VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu logu- více o mém problému v příspěvku

https://forum.viry.cz:443/viewtopic.php?t=142042

Stránka 1 z 1

Prosím o kontrolu logu- více o mém problému v příspěvku

Napsal: 24 pro 2014 18:29
od Amedeo
Jakožto úplně nový člen všechny zdravím, přeji pokojné vánoční svátky a zároveň se na znalé obracím s prosbou o pomoc.Pokusím se můj problém nastínit stručně, ale věcně.Před pár týdny mně můj poskytovatel WIFI upozornil, že na jeho DNS servery jsou z mé IP adresy činěny útoky.A tak jsem zkontroloval kompletně systém -Windows 7 64 bit- ( legální, jedná se o ,,pracovní,, PC ) Avastem ( který ve verzi home stále používám ), ale bez nálezu.Stejně tak Spybot.Zkusil jsem i zkušební verze ESET, Norton i různé Live distribuce.Ale pokaždé bez nálezu.Stejně tak proskenování prostřednictvím Malwarebytes- vše v pořádku.Přesto se obávám, že v systému opravdu ,,něco,, je.Jelikož jsou v PC 3 disky s daty, nerad bych o ně za 1. přišel, za 2.prováděl kompletní reinstalaci Windows ( resp. to bych rád nechal až jako poslední možnost ).V příloze tedy posílám logy z FRST64.Pro jistotu dodám: v současné době je v systému: Avast home, Spybot a Comodo Firewall.Velmi ocením každou pomoc.

Re: Prosím o kontrolu logu- více o mém problému v příspěvku

Napsal: 24 pro 2014 20:18
od Rudy
Zdravím!
Asi vás zklamu, pokud je PC pracovní, tedy patří firmě, nebo organizaci, nalze ho řešit na tomto f=oru, neboť je určeno home userům. Pro taková PC je určen: http://www.neslape.cz/?utm_campaign=nes ... ium=banner .

Re: Prosím o kontrolu logu- více o mém problému v příspěvku

Napsal: 24 pro 2014 20:23
od Amedeo
To jsem špatně formuloval, je pracovně-domácí, resp. je rodiny .....

Re: Prosím o kontrolu logu- více o mém problému v příspěvku

Napsal: 24 pro 2014 21:37
od Rudy
OK. Zkusíme tento postup:

Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:
CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s
a klikněte na >Prohledat<. Dejte oba logy.

Re: Prosím o kontrolu logu- více o mém problému v příspěvku

Napsal: 24 pro 2014 22:56
od Amedeo
Logy v příloze....

Re: Prosím o kontrolu logu- více o mém problému v příspěvku

Napsal: 25 pro 2014 11:52
od Rudy
Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text:
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1417767734-3329951676-3945012112-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1417767734-3329951676-3945012112-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IESR02
[2014.08.04 21:53:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\64bit\AppData\Roaming\Mozilla\Extensions
[2014.12.04 11:41:10 | 000,000,000 | ---D | M] (No name found) --
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
@Alternate Data Stream - 64 bytes -> E:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\zip.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-s..-jscript9.resources_31bf3856ad364e35_11.2.9600.17501_en-us_67e77623d4ca83ee\jscript9.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-s..-jscript9.resources_31bf3856ad364e35_11.2.9600.17501_cs-cz_24912ac7edd02790\jscript9.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-ie-vgx_31bf3856ad364e35_11.2.9600.17501_none_736359d34574eaf5\VGX.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.17501_none_cdcff2c1e93e23b6\sqmapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.17501_none_cdcff2c1e93e23b6\iertutil.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-ie-ratings_31bf3856ad364e35_11.2.9600.17501_none_4dbe86bcb9752e3a\msrating.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-ie-networkinspection_31bf3856ad364e35_11.2.9600.17501_none_fb28d2d1b0ba9520\networkinspection.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-ie-mshtmldac_31bf3856ad364e35_11.2.9600.17501_none_5e69eb0453d7bfdb\MshtmlDac.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-ie-jsprofilerui_31bf3856ad364e35_11.2.9600.17501_none_792b42102aeceb00\jsprofilerui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_11.2.9600.17501_none_6ec82186ee5c50f4\ieinstal.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_11.2.9600.17501_none_cdb9785df6f2f646\IEShims.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_11.2.9600.17501_none_165b2cc7a74a8fd8\ieproxy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-ie-ielowutil_31bf3856ad364e35_11.2.9600.17501_none_8ca2548ecdf4ad9e\ielowutil.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-ieframe.resources_31bf3856ad364e35_11.2.9600.17501_en-us_15f290992a684a5b\ieui.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-ieframe.resources_31bf3856ad364e35_11.2.9600.17501_en-us_15f290992a684a5b\ieframe.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-ieframe.resources_31bf3856ad364e35_11.2.9600.17501_cs-cz_d29c453d436dedfd\ieui.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-ieframe.resources_31bf3856ad364e35_11.2.9600.17501_cs-cz_d29c453d436dedfd\ieframe.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-ie-f12tools_31bf3856ad364e35_11.2.9600.17501_none_0f6c8730eddaeaa8\F12Tools.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-ie-f12tools.resources_31bf3856ad364e35_11.2.9600.17501_en-us_30d52e9411ab0c8f\F12Tools.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-ie-f12tools.resources_31bf3856ad364e35_11.2.9600.17501_cs-cz_ed7ee3382ab0b031\F12Tools.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17501_none_3855b50ad41e3aee\DiagnosticsTap.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_11.2.9600.17501_none_c1d155389c90519a\iedvtool.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_11.2.9600.17501_none_81be5ebfc8787fac\ieapfltr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_11.2.9600.17501_none_fa7cb4e1b4372620\iedkcs32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-i..trolpanel.resources_31bf3856ad364e35_11.2.9600.17501_en-us_a8b6edc044e61681\inetcpl.cpl.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-i..trolpanel.resources_31bf3856ad364e35_11.2.9600.17501_cs-cz_6560a2645debba23\inetcpl.cpl.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17501_none_88153be5fe8d0559\wininet.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17501_none_88153be5fe8d0559\jsproxy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-i..timezones.resources_31bf3856ad364e35_6.1.7601.22863_cs-cz_4278ea8312556864\tzres.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-i..timezones.resources_31bf3856ad364e35_6.1.7601.18656_cs-cz_41fd1c9bf92cfb87\tzres.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-i..rityzones.resources_31bf3856ad364e35_11.2.9600.17501_en-us_f4aefa083e335bbd\urlmon.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-i..rityzones.resources_31bf3856ad364e35_11.2.9600.17501_cs-cz_b158aeac5738ff5f\urlmon.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-i..riptcollectionagent_31bf3856ad364e35_11.2.9600.17501_none_3bf39075f5845e94\JavaScriptCollectionAgent.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-i..rendering.resources_31bf3856ad364e35_11.2.9600.17501_en-us_9314b3ef60271968\mshtml.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-i..rendering.resources_31bf3856ad364e35_11.2.9600.17501_cs-cz_4fbe6893792cbd0a\mshtml.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.17501_en-us_112682c0418c1fd5\DiagnosticsTap.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.17501_cs-cz_cdd037645a91c377\DiagnosticsTap.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17501_none_1565ee78ae9283ea\inetcpl.cpl:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_11.2.9600.17501_none_3b0f60443383dec6\urlmon.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-charmap_31bf3856ad364e35_6.1.7601.22856_none_f4c171fd1bd9961e\charmap.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\x86_microsoft-windows-charmap_31bf3856ad364e35_6.1.7601.18648_none_f444a3cc02b20fea\charmap.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.22826_none_3360df98112c1ae9\WsmWmiPl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.22826_none_3360df98112c1ae9\WsmSvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.22826_none_3360df98112c1ae9\WsmAuto.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.22826_none_3360df98112c1ae9\WSManMigrationPlugin.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.22826_none_3360df98112c1ae9\WSManHTTPConfig.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.18619_none_32e511b0f803ae0c\WsmWmiPl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.18619_none_32e511b0f803ae0c\WsmSvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.18619_none_32e511b0f803ae0c\WsmAuto.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.18619_none_32e511b0f803ae0c\WSManMigrationPlugin.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.18619_none_32e511b0f803ae0c\WSManHTTPConfig.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-scripting-vbscript_31bf3856ad364e35_11.2.9600.17501_none_34f9918d775f29ed\vbscript.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.17501_none_30c91aee07299d5a\jscript9diag.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.17501_none_30c91aee07299d5a\jscript9.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.22846_none_0544f99c70f630f9\mf.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.18640_none_04b5592f57ddfbfe\mf.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-ie-setup-support_31bf3856ad364e35_11.2.9600.17501_none_b2704362a7f17012\iesetup.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-ie-setup-support_31bf3856ad364e35_11.2.9600.17501_none_b2704362a7f17012\iernonce.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.17501_none_1c018e476376a76d\ieUnatt.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-ie-ieetwcollector_31bf3856ad364e35_11.2.9600.17501_none_afb625164c3eee7c\ieetwproxystub.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrenderingmedia_31bf3856ad364e35_11.2.9600.17501_none_ab203964a2c42d0c\mshtmlmedia.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17501_none_ffe2a0da6ba1a1c0\mshtml.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlediting_31bf3856ad364e35_11.2.9600.17501_none_34c877a58cdceb98\mshtmled.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_11.2.9600.17501_none_5141faddf7972fed\ieui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-ieframe_31bf3856ad364e35_11.2.9600.17501_none_5141faddf7972fed\ieframe.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_11.2.9600.17501_none_4c86188a83ee8b42\msfeeds.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_11.2.9600.17501_none_8465dd4dcb1c390b\dxtrans.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_11.2.9600.17501_none_8465dd4dcb1c390b\dxtmsft.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.22863_none_7e1480206dd98336\tzres.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.18656_none_7d98b23954b11659\tzres.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17501_none_8555ea97f73dee78\iexplore.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.22826_none_290c3545dccb58ee\WsmWmiPl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.22826_none_290c3545dccb58ee\WsmSvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.22826_none_290c3545dccb58ee\WsmAuto.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.22826_none_290c3545dccb58ee\WSManMigrationPlugin.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.22826_none_290c3545dccb58ee\WSManHTTPConfig.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.18619_none_2890675ec3a2ec11\WsmWmiPl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.18619_none_2890675ec3a2ec11\WsmSvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.18619_none_2890675ec3a2ec11\WsmAuto.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.18619_none_2890675ec3a2ec11\WSManMigrationPlugin.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.18619_none_2890675ec3a2ec11\WSManHTTPConfig.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-scripting-vbscript_31bf3856ad364e35_11.2.9600.17501_none_2aa4e73b42fe67f2\vbscript.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.17501_none_2674709bd2c8db5f\jscript9diag.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.17501_none_2674709bd2c8db5f\jscript9.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-s..-jscript9.resources_31bf3856ad364e35_11.2.9600.17501_en-us_c40611a78d27f524\jscript9.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-s..-jscript9.resources_31bf3856ad364e35_11.2.9600.17501_cs-cz_80afc64ba62d98c6\jscript9.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-s..-downlevel.binaries_31bf3856ad364e35_6.3.9600.17501_none_5fbe1176ff339355\MsSpellCheckingFacility.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.22846_none_faf04f4a3c956efe\mf.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.18640_none_fa60aedd237d3a03\mf.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-vgx_31bf3856ad364e35_11.2.9600.17501_none_cf81f556fdd25c2b\VGX.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-timeline_is_31bf3856ad364e35_11.2.9600.17501_none_5c20e8f5dea470f4\Timeline_is.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-timeline_31bf3856ad364e35_11.2.9600.17501_none_2f1add377eed4779\Timeline.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-setup-support_31bf3856ad364e35_11.2.9600.17501_none_a81b99107390ae17\iesetup.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-setup-support_31bf3856ad364e35_11.2.9600.17501_none_a81b99107390ae17\iernonce.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-setup-support_31bf3856ad364e35_11.2.9600.17501_none_a81b99107390ae17\ie4uinit.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.17501_none_29ee8e45a19b94ec\sqmapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.2.9600.17501_none_29ee8e45a19b94ec\iertutil.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-ratings_31bf3856ad364e35_11.2.9600.17501_none_a9dd224071d29f70\msrating.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-networkinspection_31bf3856ad364e35_11.2.9600.17501_none_57476e5569180656\networkinspection.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-mshtmldac_31bf3856ad364e35_11.2.9600.17501_none_ba8886880c353111\MshtmlDac.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-memoryanalyzer_31bf3856ad364e35_11.2.9600.17501_none_a541fc0e08a8dbb7\MemoryAnalyzer.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-jsprofilerui_31bf3856ad364e35_11.2.9600.17501_none_d549dd93e34a5c36\jsprofilerui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.17509_none_11ac2db52f16b27a\ieUnatt.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.17501_none_11ace3f52f15e572\ieUnatt.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ieinstal_31bf3856ad364e35_11.2.9600.17501_none_cae6bd0aa6b9c22a\ieinstal.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-ieshims_31bf3856ad364e35_11.2.9600.17501_none_29d813e1af50677c\IEShims.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-ieproxy_31bf3856ad364e35_11.2.9600.17501_none_7279c84b5fa8010e\ieproxy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-ielowutil_31bf3856ad364e35_11.2.9600.17501_none_e8c0f01286521ed4\ielowutil.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-ieetwcollector_31bf3856ad364e35_11.2.9600.17501_none_a5617ac417de2c81\ieetwproxystub.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-ieetwcollector_31bf3856ad364e35_11.2.9600.17501_none_a5617ac417de2c81\ieetwcollectorres.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-ieetwcollector_31bf3856ad364e35_11.2.9600.17501_none_a5617ac417de2c81\ieetwcollector.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrenderingmedia_31bf3856ad364e35_11.2.9600.17501_none_a0cb8f126e636b11\mshtmlmedia.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17501_none_f58df6883740dfc5\mshtml.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlediting_31bf3856ad364e35_11.2.9600.17501_none_2a73cd53587c299d\mshtmled.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_11.2.9600.17501_none_46ed508bc3366df2\ieui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ieframe_31bf3856ad364e35_11.2.9600.17501_none_46ed508bc3366df2\ieframe.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ieframe.resources_31bf3856ad364e35_11.2.9600.17501_en-us_72112c1ce2c5bb91\ieui.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ieframe.resources_31bf3856ad364e35_11.2.9600.17501_en-us_72112c1ce2c5bb91\ieframe.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ieframe.resources_31bf3856ad364e35_11.2.9600.17501_cs-cz_2ebae0c0fbcb5f33\ieui.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ieframe.resources_31bf3856ad364e35_11.2.9600.17501_cs-cz_2ebae0c0fbcb5f33\ieframe.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_11.2.9600.17501_none_42316e384f8dc947\msfeeds.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-f12tools_31bf3856ad364e35_11.2.9600.17501_none_6b8b22b4a6385bde\F12Tools.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-f12tools.resources_31bf3856ad364e35_11.2.9600.17501_en-us_8cf3ca17ca087dc5\F12Tools.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-f12tools.resources_31bf3856ad364e35_11.2.9600.17501_cs-cz_499d7ebbe30e2167\F12Tools.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-f12resources_31bf3856ad364e35_11.2.9600.17501_none_64b65005224e765a\F12Resources.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17501_none_9474508e8c7bac24\DiagnosticsTap.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-f12_31bf3856ad364e35_11.2.9600.17501_none_cfff1f2afd7a42bb\F12.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-f12.resources_31bf3856ad364e35_11.2.9600.17501_en-us_528dfa236ea622ee\F12.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-f12.resources_31bf3856ad364e35_11.2.9600.17501_cs-cz_0f37aec787abc690\F12.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_11.2.9600.17501_none_7a1132fb96bb7710\dxtrans.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_11.2.9600.17501_none_7a1132fb96bb7710\dxtmsft.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17501_none_f239f42bd65b74b9\DiagnosticsHub_is.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-devtools_31bf3856ad364e35_11.2.9600.17501_none_1deff0bc54edc2d0\iedvtool.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-datawarehouse_31bf3856ad364e35_11.2.9600.17501_none_28f91ad41582e8a9\DiagnosticsHub.DataWarehouse.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_11.2.9600.17501_none_dddcfa4380d5f0e2\ieapfltr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_11.2.9600.17501_none_569b50656c949756\iedkcs32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-i..trolpanel.resources_31bf3856ad364e35_11.2.9600.17501_en-us_04d58943fd4387b7\inetcpl.cpl.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-i..trolpanel.resources_31bf3856ad364e35_11.2.9600.17501_cs-cz_c17f3de816492b59\inetcpl.cpl.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17501_none_e433d769b6ea768f\wininet.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17501_none_e433d769b6ea768f\jsproxy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-i..timezones.resources_31bf3856ad364e35_6.1.7601.22863_cs-cz_9e978606cab2d99a\tzres.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-i..timezones.resources_31bf3856ad364e35_6.1.7601.18656_cs-cz_9e1bb81fb18a6cbd\tzres.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.22863_none_73bfd5ce3978c13b\tzupd.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.22863_none_73bfd5ce3978c13b\tzres.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.18656_none_734407e72050545e\tzupd.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.18656_none_734407e72050545e\tzres.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-i..rityzones.resources_31bf3856ad364e35_11.2.9600.17501_en-us_50cd958bf690ccf3\urlmon.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-i..rityzones.resources_31bf3856ad364e35_11.2.9600.17501_cs-cz_0d774a300f967095\urlmon.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-i..riptedsandboxplugin_31bf3856ad364e35_11.2.9600.17501_none_3e26c1958074eb20\DiagnosticsHub.ScriptedSandboxPlugin.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-i..riptcollectionagent_31bf3856ad364e35_11.2.9600.17501_none_98122bf9ade1cfca\JavaScriptCollectionAgent.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-i..resources.resources_31bf3856ad364e35_11.2.9600.17501_en-us_1db814512cb04b1b\F12Resources.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-i..resources.resources_31bf3856ad364e35_11.2.9600.17501_cs-cz_da61c8f545b5eebd\F12Resources.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-i..rendering.resources_31bf3856ad364e35_11.2.9600.17501_en-us_ef334f7318848a9e\mshtml.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-i..rendering.resources_31bf3856ad364e35_11.2.9600.17501_cs-cz_abdd0417318a2e40\mshtml.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.17501_en-us_6d451e43f9e9910b\DiagnosticsTap.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.17501_cs-cz_29eed2e812ef34ad\DiagnosticsTap.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_11.2.9600.17501_none_718489fc66eff520\inetcpl.cpl:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17501_none_7b014045c2dd2c7d\iexplore.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_11.2.9600.17501_none_972dfbc7ebe14ffc\urlmon.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-charmap_31bf3856ad364e35_6.1.7601.22856_none_50e00d80d4370754\charmap.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18683_none_e822d0c3e5b060cb\invagent.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18683_none_e822d0c3e5b060cb\dismapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18683_none_e822d0c3e5b060cb\diagtrackrunner.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18683_none_e822d0c3e5b060cb\diagtrack.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18683_none_e822d0c3e5b060cb\appraiser.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18683_none_e822d0c3e5b060cb\Api-ms-win-downlevel-version-l1-1-0.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18683_none_e822d0c3e5b060cb\Api-ms-win-downlevel-user32-l1-1-1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18683_none_e822d0c3e5b060cb\Api-ms-win-downlevel-ole32-l1-1-1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18683_none_e822d0c3e5b060cb\Api-ms-win-downlevel-kernel32-l2-1-0.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18683_none_e822d0c3e5b060cb\Api-ms-win-downlevel-kernel32-l1-1-0.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18683_none_e822d0c3e5b060cb\Api-ms-win-downlevel-advapi32-l4-1-0.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18683_none_e822d0c3e5b060cb\Api-ms-win-downlevel-advapi32-l1-1-1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18683_none_e822d0c3e5b060cb\aitstatic.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-a..rience-program-data_31bf3856ad364e35_6.1.7601.18683_none_cf41930399e1d55e\aepic.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-a..rience-program-data_31bf3856ad364e35_6.1.7601.18683_none_cf41930399e1d55e\aeinv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18683_none_e5857bbe102edef6\sdbapiu.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18683_none_e5857bbe102edef6\QueryAppBlock.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xvidvfw.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xvidcore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xvid.ax:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xinput1_3.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xinput1_2.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xinput1_1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XAudio2_7.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XAudio2_6.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XAudio2_5.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XAudio2_4.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XAudio2_3.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XAudio2_2.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XAudio2_1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XAudio2_0.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XAPOFX1_5.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XAPOFX1_4.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XAPOFX1_3.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XAPOFX1_2.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XAPOFX1_1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XAPOFX1_0.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine3_7.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine3_6.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine3_5.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine3_4.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine3_3.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine3_2.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine3_1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine3_0.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine2_9.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine2_8.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine2_7.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine2_6.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine2_5.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine2_4.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine2_3.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine2_2.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine2_10.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine2_1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine2_0.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\X3DAudio1_7.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\X3DAudio1_6.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\X3DAudio1_5.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\X3DAudio1_4.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\X3DAudio1_3.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\X3DAudio1_2.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\x3daudio1_1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\x3daudio1_0.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WsmWmiPl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WsmSvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WsmAuto.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WSManMigrationPlugin.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WSManHTTPConfig.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wininet.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\vbscript.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\urlmon.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\tzres.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\OVDecode.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\OpenVideo.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\OpenCL.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\msrating.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mshtmlmedia.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mshtmled.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\MshtmlDac.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mshtml.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\msfeeds.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mf.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mantleaxl32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mantle32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_235_Plugin.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\jsproxy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\jscript9diag.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\jscript9.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\JavaScriptCollectionAgent.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\inetcpl.cpl:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ieui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\iesetup.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\iertutil.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\iernonce.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ieframe.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ieetwproxystub.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\iedkcs32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ieapfltr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\charmap.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\fmcodec.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\FlashPlayerApp.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWOW64\en-US\urlmon.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWOW64\en-US\mshtml.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWOW64\en-US\jscript9.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWOW64\en-US\inetcpl.cpl.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWOW64\en-US\ieui.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWOW64\en-US\ieframe.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dxtrans.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dxtmsft.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DX9_43.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DX9_42.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DX9_41.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DX9_40.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DX9_39.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DX9_38.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DX9_37.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_36.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_35.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_34.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_33.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_31.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_30.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_29.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_28.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_27.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_26.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_25.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_24.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx11_43.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx11_42.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx10_43.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx10_42.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx10_41.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx10_40.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx10_39.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx10_38.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx10_37.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx10_36.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx10_35.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx10_34.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx10_33.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx10.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dcsx_43.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dcsx_42.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DCompiler_43.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DCompiler_42.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DCompiler_41.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DCompiler_40.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DCompiler_39.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DCompiler_38.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DCompiler_37.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DCompiler_36.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DCompiler_35.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DCompiler_34.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DCompiler_33.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWOW64\cs-CZ\urlmon.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWOW64\cs-CZ\tzres.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWOW64\cs-CZ\mshtml.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWOW64\cs-CZ\jscript9.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWOW64\cs-CZ\inetcpl.cpl.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWOW64\cs-CZ\ieui.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWOW64\cs-CZ\ieframe.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\atiuxpag.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\atiumdva.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\atiumdag.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\atiu9pag.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\atisamu32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\atioglxx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\atimpc32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\atiglpxx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\atigktxx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\atidxx32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\aticfx32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\aticalrt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\aticaldd.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\aticalcl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\atiadlxy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\amdpcom32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\amdocl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\amdmmcl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\amdmantle32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\amdhsasc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\amdhcp32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\amdave32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xvidvfw.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xvidcore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xvid.ax:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xinput1_3.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xinput1_2.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xinput1_1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAudio2_7.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAudio2_6.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAudio2_5.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAudio2_4.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAudio2_3.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAudio2_2.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAudio2_1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAudio2_0.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAPOFX1_5.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAPOFX1_4.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAPOFX1_3.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAPOFX1_2.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAPOFX1_1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\XAPOFX1_0.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine3_7.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine3_6.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine3_5.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine3_4.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine3_3.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine3_2.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine3_1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine3_0.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_9.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_8.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_7.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_6.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_5.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_4.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_3.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_2.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_10.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\xactengine2_0.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\X3DAudio1_7.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\X3DAudio1_6.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\X3DAudio1_5.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\X3DAudio1_4.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\X3DAudio1_3.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\X3DAudio1_2.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\x3daudio1_1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\x3daudio1_0.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WsmWmiPl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WsmSvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WsmAuto.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WSManMigrationPlugin.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\WSManHTTPConfig.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\wininet.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\vbscript.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\urlmon.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\tzres.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\OVDecode.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\OpenVideo.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\OpenCL.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msrating.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\mshtmlmedia.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\mshtmled.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\MshtmlDac.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\mshtml.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\msfeeds.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\mf.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\mantleaxl32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\mantle32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\Macromed\Flash\FlashUtil32_16_0_0_235_Plugin.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\jsproxy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\jscript9diag.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\jscript9.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\JavaScriptCollectionAgent.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\inetcpl.cpl:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\ieui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\iesetup.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\iertutil.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\iernonce.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\ieframe.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\ieetwproxystub.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\iedkcs32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\ieapfltr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\charmap.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\fmcodec.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\FlashPlayerApp.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\en-US\urlmon.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\en-US\mshtml.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\en-US\jscript9.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\en-US\inetcpl.cpl.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\en-US\ieui.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\en-US\ieframe.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\dxtrans.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\dxtmsft.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\OVDecode64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\OVDecode.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\OpenVideo64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\OpenVideo.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\newhsacore64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\newhsacore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\mcl64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\mcl32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\mantleaxl64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\mantleaxl32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\mantle64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\mantle32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\hsaumd64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\hsaumd.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\hsaservices64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\hsaservices.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\coinst_14.50.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\clinfo.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atiuxpag.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atiuxp64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atiumdva.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atiumdag.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atiumd6a.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atiumd64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atiu9pag.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atiu9p64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atitmm64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atisamu64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atisamu32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atioglxx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\ATIODE.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\ATIODCLI.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atio6axx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atimuixx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atimpc64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atimpc32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atikmpag.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atikmdag.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atiglpxx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atigktxx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atig6txx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atig6pxx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atiesrxx.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atieclxx.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atidxx64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atidxx32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atidemgy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\aticfx64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\aticfx32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\aticalrt64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\aticalrt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\aticaldd64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\aticaldd.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\aticalcl64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\aticalcl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atibtmon.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atiapfxx.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atiadlxy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\atiadlxx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\ati2erec.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\amf-wic-jpeg-decoder64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\amf-wic-jpeg-decoder32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\amf-mft-mjpeg-decoder64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\amf-mft-mjpeg-decoder32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\amdocl_ld64.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\amdocl_ld32.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\amdocl_as64.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\amdocl_as32.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\amdocl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\amdmmcl6.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\amdmmcl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\AMDMFTVideoDecoder_64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\AMDMFTVideoDecoder_32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\AMDMFTDecoder_64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\AMDMFTDecoder_32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\amdmantle64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\amdmantle32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\amdkfd.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\AMDhwDecoder_64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\AMDhwDecoder_32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\amdhsasc64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\amdhsasc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\amdhsars.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\amdhsacl64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\amdhsacl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\amdhcp64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\amdhcp32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\AMDh264Enc64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\AMDh264Enc32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\amdave64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\amdave32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\amdacpksd.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\AMD_OpenCL64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\DriverStore\FileRepository\c7177998.inf_amd64_neutral_25632ac7210e1930\B178093\AMD_OpenCL32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DX9_43.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DX9_42.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DX9_41.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DX9_40.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DX9_39.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DX9_38.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DX9_37.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_36.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_35.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_34.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_33.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_31.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_30.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_29.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_28.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_27.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_26.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_25.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx9_24.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx11_43.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx11_42.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_43.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_42.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_41.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_40.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_39.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_38.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_37.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_36.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_35.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_34.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10_33.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dx10.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dcsx_43.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\d3dcsx_42.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_43.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_42.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_41.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_40.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_39.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_38.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_37.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_36.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_35.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_34.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\D3DCompiler_33.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\cs-CZ\urlmon.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\cs-CZ\tzres.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\cs-CZ\mshtml.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\cs-CZ\jscript9.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\cs-CZ\inetcpl.cpl.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\cs-CZ\ieui.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\cs-CZ\ieframe.dll.mui:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\atiuxpag.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\atiumdva.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\atiumdag.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\atiu9pag.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\atisamu32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\atioglxx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\atimpc32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\atiglpxx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\atigktxx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\atidxx32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\aticfx32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\aticalrt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\aticaldd.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\aticalcl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\atiadlxy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\amdpcom32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\amdocl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\amdmmcl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\amdmantle32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\amdhsasc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\amdhcp32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\amdave32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SWXCACLS.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SWSC.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SWREG.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\servicing\GC64\tzupd.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\sed.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\PEV.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\NIRCMD.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\MBR.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\grep.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\erdnt\Hiv-backup\ERDNT.EXE:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\erdnt\cache86\wininit.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\erdnt\cache86\wininet.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\erdnt\cache86\userinit.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\erdnt\cache86\svchost.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\erdnt\cache86\regedit.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\erdnt\cache86\mshtml.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\erdnt\cache86\iexplore.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\erdnt\cache86\firefox.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\erdnt\cache86\explorer.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\erdnt\cache86\ctfmon.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\erdnt\cache64\wuauclt.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\erdnt\cache64\winlogon.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\erdnt\cache64\wininit.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\erdnt\cache64\wininet.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\erdnt\cache64\userinit.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\erdnt\cache64\svchost.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\erdnt\cache64\spoolsv.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\erdnt\cache64\services.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\erdnt\cache64\mshtml.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\erdnt\cache64\lsass.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\erdnt\cache64\ctfmon.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Program Files (x86)\Raptr\raptrstub.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Program Files (x86)\Internet Explorer\iexplore.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\autoexec.bat:$CmdTcID
@Alternate Data Stream - 64 bytes -> \Program Files\WinRAR\Ace32Loader.exe:$CmdTcID


:files
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]
[Resethosts]
Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

Re: Prosím o kontrolu logu- více o mém problému v příspěvku

Napsal: 25 pro 2014 13:21
od Amedeo
Hotovo....

Re: Prosím o kontrolu logu- více o mém problému v příspěvku

Napsal: 25 pro 2014 13:25
od Rudy
Smazáno. Nastala nějaká změna?

Re: Prosím o kontrolu logu- více o mém problému v příspěvku

Napsal: 25 pro 2014 13:46
od Amedeo
To se ( alespoň předpokládám ) dozvím během několika následujících dní, zda-li moji IP adresu můj poskytovatel opět nezablokuje ( z důvodu útoků z mé IP adresy na jeho DNS servery ).Každopádně velké díky za ochotu a pomoc! :)

Re: Prosím o kontrolu logu- více o mém problému v příspěvku

Napsal: 25 pro 2014 18:52
od Rudy
Rádo se stalo a hezký zbytek svátků! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz