Hodil jsem to tam sám podle návodu. Prodej jsem to přes ten OTL. Vypadá to, že to byl kámen urazu. Soubory jsou již ve složce a chrome se zapíná jak má.
[2015/10/30 09:18:26 | 000,022,528 | ---- | C] () -- C:\WINDOWS\SysWow64\efsext.dll
[2015/10/30 09:18:25 | 000,002,269 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2015/10/30 09:18:23 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
[2015/10/30 09:17:40 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2015/09/22 11:34:02 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2015/09/22 11:34:02 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2015/09/22 11:33:09 | 000,807,464 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2015/09/22 11:33:06 | 001,005,584 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2015/08/29 09:25:48 | 000,002,473 | ---- | C] () -- C:\WINDOWS\SysWow64\tbaseprovisioning.exe.config
========== ZeroAccess Check ==========
[2016/01/17 21:00:05 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2016/05/11 14:37:14 | 006,605,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2016/05/11 14:37:07 | 005,240,960 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015/10/30 09:17:43 | 000,987,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2015/10/30 09:18:21 | 000,765,440 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2015/10/30 09:17:45 | 000,518,656 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\zoek-delete.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\ztrace_maps.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\WWanAPI.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\WWAHost.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\wups.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\wuapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\wshom.ocx:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\wshbth.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\wsdchngr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\WSDApi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\WpcWebFilter.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\WMSPDMOE.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\WMSPDMOD.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\WMPDMC.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\wmp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\WMADMOD.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\wlidcli.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\wlansec.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\wlanmsm.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\wlanapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\wkscli.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\WinTypes.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\winspool.drv:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\wininetlui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\wininet.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\winhttpcom.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\winhttp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\WindowsCodecs.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\Windows.Web.Http.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\Windows.Web.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\Windows.UI.Logon.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\Windows.UI.Input.Inking.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\Windows.UI.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\Windows.UI.Cred.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\Windows.UI.Core.TextInput.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\windows.storage.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\Windows.Security.Authentication.Web.Core.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\Windows.Networking.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\Windows.Networking.Connectivity.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\Windows.Media.Speech.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\Windows.Media.MediaControl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\Windows.Media.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\Windows.Media.Devices.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\Windows.Media.Audio.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\Windows.Internal.Bluetooth.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\Windows.Devices.Scanners.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\Windows.Devices.Bluetooth.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\Windows.AccountsControl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\winbio.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\WiFiDisplay.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\wfdprov.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\wfapigp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\werui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\wermgr.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\wer.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\vulkaninfo-1-1-0-3-1.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\vulkaninfo.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\VEEventDispatcher.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\VEDataLayerHelpers.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\VCardParser.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\vbscript.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\UserMgrProxy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\usermgrcli.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\UserDataTypeHelperUtil.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\UserDataTimeUtil.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\UserDataPlatformHelperUtil.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\UserDataLanguageUtil.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\UserDataAccountApis.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\user32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\urlmon.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\uReFS.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\updatepolicy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\Unistore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\UIAutomationCore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\twinui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\twinui.appcore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\TokenBrokerCookies.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\TokenBroker.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\TimeBrokerClient.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\thumbcache.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\TextInputFramework.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\tbauth.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\tbaseregistry32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\tbaseprovisioning.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\t-base_client_api.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\taskschd.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\SynCom.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\SyncController.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\StoreAgent.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\srvcli.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\SRHInproc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\SRH.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\sqmapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\SimCfg.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\SimAuth.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\schannel.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\shell32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\SHCore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\shacct.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\SettingSyncHost.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\SettingSyncCore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\SettingSync.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\SETC5D3.tmp:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\SETC523.tmp:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\SETC4C4.tmp:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\SETBB0B.tmp:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\SET95F3.tmp:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\SET8F9D.tmp:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\SET6AAB.tmp:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\SET675E.tmp:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\SensorsNativeApi.V2.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\SensorsNativeApi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\SensorsApi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\samlib.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\rsaenh.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\rpcrt4.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\rootpacommon.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\RemoteNaturalLanguage.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\rastlsext.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\rastls.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\rasdlg.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\rasautou.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\rasapi32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\rasadhlp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\quartz.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\qedit.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\qdvd.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\ProximityCommon.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\profext.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\POSyncServices.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\policymanager.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\PimIndexMaintenanceClient.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\PhoneCallHistoryApis.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\pcaui.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\PackageStateRoaming.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\OpenWith.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\OpenCL.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\OneDriveSettingSyncProvider.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\OnDemandConnRouteHelper.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\olepro32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\oleacchooks.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\oleacc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\ole32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\ntdll.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\NotificationObjFactory.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\NMAA.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\NetSetupShim.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\NetSetupEngine.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\NetSetupApi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\netlogon.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\netapi32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\mtxoci.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\MTF.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\msxml6.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\msxml3.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\msvproc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\msv1_0.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\mstscax.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\MsSpellCheckingFacility.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\msorcl32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\MSMPEG2ENC.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\msi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\mshtml.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\MSFlacDecoder.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\msfeeds.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\msctf.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\MP3DMOD.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\MosStorage.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\MosHostClient.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\mos.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\mftranscode.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\mfsvr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\mfsrcsnk.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\mfreadwrite.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\mfps.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\MFPlay.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\mfplat.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\mfnetsrc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\mfnetcore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\mfmp4srcsnk.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\mfmkvsrcsnk.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\MFMediaEngine.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\mfds.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\mfcore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\MFCaptureEngine.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\mfasfsrcsnk.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\MessagingDataModel2.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\mdmregistration.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\MCRecvSrc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\MapsBtSvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\MapControlCore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\MapConfiguration.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\mantleaxl32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\mantle32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\LogonController.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\LockAppHost.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\LicenseManager.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\LaunchWinApp.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\ksproxy.ax:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\KernelBase.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\kerberos.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\jsproxy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\jscript9.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\jscript.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\JpMapControl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\InstallAgent.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\InputService.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\InputLocaleManager.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\inetcpl.cpl:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\iertutil.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\ieproxy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\ieframe.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\iedkcs32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\iassam.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\ChatApis.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\Chakra.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\hsa-thunk.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\hmkd.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\hlink.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\gdi32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\GameManager32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\FWPUCLNT.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\fwpolicyiomgr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\fwbase.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\fontsub.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\fontdrvhost.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\FM20.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\FlashPlayerApp.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\FirewallAPI.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\ExtrasXmlParser.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\ExSMime.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\ExplorerFrame.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\explorer.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\evr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\esent.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\EmailApis.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\edgehtml.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\easwrt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\dxgi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\dwmcore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\dnsapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\DisplayManager.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\directmanipulation.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\deviceaccess.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\detoured.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\d3d11.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\d3d10level9.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\d2d1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\cryptngc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\crypt32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\credprovhost.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\CredProvDataModel.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\CoreUIComponents.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\CoreMessaging.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\ContactApis.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\combase.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\cfgbkend.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\CertEnroll.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\cemapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\CallHistoryClient.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\ByteCodeGenerator.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\BrowserSettingSync.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\browcli.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\BluetoothApis.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\BingMaps.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\BackgroundTransferHost.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\AzureSettingSyncProvider.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\AudioSes.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\AUDIOKSE.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atmlib.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atmfd.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atiuxpag.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atiumdva.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atiumdag.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atiu9pag.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atisamu32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atioglxx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atimpc32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atiglpxx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atigktxx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atieah32.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atidxx32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\aticfx32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\aticalrt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\aticaldd.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\aticalcl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atiadlxy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\atiadlxx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\asycfilt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\AppxSip.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\AppxPackaging.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\AppXDeploymentClient.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\AppxAllUserStore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\AppointmentApis.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\AppointmentActivation.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdxc32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdvlk32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdumcsp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdpcom32.dll:$CmdTcID
Bordel v notebooku Vyřešeno
Re: Bordel v notebooku
Procesor: I3 6100
Zakladní deska: ASROCK Z170 PRO4
Chlazení: NOCTUA NH-D15S
SSD: Kingston HyperX Savage SSD 120GB
HDD : 500GB Seagate
GPU: Zatím není.
RAM: Kingston HyperX Fury Black 8GB DDR4
ZROJ: EVGA 430W
CASE : In-Win 805C GOLD, zlatá
Zakladní deska: ASROCK Z170 PRO4
Chlazení: NOCTUA NH-D15S
SSD: Kingston HyperX Savage SSD 120GB
HDD : 500GB Seagate
GPU: Zatím není.
RAM: Kingston HyperX Fury Black 8GB DDR4
ZROJ: EVGA 430W
CASE : In-Win 805C GOLD, zlatá
Re: Bordel v notebooku
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdocl12cl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdocl_ld32.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdocl_as32.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdocl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdmmcl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdmantle32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdlvr32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdhdl32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdhcp32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdgfxinfo32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdave32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\advapi32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\actxprxy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\ActiveSyncProvider.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\AccountsRt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\AboveLockAppHost.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ztrace_maps.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\XboxNetApiSvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\XblGameSave.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\XblAuthManager.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wwansvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\WWanAPI.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\WWAHost.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wuuhext.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wups.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wuautoappupdate.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wuaueng.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wuauclt.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wuapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\WSService.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wsqmcons.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wshom.ocx:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wshbth.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wsdchngr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\WSDApi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wscsvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wpninprc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wpdbusenum.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\WpcWebFilter.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\WpcMon.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\WMSPDMOE.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\WMSPDMOD.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\WMPDMC.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wmp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\WMALFXGFXDSP.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\WMADMOD.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wlidsvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wlidcli.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wlansvcpal.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wlansvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wlansec.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wlanmsm.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wlanapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wkscli.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\WinTypes.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\winspool.drv:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\winresume.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\winresume.efi:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\winlogon.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\winload.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\winload.efi:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wininit.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wininetlui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wininet.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\winhttpcom.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\winhttp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\WindowsCodecs.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Web.Http.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Web.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.UI.Xaml.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.UI.Shell.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.UI.Logon.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.UI.Input.Inking.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.UI.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.UI.Cred.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.UI.Core.TextInput.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\windows.storage.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Security.Authentication.Web.Core.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Networking.UX.EapRequestHandler.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Networking.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Networking.Connectivity.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Media.Speech.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Media.Protection.PlayReady.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Media.MediaControl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Media.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Media.Devices.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Media.Audio.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Internal.Shell.Broker.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Internal.Bluetooth.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Devices.Scanners.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Devices.Bluetooth.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Data.Pdf.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.AccountsControl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\winbio.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\win32spl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\win32kfull.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\win32kbase.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wifitask.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wifiprofilessettinghandler.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wifinetworkmanager.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\WiFiDisplay.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wificonnapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\WiFiConfigSP.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wfdprov.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wfapigp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\werui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wermgr.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wer.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\WdfCoInstaller01011.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wcmsvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wcmcsp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wbiosrvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\vulkaninfo-1-1-0-3-1.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\vulkaninfo.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\VEStoreEventHandlers.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\VEEventDispatcher.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\VEDataLayerHelpers.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\VCardParser.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\vbscript.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\vaultsvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\UserMgrProxy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\usermgrcli.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\usermgr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\UserDataTypeHelperUtil.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\UserDataTimeUtil.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\UserDataService.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\UserDataPlatformHelperUtil.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\UserDataLanguageUtil.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\UserDataAccountApis.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\user32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\usbmon.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\urlmon.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\uReFS.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\updatepolicy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Unistore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\UIAutomationCore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\uDWM.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\tzautoupdate.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\twinui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\twinui.appcore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\TokenBrokerCookies.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\TokenBroker.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\TimeBrokerServer.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\TimeBrokerClient.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\tileobjserver.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\thumbcache.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\TextInputFramework.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\tbauth.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\tbaseregistry64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\t-base_client_api.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\taskschd.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SystemSettingsThresholdAdminFlowUI.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SystemSettingsAdminFlows.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\systemreset.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SynTPCo31-1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SynTPAPI.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SynCOM.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SyncController.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SubscriptionMgr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\StorSvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\storewuauth.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\StoreAgent.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\StorageUsage.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\sscoreext.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\srvcli.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SRHInproc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SRH.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\srcore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\sqmapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\spoolsv.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SmsRouterSvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SMSRouter.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SimCfg.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SimAuth.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\schedsvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\schannel.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\shell32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SHCore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\sharemediacpl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SharedStartModel.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\shacct.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SettingSyncHost.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SettingSyncCore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SettingSync.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SettingsHandlers_nt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SETCA5D.tmp:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SETCA1C.tmp:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SETC4F4.tmp:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SETC494.tmp:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SET9294.tmp:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SET9177.tmp:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SET6558.tmp:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SET39A2.tmp:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\services.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SensorsNativeApi.V2.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SensorsNativeApi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SensorService.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SensorsApi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\seclogon.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SecConfig.efi:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\scapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\samsrv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\samlib.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\rsaenh.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\rpcrt4.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\RMSRoamingSecurity.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\reseteng.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\RemoteNaturalLanguage.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\RecoveryDrive.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\RDXTaskFactory.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\RDXService.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\rastlsext.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\rastls.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\rasdlg.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\rasautou.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\rasauto.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\rasapi32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\rasadhlp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\QuickActionsDataModel.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\quartz.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\qedit.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\qdvd.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\pspcoins.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\psmsrv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\PsmServiceExtHost.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ProximityCommon.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\provtool.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ProvPluginEng.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\provpackageapidll.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\provisioningcsp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\provhandlers.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\provengine.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\provdatastore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\profsvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\profext.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\POSyncServices.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\policymanagerprecheck.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\policymanager.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\PimIndexMaintenanceClient.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\PimIndexMaintenance.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\PhoneService.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\PhoneProviders.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\PhoneCallHistoryApis.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\pcaui.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\PackageStateRoaming.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\OpenWith.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\OpenCL.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\OneDriveSettingSyncProvider.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\OnDemandConnRouteHelper.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\omadmclient.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\omadmapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\oleacchooks.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\oleacc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ole32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ntoskrnl.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ntdll.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\NotificationObjFactory.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\NMAA.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ngcsvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ngcpopkeysrv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ngckeyenum.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\NgcCtnrSvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\NgcCtnr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ngccredprov.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\NFCProvisioningPlugin.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\NetworkMobileSettings.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\NetSetupSvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\NetSetupShim.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\NetSetupEngine.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\NetSetupApi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\netlogon.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\netapi32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ncbservice.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MusUpdateHandlers.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MusNotificationUx.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MusNotification.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mtxoci.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MTFServer.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MTF.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\msxml6.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\msxml3.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\msvproc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\msv1_0.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mstscax.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MsSpellCheckingFacility.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MSMPEG2ENC.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\msi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mshtml.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MSFlacDecoder.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\msfeeds.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\msctf.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MRT.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MPSSVC.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MpSigStub.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MP3DMOD.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MosStorage.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\moshostcore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MosHostClient.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\moshost.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mos.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\modernexecserver.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\microsoft-windows-system-events.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mftranscode.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mfsvr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mfsrcsnk.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mfreadwrite.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mfps.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MFPlay.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mfplat.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mfnetsrc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mfnetcore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mfmpeg2srcsnk.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mfmp4srcsnk.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mfmkvsrcsnk.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MFMediaEngine.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mfds.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mfcore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MFCaptureEngine.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mfasfsrcsnk.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MessagingDataModel2.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mdmregistration.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mdmmigrator.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MDMAppInstaller.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MDEServer.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MCRecvSrc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MBMediaManager.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mapsupdatetask.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MapsStore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MapsCSP.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MapsBtSvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MapControlCore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MapConfiguration.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mantleaxl64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mantle64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\lsasrv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\LsaIso.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\LogonController.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\LockAppHost.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\localspl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ListSvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\LicenseManagerShellext.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\LicenseManager.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\LaunchWinApp.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ksproxy.ax:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\KnobsCore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\KernelBase.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\kerberos.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\jsproxy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\jscript9.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\jscript.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\JpMapControl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\iuilp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\irmon.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ipnathlp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\invagent.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\InstallAgent.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\InputService.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\InputLocaleManager.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\inetcpl.cpl:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\IKEEXT.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\iertutil.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ieproxy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ieframe.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\iedkcs32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ie4uinit.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\iassam.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ChatApis.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Chakra.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\hsa-thunk64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\hmkd.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\hlink.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\generaltel.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\gdi32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\GameManager64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\FWPUCLNT.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\fwpolicyiomgr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\fwbase.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\fvewiz.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\fveui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\fveskybackup.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\fvecpl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\fveapibase.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\fveapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\fontsub.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\FontProvider.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\fontdrvhost.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\flvprophandler.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\FirewallAPI.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\FilterDS.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\facecredentialprovider.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ExtrasXmlParser.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ExSMime.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ExplorerFrame.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\evr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\esent.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\EnterpriseDesktopAppMgmtCSP.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\enterprisecsps.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\enrollmentapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\EmailApis.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\edgehtml.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\easwrt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\easinvoker.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\dxgi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\dwminit.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\dwmcore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\dssvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\DscCore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\xinputhid.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\xboxgip.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\WdiWiFi.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\USBXHCI.SYS:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\USBSTOR.SYS:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\usbser.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\USBHUB3.SYS:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\UMDF\UcmCx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\ufxsynopsys.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\ufx01000.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\UcmCx.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\tcpip.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\SynTP.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\Smb_driver_Intel_Aux.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\Smb_driver_AMDASF_Aux.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\Smb_driver_AMDASF.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\SET904B.tmp:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\SET650E.tmp:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\serial.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\sdport.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\sdbus.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\rfcomm.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\rasl2tp.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\portcls.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\pdc.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\pci.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\nwifi.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\ntfs.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\ndis.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\mwac.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\mrxsmb10.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\mrxsmb.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\mrxdav.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\mbamchameleon.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\mbam.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\http.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\hidclass.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\fvevol.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\filecrypt.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\fastfat.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\dxgmms2.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\dxgmms1.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\dxgkrnl.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\dumpsd.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\dfsc.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\cng.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\BTHUSB.SYS:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\bthport.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\BthLEEnum.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\bthenum.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\bridge.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\atikmpag.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\atikmdag.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\AtihdWT6.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\ati2erec.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\athw10x.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\appid.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\amdpsp.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\amdkmpfd.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\amdkmcsp.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\amdkmafd.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\AmdAS4.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\amdacpksd.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\acpi.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\dosvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\domgmt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\dnsrslvr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\dnsapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\dmenterprisediagnostics.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\dmenrollengine.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\dmcsps.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\DisplayManager.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\directmanipulation.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\dialserver.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\diagtrack.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\dgtrayicon.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\devinv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\DeviceEnroller.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\DeviceCensus.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\deviceaccess.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\detoured.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\DelayAPO.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\DDDS.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\DataSenseHandlers.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\DAFWSD.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\dafBth.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\d3d11.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\d3d10level9.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\d2d1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\cryptngc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\crypt32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\credprovhost.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\CredProvDataModel.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\CoreUIComponents.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\CoreMessaging.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ContentDeliveryManager.Utilities.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ContactApis.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\configurationclient.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\CompatTelRunner.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\combase.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\coinst_16.15.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\coinst_15.20.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\CloudDomainJoinDataModelServer.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ClipSVC.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\clinfo.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\cfgbkend.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\CertEnroll.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\cemapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\CallHistoryClient.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ByteCodeGenerator.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\BrowserSettingSync.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\browserbroker.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\browser.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\browcli.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\BluetoothApis.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\BitLockerDeviceEncryption.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\bisrv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\BingMaps.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\BFE.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\bdesvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\BdeHdCfgLib.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\basesrv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\BackgroundTransferHost.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\AzureSettingSyncProvider.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\AuthHost.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\audiosrv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\AudioSes.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\AUDIOKSE.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\AudioEndpointBuilder.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\audiodg.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atmlib.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atmfd.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atiuxp64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atiumd6a.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atiumd64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atiu9p64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atitmm64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atisamu64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ATIODE.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ATIODCLI.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atio6axx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atimuixx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atimpc64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atiglpxx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atig6txx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atig6pxx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atiesrxx.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atieclxx.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atieah64.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atidxx64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atidemgy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\aticfx64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\aticalrt64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\aticaldd64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\aticalcl64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atiapfxx.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atiadlxx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\asycfilt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\AppxSysprep.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\AppxSip.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\AppxPackaging.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\AppXDeploymentServer.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\AppXDeploymentClient.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\AppxAllUserStore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\appraiser.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\AppointmentApis.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\AppointmentActivation.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\amdxc64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\amdvlk64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\amdumcsp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\amdpcom64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\amdocl12cl64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\amdocl_ld64.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\amdocl_as64.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\amdmmcl6.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\amdmiracast.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\amdmantle64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\amdlvr64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\amdhdl64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\amdhcp64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\amdgfxinfo64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\amdave64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\aitstatic.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\aepic.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\aeinv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\advapi32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\actxprxy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ActiveSyncProvider.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ActivationManager.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\acmigration.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\AccountsRt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\accountaccessor.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\AboveLockAppHost.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\explorer.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Users\Mamka\Desktop\ATF-Cleaner.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe:$CmdTcID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Documents\TH_20160308-20160406 (1).pdf:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Documents\TH_20160101-20160330.pdf:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Documents\TH_20160101-20160330 (1).pdf:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Documents\TH_20160101-20160104.pdf:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Documents\TH_20151221-20160123pladba.pdf:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Documents\pladba.pdf:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Documents\Pladba 16.1.pdf:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Documents\Pladba 10.2.pdf:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Documents\Objednavka_2160539485.pdf:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Documents\iwebs.pdf:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Documents\internet zdena.pdf:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Documents\Doklad_2152675273.pdf:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Documents\70kč.pdf:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Desktop\Životopisy 2015 1 (1).pdf:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Desktop\Zivotopis (1).txt:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Desktop\Vstupní_lékařská_prohlídka.pdf:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Desktop\IMG_20150828_115945.jpg:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Desktop\ATF-Cleaner.exe:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Desktop\24678.jpg:$CmdZnID
< End of report >
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdocl_ld32.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdocl_as32.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdocl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdmmcl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdmantle32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdlvr32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdhdl32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdhcp32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdgfxinfo32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\amdave32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\advapi32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\actxprxy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\ActiveSyncProvider.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\AccountsRt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysWow64\AboveLockAppHost.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ztrace_maps.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\XboxNetApiSvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\XblGameSave.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\XblAuthManager.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wwansvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\WWanAPI.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\WWAHost.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wuuhext.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wups.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wuautoappupdate.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wuaueng.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wuauclt.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wuapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\WSService.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wsqmcons.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wshom.ocx:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wshbth.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wsdchngr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\WSDApi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wscsvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wpninprc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wpdbusenum.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\WpcWebFilter.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\WpcMon.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\WMSPDMOE.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\WMSPDMOD.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\WMPDMC.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wmp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\WMALFXGFXDSP.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\WMADMOD.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wlidsvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wlidcli.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wlansvcpal.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wlansvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wlansec.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wlanmsm.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wlanapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wkscli.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\WinTypes.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\winspool.drv:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\winresume.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\winresume.efi:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\winlogon.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\winload.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\winload.efi:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wininit.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wininetlui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wininet.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\winhttpcom.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\winhttp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\WindowsCodecs.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Web.Http.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Web.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.UI.Xaml.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.UI.Shell.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.UI.Logon.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.UI.Input.Inking.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.UI.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.UI.Cred.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.UI.Core.TextInput.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\windows.storage.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Security.Authentication.Web.Core.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Networking.UX.EapRequestHandler.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Networking.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Networking.Connectivity.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Media.Speech.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Media.Protection.PlayReady.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Media.MediaControl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Media.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Media.Devices.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Media.Audio.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Internal.Shell.Broker.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Internal.Bluetooth.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Devices.Scanners.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Devices.Bluetooth.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.Data.Pdf.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Windows.AccountsControl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\winbio.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\win32spl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\win32kfull.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\win32kbase.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wifitask.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wifiprofilessettinghandler.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wifinetworkmanager.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\WiFiDisplay.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wificonnapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\WiFiConfigSP.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wfdprov.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wfapigp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\werui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wermgr.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wer.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\WdfCoInstaller01011.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wcmsvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wcmcsp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\wbiosrvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\vulkaninfo-1-1-0-3-1.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\vulkaninfo.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\VEStoreEventHandlers.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\VEEventDispatcher.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\VEDataLayerHelpers.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\VCardParser.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\vbscript.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\vaultsvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\UserMgrProxy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\usermgrcli.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\usermgr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\UserDataTypeHelperUtil.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\UserDataTimeUtil.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\UserDataService.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\UserDataPlatformHelperUtil.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\UserDataLanguageUtil.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\UserDataAccountApis.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\user32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\usbmon.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\urlmon.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\uReFS.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\updatepolicy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Unistore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\UIAutomationCore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\uDWM.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\tzautoupdate.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\twinui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\twinui.appcore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\TokenBrokerCookies.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\TokenBroker.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\TimeBrokerServer.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\TimeBrokerClient.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\tileobjserver.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\thumbcache.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\TextInputFramework.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\tbauth.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\tbaseregistry64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\t-base_client_api.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\taskschd.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SystemSettingsThresholdAdminFlowUI.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SystemSettingsAdminFlows.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\systemreset.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SynTPCo31-1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SynTPAPI.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SynCOM.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SyncController.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SubscriptionMgr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\StorSvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\storewuauth.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\StoreAgent.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\StorageUsage.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\sscoreext.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\srvcli.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SRHInproc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SRH.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\srcore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\sqmapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\spoolsv.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SmsRouterSvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SMSRouter.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SimCfg.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SimAuth.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\schedsvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\schannel.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\shell32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SHCore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\sharemediacpl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SharedStartModel.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\shacct.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SettingSyncHost.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SettingSyncCore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SettingSync.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SettingsHandlers_nt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SETCA5D.tmp:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SETCA1C.tmp:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SETC4F4.tmp:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SETC494.tmp:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SET9294.tmp:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SET9177.tmp:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SET6558.tmp:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SET39A2.tmp:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\services.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SensorsNativeApi.V2.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SensorsNativeApi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SensorService.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SensorsApi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\seclogon.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\SecConfig.efi:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\scapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\samsrv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\samlib.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\rsaenh.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\rpcrt4.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\RMSRoamingSecurity.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\reseteng.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\RemoteNaturalLanguage.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\RecoveryDrive.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\RDXTaskFactory.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\RDXService.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\rastlsext.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\rastls.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\rasdlg.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\rasautou.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\rasauto.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\rasapi32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\rasadhlp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\QuickActionsDataModel.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\quartz.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\qedit.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\qdvd.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\pspcoins.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\psmsrv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\PsmServiceExtHost.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ProximityCommon.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\provtool.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ProvPluginEng.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\provpackageapidll.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\provisioningcsp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\provhandlers.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\provengine.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\provdatastore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\profsvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\profext.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\POSyncServices.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\policymanagerprecheck.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\policymanager.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\PimIndexMaintenanceClient.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\PimIndexMaintenance.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\PhoneService.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\PhoneProviders.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\PhoneCallHistoryApis.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\pcaui.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\PackageStateRoaming.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\OpenWith.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\OpenCL.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\OneDriveSettingSyncProvider.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\OnDemandConnRouteHelper.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\omadmclient.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\omadmapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\oleacchooks.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\oleacc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ole32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ntoskrnl.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ntdll.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\NotificationObjFactory.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\NMAA.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ngcsvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ngcpopkeysrv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ngckeyenum.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\NgcCtnrSvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\NgcCtnr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ngccredprov.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\NFCProvisioningPlugin.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\NetworkMobileSettings.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\NetSetupSvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\NetSetupShim.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\NetSetupEngine.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\NetSetupApi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\netlogon.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\netapi32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ncbservice.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MusUpdateHandlers.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MusNotificationUx.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MusNotification.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mtxoci.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MTFServer.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MTF.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\msxml6.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\msxml3.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\msvproc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\msv1_0.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mstscax.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MsSpellCheckingFacility.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MSMPEG2ENC.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\msi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mshtml.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MSFlacDecoder.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\msfeeds.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\msctf.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MRT.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MPSSVC.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MpSigStub.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MP3DMOD.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MosStorage.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\moshostcore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MosHostClient.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\moshost.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mos.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\modernexecserver.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\microsoft-windows-system-events.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mftranscode.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mfsvr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mfsrcsnk.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mfreadwrite.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mfps.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MFPlay.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mfplat.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mfnetsrc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mfnetcore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mfmpeg2srcsnk.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mfmp4srcsnk.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mfmkvsrcsnk.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MFMediaEngine.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mfds.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mfcore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MFCaptureEngine.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mfasfsrcsnk.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MessagingDataModel2.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mdmregistration.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mdmmigrator.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MDMAppInstaller.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MDEServer.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MCRecvSrc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MBMediaManager.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mapsupdatetask.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MapsStore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MapsCSP.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MapsBtSvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MapControlCore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\MapConfiguration.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mantleaxl64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\mantle64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\lsasrv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\LsaIso.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\LogonController.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\LockAppHost.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\localspl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ListSvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\LicenseManagerShellext.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\LicenseManager.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\LaunchWinApp.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ksproxy.ax:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\KnobsCore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\KernelBase.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\kerberos.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\jsproxy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\jscript9.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\jscript.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\JpMapControl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\iuilp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\irmon.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ipnathlp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\invagent.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\InstallAgent.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\InputService.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\InputLocaleManager.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\inetcpl.cpl:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\IKEEXT.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\iertutil.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ieproxy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ieframe.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\iedkcs32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ie4uinit.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\iassam.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ChatApis.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\Chakra.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\hsa-thunk64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\hmkd.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\hlink.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\generaltel.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\gdi32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\GameManager64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\FWPUCLNT.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\fwpolicyiomgr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\fwbase.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\fvewiz.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\fveui.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\fveskybackup.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\fvecpl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\fveapibase.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\fveapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\fontsub.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\FontProvider.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\fontdrvhost.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\flvprophandler.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\FirewallAPI.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\FilterDS.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\facecredentialprovider.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ExtrasXmlParser.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ExSMime.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ExplorerFrame.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\evr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\esent.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\EnterpriseDesktopAppMgmtCSP.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\enterprisecsps.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\enrollmentapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\EmailApis.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\edgehtml.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\easwrt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\easinvoker.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\dxgi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\dwminit.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\dwmcore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\dssvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\DscCore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\xinputhid.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\xboxgip.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\WdiWiFi.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\USBXHCI.SYS:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\USBSTOR.SYS:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\usbser.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\USBHUB3.SYS:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\UMDF\UcmCx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\ufxsynopsys.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\ufx01000.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\UcmCx.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\tcpip.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\SynTP.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\Smb_driver_Intel_Aux.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\Smb_driver_AMDASF_Aux.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\Smb_driver_AMDASF.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\SET904B.tmp:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\SET650E.tmp:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\serial.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\sdport.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\sdbus.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\rfcomm.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\rasl2tp.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\portcls.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\pdc.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\pci.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\nwifi.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\ntfs.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\ndis.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\mwac.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\mrxsmb10.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\mrxsmb.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\mrxdav.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\mbamchameleon.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\mbam.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\http.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\hidclass.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\fvevol.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\filecrypt.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\fastfat.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\dxgmms2.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\dxgmms1.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\dxgkrnl.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\dumpsd.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\dfsc.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\cng.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\BTHUSB.SYS:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\bthport.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\BthLEEnum.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\bthenum.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\bridge.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\atikmpag.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\atikmdag.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\AtihdWT6.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\ati2erec.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\athw10x.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\appid.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\amdpsp.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\amdkmpfd.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\amdkmcsp.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\amdkmafd.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\AmdAS4.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\amdacpksd.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\drivers\acpi.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\dosvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\domgmt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\dnsrslvr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\dnsapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\dmenterprisediagnostics.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\dmenrollengine.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\dmcsps.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\DisplayManager.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\directmanipulation.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\dialserver.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\diagtrack.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\dgtrayicon.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\devinv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\DeviceEnroller.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\DeviceCensus.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\deviceaccess.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\detoured.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\DelayAPO.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\DDDS.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\DataSenseHandlers.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\DAFWSD.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\dafBth.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\d3d11.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\d3d10level9.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\d2d1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\cryptngc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\crypt32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\credprovhost.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\CredProvDataModel.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\CoreUIComponents.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\CoreMessaging.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ContentDeliveryManager.Utilities.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ContactApis.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\configurationclient.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\CompatTelRunner.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\combase.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\coinst_16.15.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\coinst_15.20.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\CloudDomainJoinDataModelServer.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ClipSVC.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\clinfo.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\cfgbkend.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\CertEnroll.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\cemapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\CallHistoryClient.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ByteCodeGenerator.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\BrowserSettingSync.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\browserbroker.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\browser.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\browcli.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\BluetoothApis.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\BitLockerDeviceEncryption.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\bisrv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\BingMaps.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\BFE.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\bdesvc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\BdeHdCfgLib.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\basesrv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\BackgroundTransferHost.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\AzureSettingSyncProvider.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\AuthHost.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\audiosrv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\AudioSes.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\AUDIOKSE.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\AudioEndpointBuilder.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\audiodg.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atmlib.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atmfd.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atiuxp64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atiumd6a.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atiumd64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atiu9p64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atitmm64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atisamu64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ATIODE.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ATIODCLI.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atio6axx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atimuixx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atimpc64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atiglpxx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atig6txx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atig6pxx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atiesrxx.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atieclxx.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atieah64.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atidxx64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atidemgy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\aticfx64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\aticalrt64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\aticaldd64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\aticalcl64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atiapfxx.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\atiadlxx.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\asycfilt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\AppxSysprep.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\AppxSip.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\AppxPackaging.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\AppXDeploymentServer.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\AppXDeploymentClient.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\AppxAllUserStore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\appraiser.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\AppointmentApis.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\AppointmentActivation.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\amdxc64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\amdvlk64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\amdumcsp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\amdpcom64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\amdocl12cl64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\amdocl_ld64.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\amdocl_as64.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\amdmmcl6.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\amdmiracast.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\amdmantle64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\amdlvr64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\amdhdl64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\amdhcp64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\amdgfxinfo64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\amdave64.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\aitstatic.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\aepic.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\aeinv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\advapi32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\actxprxy.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ActiveSyncProvider.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\ActivationManager.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\acmigration.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\AccountsRt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\accountaccessor.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\SysNative\AboveLockAppHost.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\explorer.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Users\Mamka\Desktop\ATF-Cleaner.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe:$CmdTcID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Documents\TH_20160308-20160406 (1).pdf:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Documents\TH_20160101-20160330.pdf:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Documents\TH_20160101-20160330 (1).pdf:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Documents\TH_20160101-20160104.pdf:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Documents\TH_20151221-20160123pladba.pdf:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Documents\pladba.pdf:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Documents\Pladba 16.1.pdf:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Documents\Pladba 10.2.pdf:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Documents\Objednavka_2160539485.pdf:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Documents\iwebs.pdf:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Documents\internet zdena.pdf:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Documents\Doklad_2152675273.pdf:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Documents\70kč.pdf:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Desktop\Životopisy 2015 1 (1).pdf:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Desktop\Zivotopis (1).txt:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Desktop\Vstupní_lékařská_prohlídka.pdf:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Desktop\IMG_20150828_115945.jpg:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Desktop\ATF-Cleaner.exe:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Mamka\Desktop\24678.jpg:$CmdZnID
< End of report >
Procesor: I3 6100
Zakladní deska: ASROCK Z170 PRO4
Chlazení: NOCTUA NH-D15S
SSD: Kingston HyperX Savage SSD 120GB
HDD : 500GB Seagate
GPU: Zatím není.
RAM: Kingston HyperX Fury Black 8GB DDR4
ZROJ: EVGA 430W
CASE : In-Win 805C GOLD, zlatá
Zakladní deska: ASROCK Z170 PRO4
Chlazení: NOCTUA NH-D15S
SSD: Kingston HyperX Savage SSD 120GB
HDD : 500GB Seagate
GPU: Zatím není.
RAM: Kingston HyperX Fury Black 8GB DDR4
ZROJ: EVGA 430W
CASE : In-Win 805C GOLD, zlatá
Re: Bordel v notebooku
OTL Extras logfile created on: 30. 5. 2016 10:43:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mamka\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10586.0)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d. M. yyyy
3,44 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 56,17% Memory free
4,06 Gb Paging File | 1,88 Gb Available in Paging File | 46,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 445,19 Gb Total Space | 280,39 Gb Free Space | 62,98% Space Free | Partition Type: NTFS
Drive D: | 18,72 Gb Total Space | 1,86 Gb Free Space | 9,95% Space Free | Partition Type: NTFS
Computer Name: ALENA | User Name: Mamka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = E7 50 49 DB A2 4F D1 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]
"DontEnumerateCommonFilesUpgradeExe" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4A2D8FAB-0F0D-4AE0-A877-392BE7F1A1AE}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00270775-6A58-48C7-8D3E-3DB3C4A7D197}" = dir=in | name=ms-resource:apppackagename |
"{004BAA3F-A826-475D-9041-5581978FCC92}" = dir=out | name=@{microsoft.bingweather_4.9.51.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{04AED619-134E-4435-93C9-8F6ADC9F891E}" = dir=out | name=candy crush saga |
"{075F229E-19A4-4063-80A8-05C1B5BBD886}" = dir=in | name=@{microsoft.messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/microsoft.apps.messaging.skype/skypemessaging.resources/skype_appstorename} |
"{09765F97-E73F-4181-ABB4-60FC7A409DF5}" = dir=in | name=@{microsoft.windows.cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/displayname} |
"{0AEF5C19-169E-4B0D-BA54-510DCCCADC8E}" = dir=out | name=onenote |
"{0E4331D3-5CD8-406D-9809-EA62DE7B50D0}" = dir=out | name=ms-resource:apptitlewithbranding |
"{108A7BAE-40EB-4748-8992-1D6C687E2B4A}" = dir=in | name=@{microsoft.bingsports_4.9.51.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} |
"{11B151FB-F611-488C-ACF1-004A83213D2B}" = dir=out | name=@{microsoft.bingsports_4.9.51.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} |
"{12458F94-7AAA-4C23-BDD8-0FCC590F0460}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{139407DA-E63E-4C48-BBB6-1FDCF462C46D}" = dir=out | name=@{microsoft.getstarted_3.5.11.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} |
"{17283D03-3418-4FE5-B44A-4B831411757B}" = dir=in | name=@{microsoft.bingnews_4.9.51.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{18BFCE1D-F805-4835-91DE-E8FEA3BA11C1}" = dir=out | name=@{microsoft.windowsstore_11602.1.26.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{2083913D-B010-4A12-9997-5FA852F6D426}" = dir=out | name=ms-resource:apptitle |
"{22C4E029-1722-4608-9CF9-C6E111F03622}" = dir=out | name=@{ad2f1837.gettingstartedwithwindows8_1.6.0.0_neutral__v10z8vjag6ke6?ms-resource://ad2f1837.gettingstartedwithwindows8/resources/id_app_title} |
"{25DE6880-B47F-436F-AF8D-B6E230C13A36}" = dir=out | name=ms-resource:appname |
"{27CD53CA-A1B3-4470-AFB7-533CFAC43697}" = dir=in | name=microsoft mahjong |
"{2B1E6EB0-0B8A-4FA9-AB1E-60D67E9EFF62}" = dir=in | name=microsoft solitaire collection |
"{2BEA05A2-6562-440A-976B-D8BE8F9DB18C}" = dir=out | name=@{microsoft.accountscontrol_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} |
"{2C6F5FAD-78AC-41A3-AA7A-DC7A064DBE5B}" = protocol=17 | dir=in | app=c:\program files (x86)\qbittorrent\qbittorrent.exe |
"{2C75BD0F-16A2-4571-BFC4-495F07009C2D}" = dir=out | name=@{windows.contactsupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{2DB661E3-EA1D-4980-BFCB-F9277051000A}" = dir=out | name=twitter |
"{31649C25-5FBB-4EBE-B7EA-1CDEAAA32A4C}" = dir=in | name=mcafee® central for hp |
"{32DA51EC-9FBA-43AF-A13F-32BF0B88618A}" = dir=out | name=microsoft solitaire collection |
"{347E9E66-0E3A-464A-9D5D-721585C58451}" = dir=out | name=@{microsoft.appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.appconnector/resources/connectorstubtitle} |
"{364EFDE3-FC10-484B-A09A-AFF2B433EC2C}" = dir=in | name=box for windows 8 |
"{37500960-CB23-4904-A851-F5E5896CB86A}" = dir=out | name=mcafee® central for hp |
"{3B94F1FA-841A-4F04-B2F6-DFAFAA5BC1AC}" = dir=in | name=snapfish |
"{3C2DF65C-5402-43CB-83CE-B2B85AC21E87}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{3C455F1F-9879-4471-9FE9-DAC34D19EDA3}" = dir=out | name=@{microsoft.connectivitystore_1.1604.4.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.connectivitystore/mswifiresources/appstorename} |
"{3DEA1B28-9F2B-4ABA-9A9D-4099422916C3}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{40BDCB0D-6710-4084-8D8B-93E6F9D7370D}" = dir=in | name=@{microsoft.bingweather_4.9.51.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{43E76305-14AB-4A80-A9BD-7102F028A3C3}" = dir=out | name=@{microsoft.zunemusic_3.6.15131.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{44EAB65F-686F-45BB-B896-07921A24B4CD}" = protocol=6 | dir=in | app=c:\program files (x86)\qbittorrent\qbittorrent.exe |
"{47290C17-E09C-434E-BFC5-6D4AC2460882}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{50BBDA9C-EE9F-4C20-894D-C0D740DC18B7}" = dir=out | name=@{windows.purchasedialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.purchasedialog/resources/displayname} |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{579EA4EA-FA9B-42E5-8FC1-29AEAB6E591E}" = dir=out | name=ms-resource:brandedapptitle |
"{58235349-BD85-4166-B207-9849803A4DBA}" = dir=out | name=@{microsoft.windows.photos_16.325.12390.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{5858D2AC-9281-49C8-90B3-52C97FF38C5F}" = dir=out | name=ms-resource:apppackagename |
"{5A2503DE-DA98-4E89-B687-89DBB6515472}" = dir=out | name=the weather channel for hp |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{5FC9CFF5-E211-4B68-9A32-D139728F4EF2}" = dir=out | name=@{microsoft.windowsfeedback_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windowsfeedback/feedbackapp.resources/appname/text} |
"{604E7AF2-36ED-411A-9033-6CE074BED9FE}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} |
"{6579FAF8-83D8-4847-BAD6-2498E25E7EB6}" = dir=out | name=hp connected music |
"{6FBE9868-6A07-43B8-BB56-553660346588}" = dir=out | name=sway |
"{7078D06E-5D84-4E2C-95BB-1BB33FA168EE}" = dir=in | name=sway |
"{7612C294-868F-4C39-86CD-82654A14F4E5}" = dir=in | name=@{microsoft.microsoftedge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{7674B08D-45EB-4BA1-B1B4-DBFB8CA3C9ED}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.6868.41111.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/appmanifest_outlookdesktop_displayname} |
"{78B7A069-603C-4E2F-BE2A-382EE8AE59AE}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} |
"{7A366C38-28D6-402E-B6D3-541F02EC1C04}" = dir=in | name=@{microsoft.windowsstore_11602.1.26.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{8173AE63-23BF-4AED-B58E-1E0DD8CBC13A}" = dir=out | name=@{microsoft.zunevideo_3.6.20961.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{827F047F-3D40-484C-986C-B1038221D889}" = dir=in | name=@{microsoft.microsoftofficehub_17.7012.23531.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} |
"{85E0E84E-8E7B-4EC7-AF10-F5BB30DD1789}" = dir=out | name=windows_ie_ac_001 |
"{89C27390-CACA-4796-B59C-041C5BF4C286}" = dir=out | name=@{microsoft.messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/microsoft.apps.messaging.skype/skypemessaging.resources/skype_appstorename} |
"{8ADF7D2D-35F2-4FF1-AFA6-8A9E427BE81D}" = dir=out | name=hp registration |
"{8B663A58-EEE9-4FC8-B495-D806948EE10B}" = dir=out | name=xbox |
"{8BE5C039-3335-402B-9F22-DB9830C8871D}" = dir=out | name=@{microsoft.windowsphone_10.1602.3010.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphone/resources/appstorename} |
"{8C8915CA-604B-4006-B66D-2768B6EC8218}" = dir=in | name=onenote |
"{8E0E0515-3F2E-4A3C-803C-C7038C4CA4A1}" = dir=out | name=@{microsoft.windows.cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/displayname} |
"{8E3FB1D4-FCD3-4271-A3A1-C2954A89F3EA}" = dir=out | name=@{microsoft.microsoftofficehub_17.7012.23531.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} |
"{93C29A1A-C60F-4C30-8ED6-E1CC8D481979}" = dir=out | name=@{microsoft.people_10.0.10811.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} |
"{99F9C5D2-6423-4F75-97B9-603741E86827}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{A3811A62-9E3B-4EFF-955E-F22364A813F8}" = dir=in | name=@{microsoft.windows.photos_16.325.12390.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{AC683DAF-8D99-4E4F-9A63-9821FAE3E836}" = dir=out | name=@{microsoft.xboxidentityprovider_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxidentityprovider/resources/pkgdisplayname} |
"{AF1797E6-05F9-415C-A0A8-BAF465E9D021}" = dir=out | name=@{microsoft.bingtranslator_1.13.0.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtranslator/resources/appname} |
"{B1A6BD4D-DD44-4AF9-BF95-A739BC6B895C}" = dir=in | name=xbox |
"{B52AB623-CC61-430B-ADAA-34122571B2FD}" = dir=out | name=@{microsoft.bingnews_4.9.51.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{B6366930-8042-4177-96F8-56F54A73CDC6}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.6868.41111.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/appmanifest_outlookdesktop_displayname} |
"{B681E07B-FF35-4878-9B4D-06107FC29D20}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} |
"{B705A923-0E11-4CA6-BB5C-04AB6EBCED92}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{B86C1BDF-CDD0-4618-9372-F6F23677CE49}" = dir=in | name=@{microsoft.bingfinance_4.9.51.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} |
"{BD7A166D-5D78-407D-B76C-2345E03E363D}" = dir=out | name=youcam for hp |
"{C29C3E99-3C15-4A3B-AED8-229EC44121FC}" = dir=out | name=microsoft mahjong |
"{C3C905D4-20C4-4CCA-8533-FDA741EE0725}" = dir=in | name=@{ad2f1837.gettingstartedwithwindows8_1.6.0.0_neutral__v10z8vjag6ke6?ms-resource://ad2f1837.gettingstartedwithwindows8/resources/id_app_title} |
"{C565FC28-0F80-4090-81B7-69E1EA6D3B02}" = dir=out | name=@{microsoft.windowsmaps_4.1603.1190.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} |
"{CB80A133-485A-4F56-8FBD-0AA8B9540210}" = dir=out | name=fresh paint |
"{CF637A38-19BE-4C61-AE6C-E4060E209A1D}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{D96D2B17-6498-43D4-AFB7-466CB29BA4E5}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{DABF9DCC-4481-4A62-8D44-3AA8775807EE}" = dir=out | name=windows_ie_ac_001 |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DFB705E2-BF68-49B9-B2BE-6317FCF8ECAD}" = dir=in | name=@{windows.contactsupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{E353E970-F496-439A-B403-01C3DBD233F9}" = dir=out | name=@{microsoft.lockapp_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} |
"{E5F375C2-F639-4E06-AB5E-E2F17F231744}" = dir=out | name=box for windows 8 |
"{E6241521-E64C-4C64-B829-C83EEEADEDB2}" = dir=out | name=@{microsoft.commsphone_2.15.28004.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.commsphone/resources/appstorename} |
"{E729D31B-9632-4A15-BEC3-3CC9A265E13C}" = dir=in | name=@{microsoft.zunevideo_3.6.20961.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{EB68F0CA-AE68-424E-8ECD-6F7354AF9401}" = dir=out | name=@{microsoft.3dbuilder_11.1.8.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.3dbuilder/resources/appstorename} |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{F02F7134-672E-4CA7-B8E1-A7295736308E}" = dir=in | name=@{microsoft.commsphone_2.15.28004.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.commsphone/resources/appstorename} |
"{F4F3C729-F426-4419-874C-E67FB2455D33}" = dir=out | name=snapfish |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F7431555-594D-4065-A07F-5A822C6CEB1E}" = dir=out | name=@{microsoft.bingfinance_4.9.51.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{FAA52A1D-8DAD-4DDC-BD8B-F553BBB62561}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{FAAE8C1A-B840-45B1-8DFB-8FD7ADD85534}" = dir=out | name=@{microsoft.microsoftedge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"TCP Query User{AB1F96DC-6935-418F-8852-4CE8BFF0C106}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{4EBF6AC0-E95F-43EF-92E9-2FCA245BC68A}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{19D9E938-3CD5-438F-04FE-782C7BE308A0}" = Catalyst Control Center Next Localization TR
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{233F1B62-FC39-A7BD-B2E9-43EF05CA97E0}" = Catalyst Control Center Next Localization IT
"{235371F3-FF77-AC03-0856-12AD9D6239F4}" = Catalyst Control Center Next Localization SV
"{2355E60D-9657-78E4-6FC6-C1BCB9D653B5}" = AMD Accelerated Video Transcoding
"{25679A80-0DF7-EFBA-2686-3333B3AA9220}" = Catalyst Control Center Next Localization JA
"{2C8498CD-BA4F-D820-3C2D-36F1152C71D3}" = Catalyst Control Center Next Localization TH
"{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}" = Inst5675
"{305C1CE5-C4F8-C65B-E334-B193AECFF49C}" = Catalyst Control Center Next Localization KO
"{314FAD12-F785-4471-BCE8-AB506642B9A1}" = HP SimplePass
"{3177480E-9364-D504-6944-30074551E934}" = Catalyst Control Center Next Localization CHS
"{36F80C5F-DC0D-4DF4-AF09-DC1867F0EB0A}" = HP Utility Center
"{39722D5E-22CC-AD1A-2DCF-F6A82EAA11EA}" = Catalyst Control Center Next Localization CS
"{443F21F6-8E3E-257E-E43F-7FB7BF2762C1}" = AMD Install Manager
"{44FE1644-EDE2-181E-1306-30A38EC9954C}" = Catalyst Control Center Next Localization CHT
"{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}" = Energy Star
"{56A90BB4-F4B4-5106-CB1A-9ECCCE13DC3E}" = Catalyst Control Center Next Localization RU
"{61D499A4-7054-6BE0-565F-D426740D4796}" = Catalyst Control Center Next Localization EL
"{6A3A0A74-A7C6-BB25-77F5-FEB06F596DA1}" = AMD Start Now
"{6C36F215-AE3A-9BA3-779B-B9E44518A5FB}" = Catalyst Control Center Next Localization PL
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{72DA82FD-8F24-EF86-7731-522325239960}" = AMD Fuel
"{72F286EC-9E02-9BB4-05E4-7474557AAA77}" = Catalyst Control Center Next Localization DA
"{7318F79A-D1D5-74EF-5F0E-21D8BC79413D}" = Catalyst Control Center Next Localization HU
"{73830292-868E-4C82-9AF5-CCFE2047B6A3}" = COMODO Firewall
"{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}" = DisableMSDefender
"{75AF330B-E3CF-1051-BF15-7575DC7E7311}" = ccc-utility64
"{78ACE60E-0CB7-4935-BCD4-F33422105607}" = AMD Settings - Branding
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{878F6913-7421-4713-97F7-0A736EE2A188}" = Inst5676
"{8829CC83-C9A5-B471-5796-55FE6099FD3B}" = Catalyst Control Center Next Localization NO
"{899D78B5-6CC0-555D-7943-327447DCBE7D}" = Catalyst Control Center Next Localization ES
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{94AEEE03-D17F-9E1A-95DF-9DD9B2906189}" = Catalyst Control Center Next Localization NL
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0F6C9EE-EC57-D6D8-96F9-C490B0198547}" = Catalyst Control Center Next Localization FI
"{C22DDF07-59F5-BA4E-7058-7E894E4C960B}" = Catalyst Control Center Next Localization FR
"{CCC54BB5-5278-2E3E-7F99-401CDF93B9A2}" = Catalyst Control Center Next Localization DE
"{D1E8F2D7-7794-4245-B286-87ED86C1893C}" = HP Registration Service
"{E9FCBCA6-B640-BC24-2421-269E77FD02EB}" = Catalyst Control Center Next Localization BR
"{F113BDF4-007F-E793-D804-7D3AF943883E}" = AMD Radeon Settings
"{F33B9709-748A-A042-F7B4-4BD45F938055}" = AMD Start Now
"AMD Catalyst Install Manager" = AMD Install Manager
"HitmanPro37" = HitmanPro 3.7
"SynTPDeinstKey" = Synaptics ClickPad Driver
"VulkanRT1.0.3.1" = Vulkan Run Time Libraries 1.0.3.1
"WhoCrashed_is1" = WhoCrashed 5.51
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{086A83BA-496C-AA1D-7327-9AA9661B0114}" = Catalyst Control Center Localization All
"{09032B0E-B0A5-6CD5-8B33-DC19A2CDFB19}" = CCC Help Turkish
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{0D18CC8B-47F4-7493-7A1B-59B77A869238}" = Catalyst Control Center Graphics Previews Common
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{207D938F-D792-636B-5161-CEFC769DCCF8}" = CCC Help Chinese Standard
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{30B2D1D8-0A07-4B71-9553-0710C5D31E35}" = HP Wireless Button Driver
"{315F1A48-D883-B234-7C79-15873574ACC1}" = OEM Application Profile
"{39337565-330E-4ab6-A9AE-AC81E0720B10}" = Cyberlink PhotoDirector
"{3C7B723A-1108-455C-B65B-FF2251E1E5A3}" = HP Documentation
"{412F6426-A3C7-11E3-8A71-00163E98E7D6}" = Evernote v. 5.2
"{4E5BC895-0B40-951D-E613-45910483B6F4}" = CCC Help Dutch
"{5996B804-50C5-093D-B4FF-37222498548B}" = CCC Help German
"{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6A0549A9-1B96-498C-ACBC-3943001FEB19}" = Skype™ 7.10
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75D1D0E8-CD9C-1D4E-A208-94B9F5597911}" = CCC Help Finnish
"{8036C2DA-7766-4392-25C7-BAEF5BEC45FA}" = CCC Help Swedish
"{88128FD0-1955-47DE-554F-33C368E4511B}" = CCC Help Chinese Traditional
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8D9F1952-1C5D-C7AE-6720-BC5E2CD46307}" = CCC Help Greek
"{91FCB2B7-3DE5-E01B-45EA-06C526E1C011}" = AMD Settings
"{974C279F-83BC-132C-8BCC-AB8BB85FA9A4}" = CCC Help Russian
"{97FB7B67-4F67-303E-3DA7-FF945C6A7570}" = CCC Help French
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BA7480A-B05B-1A63-0DB4-10A4B75208E2}" = CCC Help Korean
"{9F44862E-6A7A-BD35-B64A-D54717A33C96}" = CCC Help Japanese
"{A8247F1D-F1DC-6FF2-40A7-1989B0F97D79}" = CCC Help Spanish
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Qualcomm Atheros Driver Installation Program
"{CFD628BD-4A60-F911-962F-77FFCD33C308}" = CCC Help Danish
"{D092E456-2A5A-DEFB-439A-978D1CE79C1D}" = CCC Help Norwegian
"{D24A98EA-468C-5455-CB7C-751948676C69}" = CCC Help English
"{D3C49D06-7FA6-CE04-A17A-2074E314DBB6}" = Catalyst Control Center - Branding
"{D4D427B6-130E-5718-9A05-02E6AFDC3801}" = AMD Catalyst Control Center
"{D5EEEAEA-FD63-6739-A54C-A1AC0F7CAB61}" = CCC Help Czech
"{D8F984D3-79C1-4AD0-8E27-1F4528BC1712}" = HP Recovery Manager
"{DEF23826-DB71-4654-BC00-D5D6C20802EA}" = HP System Event Utility
"{DF51DA94-BD7A-6749-1D23-AAD2142DDC44}" = CCC Help Italian
"{EADEF0A9-0079-7CC8-96BD-D778885F1497}" = CCC Help Polish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3B18C91-BE8F-0BF1-9940-A8643AA3C73F}" = CCC Help Hungarian
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F7428FAA-75A0-5015-1118-DF42420457CA}" = CCC Help Portuguese
"{F7444EA1-5621-CCE0-93B5-3E3A7BCED49E}" = CCC Help Thai
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{F90A86C9-7779-47DD-AC06-8EE832C55F55}" = HP 3D DriveGuard
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"CrystalDiskInfo_is1" = CrystalDiskInfo 6.5.2
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}" = HP SimplePass
"InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}" = Cyberlink PhotoDirector
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware verze 2.2.1.1043
"qBittorrent" = qBittorrent 3.2.5
"SpeedFan" = SpeedFan (remove only)
"VLC media player" = VLC media player
"WinRAR archiver" = WinRAR 5.21 (32-bit)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27. 5. 2016 10:41:40 | Computer Name = alena | Source = Application Error | ID = 1000
Description = Název chybující aplikace: cnext.exe, verze: 10.1.1.1522, časové razítko:
0x564c17eb Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód
výjimky: 0xc0000005 Posun chyby: 0x0000000000000000 ID chybujícího procesu: 0x1d70
Čas
spuštění chybující aplikace: 0x01d1b8250a4c70d4 Cesta k chybující aplikaci: C:\Program
Files\AMD\CNext\CNext\cnext.exe Cesta k chybujícímu modulu: unknown ID zprávy: dfb6fe0a-fc16-49ab-82a6-06b21e49946a
Úplný
název chybujícího balíčku: ID aplikace související s chybujícím balíčkem:
Error - 27. 5. 2016 11:05:04 | Computer Name = alena | Source = .NET Runtime | ID = 1026
Description =
Error - 27. 5. 2016 11:05:06 | Computer Name = alena | Source = Application Error | ID = 1000
Description = Název chybující aplikace: tbaseprovisioning.exe, verze: 1.0.0.0, časové
razítko: 0x56b4dcb7 Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.10586.306,
časové razítko: 0x571afb9a Kód výjimky: 0xe0434352 Posun chyby: 0x000bdae8 ID chybujícího
procesu: 0x520 Čas spuštění chybující aplikace: 0x01d1b8291de3279f Cesta k chybující
aplikaci: C:\WINDOWS\SysWOW64\tbaseprovisioning.exe Cesta k chybujícímu modulu:
C:\WINDOWS\SYSTEM32\KERNELBASE.dll ID zprávy: 551d97cc-b4cf-44f6-b189-d8986da79a12
Úplný
název chybujícího balíčku: ID aplikace související s chybujícím balíčkem:
Error - 28. 5. 2016 5:00:27 | Computer Name = alena | Source = .NET Runtime | ID = 1026
Description =
Error - 28. 5. 2016 5:00:29 | Computer Name = alena | Source = Application Error | ID = 1000
Description = Název chybující aplikace: tbaseprovisioning.exe, verze: 1.0.0.0, časové
razítko: 0x56b4dcb7 Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.10586.306,
časové razítko: 0x571afb9a Kód výjimky: 0xe0434352 Posun chyby: 0x000bdae8 ID chybujícího
procesu: 0x4fc Čas spuštění chybující aplikace: 0x01d1b8bf57c4d4f1 Cesta k chybující
aplikaci: C:\WINDOWS\SysWOW64\tbaseprovisioning.exe Cesta k chybujícímu modulu:
C:\WINDOWS\SYSTEM32\KERNELBASE.dll ID zprávy: 07677450-ff4b-45de-9e96-8f64a3ec8885
Úplný
název chybujícího balíčku: ID aplikace související s chybujícím balíčkem:
Error - 28. 5. 2016 16:09:13 | Computer Name = alena | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Služba Šifrování selhala při volání OnIdentity() v objektu System
Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Protokol
Microsoft LLDP (Link-Layer Discovery Protocol). System Error: Přístup byl odepřen.
.
Error - 29. 5. 2016 16:21:11 | Computer Name = alena | Source = .NET Runtime | ID = 1026
Description =
Error - 29. 5. 2016 16:21:13 | Computer Name = alena | Source = Application Error | ID = 1000
Description = Název chybující aplikace: tbaseprovisioning.exe, verze: 1.0.0.0, časové
razítko: 0x56b4dcb7 Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.10586.306,
časové razítko: 0x571afb9a Kód výjimky: 0xe0434352 Posun chyby: 0x000bdae8 ID chybujícího
procesu: 0x4cc Čas spuštění chybující aplikace: 0x01d1b9e79630b914 Cesta k chybující
aplikaci: C:\WINDOWS\SysWOW64\tbaseprovisioning.exe Cesta k chybujícímu modulu:
C:\WINDOWS\SYSTEM32\KERNELBASE.dll ID zprávy: 08a41a04-1a47-48a3-8761-20936507fbac
Úplný
název chybujícího balíčku: ID aplikace související s chybujícím balíčkem:
Error - 30. 5. 2016 2:50:32 | Computer Name = alena | Source = .NET Runtime | ID = 1026
Description =
Error - 30. 5. 2016 2:50:33 | Computer Name = alena | Source = Application Error | ID = 1000
Description = Název chybující aplikace: tbaseprovisioning.exe, verze: 1.0.0.0, časové
razítko: 0x56b4dcb7 Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.10586.306,
časové razítko: 0x571afb9a Kód výjimky: 0xe0434352 Posun chyby: 0x000bdae8 ID chybujícího
procesu: 0x528 Čas spuštění chybující aplikace: 0x01d1ba3f8db30dad Cesta k chybující
aplikaci: C:\WINDOWS\SysWOW64\tbaseprovisioning.exe Cesta k chybujícímu modulu:
C:\WINDOWS\SYSTEM32\KERNELBASE.dll ID zprávy: 79b3aa66-1a0b-40c9-86a5-e7007edc432d
Úplný
název chybujícího balíčku: ID aplikace související s chybujícím balíčkem:
[ COMODO Internet Security Trace Events ]
Error - 18. 5. 2016 13:18:48 | Computer Name = alena | Source = cmdagent | ID = 1
Description =
Error - 18. 5. 2016 13:18:48 | Computer Name = alena | Source = cmdagent | ID = 1
Description =
Error - 18. 5. 2016 13:18:50 | Computer Name = alena | Source = cmdagent | ID = 1
Description =
Error - 18. 5. 2016 13:18:50 | Computer Name = alena | Source = cmdagent | ID = 1
Description =
Error - 18. 5. 2016 13:18:50 | Computer Name = alena | Source = cmdagent | ID = 1
Description =
Error - 18. 5. 2016 13:18:50 | Computer Name = alena | Source = cmdagent | ID = 1
Description =
Error - 18. 5. 2016 13:18:50 | Computer Name = alena | Source = cmdagent | ID = 1
Description =
Error - 18. 5. 2016 13:18:51 | Computer Name = alena | Source = cmdagent | ID = 1
Description =
Error - 18. 5. 2016 13:18:51 | Computer Name = alena | Source = cmdagent | ID = 1
Description =
Error - 18. 5. 2016 13:18:51 | Computer Name = alena | Source = cmdagent | ID = 1
Description =
[ System Events ]
Error - 29. 5. 2016 16:21:32 | Computer Name = alena | Source = Service Control Manager | ID = 7000
Description = Služba WinDefend neuspěla při spuštění v důsledku následující chyby:
%%1053
Error - 29. 5. 2016 16:21:32 | Computer Name = alena | Source = Service Control Manager | ID = 7034
Description = Služba tbaseprovisioning byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 29. 5. 2016 16:21:50 | Computer Name = alena | Source = BugCheck | ID = 1001
Description =
Error - 29. 5. 2016 16:25:04 | Computer Name = alena | Source = DCOM | ID = 10010
Description =
Error - 30. 5. 2016 2:50:30 | Computer Name = alena | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (23:00:50, ?29.?05.?2016) bylo neočekávané.
Error - 30. 5. 2016 2:50:11 | Computer Name = alena | Source = Microsoft-Windows-Kernel-Boot | ID = 29
Description =
Error - 30. 5. 2016 2:50:49 | Computer Name = alena | Source = Service Control Manager | ID = 7034
Description = Služba tbaseprovisioning byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 30. 5. 2016 2:54:13 | Computer Name = alena | Source = DCOM | ID = 10010
Description =
Error - 30. 5. 2016 3:12:17 | Computer Name = alena | Source = DCOM | ID = 10016
Description =
Error - 30. 5. 2016 5:33:22 | Computer Name = alena | Source = DCOM | ID = 10016
Description =
< End of report >
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mamka\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10586.0)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d. M. yyyy
3,44 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 56,17% Memory free
4,06 Gb Paging File | 1,88 Gb Available in Paging File | 46,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 445,19 Gb Total Space | 280,39 Gb Free Space | 62,98% Space Free | Partition Type: NTFS
Drive D: | 18,72 Gb Total Space | 1,86 Gb Free Space | 9,95% Space Free | Partition Type: NTFS
Computer Name: ALENA | User Name: Mamka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = E7 50 49 DB A2 4F D1 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]
"DontEnumerateCommonFilesUpgradeExe" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4A2D8FAB-0F0D-4AE0-A877-392BE7F1A1AE}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00270775-6A58-48C7-8D3E-3DB3C4A7D197}" = dir=in | name=ms-resource:apppackagename |
"{004BAA3F-A826-475D-9041-5581978FCC92}" = dir=out | name=@{microsoft.bingweather_4.9.51.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{04AED619-134E-4435-93C9-8F6ADC9F891E}" = dir=out | name=candy crush saga |
"{075F229E-19A4-4063-80A8-05C1B5BBD886}" = dir=in | name=@{microsoft.messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/microsoft.apps.messaging.skype/skypemessaging.resources/skype_appstorename} |
"{09765F97-E73F-4181-ABB4-60FC7A409DF5}" = dir=in | name=@{microsoft.windows.cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/displayname} |
"{0AEF5C19-169E-4B0D-BA54-510DCCCADC8E}" = dir=out | name=onenote |
"{0E4331D3-5CD8-406D-9809-EA62DE7B50D0}" = dir=out | name=ms-resource:apptitlewithbranding |
"{108A7BAE-40EB-4748-8992-1D6C687E2B4A}" = dir=in | name=@{microsoft.bingsports_4.9.51.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} |
"{11B151FB-F611-488C-ACF1-004A83213D2B}" = dir=out | name=@{microsoft.bingsports_4.9.51.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} |
"{12458F94-7AAA-4C23-BDD8-0FCC590F0460}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{139407DA-E63E-4C48-BBB6-1FDCF462C46D}" = dir=out | name=@{microsoft.getstarted_3.5.11.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} |
"{17283D03-3418-4FE5-B44A-4B831411757B}" = dir=in | name=@{microsoft.bingnews_4.9.51.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{18BFCE1D-F805-4835-91DE-E8FEA3BA11C1}" = dir=out | name=@{microsoft.windowsstore_11602.1.26.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{2083913D-B010-4A12-9997-5FA852F6D426}" = dir=out | name=ms-resource:apptitle |
"{22C4E029-1722-4608-9CF9-C6E111F03622}" = dir=out | name=@{ad2f1837.gettingstartedwithwindows8_1.6.0.0_neutral__v10z8vjag6ke6?ms-resource://ad2f1837.gettingstartedwithwindows8/resources/id_app_title} |
"{25DE6880-B47F-436F-AF8D-B6E230C13A36}" = dir=out | name=ms-resource:appname |
"{27CD53CA-A1B3-4470-AFB7-533CFAC43697}" = dir=in | name=microsoft mahjong |
"{2B1E6EB0-0B8A-4FA9-AB1E-60D67E9EFF62}" = dir=in | name=microsoft solitaire collection |
"{2BEA05A2-6562-440A-976B-D8BE8F9DB18C}" = dir=out | name=@{microsoft.accountscontrol_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} |
"{2C6F5FAD-78AC-41A3-AA7A-DC7A064DBE5B}" = protocol=17 | dir=in | app=c:\program files (x86)\qbittorrent\qbittorrent.exe |
"{2C75BD0F-16A2-4571-BFC4-495F07009C2D}" = dir=out | name=@{windows.contactsupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{2DB661E3-EA1D-4980-BFCB-F9277051000A}" = dir=out | name=twitter |
"{31649C25-5FBB-4EBE-B7EA-1CDEAAA32A4C}" = dir=in | name=mcafee® central for hp |
"{32DA51EC-9FBA-43AF-A13F-32BF0B88618A}" = dir=out | name=microsoft solitaire collection |
"{347E9E66-0E3A-464A-9D5D-721585C58451}" = dir=out | name=@{microsoft.appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.appconnector/resources/connectorstubtitle} |
"{364EFDE3-FC10-484B-A09A-AFF2B433EC2C}" = dir=in | name=box for windows 8 |
"{37500960-CB23-4904-A851-F5E5896CB86A}" = dir=out | name=mcafee® central for hp |
"{3B94F1FA-841A-4F04-B2F6-DFAFAA5BC1AC}" = dir=in | name=snapfish |
"{3C2DF65C-5402-43CB-83CE-B2B85AC21E87}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{3C455F1F-9879-4471-9FE9-DAC34D19EDA3}" = dir=out | name=@{microsoft.connectivitystore_1.1604.4.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.connectivitystore/mswifiresources/appstorename} |
"{3DEA1B28-9F2B-4ABA-9A9D-4099422916C3}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{40BDCB0D-6710-4084-8D8B-93E6F9D7370D}" = dir=in | name=@{microsoft.bingweather_4.9.51.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{43E76305-14AB-4A80-A9BD-7102F028A3C3}" = dir=out | name=@{microsoft.zunemusic_3.6.15131.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{44EAB65F-686F-45BB-B896-07921A24B4CD}" = protocol=6 | dir=in | app=c:\program files (x86)\qbittorrent\qbittorrent.exe |
"{47290C17-E09C-434E-BFC5-6D4AC2460882}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{50BBDA9C-EE9F-4C20-894D-C0D740DC18B7}" = dir=out | name=@{windows.purchasedialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.purchasedialog/resources/displayname} |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{579EA4EA-FA9B-42E5-8FC1-29AEAB6E591E}" = dir=out | name=ms-resource:brandedapptitle |
"{58235349-BD85-4166-B207-9849803A4DBA}" = dir=out | name=@{microsoft.windows.photos_16.325.12390.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{5858D2AC-9281-49C8-90B3-52C97FF38C5F}" = dir=out | name=ms-resource:apppackagename |
"{5A2503DE-DA98-4E89-B687-89DBB6515472}" = dir=out | name=the weather channel for hp |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{5FC9CFF5-E211-4B68-9A32-D139728F4EF2}" = dir=out | name=@{microsoft.windowsfeedback_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windowsfeedback/feedbackapp.resources/appname/text} |
"{604E7AF2-36ED-411A-9033-6CE074BED9FE}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} |
"{6579FAF8-83D8-4847-BAD6-2498E25E7EB6}" = dir=out | name=hp connected music |
"{6FBE9868-6A07-43B8-BB56-553660346588}" = dir=out | name=sway |
"{7078D06E-5D84-4E2C-95BB-1BB33FA168EE}" = dir=in | name=sway |
"{7612C294-868F-4C39-86CD-82654A14F4E5}" = dir=in | name=@{microsoft.microsoftedge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{7674B08D-45EB-4BA1-B1B4-DBFB8CA3C9ED}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.6868.41111.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/appmanifest_outlookdesktop_displayname} |
"{78B7A069-603C-4E2F-BE2A-382EE8AE59AE}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} |
"{7A366C38-28D6-402E-B6D3-541F02EC1C04}" = dir=in | name=@{microsoft.windowsstore_11602.1.26.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{8173AE63-23BF-4AED-B58E-1E0DD8CBC13A}" = dir=out | name=@{microsoft.zunevideo_3.6.20961.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{827F047F-3D40-484C-986C-B1038221D889}" = dir=in | name=@{microsoft.microsoftofficehub_17.7012.23531.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} |
"{85E0E84E-8E7B-4EC7-AF10-F5BB30DD1789}" = dir=out | name=windows_ie_ac_001 |
"{89C27390-CACA-4796-B59C-041C5BF4C286}" = dir=out | name=@{microsoft.messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/microsoft.apps.messaging.skype/skypemessaging.resources/skype_appstorename} |
"{8ADF7D2D-35F2-4FF1-AFA6-8A9E427BE81D}" = dir=out | name=hp registration |
"{8B663A58-EEE9-4FC8-B495-D806948EE10B}" = dir=out | name=xbox |
"{8BE5C039-3335-402B-9F22-DB9830C8871D}" = dir=out | name=@{microsoft.windowsphone_10.1602.3010.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphone/resources/appstorename} |
"{8C8915CA-604B-4006-B66D-2768B6EC8218}" = dir=in | name=onenote |
"{8E0E0515-3F2E-4A3C-803C-C7038C4CA4A1}" = dir=out | name=@{microsoft.windows.cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/displayname} |
"{8E3FB1D4-FCD3-4271-A3A1-C2954A89F3EA}" = dir=out | name=@{microsoft.microsoftofficehub_17.7012.23531.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} |
"{93C29A1A-C60F-4C30-8ED6-E1CC8D481979}" = dir=out | name=@{microsoft.people_10.0.10811.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} |
"{99F9C5D2-6423-4F75-97B9-603741E86827}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{A3811A62-9E3B-4EFF-955E-F22364A813F8}" = dir=in | name=@{microsoft.windows.photos_16.325.12390.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{AC683DAF-8D99-4E4F-9A63-9821FAE3E836}" = dir=out | name=@{microsoft.xboxidentityprovider_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxidentityprovider/resources/pkgdisplayname} |
"{AF1797E6-05F9-415C-A0A8-BAF465E9D021}" = dir=out | name=@{microsoft.bingtranslator_1.13.0.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtranslator/resources/appname} |
"{B1A6BD4D-DD44-4AF9-BF95-A739BC6B895C}" = dir=in | name=xbox |
"{B52AB623-CC61-430B-ADAA-34122571B2FD}" = dir=out | name=@{microsoft.bingnews_4.9.51.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{B6366930-8042-4177-96F8-56F54A73CDC6}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.6868.41111.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/appmanifest_outlookdesktop_displayname} |
"{B681E07B-FF35-4878-9B4D-06107FC29D20}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} |
"{B705A923-0E11-4CA6-BB5C-04AB6EBCED92}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{B86C1BDF-CDD0-4618-9372-F6F23677CE49}" = dir=in | name=@{microsoft.bingfinance_4.9.51.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} |
"{BD7A166D-5D78-407D-B76C-2345E03E363D}" = dir=out | name=youcam for hp |
"{C29C3E99-3C15-4A3B-AED8-229EC44121FC}" = dir=out | name=microsoft mahjong |
"{C3C905D4-20C4-4CCA-8533-FDA741EE0725}" = dir=in | name=@{ad2f1837.gettingstartedwithwindows8_1.6.0.0_neutral__v10z8vjag6ke6?ms-resource://ad2f1837.gettingstartedwithwindows8/resources/id_app_title} |
"{C565FC28-0F80-4090-81B7-69E1EA6D3B02}" = dir=out | name=@{microsoft.windowsmaps_4.1603.1190.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} |
"{CB80A133-485A-4F56-8FBD-0AA8B9540210}" = dir=out | name=fresh paint |
"{CF637A38-19BE-4C61-AE6C-E4060E209A1D}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{D96D2B17-6498-43D4-AFB7-466CB29BA4E5}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{DABF9DCC-4481-4A62-8D44-3AA8775807EE}" = dir=out | name=windows_ie_ac_001 |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DFB705E2-BF68-49B9-B2BE-6317FCF8ECAD}" = dir=in | name=@{windows.contactsupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{E353E970-F496-439A-B403-01C3DBD233F9}" = dir=out | name=@{microsoft.lockapp_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} |
"{E5F375C2-F639-4E06-AB5E-E2F17F231744}" = dir=out | name=box for windows 8 |
"{E6241521-E64C-4C64-B829-C83EEEADEDB2}" = dir=out | name=@{microsoft.commsphone_2.15.28004.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.commsphone/resources/appstorename} |
"{E729D31B-9632-4A15-BEC3-3CC9A265E13C}" = dir=in | name=@{microsoft.zunevideo_3.6.20961.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{EB68F0CA-AE68-424E-8ECD-6F7354AF9401}" = dir=out | name=@{microsoft.3dbuilder_11.1.8.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.3dbuilder/resources/appstorename} |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{F02F7134-672E-4CA7-B8E1-A7295736308E}" = dir=in | name=@{microsoft.commsphone_2.15.28004.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.commsphone/resources/appstorename} |
"{F4F3C729-F426-4419-874C-E67FB2455D33}" = dir=out | name=snapfish |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F7431555-594D-4065-A07F-5A822C6CEB1E}" = dir=out | name=@{microsoft.bingfinance_4.9.51.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{FAA52A1D-8DAD-4DDC-BD8B-F553BBB62561}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{FAAE8C1A-B840-45B1-8DFB-8FD7ADD85534}" = dir=out | name=@{microsoft.microsoftedge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"TCP Query User{AB1F96DC-6935-418F-8852-4CE8BFF0C106}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{4EBF6AC0-E95F-43EF-92E9-2FCA245BC68A}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{19D9E938-3CD5-438F-04FE-782C7BE308A0}" = Catalyst Control Center Next Localization TR
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{233F1B62-FC39-A7BD-B2E9-43EF05CA97E0}" = Catalyst Control Center Next Localization IT
"{235371F3-FF77-AC03-0856-12AD9D6239F4}" = Catalyst Control Center Next Localization SV
"{2355E60D-9657-78E4-6FC6-C1BCB9D653B5}" = AMD Accelerated Video Transcoding
"{25679A80-0DF7-EFBA-2686-3333B3AA9220}" = Catalyst Control Center Next Localization JA
"{2C8498CD-BA4F-D820-3C2D-36F1152C71D3}" = Catalyst Control Center Next Localization TH
"{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}" = Inst5675
"{305C1CE5-C4F8-C65B-E334-B193AECFF49C}" = Catalyst Control Center Next Localization KO
"{314FAD12-F785-4471-BCE8-AB506642B9A1}" = HP SimplePass
"{3177480E-9364-D504-6944-30074551E934}" = Catalyst Control Center Next Localization CHS
"{36F80C5F-DC0D-4DF4-AF09-DC1867F0EB0A}" = HP Utility Center
"{39722D5E-22CC-AD1A-2DCF-F6A82EAA11EA}" = Catalyst Control Center Next Localization CS
"{443F21F6-8E3E-257E-E43F-7FB7BF2762C1}" = AMD Install Manager
"{44FE1644-EDE2-181E-1306-30A38EC9954C}" = Catalyst Control Center Next Localization CHT
"{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}" = Energy Star
"{56A90BB4-F4B4-5106-CB1A-9ECCCE13DC3E}" = Catalyst Control Center Next Localization RU
"{61D499A4-7054-6BE0-565F-D426740D4796}" = Catalyst Control Center Next Localization EL
"{6A3A0A74-A7C6-BB25-77F5-FEB06F596DA1}" = AMD Start Now
"{6C36F215-AE3A-9BA3-779B-B9E44518A5FB}" = Catalyst Control Center Next Localization PL
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{72DA82FD-8F24-EF86-7731-522325239960}" = AMD Fuel
"{72F286EC-9E02-9BB4-05E4-7474557AAA77}" = Catalyst Control Center Next Localization DA
"{7318F79A-D1D5-74EF-5F0E-21D8BC79413D}" = Catalyst Control Center Next Localization HU
"{73830292-868E-4C82-9AF5-CCFE2047B6A3}" = COMODO Firewall
"{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}" = DisableMSDefender
"{75AF330B-E3CF-1051-BF15-7575DC7E7311}" = ccc-utility64
"{78ACE60E-0CB7-4935-BCD4-F33422105607}" = AMD Settings - Branding
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{878F6913-7421-4713-97F7-0A736EE2A188}" = Inst5676
"{8829CC83-C9A5-B471-5796-55FE6099FD3B}" = Catalyst Control Center Next Localization NO
"{899D78B5-6CC0-555D-7943-327447DCBE7D}" = Catalyst Control Center Next Localization ES
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{94AEEE03-D17F-9E1A-95DF-9DD9B2906189}" = Catalyst Control Center Next Localization NL
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0F6C9EE-EC57-D6D8-96F9-C490B0198547}" = Catalyst Control Center Next Localization FI
"{C22DDF07-59F5-BA4E-7058-7E894E4C960B}" = Catalyst Control Center Next Localization FR
"{CCC54BB5-5278-2E3E-7F99-401CDF93B9A2}" = Catalyst Control Center Next Localization DE
"{D1E8F2D7-7794-4245-B286-87ED86C1893C}" = HP Registration Service
"{E9FCBCA6-B640-BC24-2421-269E77FD02EB}" = Catalyst Control Center Next Localization BR
"{F113BDF4-007F-E793-D804-7D3AF943883E}" = AMD Radeon Settings
"{F33B9709-748A-A042-F7B4-4BD45F938055}" = AMD Start Now
"AMD Catalyst Install Manager" = AMD Install Manager
"HitmanPro37" = HitmanPro 3.7
"SynTPDeinstKey" = Synaptics ClickPad Driver
"VulkanRT1.0.3.1" = Vulkan Run Time Libraries 1.0.3.1
"WhoCrashed_is1" = WhoCrashed 5.51
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{086A83BA-496C-AA1D-7327-9AA9661B0114}" = Catalyst Control Center Localization All
"{09032B0E-B0A5-6CD5-8B33-DC19A2CDFB19}" = CCC Help Turkish
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{0D18CC8B-47F4-7493-7A1B-59B77A869238}" = Catalyst Control Center Graphics Previews Common
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{207D938F-D792-636B-5161-CEFC769DCCF8}" = CCC Help Chinese Standard
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{30B2D1D8-0A07-4B71-9553-0710C5D31E35}" = HP Wireless Button Driver
"{315F1A48-D883-B234-7C79-15873574ACC1}" = OEM Application Profile
"{39337565-330E-4ab6-A9AE-AC81E0720B10}" = Cyberlink PhotoDirector
"{3C7B723A-1108-455C-B65B-FF2251E1E5A3}" = HP Documentation
"{412F6426-A3C7-11E3-8A71-00163E98E7D6}" = Evernote v. 5.2
"{4E5BC895-0B40-951D-E613-45910483B6F4}" = CCC Help Dutch
"{5996B804-50C5-093D-B4FF-37222498548B}" = CCC Help German
"{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6A0549A9-1B96-498C-ACBC-3943001FEB19}" = Skype™ 7.10
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75D1D0E8-CD9C-1D4E-A208-94B9F5597911}" = CCC Help Finnish
"{8036C2DA-7766-4392-25C7-BAEF5BEC45FA}" = CCC Help Swedish
"{88128FD0-1955-47DE-554F-33C368E4511B}" = CCC Help Chinese Traditional
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8D9F1952-1C5D-C7AE-6720-BC5E2CD46307}" = CCC Help Greek
"{91FCB2B7-3DE5-E01B-45EA-06C526E1C011}" = AMD Settings
"{974C279F-83BC-132C-8BCC-AB8BB85FA9A4}" = CCC Help Russian
"{97FB7B67-4F67-303E-3DA7-FF945C6A7570}" = CCC Help French
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BA7480A-B05B-1A63-0DB4-10A4B75208E2}" = CCC Help Korean
"{9F44862E-6A7A-BD35-B64A-D54717A33C96}" = CCC Help Japanese
"{A8247F1D-F1DC-6FF2-40A7-1989B0F97D79}" = CCC Help Spanish
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Qualcomm Atheros Driver Installation Program
"{CFD628BD-4A60-F911-962F-77FFCD33C308}" = CCC Help Danish
"{D092E456-2A5A-DEFB-439A-978D1CE79C1D}" = CCC Help Norwegian
"{D24A98EA-468C-5455-CB7C-751948676C69}" = CCC Help English
"{D3C49D06-7FA6-CE04-A17A-2074E314DBB6}" = Catalyst Control Center - Branding
"{D4D427B6-130E-5718-9A05-02E6AFDC3801}" = AMD Catalyst Control Center
"{D5EEEAEA-FD63-6739-A54C-A1AC0F7CAB61}" = CCC Help Czech
"{D8F984D3-79C1-4AD0-8E27-1F4528BC1712}" = HP Recovery Manager
"{DEF23826-DB71-4654-BC00-D5D6C20802EA}" = HP System Event Utility
"{DF51DA94-BD7A-6749-1D23-AAD2142DDC44}" = CCC Help Italian
"{EADEF0A9-0079-7CC8-96BD-D778885F1497}" = CCC Help Polish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3B18C91-BE8F-0BF1-9940-A8643AA3C73F}" = CCC Help Hungarian
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F7428FAA-75A0-5015-1118-DF42420457CA}" = CCC Help Portuguese
"{F7444EA1-5621-CCE0-93B5-3E3A7BCED49E}" = CCC Help Thai
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{F90A86C9-7779-47DD-AC06-8EE832C55F55}" = HP 3D DriveGuard
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"CrystalDiskInfo_is1" = CrystalDiskInfo 6.5.2
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}" = HP SimplePass
"InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}" = Cyberlink PhotoDirector
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware verze 2.2.1.1043
"qBittorrent" = qBittorrent 3.2.5
"SpeedFan" = SpeedFan (remove only)
"VLC media player" = VLC media player
"WinRAR archiver" = WinRAR 5.21 (32-bit)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27. 5. 2016 10:41:40 | Computer Name = alena | Source = Application Error | ID = 1000
Description = Název chybující aplikace: cnext.exe, verze: 10.1.1.1522, časové razítko:
0x564c17eb Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód
výjimky: 0xc0000005 Posun chyby: 0x0000000000000000 ID chybujícího procesu: 0x1d70
Čas
spuštění chybující aplikace: 0x01d1b8250a4c70d4 Cesta k chybující aplikaci: C:\Program
Files\AMD\CNext\CNext\cnext.exe Cesta k chybujícímu modulu: unknown ID zprávy: dfb6fe0a-fc16-49ab-82a6-06b21e49946a
Úplný
název chybujícího balíčku: ID aplikace související s chybujícím balíčkem:
Error - 27. 5. 2016 11:05:04 | Computer Name = alena | Source = .NET Runtime | ID = 1026
Description =
Error - 27. 5. 2016 11:05:06 | Computer Name = alena | Source = Application Error | ID = 1000
Description = Název chybující aplikace: tbaseprovisioning.exe, verze: 1.0.0.0, časové
razítko: 0x56b4dcb7 Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.10586.306,
časové razítko: 0x571afb9a Kód výjimky: 0xe0434352 Posun chyby: 0x000bdae8 ID chybujícího
procesu: 0x520 Čas spuštění chybující aplikace: 0x01d1b8291de3279f Cesta k chybující
aplikaci: C:\WINDOWS\SysWOW64\tbaseprovisioning.exe Cesta k chybujícímu modulu:
C:\WINDOWS\SYSTEM32\KERNELBASE.dll ID zprávy: 551d97cc-b4cf-44f6-b189-d8986da79a12
Úplný
název chybujícího balíčku: ID aplikace související s chybujícím balíčkem:
Error - 28. 5. 2016 5:00:27 | Computer Name = alena | Source = .NET Runtime | ID = 1026
Description =
Error - 28. 5. 2016 5:00:29 | Computer Name = alena | Source = Application Error | ID = 1000
Description = Název chybující aplikace: tbaseprovisioning.exe, verze: 1.0.0.0, časové
razítko: 0x56b4dcb7 Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.10586.306,
časové razítko: 0x571afb9a Kód výjimky: 0xe0434352 Posun chyby: 0x000bdae8 ID chybujícího
procesu: 0x4fc Čas spuštění chybující aplikace: 0x01d1b8bf57c4d4f1 Cesta k chybující
aplikaci: C:\WINDOWS\SysWOW64\tbaseprovisioning.exe Cesta k chybujícímu modulu:
C:\WINDOWS\SYSTEM32\KERNELBASE.dll ID zprávy: 07677450-ff4b-45de-9e96-8f64a3ec8885
Úplný
název chybujícího balíčku: ID aplikace související s chybujícím balíčkem:
Error - 28. 5. 2016 16:09:13 | Computer Name = alena | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Služba Šifrování selhala při volání OnIdentity() v objektu System
Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Protokol
Microsoft LLDP (Link-Layer Discovery Protocol). System Error: Přístup byl odepřen.
.
Error - 29. 5. 2016 16:21:11 | Computer Name = alena | Source = .NET Runtime | ID = 1026
Description =
Error - 29. 5. 2016 16:21:13 | Computer Name = alena | Source = Application Error | ID = 1000
Description = Název chybující aplikace: tbaseprovisioning.exe, verze: 1.0.0.0, časové
razítko: 0x56b4dcb7 Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.10586.306,
časové razítko: 0x571afb9a Kód výjimky: 0xe0434352 Posun chyby: 0x000bdae8 ID chybujícího
procesu: 0x4cc Čas spuštění chybující aplikace: 0x01d1b9e79630b914 Cesta k chybující
aplikaci: C:\WINDOWS\SysWOW64\tbaseprovisioning.exe Cesta k chybujícímu modulu:
C:\WINDOWS\SYSTEM32\KERNELBASE.dll ID zprávy: 08a41a04-1a47-48a3-8761-20936507fbac
Úplný
název chybujícího balíčku: ID aplikace související s chybujícím balíčkem:
Error - 30. 5. 2016 2:50:32 | Computer Name = alena | Source = .NET Runtime | ID = 1026
Description =
Error - 30. 5. 2016 2:50:33 | Computer Name = alena | Source = Application Error | ID = 1000
Description = Název chybující aplikace: tbaseprovisioning.exe, verze: 1.0.0.0, časové
razítko: 0x56b4dcb7 Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.10586.306,
časové razítko: 0x571afb9a Kód výjimky: 0xe0434352 Posun chyby: 0x000bdae8 ID chybujícího
procesu: 0x528 Čas spuštění chybující aplikace: 0x01d1ba3f8db30dad Cesta k chybující
aplikaci: C:\WINDOWS\SysWOW64\tbaseprovisioning.exe Cesta k chybujícímu modulu:
C:\WINDOWS\SYSTEM32\KERNELBASE.dll ID zprávy: 79b3aa66-1a0b-40c9-86a5-e7007edc432d
Úplný
název chybujícího balíčku: ID aplikace související s chybujícím balíčkem:
[ COMODO Internet Security Trace Events ]
Error - 18. 5. 2016 13:18:48 | Computer Name = alena | Source = cmdagent | ID = 1
Description =
Error - 18. 5. 2016 13:18:48 | Computer Name = alena | Source = cmdagent | ID = 1
Description =
Error - 18. 5. 2016 13:18:50 | Computer Name = alena | Source = cmdagent | ID = 1
Description =
Error - 18. 5. 2016 13:18:50 | Computer Name = alena | Source = cmdagent | ID = 1
Description =
Error - 18. 5. 2016 13:18:50 | Computer Name = alena | Source = cmdagent | ID = 1
Description =
Error - 18. 5. 2016 13:18:50 | Computer Name = alena | Source = cmdagent | ID = 1
Description =
Error - 18. 5. 2016 13:18:50 | Computer Name = alena | Source = cmdagent | ID = 1
Description =
Error - 18. 5. 2016 13:18:51 | Computer Name = alena | Source = cmdagent | ID = 1
Description =
Error - 18. 5. 2016 13:18:51 | Computer Name = alena | Source = cmdagent | ID = 1
Description =
Error - 18. 5. 2016 13:18:51 | Computer Name = alena | Source = cmdagent | ID = 1
Description =
[ System Events ]
Error - 29. 5. 2016 16:21:32 | Computer Name = alena | Source = Service Control Manager | ID = 7000
Description = Služba WinDefend neuspěla při spuštění v důsledku následující chyby:
%%1053
Error - 29. 5. 2016 16:21:32 | Computer Name = alena | Source = Service Control Manager | ID = 7034
Description = Služba tbaseprovisioning byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 29. 5. 2016 16:21:50 | Computer Name = alena | Source = BugCheck | ID = 1001
Description =
Error - 29. 5. 2016 16:25:04 | Computer Name = alena | Source = DCOM | ID = 10010
Description =
Error - 30. 5. 2016 2:50:30 | Computer Name = alena | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (23:00:50, ?29.?05.?2016) bylo neočekávané.
Error - 30. 5. 2016 2:50:11 | Computer Name = alena | Source = Microsoft-Windows-Kernel-Boot | ID = 29
Description =
Error - 30. 5. 2016 2:50:49 | Computer Name = alena | Source = Service Control Manager | ID = 7034
Description = Služba tbaseprovisioning byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 30. 5. 2016 2:54:13 | Computer Name = alena | Source = DCOM | ID = 10010
Description =
Error - 30. 5. 2016 3:12:17 | Computer Name = alena | Source = DCOM | ID = 10016
Description =
Error - 30. 5. 2016 5:33:22 | Computer Name = alena | Source = DCOM | ID = 10016
Description =
< End of report >
Procesor: I3 6100
Zakladní deska: ASROCK Z170 PRO4
Chlazení: NOCTUA NH-D15S
SSD: Kingston HyperX Savage SSD 120GB
HDD : 500GB Seagate
GPU: Zatím není.
RAM: Kingston HyperX Fury Black 8GB DDR4
ZROJ: EVGA 430W
CASE : In-Win 805C GOLD, zlatá
Zakladní deska: ASROCK Z170 PRO4
Chlazení: NOCTUA NH-D15S
SSD: Kingston HyperX Savage SSD 120GB
HDD : 500GB Seagate
GPU: Zatím není.
RAM: Kingston HyperX Fury Black 8GB DDR4
ZROJ: EVGA 430W
CASE : In-Win 805C GOLD, zlatá
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Bordel v notebooku
Tak , fajn , akorát log z OTL není celý , chybí celý začátek.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Bordel v notebooku
Po restarutu zase se nic nechce ukázat, ani když na ploše vytvořím nový soubor a stáhnu do něj nějaký program. Takže již nevidím ani ten program OTL ani log. Nechápu.
Procesor: I3 6100
Zakladní deska: ASROCK Z170 PRO4
Chlazení: NOCTUA NH-D15S
SSD: Kingston HyperX Savage SSD 120GB
HDD : 500GB Seagate
GPU: Zatím není.
RAM: Kingston HyperX Fury Black 8GB DDR4
ZROJ: EVGA 430W
CASE : In-Win 805C GOLD, zlatá
Zakladní deska: ASROCK Z170 PRO4
Chlazení: NOCTUA NH-D15S
SSD: Kingston HyperX Savage SSD 120GB
HDD : 500GB Seagate
GPU: Zatím není.
RAM: Kingston HyperX Fury Black 8GB DDR4
ZROJ: EVGA 430W
CASE : In-Win 805C GOLD, zlatá
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Bordel v notebooku
Stáhni si z jiného PC Kaspersky Rescue Disk 10
http://rescuedisk.kaspersky-labs.com/re ... cue_10.iso
Soubor .iso vypal na CD v tomto programu:
http://www.slunecnice.cz/sw/active-iso-burner/
Při startu windows drž klávesu Delete a dostaneš se do BIOSu. V něm , na záložce BOOT, změň boot na prvním místě na CD/DVD. Potvrď změnu (Save and Exit).
Po restartu se na chvíli objeví BIOS a poté černá obrazovka ,nahoře s textem:
Boot z CD/DVD pokračujte libovolnou klávesou- nějakou hned stiskni.
Pak se již nabootuje Kaspersky Rescue Disk. V tomto programu můžeš odstranit viry, spyware nebo jiný nebezpečný a škodlivý software.
Měl by si vybrat myslím tu druhou možnost od shora, pak vybrat :
All peripherialls ( to je všechny disky- oddíly), flešky, mechaniky, MBR atd.
Při pokračování trvá někdy dlouho černá obrazovka , vydrž , program stále pracuje.
http://www.softpedia.com/progScreenshot ... 00454.html
http://www.softpedia.com/get/Antivirus/ ... Disk.shtml
How to record Kaspersky Rescue Disk 10 to a USB device and boot a computer from it
http://support.kaspersky.com/8092
http://rescuedisk.kaspersky-labs.com/re ... cue_10.iso
Soubor .iso vypal na CD v tomto programu:
http://www.slunecnice.cz/sw/active-iso-burner/
Při startu windows drž klávesu Delete a dostaneš se do BIOSu. V něm , na záložce BOOT, změň boot na prvním místě na CD/DVD. Potvrď změnu (Save and Exit).
Po restartu se na chvíli objeví BIOS a poté černá obrazovka ,nahoře s textem:
Boot z CD/DVD pokračujte libovolnou klávesou- nějakou hned stiskni.
Pak se již nabootuje Kaspersky Rescue Disk. V tomto programu můžeš odstranit viry, spyware nebo jiný nebezpečný a škodlivý software.
Měl by si vybrat myslím tu druhou možnost od shora, pak vybrat :
All peripherialls ( to je všechny disky- oddíly), flešky, mechaniky, MBR atd.
Při pokračování trvá někdy dlouho černá obrazovka , vydrž , program stále pracuje.
http://www.softpedia.com/progScreenshot ... 00454.html
http://www.softpedia.com/get/Antivirus/ ... Disk.shtml
How to record Kaspersky Rescue Disk 10 to a USB device and boot a computer from it
http://support.kaspersky.com/8092
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Bordel v notebooku
Nepomohlo. Stále se neukazuje žádný uložený soubor.
Procesor: I3 6100
Zakladní deska: ASROCK Z170 PRO4
Chlazení: NOCTUA NH-D15S
SSD: Kingston HyperX Savage SSD 120GB
HDD : 500GB Seagate
GPU: Zatím není.
RAM: Kingston HyperX Fury Black 8GB DDR4
ZROJ: EVGA 430W
CASE : In-Win 805C GOLD, zlatá
Zakladní deska: ASROCK Z170 PRO4
Chlazení: NOCTUA NH-D15S
SSD: Kingston HyperX Savage SSD 120GB
HDD : 500GB Seagate
GPU: Zatím není.
RAM: Kingston HyperX Fury Black 8GB DDR4
ZROJ: EVGA 430W
CASE : In-Win 805C GOLD, zlatá
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Bordel v notebooku
ESET OnlineScan
Poznámka:
Je doporučeno mít během skenu vypnutý antivirový a antispywarový program .Zároveň se doporučuje mít zavřeny všechny ostatní okna , programy a nesurfovat po netu. Po skončení skenu si nezapomeň zase ochrany antiviru a antispywaru zapnout.Je doporučeno použít pro kontrolu prohlížeč Internet Explorer , jinak je nutno nainstalovat ESET Smart Installer a po skončení skenu vše zase řádně odinstalovat.
1. Klikni na ESET OnlineScan
2. Klikni na tlačítko Run ESET Online Scanner
3. Jen pro jiné prohlížeče než je Internet Explorer ( Ti , co mají spuštěn IE mohou toto přeskočit)
3.1. Klikni na esetsmartinstaller_enu.exe ke stáhnutí ESET Smart Installeru , ulož si soubor na svojí plochu.
3.2. Poklepej na ploše na ikonu esetsmartinstaller_enu
4. Dej zatržítko do čtverečku YES , I accept the Terms of Use. ( k potvrzení podmínek užití)
5. Klikni na tlačítko Start
6. Akceptuj další bezpečnostní varování ze svého prohlížeče. Nainstaluj si ovl.prvek ActiveX
7. Dej zatržítko do čtverečku Scan archives
8. Ujisti se , že volba "Remove found threats" je nezaškrtnuta
9. Když se objeví display nastavení skenu počítače , klikni na Advanced settings , a dej zatržítko na :
Enable Anti-Stealth technology (pokud není již zatržena)
10. Klikni na tlačítko Start
11. ESET si pak stáhne svojí aktualizaci , nainstaluje jí a poté začne skenovat Tvůj počítač
12. Když bude sken hotov , klikni na šipku List of found threads
13. Klikni na tlačítko Export to text file , a soubor si ulož pod nějakým jménem na svojí plochu
14. Klikni na tlačítko Back
15. Klikni na tlačítko Finish
Celý obsah textového souboru , který sis uložil na plochu sem prosím vlož.
Poznámka:
Je doporučeno mít během skenu vypnutý antivirový a antispywarový program .Zároveň se doporučuje mít zavřeny všechny ostatní okna , programy a nesurfovat po netu. Po skončení skenu si nezapomeň zase ochrany antiviru a antispywaru zapnout.Je doporučeno použít pro kontrolu prohlížeč Internet Explorer , jinak je nutno nainstalovat ESET Smart Installer a po skončení skenu vše zase řádně odinstalovat.
1. Klikni na ESET OnlineScan
2. Klikni na tlačítko Run ESET Online Scanner
3. Jen pro jiné prohlížeče než je Internet Explorer ( Ti , co mají spuštěn IE mohou toto přeskočit)
3.1. Klikni na esetsmartinstaller_enu.exe ke stáhnutí ESET Smart Installeru , ulož si soubor na svojí plochu.
3.2. Poklepej na ploše na ikonu esetsmartinstaller_enu
4. Dej zatržítko do čtverečku YES , I accept the Terms of Use. ( k potvrzení podmínek užití)
5. Klikni na tlačítko Start
6. Akceptuj další bezpečnostní varování ze svého prohlížeče. Nainstaluj si ovl.prvek ActiveX
7. Dej zatržítko do čtverečku Scan archives
8. Ujisti se , že volba "Remove found threats" je nezaškrtnuta
9. Když se objeví display nastavení skenu počítače , klikni na Advanced settings , a dej zatržítko na :
Enable Anti-Stealth technology (pokud není již zatržena)
10. Klikni na tlačítko Start
11. ESET si pak stáhne svojí aktualizaci , nainstaluje jí a poté začne skenovat Tvůj počítač
12. Když bude sken hotov , klikni na šipku List of found threads
13. Klikni na tlačítko Export to text file , a soubor si ulož pod nějakým jménem na svojí plochu
14. Klikni na tlačítko Back
15. Klikni na tlačítko Finish
Celý obsah textového souboru , který sis uložil na plochu sem prosím vlož.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Bordel v notebooku
Nejde mi to uložit, už jsem to psal 3x. Ten soubor se tam prostě neukáže. Jinak nic to nenašlo.
Procesor: I3 6100
Zakladní deska: ASROCK Z170 PRO4
Chlazení: NOCTUA NH-D15S
SSD: Kingston HyperX Savage SSD 120GB
HDD : 500GB Seagate
GPU: Zatím není.
RAM: Kingston HyperX Fury Black 8GB DDR4
ZROJ: EVGA 430W
CASE : In-Win 805C GOLD, zlatá
Zakladní deska: ASROCK Z170 PRO4
Chlazení: NOCTUA NH-D15S
SSD: Kingston HyperX Savage SSD 120GB
HDD : 500GB Seagate
GPU: Zatím není.
RAM: Kingston HyperX Fury Black 8GB DDR4
ZROJ: EVGA 430W
CASE : In-Win 805C GOLD, zlatá
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: Bordel v notebooku
Stáhni si Emsisoft Emergency Kit
http://dl.emsisoft.com/EmsisoftEmergencyKit.exe
na svojí plochu. Poklepej na soubor EmsisoftEmergencyKit.exe . Ponech všechna nastavení tak, jak jsou a klikni na tlačítko „Extract“ v dolní části. Složka s názvem EEK bude vytvořena v kořenovém adresáři jednotky (obvykle c: \).
1) Po extrakci poklikej na novou ikonu Emsisoft Emergency Kit na Tvé ploše.
2) Při prvním spuštění Emsisoft Emergency Kit doporučujeme povolit stahování aktualizací. Prosím, klepni na tlačítko „Yes“ (Ano), potom se stáhne nejnovější aktualizace databáze.
3) Po dokončení procesu aktualizace se zobrazí nové tlačítko v levém dolním rohu, s názvem „ Back“. Klikni na toto tlačítko pro návrat na předešlou obrazovku .
4) Klikni na „Scan“ , ukáží se volby skenování. Pokud budeš dotázán, zda chceš, aby se vyhledávaly potenciálně nežádoucí programy, klepni na tlačítko „Yes“(Ano).
5) Klikni na tlačítko „Full Scan“ pro zahájení skenování.
6) Když je skenování dokončeno klikni na tlačítko „Quarantine“ (karanténa vybraných objektů). Poznámka: Tato možnost je k dispozici pouze v případě, že během kontroly byly zjištěny škodlivé objekty.
7) Když budou v karanténě hrozby, klepni na tlačítko „View report“ (Zobrazit zprávy) v pravém dolním rohu, a protokol skenu se otevře v poznámkovém bloku.
Prosím ulož si protokol v poznámkovém bloku na plochu, a vlož sem celý jeho obsah.
9) Když zavřeš Emsisoft Emergency Kit, bude Ti nabídnuta možnost přihlásit se k odběru novinek. Toto je volitelné a není to nezbytné odstraňování malware.
http://dl.emsisoft.com/EmsisoftEmergencyKit.exe
na svojí plochu. Poklepej na soubor EmsisoftEmergencyKit.exe . Ponech všechna nastavení tak, jak jsou a klikni na tlačítko „Extract“ v dolní části. Složka s názvem EEK bude vytvořena v kořenovém adresáři jednotky (obvykle c: \).
1) Po extrakci poklikej na novou ikonu Emsisoft Emergency Kit na Tvé ploše.
2) Při prvním spuštění Emsisoft Emergency Kit doporučujeme povolit stahování aktualizací. Prosím, klepni na tlačítko „Yes“ (Ano), potom se stáhne nejnovější aktualizace databáze.
3) Po dokončení procesu aktualizace se zobrazí nové tlačítko v levém dolním rohu, s názvem „ Back“. Klikni na toto tlačítko pro návrat na předešlou obrazovku .
4) Klikni na „Scan“ , ukáží se volby skenování. Pokud budeš dotázán, zda chceš, aby se vyhledávaly potenciálně nežádoucí programy, klepni na tlačítko „Yes“(Ano).
5) Klikni na tlačítko „Full Scan“ pro zahájení skenování.
6) Když je skenování dokončeno klikni na tlačítko „Quarantine“ (karanténa vybraných objektů). Poznámka: Tato možnost je k dispozici pouze v případě, že během kontroly byly zjištěny škodlivé objekty.
7) Když budou v karanténě hrozby, klepni na tlačítko „View report“ (Zobrazit zprávy) v pravém dolním rohu, a protokol skenu se otevře v poznámkovém bloku.
Prosím ulož si protokol v poznámkovém bloku na plochu, a vlož sem celý jeho obsah.9) Když zavřeš Emsisoft Emergency Kit, bude Ti nabídnuta možnost přihlásit se k odběru novinek. Toto je volitelné a není to nezbytné odstraňování malware.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Re: Bordel v notebooku
Občas se sekne i poslední dobrou celý Notebook.
Emsisoft Emergency Kit - Version 11.0
Last update: 7. 6. 2016 10:46:10
User account: alena\Mamka
Scan settings:
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
Scan start: 7. 6. 2016 10:47:40
Scanned 77002
Found 0
Scan end: 7. 6. 2016 10:51:37
Scan time: 0:03:57
Emsisoft Emergency Kit - Version 11.0
Last update: 7. 6. 2016 10:46:10
User account: alena\Mamka
Scan settings:
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
Scan start: 7. 6. 2016 10:47:40
Scanned 77002
Found 0
Scan end: 7. 6. 2016 10:51:37
Scan time: 0:03:57
Procesor: I3 6100
Zakladní deska: ASROCK Z170 PRO4
Chlazení: NOCTUA NH-D15S
SSD: Kingston HyperX Savage SSD 120GB
HDD : 500GB Seagate
GPU: Zatím není.
RAM: Kingston HyperX Fury Black 8GB DDR4
ZROJ: EVGA 430W
CASE : In-Win 805C GOLD, zlatá
Zakladní deska: ASROCK Z170 PRO4
Chlazení: NOCTUA NH-D15S
SSD: Kingston HyperX Savage SSD 120GB
HDD : 500GB Seagate
GPU: Zatím není.
RAM: Kingston HyperX Fury Black 8GB DDR4
ZROJ: EVGA 430W
CASE : In-Win 805C GOLD, zlatá
Re: Bordel v notebooku
Projel jsem registry přes Free Window Registry Repair a tak nějak ukládaní souboru funguje. Jsem to říkal, že problém bude v tom. Navic se to momentalně ani jednou nezaseklo. Takže asi vyřešeno ?
Procesor: I3 6100
Zakladní deska: ASROCK Z170 PRO4
Chlazení: NOCTUA NH-D15S
SSD: Kingston HyperX Savage SSD 120GB
HDD : 500GB Seagate
GPU: Zatím není.
RAM: Kingston HyperX Fury Black 8GB DDR4
ZROJ: EVGA 430W
CASE : In-Win 805C GOLD, zlatá
Zakladní deska: ASROCK Z170 PRO4
Chlazení: NOCTUA NH-D15S
SSD: Kingston HyperX Savage SSD 120GB
HDD : 500GB Seagate
GPU: Zatím není.
RAM: Kingston HyperX Fury Black 8GB DDR4
ZROJ: EVGA 430W
CASE : In-Win 805C GOLD, zlatá
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 67 hostů