Free:303.13 GB) NTFS

Available physical RAM: 27927.35 MB
Total physical RAM: 32698.71 MB
Percentage of memory in use: 14%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 476.9 GB) (Disk ID: 4FF9CA21)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=476.4 GB) - (Type=07 NTFS)
Disk: 1 (Size: 447.1 GB) (Disk ID: 4FF9CAC2)
Partition 1: (Not Active) - (Size=447.1 GB) - (Type=07 NTFS)
Disk: 2 (Size: 931.5 GB) (Disk ID: 4FF9CAC7)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BE181B45)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=42)
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 17299768)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=42)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\update-S-1-5-21-497983172-942744989-883898907-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\X-Rite Device Services Software Updater.job => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\splwow64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aadcloudap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aadtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AboveLockAppHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AccountsRt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ACPBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ActionCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AddressParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aksllmtp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppContracts.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppointmentActivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppReadiness.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppVCatalog.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppVClient.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppVDllSurrogate.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppVEntStreamingManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppVEntSubsystemController.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppVEntSubsystems64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppVEntVirtualization.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppVIntegration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppVManifest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppVOrchestration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppVPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppVPublishing.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\AppVReporting.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppVScripting.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppVShNotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppXApplicabilityBlob.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppXDeploymentExtensions.desktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppXDeploymentExtensions.onecore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppXDeploymentServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEndpointBuilder.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioSrvPolicyManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\baaupdate.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BackgroundMediaPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BarcodeProvisioningPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcrypt.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\bdechangepin.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bdesvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bdeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bdeunlock.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BingOnlineServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BitLockerDeviceEncryption.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BootMenuUX.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bootux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\browserbroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BthRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CastLaunch.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CbtBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cdpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cdpusersvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Chakradiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Chakrathunk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ClipboardServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ClipUp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cloudAP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CloudExperienceHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CloudExperienceHostBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CloudExperienceHostCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CloudExperienceHostUser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CloudStorageWizard.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cmintegrator.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ConsoleLogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ContactActivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ContactApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\container.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ContentDeliveryManager.Utilities.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CoreMessaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CoreUIComponents.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credprovhost.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\credprovs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credprovslegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cscui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\C_G18030.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\c_GSM7.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\C_IS2022.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3D12.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_35.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_35.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx11_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_31.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_35.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dab.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dafBth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dafpos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\das.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dasHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DataExchange.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DataSenseHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dbgeng.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DbgModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DDCHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DDCHelperX.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\delegatorprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DeveloperOptionsSettingsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\deviceaccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\deviceassociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DeviceCensus.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DeviceCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DeviceEnroller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DeviceFlows.DataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DevicePairingFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DeviceReactivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dialclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dialserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\discan.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DisplayManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dmcertinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DMRServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DolbyDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\domgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dosvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dpapisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drvstore.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DscCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DscCoreConfProv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dsreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dsregcmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EAMProgressHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\eapp3hst.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\eappcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\eappgnui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\eapphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\eappprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\easwrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EditionUpgradeHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EditionUpgradeManagerObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EDPCleanup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\efsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EmailApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\encapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EnterpriseAppMgmtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\enterprisecsps.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\EnterpriseModernAppMgmtCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ErrorDetails.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ErrorDetailsUpdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\esent.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ExSMime.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ExtrasXmlParser.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\facecredentialprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Family.Authentication.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Family.Client.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Family.SyncEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ffbroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fhcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fhcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fhsettingsprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FlightSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FontProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FrameServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fvecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fvenotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fveprompt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fveui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fvewiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\GamePanel.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gdi32full.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\GenValObj.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hal.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\hasplms.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\HttpsDataSource.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hvax64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hvix64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hvloader.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hvloader.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icsvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\icsvcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IdCtrls.dll:$CmdTcID [64]


Max_cz
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 191
Registrován: 20 pro 2005 22:14
Kontaktovat uživatele:

Re: Preventivní kontrola, podezřelé chování

#7 Příspěvek od Max_cz »

Kód: Vybrat vše

AlternateDataStreams: C:\Windows\system32\IdCtrls.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ImplatSetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iphlpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ipnathlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\JpMapControl.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kdhvcom.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KnobsCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KnobsCsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\LicenseManagerSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ListSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\LocationFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\LogonController.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\lpremove.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\LsaIso.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\manage-bde.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MapControlStringsRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MapsBtSvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MapsBtSvcProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MapsCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MapsStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapstoasttask.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapsupdatetask.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MCRecvSrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MDEServer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MDMAppInstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MediaFoundation.DefaultPerceptionProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MFCaptureEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Microsoft-Windows-MapControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Microsoft-Windows-MosHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Microsoft-Windows-MosTrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\microsoft-windows-system-events.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MiracastReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\modernexecserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\moshost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MosHostClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\moshostcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MosResource.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSAJApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSAudDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdtctm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mspaint.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mssprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSVideoDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSVP9DEC.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MusNotification.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MusUpdateHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nativemap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netplwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NetSetupShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NetSetupSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nettrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NetworkBindingEngineMigPlugin.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\NetworkCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NetworkDesktopSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NetworkMobileSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NetworkUXBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NFCProvisioningPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NfcRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NgcCtnr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NgcCtnrGidsHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ngcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData0009.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsLexicons0009.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nltest.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NmaDirect.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\NotificationController.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NPSM.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvapi64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvcompiler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvcuda.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvcuvid.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvDecMFTMjpeg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispco6437290.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispgenco6437290.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvEncMFTH264.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvEncMFThevc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvEncodeAPI64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvfatbinaryLoader.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NvFBC64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NvIFR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NvIFROpenGL.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvmcumd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvoglv64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvopencl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvptxJitCompiler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvvsvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\offlinelsa.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\offlinesam.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\OnDemandConnRouteHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\OneBackupHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PhoneProviders.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PhoneService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PhoneServiceRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Phoneutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PhoneutilRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pidgenx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PimIndexMaintenance.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PlayToManager.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\PlayToReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pnidui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\POSyncServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\powercfg.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PresentationNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PrintWSDAHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\prm0009.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\provdatastore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\provengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\provhandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\provisioningcsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\provops.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ProvPluginEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ProvSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\provtool.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PsmServiceExtHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pwcreator.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rascustom.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rasmans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpshell.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RDXService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RDXTaskFactory.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RelPost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\remoteaudioendpoint.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RemovableMediaProvisioningPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ReportingCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\reseteng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ResetEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ResetEngine.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RjvMDMConfig.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RMapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rshx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTMediaFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\samsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ScDeviceEnum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SecConfig.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\securekernel.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Sens.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SensorDataService.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SensorsApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SensorService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SessEnv.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SettingsHandlers_Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SettingsHandlers_Flights.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SettingsHandlers_nt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SettingsHandlers_StorageSense.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SettingsHandlers_WorkAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SettingSyncPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SharedStartModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ShareHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shdocvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shutdownux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\skci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\slc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\slcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\smartscreen.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SpaceAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SpaceControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spaceman.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SpeechPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spoolsv.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppsvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppwinob.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRH.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRHInproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\StorageUsage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\storagewmi_passthru.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sud.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SyncCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SyncSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SysResetErr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\systemreset.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SystemSettings.UserAccountsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SystemSettingsAdminFlows.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\taskbarcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tcpipcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\timedate.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TokenBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TpmTasks.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TransportDSA.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tspubwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\twinapi.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\twinui.pcshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tzautoupdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\umpoext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\updatehandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usbmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UserDataAccessRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UserDataLanguageUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UserDataPlatformHelperUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UserDataTimeUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UserDataTypeHelperUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UserDeviceRegistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UserDeviceRegistration.Ngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usermgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UserMgrProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usocore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VCardParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VEStoreEventHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vmrdvcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vpnike.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VPNv2CSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vulkaninfo-1-1-0-26-0.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vulkaninfo.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\w32time.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WacDriverDLCoinst.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wbiosrvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wc_storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdfcoinstaller01009.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\weretw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wevtapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wevtsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WiFiConfigSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wificonnapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wifinetworkmanager.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wifiprofilessettinghandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wifitask.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32kbase.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinBioDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinBioDataModelOOBE.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.AccountsControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Wallet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Cortana.Desktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.AllJoyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.LowLevel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Midi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Perception.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Picker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Printers.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Radios.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.SerialCommunication.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.SmartCards.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.WiFi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Gaming.Input.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Graphics.Printing.3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Internal.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Internal.Management.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Internal.UI.Logon.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Management.Provisioning.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.Editing.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.FaceAnalysis.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.Import.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Windows.Media.MediaControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.Ocr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Networking.Vpn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Perception.Stub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Security.Authentication.Identity.Provider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.StateRepositoryBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.StateRepositoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.System.UserDeviceAssociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.UI.BioFeedback.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.UI.BlockedShutdown.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Windows.UI.Core.TextInput.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Windows.UI.Cred.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.UI.CredDialogController.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.UI.Shell.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.UI.Xaml.Maps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.UI.Xaml.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.UI.Xaml.Resources.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Windows.Web.Diagnostics.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinTypes.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wkssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlanhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WlanMediaManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlanmsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlansvcpal.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wlidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpeffects.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WpAXHolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WpcRefreshTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WpcTok.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WpcWebFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpncore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpninprc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpnprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wscsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wscui.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsecedit.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsp_sr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuuhext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wwanconn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wwanmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wwanprotdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_2.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_9.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XamlTileRender.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XblAuthManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\aadtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AboveLockAppHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AddressParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AppContracts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AppointmentActivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AppVEntSubsystems32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ASGT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AsIO.dll:$CmdZnID [26]
AlternateDataStreams: C:\Windows\SysWOW64\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [32]
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AuthExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\BackgroundMediaPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\BingOnlineServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Chakra.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\Chakradiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Chakrathunk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ClipboardServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CloudExperienceHostCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CloudExperienceHostUser.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ContactActivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ContactApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\container.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CoreMessaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CoreUIComponents.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credprovhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credprovs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credprovslegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\C_G18030.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\c_GSM7.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\C_IS2022.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3D12.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d8.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_36.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_36.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_31.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DataExchange.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DbgModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DDCHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DDCHelperX.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\delegatorprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\deviceassociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DeviceFlows.DataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dialclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DisplayManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DolbyDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DscCoreConfProv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dsreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dtdump.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\eapp3hst.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\eappcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\eappgnui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\eapphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\eappprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\efsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\EmailApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\encapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ErrorDetails.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ErrorDetailsUpdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\esent.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ExSMime.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ExtrasXmlParser.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\findnetprinters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\GamePanel.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gdi32full.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\java.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\javaw.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\javaws.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\LaunchWinApp.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\LicenseManagerApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\LogonController.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MapControlStringsRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MCRecvSrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Microsoft-Windows-MapControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Microsoft-Windows-MosHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Microsoft-Windows-MosTrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MiracastReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MosHostClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MosResource.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSAJApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSVP9DEC.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mtxclu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NetSetupShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NetworkCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0009.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsLexicons0009.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NmaDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NPSM.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [32]
AlternateDataStreams: C:\Windows\SysWOW64\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvcompiler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvcuda.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvcuvid.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvDecMFTMjpeg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvEncMFTH264.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvEncMFThevc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvEncodeAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvfatbinaryLoader.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NvFBC.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NvIFR.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NvIFROpenGL.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvoglv32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvopencl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvptxJitCompiler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvStreaming.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\offlinelsa.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\offlinesam.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Phoneutil.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\PhoneutilRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pidgenx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PlayToReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\POSyncServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\powercfg.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PresentationNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\remoteaudioendpoint.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RTMediaFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ShareHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\slc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\slcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\smphost.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sppc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\storagewmi_passthru.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SyncSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\systemcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tcpipcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TempSignedLicenseExchangeTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TokenBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\twinapi.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UIRibbonRes.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UserDataAccessRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UserDataAccountApis.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\UserDataLanguageUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UserDataPlatformHelperUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UserDataTimeUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UserDataTypeHelperUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UserDeviceRegistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UserDeviceRegistration.Ngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UserMgrProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\VCardParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vulkaninfo-1-1-0-26-0.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vulkaninfo.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\weretw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wevtapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\win32u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.AccountsControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Wallet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.AllJoyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.LowLevel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Midi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Perception.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Picker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Radios.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.SerialCommunication.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.WiFi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Gaming.Input.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Graphics.Printing.3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Internal.Management.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Editing.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.FaceAnalysis.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Import.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Ocr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Speech.UXRes.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Perception.Stub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.StateRepository.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.StateRepositoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.UserDeviceAssociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.BioFeedback.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Cred.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.CredDialogController.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Xaml.Maps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Xaml.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WinRtTracing.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WinTypes.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wlancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wlanhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmpeffects.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WpcWebFilter.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wscui.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsp_sr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_7.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ahcache.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\AppVStrm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\asmthub3.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\asmtxhci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\capimg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\Classpnp.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ClipSp.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\cmimcext.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\colormunki_x64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\crashdmp.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\dam.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ddcdrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dumpsd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dxgmms2.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\EhStorTcgDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\fastfat.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\fvevol.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\hidclass.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\hidkmdf.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\hidparse.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\hidusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\hvservice.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\i1display_x64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\i1io2_x64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\i1iSis_x64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\i1_x64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\iorate.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\kbdhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\MegaSas2i.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\modem.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\pci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\pdc.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\pdiports.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rdbss.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rsdrvx64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\sdbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\spaceport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\storahci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\stornvme.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tpm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\vhdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\vpci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\wachidrouter.sys:$CmdTcID [64]


Max_cz
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 191
Registrován: 20 pro 2005 22:14
Kontaktovat uživatele:

Re: Preventivní kontrola, podezřelé chování

#8 Příspěvek od Max_cz »

Kód: Vybrat vše

AlternateDataStreams: C:\Windows\system32\Drivers\wacomrouterfilter.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\wcifs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\wdcsam64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\wdfcoinstaller01009.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\WdiWiFi.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\winhvr.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\wof.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\xboxgip.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\xinputhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Drivers\AiChargerPlus.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Drivers\AndroidAFDx64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Drivers\AsIO.sys:$CmdZnID [26]
AlternateDataStreams: C:\Windows\SysWOW64\Drivers\DDCDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Desktop\adwcleaner_6.043.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Desktop\adwcleaner_6.043.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Desktop\FRST64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Desktop\FRST64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Desktop\FRSTLauncher.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Desktop\FRSTLauncher.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\007-faktura-fototori-2017.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\15683326_10211164149929834_588154813_n.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\15713282_10211172186690748_1265641643_n.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\AISuiteIII_V10159_DIP5_10390.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\BitlordSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\BitlordSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\BlueStacks2_native_d75a38db7b8c9ec89c6d13816f7f3f0e.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\BlueStacks2_native_d75a38db7b8c9ec89c6d13816f7f3f0e.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\Boardwalk-Empire-S03E01(0000238257).srt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\Boardwalk-Empire-S03E02(0000238258).srt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\Boardwalk-Empire-S03E03(0000238259).srt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\Boardwalk-Empire-S03E04(0000238260).srt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\Boardwalk-Empire-S03E05(0000238261).srt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\Boardwalk-Empire-S03E06(0000238262).srt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\Boardwalk-Empire-S03E07(0000238263).srt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\Boardwalk-Empire-S03E08(0000238264).srt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\ccsetup525.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\ccsetup525.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\christmas-atn.atn:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\ColorMunkiPhotoSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\ColorMunkiPhoto_1-1-1_Win.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\CrystalDiskMark5_2_0-en.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\CrystalDiskMark5_2_0-en.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\DeepSkyStacker_exe.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\DE_Eskadron_BasicsXVI_Preisliste_2016.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\FileZilla_3.22.1_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\FileZilla_3.22.1_win64-setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\FileZilla_3.22.2.2_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\FileZilla_3.24.0_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\hdtunepro_560_trial.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\hdtunepro_560_trial.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\honza_vejvoda (1).zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\honza_vejvoda.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\HotPixelRemover.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\HPU_v2.2.3.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\HPU_v2.2.3.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\Hugin-2016.2.0-win64.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\i1Diagnostics-4.1.2-Installer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\i1Diagnostics-4.1.2-Installer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\i1ProfilerSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\i1ProfilerSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\InstallScreencastOMatic-2.0.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\InstallScreencastOMatic-2.0.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\kalibrace.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\logo.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\logo_kone&lide_bilomodra.ai:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\logo_kone&lide_bilomodra.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\logo_kone&lide_bilomodra.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\mkvtoolnix-32bit-9.5.0-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\mkvtoolnix-32bit-9.5.0-setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\MrawGui_1.5.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\MrawGui_1.6.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\PixelFixer-1.17_64bit.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\pm5_calibration_tester.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\profact30inst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\profact30inst.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\pspad461inst_cz.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\pspad461inst_cz.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\ptgui-pro-10-full-registration-key_3537917.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\RawTherapee_WinVista_64_5.0-gtk3_3.18_release.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\RSITx64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\RSITx64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\setup-lightshot.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\setup-lightshot.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\SpotifySetup.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Max_cz\Downloads\SpotifySetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\SpywareTerminatorSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\SpywareTerminatorSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\StarStaX-0.71_win64.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\stellarium-0.15.0-win64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\stellarium-0.15.0-win64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\tcmd900x64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\tcmd900x64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\TeamViewer_Setup_cs-ajem.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\TeamViewer_Setup_cs-ajem.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\Uloz.to_Uploader-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\Uloz.to_Uploader-setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\UserBenchMark.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\UserBenchMark.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\uTorrent221.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\uTorrent221.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\vlc-2.2.4-win32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\vlc-2.2.4-win32.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\WebcamScreenVideoCaptureFree.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\WebcamScreenVideoCaptureFree.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\WebLaunchRecorder.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\WebLaunchRecorder.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\winrar-x64-540cz.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\winrar-x64-540cz.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\[CzT]Assassin_s_Creed_2008_CZ_.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\[CzT]Blazniva_zatracena_laska_Crazy_Stupid_Love_2011_.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\[CzT]Dite_Bridget_Jonesove_Bridget_Jones_s_Baby_2016_CZ_.torrent:$CmdZnID [26]

==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Disabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

  
***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Max_cz\Desktop" je 7874 MB.
 
 
***** Startup Programs *****
 
 
***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    DisableNotifications    REG_DWORD    0x0
    EnableFirewall    REG_DWORD    0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    DisableNotifications    REG_DWORD    0x0
    EnableFirewall    REG_DWORD    0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
 
***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

 
==================== End Of Log ==============================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Preventivní kontrola, podezřelé chování

#9 Příspěvek od Rudy »

Musím to poslat v souboru, má to moc znaků.
fixlist.rar
(10.53 KiB) Staženo 165 x
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Max_cz
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 191
Registrován: 20 pro 2005 22:14
Kontaktovat uživatele:

Re: Preventivní kontrola, podezřelé chování

#10 Příspěvek od Max_cz »

Kód: Vybrat vše

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Max_cz (04-02-2017 12:57:12) Run:1
Running from C:\Users\Max_cz\Desktop
Loaded Profiles: Max_cz (Available Profiles: defaultuser0 & Max_cz)
Boot Mode: Normal
==============================================

fixlist content:
*****************
AlternateDataStreams: C:\Windows\system32\Drivers\wacomrouterfilter.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\wcifs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\wdcsam64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\wdfcoinstaller01009.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\WdiWiFi.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\winhvr.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\wof.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\xboxgip.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\xinputhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Drivers\AiChargerPlus.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Drivers\AndroidAFDx64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Drivers\AsIO.sys:$CmdZnID [26]
AlternateDataStreams: C:\Windows\SysWOW64\Drivers\DDCDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Desktop\adwcleaner_6.043.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Desktop\adwcleaner_6.043.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Desktop\FRST64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Desktop\FRST64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Desktop\FRSTLauncher.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Desktop\FRSTLauncher.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\007-faktura-fototori-2017.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\15683326_10211164149929834_588154813_n.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\15713282_10211172186690748_1265641643_n.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\AISuiteIII_V10159_DIP5_10390.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\BitlordSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\BitlordSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\BlueStacks2_native_d75a38db7b8c9ec89c6d13816f7f3f0e.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\BlueStacks2_native_d75a38db7b8c9ec89c6d13816f7f3f0e.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\Boardwalk-Empire-S03E01(0000238257).srt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\Boardwalk-Empire-S03E02(0000238258).srt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\Boardwalk-Empire-S03E03(0000238259).srt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\Boardwalk-Empire-S03E04(0000238260).srt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\Boardwalk-Empire-S03E05(0000238261).srt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\Boardwalk-Empire-S03E06(0000238262).srt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\Boardwalk-Empire-S03E07(0000238263).srt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\Boardwalk-Empire-S03E08(0000238264).srt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\ccsetup525.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\ccsetup525.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\christmas-atn.atn:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\ColorMunkiPhotoSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\ColorMunkiPhoto_1-1-1_Win.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\CrystalDiskMark5_2_0-en.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\CrystalDiskMark5_2_0-en.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\DeepSkyStacker_exe.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\DE_Eskadron_BasicsXVI_Preisliste_2016.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\FileZilla_3.22.1_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\FileZilla_3.22.1_win64-setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\FileZilla_3.22.2.2_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\FileZilla_3.24.0_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\hdtunepro_560_trial.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\hdtunepro_560_trial.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\honza_vejvoda (1).zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\honza_vejvoda.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\HotPixelRemover.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\HPU_v2.2.3.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\HPU_v2.2.3.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\Hugin-2016.2.0-win64.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\i1Diagnostics-4.1.2-Installer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\i1Diagnostics-4.1.2-Installer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\i1ProfilerSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\i1ProfilerSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\InstallScreencastOMatic-2.0.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\InstallScreencastOMatic-2.0.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\kalibrace.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\logo.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\logo_kone&lide_bilomodra.ai:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\logo_kone&lide_bilomodra.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\logo_kone&lide_bilomodra.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\mkvtoolnix-32bit-9.5.0-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\mkvtoolnix-32bit-9.5.0-setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\MrawGui_1.5.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\MrawGui_1.6.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\PixelFixer-1.17_64bit.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\pm5_calibration_tester.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\profact30inst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\profact30inst.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\pspad461inst_cz.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\pspad461inst_cz.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\ptgui-pro-10-full-registration-key_3537917.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\RawTherapee_WinVista_64_5.0-gtk3_3.18_release.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\RSITx64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\RSITx64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\setup-lightshot.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\setup-lightshot.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\SpotifySetup.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Max_cz\Downloads\SpotifySetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\SpywareTerminatorSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\SpywareTerminatorSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\StarStaX-0.71_win64.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\stellarium-0.15.0-win64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\stellarium-0.15.0-win64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\tcmd900x64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\tcmd900x64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\TeamViewer_Setup_cs-ajem.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\TeamViewer_Setup_cs-ajem.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\Uloz.to_Uploader-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\Uloz.to_Uploader-setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\UserBenchMark.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\UserBenchMark.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\uTorrent221.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\uTorrent221.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\vlc-2.2.4-win32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\vlc-2.2.4-win32.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\WebcamScreenVideoCaptureFree.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\WebcamScreenVideoCaptureFree.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\WebLaunchRecorder.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\WebLaunchRecorder.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\winrar-x64-540cz.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Max_cz\Downloads\winrar-x64-540cz.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\[CzT]Assassin_s_Creed_2008_CZ_.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\[CzT]Blazniva_zatracena_laska_Crazy_Stupid_Love_2011_.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Max_cz\Downloads\[CzT]Dite_Bridget_Jonesove_Bridget_Jones_s_Baby_2016_CZ_.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Windows\system32\IdCtrls.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ImplatSetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\iphlpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ipnathlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\JpMapControl.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kdhvcom.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KnobsCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KnobsCsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\LicenseManagerSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ListSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\LocationFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\LogonController.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\lpremove.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\LsaIso.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\manage-bde.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MapControlStringsRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MapsBtSvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MapsBtSvcProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MapsCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MapsStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapstoasttask.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapsupdatetask.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MCRecvSrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MDEServer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MDMAppInstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MediaFoundation.DefaultPerceptionProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MFCaptureEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Microsoft-Windows-MapControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Microsoft-Windows-MosHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Microsoft-Windows-MosTrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\microsoft-windows-system-events.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MiracastReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\modernexecserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\moshost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MosHostClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\moshostcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MosResource.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSAJApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSAudDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdtctm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mspaint.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mssprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSVideoDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSVP9DEC.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MusNotification.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MusUpdateHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nativemap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netplwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NetSetupShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NetSetupSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nettrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NetworkBindingEngineMigPlugin.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\NetworkCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NetworkDesktopSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NetworkMobileSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NetworkUXBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NFCProvisioningPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NfcRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NgcCtnr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NgcCtnrGidsHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ngcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData0009.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsLexicons0009.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nltest.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NmaDirect.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\NotificationController.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NPSM.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvapi64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvcompiler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvcuda.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvcuvid.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvDecMFTMjpeg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispco6437290.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispgenco6437290.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvEncMFTH264.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvEncMFThevc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvEncodeAPI64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvfatbinaryLoader.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NvFBC64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NvIFR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NvIFROpenGL.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvmcumd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvoglv64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvopencl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvptxJitCompiler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvvsvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\offlinelsa.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\offlinesam.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\OnDemandConnRouteHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\OneBackupHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PhoneProviders.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PhoneService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PhoneServiceRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Phoneutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PhoneutilRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pidgenx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PimIndexMaintenance.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PlayToManager.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\PlayToReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pnidui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\POSyncServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\powercfg.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PresentationNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PrintWSDAHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\prm0009.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\provdatastore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\provengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\provhandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\provisioningcsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\provops.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ProvPluginEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ProvSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\provtool.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PsmServiceExtHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pwcreator.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rascustom.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rasmans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpshell.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RDXService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RDXTaskFactory.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RelPost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\remoteaudioendpoint.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RemovableMediaProvisioningPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ReportingCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\reseteng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ResetEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ResetEngine.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RjvMDMConfig.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RMapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rshx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTMediaFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\samsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ScDeviceEnum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SecConfig.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\securekernel.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Sens.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SensorDataService.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SensorsApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SensorService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SessEnv.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SettingsHandlers_Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SettingsHandlers_Flights.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SettingsHandlers_nt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SettingsHandlers_StorageSense.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SettingsHandlers_WorkAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SettingSyncPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SharedStartModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ShareHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shdocvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shutdownux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\skci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\slc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\slcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\smartscreen.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SpaceAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SpaceControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spaceman.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SpeechPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spoolsv.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppsvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppwinob.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRH.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRHInproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\StorageUsage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\storagewmi_passthru.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sud.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SyncCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SyncSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SysResetErr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\systemreset.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SystemSettings.UserAccountsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SystemSettingsAdminFlows.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\taskbarcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tcpipcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\timedate.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TokenBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TpmTasks.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TransportDSA.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tspubwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\twinapi.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\twinui.pcshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tzautoupdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\umpoext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\updatehandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usbmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UserDataAccessRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UserDataLanguageUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UserDataPlatformHelperUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UserDataTimeUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UserDataTypeHelperUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UserDeviceRegistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UserDeviceRegistration.Ngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usermgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UserMgrProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usocore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VCardParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VEStoreEventHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vmrdvcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vpnike.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VPNv2CSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vulkaninfo-1-1-0-26-0.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vulkaninfo.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\w32time.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WacDriverDLCoinst.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wbiosrvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wc_storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdfcoinstaller01009.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\weretw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wevtapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wevtsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WiFiConfigSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wificonnapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wifinetworkmanager.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wifiprofilessettinghandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wifitask.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32kbase.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinBioDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinBioDataModelOOBE.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.AccountsControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Wallet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Cortana.Desktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.AllJoyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.LowLevel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Midi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Perception.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Picker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Printers.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Radios.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.SerialCommunication.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.SmartCards.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.WiFi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Gaming.Input.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Graphics.Printing.3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Internal.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Internal.Management.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Internal.UI.Logon.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Management.Provisioning.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.Editing.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.FaceAnalysis.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.Import.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Windows.Media.MediaControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.Ocr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Networking.Vpn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Perception.Stub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Security.Authentication.Identity.Provider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.StateRepositoryBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.StateRepositoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.System.UserDeviceAssociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.UI.BioFeedback.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.UI.BlockedShutdown.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Windows.UI.Core.TextInput.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Windows.UI.Cred.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.UI.CredDialogController.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.UI.Shell.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.UI.Xaml.Maps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.UI.Xaml.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.UI.Xaml.Resources.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Windows.Web.Diagnostics.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinTypes.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wkssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlanhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WlanMediaManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlanmsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlansvcpal.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wlidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpeffects.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WpAXHolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WpcRefreshTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WpcTok.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WpcWebFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpncore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpninprc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpnprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wscsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wscui.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsecedit.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsp_sr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuuhext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wwanconn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wwanmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wwanprotdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_2.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_9.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XamlTileRender.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XblAuthManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\aadtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AboveLockAppHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AddressParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AppContracts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AppointmentActivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AppVEntSubsystems32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ASGT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AsIO.dll:$CmdZnID [26]
AlternateDataStreams: C:\Windows\SysWOW64\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [32]
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AuthExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\BackgroundMediaPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\BingOnlineServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Chakra.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\Chakradiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Chakrathunk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ClipboardServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CloudExperienceHostCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CloudExperienceHostUser.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ContactActivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ContactApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\container.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CoreMessaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CoreUIComponents.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credprovhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credprovs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credprovslegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\C_G18030.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\c_GSM7.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\C_IS2022.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3D12.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d8.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_36.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_36.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_31.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DataExchange.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DbgModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DDCHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DDCHelperX.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\delegatorprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\deviceassociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DeviceFlows.DataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dialclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DisplayManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DolbyDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DscCoreConfProv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dsreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dtdump.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\eapp3hst.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\eappcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\eappgnui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\eapphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\eappprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\efsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\EmailApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\encapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ErrorDetails.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ErrorDetailsUpdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\esent.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ExSMime.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ExtrasXmlParser.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\findnetprinters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\GamePanel.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gdi32full.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\java.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\javaw.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\javaws.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\LaunchWinApp.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\LicenseManagerApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\LogonController.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MapControlStringsRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MCRecvSrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Microsoft-Windows-MapControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Microsoft-Windows-MosHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Microsoft-Windows-MosTrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MiracastReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MosHostClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MosResource.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSAJApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSVP9DEC.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mtxclu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NetSetupShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NetworkCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0009.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsLexicons0009.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NmaDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NPSM.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [32]
AlternateDataStreams: C:\Windows\SysWOW64\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvcompiler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvcuda.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvcuvid.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvDecMFTMjpeg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvEncMFTH264.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvEncMFThevc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvEncodeAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvfatbinaryLoader.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NvFBC.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NvIFR.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NvIFROpenGL.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvoglv32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvopencl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvptxJitCompiler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvStreaming.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\offlinelsa.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\offlinesam.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Phoneutil.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\PhoneutilRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pidgenx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PlayToReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\POSyncServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\powercfg.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PresentationNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\remoteaudioendpoint.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RTMediaFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ShareHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\slc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\slcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\smphost.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sppc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\storagewmi_passthru.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SyncSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\systemcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tcpipcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TempSignedLicenseExchangeTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TokenBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\twinapi.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UIRibbonRes.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\usercpl.dll:$CmdTcID [64]


Max_cz
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 191
Registrován: 20 pro 2005 22:14
Kontaktovat uživatele:

Re: Preventivní kontrola, podezřelé chování

#11 Příspěvek od Max_cz »

Kód: Vybrat vše

AlternateDataStreams: C:\Windows\SysWOW64\UserDataAccessRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UserDataAccountApis.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\UserDataLanguageUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UserDataPlatformHelperUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UserDataTimeUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UserDataTypeHelperUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UserDeviceRegistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UserDeviceRegistration.Ngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UserMgrProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\VCardParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vulkaninfo-1-1-0-26-0.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vulkaninfo.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\weretw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wevtapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\win32u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.AccountsControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Wallet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.AllJoyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.LowLevel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Midi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Perception.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Picker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Radios.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.SerialCommunication.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.WiFi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Gaming.Input.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Graphics.Printing.3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Internal.Management.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Editing.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.FaceAnalysis.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Import.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Ocr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Speech.UXRes.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Perception.Stub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.StateRepository.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.StateRepositoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.UserDeviceAssociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.BioFeedback.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Cred.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.CredDialogController.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Xaml.Maps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Xaml.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WinRtTracing.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WinTypes.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wlancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wlanhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmpeffects.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WpcWebFilter.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wscui.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsp_sr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_7.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ahcache.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\AppVStrm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\asmthub3.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\asmtxhci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\capimg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\Classpnp.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ClipSp.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\cmimcext.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\colormunki_x64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\crashdmp.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\dam.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ddcdrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dumpsd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dxgmms2.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\EhStorTcgDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\fastfat.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\fvevol.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\hidclass.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\hidkmdf.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\hidparse.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\hidusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\hvservice.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\i1display_x64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\i1io2_x64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\i1iSis_x64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\i1_x64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\iorate.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\kbdhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\MegaSas2i.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\modem.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\pci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\pdc.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\pdiports.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rdbss.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rsdrvx64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\sdbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\spaceport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\storahci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\stornvme.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tpm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\vhdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\vpci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\wachidrouter.sys:$CmdTcID [64]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2017-02-03] (Sun Microsystems, Inc.)
C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\Users\Max_cz\AppData\Local\Temp
AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\splwow64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aadcloudap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aadtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AboveLockAppHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AccountsRt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ACPBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ActionCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AddressParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aksllmtp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppContracts.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppointmentActivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppReadiness.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppVCatalog.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppVClient.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppVDllSurrogate.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppVEntStreamingManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppVEntSubsystemController.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppVEntSubsystems64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppVEntVirtualization.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppVIntegration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppVManifest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppVOrchestration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppVPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppVPublishing.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\AppVReporting.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppVScripting.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppVShNotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppXApplicabilityBlob.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppXDeploymentExtensions.desktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppXDeploymentExtensions.onecore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppXDeploymentServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEndpointBuilder.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioSrvPolicyManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\baaupdate.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BackgroundMediaPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BarcodeProvisioningPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcrypt.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\bdechangepin.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bdesvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bdeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bdeunlock.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BingOnlineServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BitLockerDeviceEncryption.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BootMenuUX.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bootux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\browserbroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BthRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CastLaunch.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CbtBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cdpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cdpusersvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Chakradiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Chakrathunk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ClipboardServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ClipUp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cloudAP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CloudExperienceHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CloudExperienceHostBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CloudExperienceHostCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CloudExperienceHostUser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CloudStorageWizard.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cmintegrator.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ConsoleLogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ContactActivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ContactApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\container.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ContentDeliveryManager.Utilities.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CoreMessaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CoreUIComponents.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credprovhost.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\credprovs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credprovslegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cscui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\C_G18030.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\c_GSM7.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\C_IS2022.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3D12.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_35.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_35.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx11_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_31.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_35.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dab.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dafBth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dafpos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\das.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dasHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DataExchange.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DataSenseHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dbgeng.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DbgModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DDCHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DDCHelperX.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\delegatorprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DeveloperOptionsSettingsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\deviceaccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\deviceassociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DeviceCensus.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DeviceCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DeviceEnroller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DeviceFlows.DataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DevicePairingFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DeviceReactivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dialclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dialserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\discan.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DisplayManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dmcertinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DMRServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DolbyDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\domgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dosvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dpapisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drvstore.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DscCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DscCoreConfProv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dsreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dsregcmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EAMProgressHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\eapp3hst.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\eappcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\eappgnui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\eapphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\eappprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\easwrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EditionUpgradeHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EditionUpgradeManagerObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EDPCleanup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\efsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EmailApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\encapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EnterpriseAppMgmtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\enterprisecsps.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\EnterpriseModernAppMgmtCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ErrorDetails.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ErrorDetailsUpdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\esent.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ExSMime.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ExtrasXmlParser.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\facecredentialprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Family.Authentication.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Family.Client.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Family.SyncEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ffbroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fhcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fhcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fhsettingsprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FlightSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FontProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FrameServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fvecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fvenotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fveprompt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fveui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fvewiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\GamePanel.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gdi32full.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\GenValObj.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hal.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\hasplms.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\HttpsDataSource.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hvax64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hvix64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hvloader.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hvloader.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icsvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\icsvcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IdCtrls.dll:$CmdTcID [64]

EmptyTemp:
End.
*****************

C:\Windows\system32\Drivers\wacomrouterfilter.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\wcifs.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\wdcsam64.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\wdfcoinstaller01009.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\WdiWiFi.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\winhvr.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\wof.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\xboxgip.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\xinputhid.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Drivers\AiChargerPlus.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Drivers\AndroidAFDx64.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Drivers\AsIO.sys => ":$CmdZnID" ADS removed successfully.
C:\Windows\SysWOW64\Drivers\DDCDrv.sys => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Desktop\adwcleaner_6.043.exe => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Desktop\adwcleaner_6.043.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Desktop\FRST64.exe => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Desktop\FRST64.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Desktop\FRSTLauncher.exe => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Desktop\FRSTLauncher.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\007-faktura-fototori-2017.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\15683326_10211164149929834_588154813_n.png => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\15713282_10211172186690748_1265641643_n.png => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\AISuiteIII_V10159_DIP5_10390.zip => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\BitlordSetup.exe => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Downloads\BitlordSetup.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\BlueStacks2_native_d75a38db7b8c9ec89c6d13816f7f3f0e.exe => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Downloads\BlueStacks2_native_d75a38db7b8c9ec89c6d13816f7f3f0e.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\Boardwalk-Empire-S03E01(0000238257).srt => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\Boardwalk-Empire-S03E02(0000238258).srt => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\Boardwalk-Empire-S03E03(0000238259).srt => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\Boardwalk-Empire-S03E04(0000238260).srt => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\Boardwalk-Empire-S03E05(0000238261).srt => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\Boardwalk-Empire-S03E06(0000238262).srt => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\Boardwalk-Empire-S03E07(0000238263).srt => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\Boardwalk-Empire-S03E08(0000238264).srt => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\ccsetup525.exe => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Downloads\ccsetup525.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\christmas-atn.atn => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\ColorMunkiPhotoSetup.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\ColorMunkiPhoto_1-1-1_Win.zip => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\CrystalDiskMark5_2_0-en.exe => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Downloads\CrystalDiskMark5_2_0-en.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\DeepSkyStacker_exe.zip => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\DE_Eskadron_BasicsXVI_Preisliste_2016.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\FileZilla_3.22.1_win64-setup.exe => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Downloads\FileZilla_3.22.1_win64-setup.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\FileZilla_3.22.2.2_win64-setup.exe => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Downloads\FileZilla_3.24.0_win64-setup.exe => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Downloads\hdtunepro_560_trial.exe => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Downloads\hdtunepro_560_trial.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\honza_vejvoda (1).zip => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\honza_vejvoda.zip => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\HotPixelRemover.zip => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\HPU_v2.2.3.exe => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Downloads\HPU_v2.2.3.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\Hugin-2016.2.0-win64.msi => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\i1Diagnostics-4.1.2-Installer.exe => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Downloads\i1Diagnostics-4.1.2-Installer.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\i1ProfilerSetup.exe => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Downloads\i1ProfilerSetup.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\InstallScreencastOMatic-2.0.exe => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Downloads\InstallScreencastOMatic-2.0.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\kalibrace.zip => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\logo.png => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\logo_kone&lide_bilomodra.ai => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\logo_kone&lide_bilomodra.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\logo_kone&lide_bilomodra.png => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\mkvtoolnix-32bit-9.5.0-setup.exe => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Downloads\mkvtoolnix-32bit-9.5.0-setup.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\MrawGui_1.5.rar => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\MrawGui_1.6.rar => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\PixelFixer-1.17_64bit.zip => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\pm5_calibration_tester.zip => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\profact30inst.exe => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Downloads\profact30inst.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\pspad461inst_cz.exe => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Downloads\pspad461inst_cz.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\ptgui-pro-10-full-registration-key_3537917.zip => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\RawTherapee_WinVista_64_5.0-gtk3_3.18_release.zip => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\RSITx64.exe => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Downloads\RSITx64.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\setup-lightshot.exe => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Downloads\setup-lightshot.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\SpotifySetup.exe => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Downloads\SpotifySetup.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\SpywareTerminatorSetup.exe => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Downloads\SpywareTerminatorSetup.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\StarStaX-0.71_win64.zip => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\stellarium-0.15.0-win64.exe => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Downloads\stellarium-0.15.0-win64.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\tcmd900x64.exe => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Downloads\tcmd900x64.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\TeamViewer_Setup_cs-ajem.exe => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Downloads\TeamViewer_Setup_cs-ajem.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\Uloz.to_Uploader-setup.exe => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Downloads\Uloz.to_Uploader-setup.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\UserBenchMark.exe => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Downloads\UserBenchMark.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\uTorrent221.exe => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Downloads\uTorrent221.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\vlc-2.2.4-win32.exe => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Downloads\vlc-2.2.4-win32.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\WebcamScreenVideoCaptureFree.exe => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Downloads\WebcamScreenVideoCaptureFree.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\WebLaunchRecorder.exe => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Downloads\WebLaunchRecorder.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\winrar-x64-540cz.exe => ":$CmdTcID" ADS could not remove.
C:\Users\Max_cz\Downloads\winrar-x64-540cz.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\[CzT]Assassin_s_Creed_2008_CZ_.torrent => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\[CzT]Blazniva_zatracena_laska_Crazy_Stupid_Love_2011_.torrent => ":$CmdZnID" ADS removed successfully.
C:\Users\Max_cz\Downloads\[CzT]Dite_Bridget_Jonesove_Bridget_Jones_s_Baby_2016_CZ_.torrent => ":$CmdZnID" ADS removed successfully.
C:\Windows\system32\IdCtrls.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ie4uinit.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ieapfltr.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\iedkcs32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ieframe.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\iepeers.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ieproxy.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\iernonce.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\iertutil.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\iesetup.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\imapi2.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ImplatSetup.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\indexeddbserver.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\inetcomm.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\inetcpl.cpl => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\input.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\InputLocaleManager.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\InputService.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\InstallAgent.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\InstallAgentUserBroker.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\invagent.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\iphlpsvc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ipnathlp.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\iscsiwmi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\JpMapControl.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\jscript9.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\jscript9diag.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\jsproxy.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\kdhvcom.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\kerberos.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\KernelBase.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\KnobsCore.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\KnobsCsp.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\LaunchWinApp.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\LicenseManager.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\LicenseManagerSvc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ListSvc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\localspl.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\LocationFramework.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\LockAppBroker.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\LockAppHost.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\LogonController.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\lpremove.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\LsaIso.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\lsasrv.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\lsass.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\lsm.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\manage-bde.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MapConfiguration.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MapControlCore.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MapControlStringsRes.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MapGeocoder.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MapRouter.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MapsBtSvc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MapsBtSvcProxy.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MapsCSP.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MapsStore.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mapstoasttask.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mapsupdatetask.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MbaeApiPublic.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mbsmsapi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MCRecvSrc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MDEServer.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MDMAppInstaller.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mdmregistration.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MediaFoundation.DefaultPerceptionProvider.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mf.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mfasfsrcsnk.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mfaudiocnv.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MFCaptureEngine.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mfcore.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mfksproxy.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MFMediaEngine.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mfmkvsrcsnk.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mfmp4srcsnk.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mfmpeg2srcsnk.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mfnetcore.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mfnetsrc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mfplat.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MFPlay.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mfpmp.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mfps.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mfreadwrite.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mfsensorgroup.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mfsrcsnk.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mfsvr.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Microsoft-Windows-MapControls.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Microsoft-Windows-MosHost.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Microsoft-Windows-MosTrace.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\microsoft-windows-system-events.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\migisol.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MiracastReceiver.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mispace.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\modernexecserver.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mos.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\moshost.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MosHostClient.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\moshostcore.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MosResource.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MosStorage.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mprapi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mprddm.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mprdim.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MpSigStub.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MrmCoreR.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MRT.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MSAC3ENC.DLL => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MSAJApi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MSAudDecMFT.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\msctf.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\msdtcprx.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\msdtctm.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\msdtcuiu.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\msdxm.ocx => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\msfeeds.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\msftedit.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mshtml.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mshtmled.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\msi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\msinfo32.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\msmpeg2vdec.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mspaint.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mssprxy.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mssrch.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mstsc.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\mstscax.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\msv1_0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MSVidCtl.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MSVideoDSP.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MSVP9DEC.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\msvproc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MSVPXENC.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\msxml6.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\msxml6r.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MusNotification.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MusUpdateHandlers.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\nativemap.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\NaturalLanguage6.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ncsi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\NetCfgNotifyObjectHost.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\netiougc.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\netplwiz.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\NetSetupApi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\NetSetupEngine.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\NetSetupShim.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\NetSetupSvc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\netshell.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\nettrace.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\NetworkBindingEngineMigPlugin.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\NetworkCollectionAgent.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\NetworkDesktopSettings.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\NetworkMobileSettings.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\NetworkUXBroker.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\NFCProvisioningPlugin.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\NfcRadioMedia.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ngccredprov.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\NgcCtnr.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\NgcCtnrGidsHandler.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ngcsvc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\nlasvc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\NlsData0009.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\NlsLexicons0009.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\nltest.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\NMAA.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\NmaDirect.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\NotificationController.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\NPSM.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\nshwfp.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ntdll.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ntoskrnl.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ntshrui.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\nvapi64.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\nvcompiler.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\nvcuda.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\nvcuvid.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\nvDecMFTMjpeg.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\nvdispco6437290.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\nvdispgenco6437290.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\nvEncMFTH264.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\nvEncMFThevc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\nvEncodeAPI64.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\nvfatbinaryLoader.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\NvFBC64.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\NvIFR64.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\NvIFROpenGL.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\nvmcumd.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\nvoglv64.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\nvopencl.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\nvptxJitCompiler.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\nvvsvc.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\odbcconf.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\offlinelsa.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\offlinesam.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\offreg.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ole32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\oleaut32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\OnDemandConnRouteHelper.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\OneBackupHandler.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\OneDriveSettingSyncProvider.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\pcasvc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\pdh.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\PhoneProviders.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\PhoneService.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\PhoneServiceRes.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Phoneutil.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\PhoneutilRes.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\pidgenx.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\PimIndexMaintenance.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\PlayToDevice.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\PlayToManager.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\PlayToReceiver.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\pnidui.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\policymanager.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\poqexec.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\POSyncServices.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\powercfg.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\PresentationNative_v0300.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\PrintWSDAHost.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\prm0009.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\profsvc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\provdatastore.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\provengine.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\provhandlers.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\provisioningcsp.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\provops.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ProvPluginEng.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ProvSysprep.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\provtool.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\PsmServiceExtHost.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\puiobj.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\pwcreator.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\pwrshplugin.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\qedit.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\qmgr.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\rasapi32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\rascustom.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\rasmans.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\rdpcore.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\rdpcorets.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\rdpencom.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\rdpinit.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\rdpshell.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\rdpudd.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\RDXService.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\RDXTaskFactory.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ReAgent.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ReAgentc.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\RelPost.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\remoteaudioendpoint.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\RemoteNaturalLanguage.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\RemovableMediaProvisioningPlugin.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ReportingCSP.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\reseteng.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ResetEngine.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ResetEngine.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\resutils.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\RjvMDMConfig.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\RMapi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\rpcrt4.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\rshx32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\RTMediaFrame.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\RTWorkQ.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\samlib.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\samsrv.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\sbe.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ScDeviceEnum.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\schannel.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Search.ProtocolHandler.MAPI2.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\SearchFilterHost.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\SearchFolder.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\SearchIndexer.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\SearchProtocolHost.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\SecConfig.efi => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\securekernel.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\sendmail.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Sens.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\SensorDataService.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\SensorsApi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\SensorService.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\services.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\SessEnv.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\SettingsHandlers_Bluetooth.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\SettingsHandlers_Flights.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\SettingsHandlers_nt.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\SettingsHandlers_StorageSense.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\SettingsHandlers_WorkAccess.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\SettingSync.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\SettingSyncCore.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\SettingSyncHost.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\SettingSyncPolicy.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\setupugc.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\SharedStartModel.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ShareHost.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\shdocvw.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\shell32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\shutdownux.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\skci.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\slc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\slcext.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\smartscreen.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\smphost.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\SndVolSSO.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\SpaceAgent.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\SpaceControl.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\spaceman.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\SpeechPal.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\spoolsv.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\sppc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\sppcext.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\sppnp.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\sppobjs.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\sppsvc.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\sppwinob.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\spwmp.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\SRH.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\SRHInproc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\sspicli.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\stobject.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\StorageUsage.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\storagewmi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\storagewmi_passthru.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\StoreAgent.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\StorSvc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\StructuredQuery.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\sud.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\SyncCenter.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\SyncSettings.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\SysResetErr.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\systemreset.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\SystemSettings.DeviceEncryptionHandlers.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\SystemSettings.UserAccountsHandlers.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\SystemSettingsAdminFlows.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\taskbarcpl.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\tcpipcfg.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\tdh.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\TextInputFramework.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\themecpl.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\timedate.cpl => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\TokenBroker.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\TpmCoreProvisioning.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\TpmTasks.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\tquery.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\TransportDSA.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\tsmf.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\TSpkg.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\tspubwmi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\TSWorkspace.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\TsWpfWrp.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\twinapi.appcore.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\twinapi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\twinui.appcore.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\twinui.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\twinui.pcshell.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\tzautoupdate.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\tzres.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ubpm.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\UIAnimation.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\UIAutomationCore.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\UIRibbonRes.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\umpoext.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\unimdm.tsp => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\updatehandlers.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\updatepolicy.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\uReFS.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\urlmon.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\usbmon.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\user32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\usercpl.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\UserDataAccessRes.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\UserDataLanguageUtil.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\UserDataPlatformHelperUtil.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\UserDataTimeUtil.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\UserDataTypeHelperUtil.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\UserDeviceRegistration.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\UserDeviceRegistration.Ngc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\usermgr.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\UserMgrProxy.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\usocore.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\vbscript.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\VCardParser.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\VEStoreEventHandlers.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\vmrdvcore.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\vpnike.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\VPNv2CSP.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\vulkaninfo-1-1-0-26-0.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\vulkaninfo.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\w32time.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\WacDriverDLCoinst.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wbiosrvc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wc_storage.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wdfcoinstaller01009.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\WebcamUi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\webio.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wer.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\weretw.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wevtapi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wevtsvc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wfdprov.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\WiFiConfigSP.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wificonnapi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wifinetworkmanager.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wifiprofilessettinghandler.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wifitask.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\win32k.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\win32kbase.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\win32kfull.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\win32spl.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\win32u.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\WinBioDataModel.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\WinBioDataModelOOBE.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wincorlib.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.AccountsControl.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.ApplicationModel.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.ApplicationModel.Store.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.ApplicationModel.Wallet.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Cortana.Desktop.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Data.Pdf.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Devices.AllJoyn.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Devices.Bluetooth.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Devices.LowLevel.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Devices.Midi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Devices.Perception.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Devices.Picker.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Devices.PointOfService.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Devices.Printers.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Devices.Radios.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Devices.Scanners.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Devices.Sensors.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Devices.SerialCommunication.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Devices.SmartCards.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Devices.SmartCards.Phone.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Devices.Usb.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Devices.WiFi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Devices.WiFiDirect.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Energy.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Gaming.Input.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Gaming.XboxLive.Storage.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Globalization.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Graphics.Printing.3D.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Graphics.Printing.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Internal.Bluetooth.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Internal.Management.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Internal.UI.Logon.ProxyStub.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Management.Provisioning.ProxyStub.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Media.Audio.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Media.BackgroundMediaPlayback.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Media.Devices.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Media.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Media.Editing.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Media.FaceAnalysis.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Media.Import.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Media.MediaControl.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Media.Ocr.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Media.Playback.MediaPlayer.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Media.Protection.PlayReady.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Media.Speech.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Media.Speech.UXRes.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Media.Streaming.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Networking.Connectivity.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Networking.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Networking.HostName.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Networking.Vpn.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Perception.Stub.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Security.Authentication.Identity.Provider.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Shell.Search.UriHandler.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.StateRepository.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.StateRepositoryBroker.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.StateRepositoryClient.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Storage.ApplicationData.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\windows.storage.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.System.UserDeviceAssociation.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.UI.BioFeedback.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.UI.BlockedShutdown.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.UI.Core.TextInput.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.UI.Cred.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.UI.CredDialogController.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.UI.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.UI.Immersive.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.UI.Input.Inking.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.UI.Logon.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.UI.Search.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.UI.Shell.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.UI.Xaml.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.UI.Xaml.InkControls.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.UI.Xaml.Maps.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.UI.Xaml.Phone.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.UI.Xaml.Resources.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Web.Diagnostics.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Web.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Windows.Web.Http.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\WindowsCodecs.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\winhttp.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wininet.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wininetlui.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\winload.efi => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\winload.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\winlogon.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\winmde.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\winresume.efi => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\winresume.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\WinSCard.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\winsrv.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wintrust.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\WinTypes.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wkssvc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wlanapi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wlancfg.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wlanhlp.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\WlanMediaManager.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wlanmsm.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wlansec.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wlansvc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wlansvcpal.dll => ":$CmdTcID" ADS could not remove.


Max_cz
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 191
Registrován: 20 pro 2005 22:14
Kontaktovat uživatele:

Re: Preventivní kontrola, podezřelé chování

#12 Příspěvek od Max_cz »

Kód: Vybrat vše

C:\Windows\system32\wlidsvc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wmp.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\WMPDMC.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wmpdxm.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wmpeffects.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wmploc.DLL => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wmpmde.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wmpps.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wmpshell.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\WordBreakers.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wow64.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\WpAXHolder.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\WpcRefreshTask.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\WpcTok.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\WpcWebFilter.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wpnapps.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wpncore.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wpninprc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wpnprv.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wpx.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ws2_32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wscapi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wscinterop.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wscsvc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wscui.cpl => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wsecedit.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\WSManHTTPConfig.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\WsmSvc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wsp_fs.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wsp_health.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wsp_sr.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wuapi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wuauclt.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wuaueng.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wups.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wups2.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wuuhext.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\WWAHost.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\WWanAPI.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wwanconn.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wwanmm.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wwanprotdim.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wwansvc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\x3daudio1_0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\x3daudio1_1.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\X3DAudio1_2.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\xactengine2_0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\xactengine2_1.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\xactengine2_10.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\xactengine2_2.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\xactengine2_3.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\xactengine2_4.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\xactengine2_5.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\xactengine2_6.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\xactengine2_7.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\xactengine2_8.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\xactengine2_9.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\xactengine3_7.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\XamlTileRender.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\XAPOFX1_5.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\XAudio2_7.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\XblAuthManager.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\xinput1_1.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\xinput1_2.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\xinput1_3.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\xpsrchvw.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\zipfldr.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\aadtb.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\AboveLockAppHost.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\aclui.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\ActionCenterCPL.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\ActivationManager.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\actxprxy.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\AddressParser.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\adsmsext.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\AppCapture.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\AppContracts.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\AppointmentActivation.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\AppointmentApis.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\apprepapi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\apprepsync.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\AppVEntSubsystems32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\appwiz.cpl => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\AppXDeploymentClient.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\AppxPackaging.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\ASGT.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\AsIO.dll => ":$CmdZnID" ADS removed successfully.
C:\Windows\SysWOW64\asycfilt.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\atmfd.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\atmlib.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\AUDIOKSE.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\AudioSes.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\AuthBroker.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\AuthExt.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\authui.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\autoplay.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\AzureSettingSyncProvider.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\BackgroundMediaPolicy.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\bcastdvr.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\BcastDVRHelper.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\bcrypt.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\BingMaps.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\BingOnlineServices.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\biwinrt.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\BluetoothApis.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\cdp.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\CertEnroll.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Chakra.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Chakradiag.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Chakrathunk.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\chartv.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\ChatApis.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\ClipboardServer.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\CloudBackupSettings.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\CloudExperienceHostCommon.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\CloudExperienceHostUser.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\CloudStorageWizard.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\clusapi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\cmifw.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\combase.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\comctl32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\comdlg32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\comsvcs.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\ConfigureExpandedStorage.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\ContactActivation.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\ContactApis.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\container.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\CoreMessaging.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\CoreUIComponents.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\CPFilters.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\CredProvDataModel.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\credprovhost.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\credprovs.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\credprovslegacy.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\crypt32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\cryptngc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\CryptoWinRT.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\cryptui.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\C_G18030.DLL => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\c_GSM7.DLL => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\C_IS2022.DLL => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\d2d1.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\d3d10warp.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\d3d11.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\D3D12.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\d3d8.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\d3d9.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\D3DCompiler_33.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\D3DCompiler_34.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\D3DCompiler_35.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\D3DCompiler_36.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\D3DCompiler_43.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\D3DCompiler_47.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\d3dcsx_43.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\d3dx10.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\d3dx10_33.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\d3dx10_34.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\d3dx10_35.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\d3dx10_36.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\d3dx10_43.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\d3dx11_43.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\d3dx9_24.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\d3dx9_25.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\d3dx9_26.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\d3dx9_27.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\d3dx9_28.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\d3dx9_29.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\d3dx9_30.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\d3dx9_31.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\d3dx9_32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\d3dx9_33.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\d3dx9_34.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\d3dx9_35.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\d3dx9_36.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\D3DX9_43.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\DataExchange.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\daxexec.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\dbgeng.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\DbgModel.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\DDCHelper.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\DDCHelperX.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\ddraw.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\delegatorprovider.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\devenum.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\deviceassociation.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\DeviceFlows.DataModel.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\DevicePairing.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\dhcpcore6.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\dialclient.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\DisplayManager.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\dlnashext.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\dmenrollengine.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\dnsapi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\DolbyDecMFT.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\drvstore.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\DscCoreConfProv.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\dsreg.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\dtdump.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\dwmapi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\dwmcore.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\DWrite.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\dxgi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\dxmasf.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\dxtrans.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\eapp3hst.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\eappcfg.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\eappgnui.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\eapphost.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\eappprxy.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\edgehtml.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\EditBufferTestHook.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\efsext.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\efswrt.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\EmailApis.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\encapi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\ErrorDetails.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\ErrorDetailsUpdate.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\esent.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\esentutl.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\evr.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\explorer.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\ExplorerFrame.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\ExSMime.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\ExtrasXmlParser.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\findnetprinters.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\FlashPlayerApp.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\fontdrvhost.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\fontext.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\FSClient.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\GamePanel.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\gameux.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\gdi32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\gdi32full.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\GdiPlus.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Geolocation.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\GlobCollationHost.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\hevcdecoder.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\hgcpl.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\ieapfltr.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\iedkcs32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\ieframe.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\iepeers.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\ieproxy.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\iernonce.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\iertutil.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\iesetup.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\imapi2.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\indexeddbserver.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\inetcomm.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\inetcpl.cpl => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\input.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\InputLocaleManager.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\InputService.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\InstallAgent.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\InstallAgentUserBroker.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\iscsiwmi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\java.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\javaw.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\javaws.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\JpMapControl.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\jscript9.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\jscript9diag.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\jsproxy.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\kerberos.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\KernelBase.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\LaunchWinApp.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\LicenseManager.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\LicenseManagerApi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\LockAppBroker.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\LockAppHost.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\LogonController.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\MapConfiguration.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\MapControlCore.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\MapControlStringsRes.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\MapGeocoder.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\MapRouter.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\MapsBtSvc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\MbaeApiPublic.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\mbsmsapi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\MCRecvSrc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\mdmregistration.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\mf.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\mfasfsrcsnk.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\mfaudiocnv.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\mfcore.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\mfksproxy.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\MFMediaEngine.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\mfmkvsrcsnk.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\mfmp4srcsnk.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\mfmpeg2srcsnk.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\mfnetcore.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\mfnetsrc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\mfplat.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\MFPlay.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\mfpmp.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\mfps.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\mfreadwrite.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\mfsensorgroup.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\mfsrcsnk.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\mfsvr.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Microsoft-Windows-MapControls.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Microsoft-Windows-MosHost.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Microsoft-Windows-MosTrace.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\migisol.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\MiracastReceiver.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\mispace.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\mos.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\MosHostClient.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\MosResource.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\MosStorage.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\mprapi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\mprddm.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\mprdim.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\MrmCoreR.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\MSAC3ENC.DLL => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\MSAJApi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\msctf.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\msdtcprx.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\msdtcuiu.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\msdxm.ocx => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\msfeeds.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\msftedit.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\mshtml.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\mshtmled.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\msi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\msinfo32.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\msmpeg2vdec.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\mspaint.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\mssrch.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\mstsc.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\mstscax.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\msv1_0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\MSVidCtl.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\MSVP9DEC.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\msvproc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\MSVPXENC.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\msxml6.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\msxml6r.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\mtxclu.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\NaturalLanguage6.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\NetCfgNotifyObjectHost.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\netiougc.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\NetSetupApi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\NetSetupEngine.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\NetSetupShim.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\netshell.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\NetworkCollectionAgent.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\ngccredprov.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\NlsData0009.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\NlsLexicons0009.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\NMAA.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\NmaDirect.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\NPSM.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\nshwfp.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\ntdll.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\ntshrui.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\nvapi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\nvcompiler.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\nvcuda.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\nvcuvid.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\nvDecMFTMjpeg.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\nvEncMFTH264.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\nvEncMFThevc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\nvEncodeAPI.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\nvfatbinaryLoader.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\NvFBC.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\NvIFR.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\NvIFROpenGL.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\nvoglv32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\nvopencl.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\nvptxJitCompiler.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\nvStreaming.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\odbcconf.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\offlinelsa.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\offlinesam.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\offreg.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\ole32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\oleacc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\oleaut32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\olepro32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\pdh.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Phoneutil.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\PhoneutilRes.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\pidgenx.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\PlayToDevice.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\PlayToManager.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\PlayToReceiver.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\policymanager.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\poqexec.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\POSyncServices.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\powercfg.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\PresentationNative_v0300.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\PrintDialogs.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\pwrshplugin.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\qdvd.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\rasapi32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\rdpcore.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\rdpencom.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\ReAgent.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\ReAgentc.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\remoteaudioendpoint.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\RemoteNaturalLanguage.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\resutils.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\rpcrt4.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\RTMediaFrame.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\RTWorkQ.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\samlib.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\schannel.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Search.ProtocolHandler.MAPI2.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\SearchFolder.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\SearchIndexer.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\SearchProtocolHost.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\sendmail.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\SessEnv.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\SettingSync.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\SettingSyncCore.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\SettingSyncHost.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\SettingSyncPolicy.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\setupugc.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\ShareHost.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\shell32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\slc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\slcext.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\smphost.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\SndVolSSO.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\sppc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\sppcext.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\spwmp.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\sspicli.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\stobject.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\storagewmi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\storagewmi_passthru.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\StoreAgent.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\sud.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\SyncSettings.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\systemcpl.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\tcpipcfg.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\tdh.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\TempSignedLicenseExchangeTask.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\TextInputFramework.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\themecpl.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\TokenBroker.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\TpmCoreProvisioning.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\tquery.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\tsmf.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\TSpkg.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\TsWpfWrp.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\twinapi.appcore.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\twinapi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\twinui.appcore.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\twinui.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\tzres.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\UIAnimation.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\UIAutomationCore.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\UIRibbonRes.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\unimdm.tsp => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\updatepolicy.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\uReFS.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\urlmon.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\user32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\usercpl.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\UserDataAccessRes.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\UserDataAccountApis.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\UserDataLanguageUtil.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\UserDataPlatformHelperUtil.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\UserDataTimeUtil.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\UserDataTypeHelperUtil.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\UserDeviceRegistration.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\UserDeviceRegistration.Ngc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\UserMgrProxy.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\vbscript.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\VCardParser.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\vulkaninfo-1-1-0-26-0.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\vulkaninfo.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\WebcamUi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\webio.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\wer.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\weretw.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\wevtapi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\wfdprov.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\win32k.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\win32kfull.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\win32u.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\wincorlib.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.AccountsControl.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.ApplicationModel.Core.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.ApplicationModel.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.ApplicationModel.Wallet.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Data.Pdf.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Devices.AllJoyn.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Devices.LowLevel.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Devices.Midi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Devices.Perception.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Devices.Picker.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Devices.PointOfService.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Devices.Radios.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Devices.Scanners.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Devices.Sensors.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Devices.SerialCommunication.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Devices.SmartCards.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Devices.Usb.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Devices.WiFi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Devices.WiFiDirect.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Energy.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Gaming.Input.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Gaming.XboxLive.Storage.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Globalization.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Graphics.Printing.3D.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Graphics.Printing.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Internal.Management.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Media.Audio.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Media.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Media.Editing.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Media.FaceAnalysis.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Media.Import.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Media.Ocr.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Media.Playback.MediaPlayer.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Media.Speech.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Media.Speech.UXRes.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Media.Streaming.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Networking.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Networking.HostName.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Perception.Stub.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Shell.Search.UriHandler.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.StateRepository.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.StateRepositoryClient.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\windows.storage.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.System.UserDeviceAssociation.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.UI.BioFeedback.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.UI.Cred.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.UI.CredDialogController.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.UI.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.UI.Immersive.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.UI.Logon.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.UI.Search.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.UI.Xaml.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.UI.Xaml.InkControls.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.UI.Xaml.Maps.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.UI.Xaml.Phone.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Web.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\Windows.Web.Http.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\WindowsCodecs.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\winhttp.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\wininet.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\wininetlui.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\winmde.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\WinRtTracing.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\WinSCard.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\wintrust.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\WinTypes.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\wlanapi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\wlancfg.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\wlanhlp.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\wmp.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\WMPDMC.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\wmpdxm.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\wmpeffects.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\wmploc.DLL => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\wmpmde.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\wmpshell.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\WordBreakers.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\WpcWebFilter.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\wpnapps.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\ws2_32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\wscapi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\wscinterop.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\wscui.cpl => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\wsecedit.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\WSManHTTPConfig.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\WsmSvc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\wsp_fs.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\wsp_health.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\wsp_sr.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\wuapi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\WwaApi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\WWAHost.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\WWanAPI.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\x3daudio1_0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\x3daudio1_1.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\X3DAudio1_2.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\xactengine2_0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\xactengine2_1.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\xactengine2_10.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\xactengine2_2.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\xactengine2_3.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\xactengine2_4.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\xactengine2_5.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\xactengine2_6.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\xactengine2_7.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\xactengine2_8.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\xactengine2_9.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\xactengine3_7.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\XAPOFX1_5.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\XAudio2_7.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\xinput1_1.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\xinput1_2.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\xinput1_3.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\xolehlp.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\xpsrchvw.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\zipfldr.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\afd.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\ahcache.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\AppVStrm.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\asmthub3.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\asmtxhci.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\bowser.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\capimg.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\Classpnp.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\clfs.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\ClipSp.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\cmimcext.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\cng.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\colormunki_x64.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\crashdmp.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\dam.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\ddcdrv.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\dfsc.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\dumpsd.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\dxgkrnl.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\dxgmms1.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\dxgmms2.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\EhStorTcgDrv.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\fastfat.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\fvevol.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\FWPKCLNT.SYS => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\hidclass.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\hidkmdf.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\hidparse.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\hidusb.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\http.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\hvservice.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\i1display_x64.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\i1io2_x64.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\i1iSis_x64.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\i1_x64.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\iorate.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\kbdhid.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\ksecdd.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\ksecpkg.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\MegaSas2i.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\modem.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\mrxdav.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\mrxsmb.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\mrxsmb10.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\mrxsmb20.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\ndis.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\ntfs.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\partmgr.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\pci.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\pdc.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\pdiports.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\rdbss.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\rsdrvx64.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\sdbus.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\spaceport.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\srv.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\srv2.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\srvnet.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\storahci.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\stornvme.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\storport.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\tcpip.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\tm.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\tpm.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\vhdmp.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\vpci.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\wachidrouter.sys => ":$CmdTcID" ADS could not remove.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully

"C:\Users\Max_cz\AppData\Local\Temp" folder move:

Could not move "C:\Users\Max_cz\AppData\Local\Temp" => Scheduled to move on reboot.

C:\Windows\explorer.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\splwow64.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\aadcloudap.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\aadtb.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AboveLockAppHost.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AccountsRt.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\aclui.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\acmigration.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ACPBackgroundManagerPolicy.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ActionCenter.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ActionCenterCPL.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ActivationManager.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\actxprxy.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AddressParser.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\adsmsext.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\aeinv.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\aepic.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\aitstatic.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\aksllmtp.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AppCapture.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AppContracts.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\appinfo.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AppointmentActivation.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AppointmentApis.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\appraiser.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AppReadiness.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\apprepapi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\apprepsync.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AppVCatalog.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AppVClient.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AppVDllSurrogate.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AppVEntStreamingManager.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AppVEntSubsystemController.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AppVEntSubsystems64.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AppVEntVirtualization.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AppVIntegration.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AppVManifest.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AppVOrchestration.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AppVPolicy.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AppVPublishing.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AppVReporting.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AppVScripting.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AppVShNotify.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\appwiz.cpl => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AppXApplicabilityBlob.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AppXDeploymentClient.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AppXDeploymentExtensions.desktop.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AppXDeploymentExtensions.onecore.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AppXDeploymentServer.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AppxPackaging.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\asycfilt.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\atmfd.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\atmlib.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AudioEndpointBuilder.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AudioEng.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AUDIOKSE.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AudioSes.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\audiosrv.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AudioSrvPolicyManager.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AuthBroker.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\authui.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\autoplay.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\AzureSettingSyncProvider.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\baaupdate.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\BackgroundMediaPolicy.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\BarcodeProvisioningPlugin.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\bcastdvr.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\BcastDVRHelper.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\bcdedit.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\bcrypt.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\bdechangepin.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\bdesvc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\bdeui.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\bdeunlock.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\BingMaps.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\BingOnlineServices.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\bisrv.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\BitLockerDeviceEncryption.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\biwinrt.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\BluetoothApis.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\BootMenuUX.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\bootux.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\browserbroker.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\BthRadioMedia.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\CastLaunch.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\CbtBackgroundManagerPolicy.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\cdd.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\cdp.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\cdpsvc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\cdpusersvc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\CertEnroll.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\certprop.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Chakra.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Chakradiag.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Chakrathunk.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\chartv.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ChatApis.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ci.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ClipboardServer.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ClipUp.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\cloudAP.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\CloudBackupSettings.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\CloudExperienceHost.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\CloudExperienceHostBroker.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\CloudExperienceHostCommon.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\CloudExperienceHostUser.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\CloudStorageWizard.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\clusapi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\cmifw.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\cmintegrator.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\combase.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\comdlg32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\CompatTelRunner.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\comsvcs.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ConsoleLogon.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ContactActivation.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ContactApis.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\container.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ContentDeliveryManager.Utilities.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\CoreMessaging.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\CoreUIComponents.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\CPFilters.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\CredProvDataModel.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\credprovhost.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\credprovs.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\credprovslegacy.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\crypt32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\cryptngc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\CryptoWinRT.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\cryptui.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\cscui.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\csrsrv.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\C_G18030.DLL => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\c_GSM7.DLL => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\C_IS2022.DLL => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\d2d1.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\d3d10warp.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\d3d11.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\D3D12.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\d3d9.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\D3DCompiler_33.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\D3DCompiler_34.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\D3DCompiler_35.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\D3DCompiler_36.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\D3DCompiler_43.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\D3DCompiler_47.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\d3dcsx_43.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\d3dx10.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\d3dx10_33.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\d3dx10_34.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\d3dx10_35.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\d3dx10_36.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\d3dx10_43.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\d3dx11_43.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\d3dx9_24.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\d3dx9_25.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\d3dx9_26.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\d3dx9_27.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\d3dx9_28.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\d3dx9_29.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\d3dx9_30.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\d3dx9_31.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\d3dx9_32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\d3dx9_33.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\d3dx9_34.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\d3dx9_35.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\d3dx9_36.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\D3DX9_43.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\dab.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\dafBth.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\dafpos.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\das.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\dasHost.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\DataExchange.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\DataSenseHandlers.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\daxexec.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\dbgeng.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\DbgModel.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\DDCHelper.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\DDCHelperX.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ddraw.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\delegatorprovider.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\DeveloperOptionsSettingsHandlers.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\devenum.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\deviceaccess.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\deviceassociation.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\DeviceCensus.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\DeviceCenter.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\DeviceEnroller.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\DeviceFlows.DataModel.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\DevicePairing.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\DevicePairingFolder.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\DeviceReactivation.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\devinv.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\dhcpcore6.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\diagtrack.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\dialclient.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\dialserver.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\discan.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Display.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\DisplayManager.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\dlnashext.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\dmcertinst.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\dmenrollengine.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\DMRServer.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\dnsapi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\DolbyDecMFT.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\domgmt.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\dosvc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\dpapisrv.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\drvstore.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\DscCore.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\DscCoreConfProv.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\dsreg.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\dsregcmd.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\dwmapi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\dwmcore.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\DWrite.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\dxgi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\dxmasf.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\dxtrans.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\EAMProgressHandler.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\eapp3hst.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\eappcfg.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\eappgnui.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\eapphost.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\eappprxy.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\easwrt.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\edgehtml.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\EditBufferTestHook.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\EditionUpgradeHelper.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\EditionUpgradeManagerObj.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\EDPCleanup.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\efsext.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\efswrt.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\EmailApis.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\encapi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\EncDec.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\energy.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\EnterpriseAppMgmtSvc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\enterprisecsps.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\EnterpriseModernAppMgmtCSP.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ErrorDetails.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ErrorDetailsUpdate.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\esent.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\esentutl.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\evr.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ExplorerFrame.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ExSMime.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ExtrasXmlParser.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\facecredentialprovider.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Family.Authentication.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Family.Client.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Family.SyncEngine.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ffbroker.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\fhcfg.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\fhcpl.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\fhsettingsprovider.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\FlightSettings.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\FntCache.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\fontdrvhost.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\fontext.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\FontProvider.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\FrameServer.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\FSClient.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\fveapi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\fveapibase.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\fvecpl.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\fvenotify.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\fveprompt.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\fveui.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\fvewiz.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\GamePanel.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\gameux.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\gdi32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\gdi32full.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\GdiPlus.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\generaltel.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\GenValObj.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Geolocation.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\GlobCollationHost.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\gpsvc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\hal.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\hasplms.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\hevcdecoder.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\hgcpl.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\HttpsDataSource.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\hvax64.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\hvix64.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\hvloader.efi => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\hvloader.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\icsvc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\icsvcext.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\IdCtrls.dll => ":$CmdTcID" ADS could not remove.
End. => Error: No automatic fix found for this entry.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1941206852 B
Java, Flash, Steam htmlcache => 24753515 B
Windows/system/drivers => 93725129 B
Edge => 885028 B
Chrome => 849812247 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 76400194 B
systemprofile32 => 1208 B
LocalService => 0 B
NetworkService => 166704 B
defaultuser0 => 128 B
Max_cz => 1687507857 B

RecycleBin => 19876 B
EmptyTemp: => 4.4 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 04-02-2017 13:05:12)

"C:\Users\Max_cz\AppData\Local\Temp" => Could not move

==== End of Fixlog 13:05:15 ====

Max_cz
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 191
Registrován: 20 pro 2005 22:14
Kontaktovat uživatele:

Re: Preventivní kontrola, podezřelé chování

#13 Příspěvek od Max_cz »

O ploše vím, mám tam 4 fotky, jelikož jedu na SSD a systém startuje v řádu sekund, nějak sem na to zapomněl, děkuji za upozornění :)

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Preventivní kontrola, podezřelé chování

#14 Příspěvek od Rudy »

OK. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Max_cz
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 191
Registrován: 20 pro 2005 22:14
Kontaktovat uživatele:

Re: Preventivní kontrola, podezřelé chování

#15 Příspěvek od Max_cz »

To poznám až časem, až mi to zase napíše google, kdyby se nezlepšilo napíši sem, zatím děkuji

Odpovědět