Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Are WiFi Network Names Protected by the First Amendment?

Featured Deal: Get 96% off the MCSA SQL Server Training Deal

Photo

PC slows down

Started by league , May 21 2016 06:07 PM

  • This topic is locked This topic is locked
6 replies to this topic

#1 league

league

  • Members
  • 4 posts
  • OFFLINE
    •  
  • Local time:03:26 PM

Posted 21 May 2016 - 06:07 PM

Hello everyone, my PC is slowing down and has internet speed drop.

I think I am infected. Can you please help me to check ?

 

 

Attached Files


BC AdBot (Login to Remove)

 

#2 league

league
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
    •  
  • Local time:03:26 PM

Posted 22 May 2016 - 06:38 AM

up


#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,573 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:26 AM

Posted 22 May 2016 - 09:21 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs via the Control Panel > Programs > Programs and Features applet.
Duplicate Cleaner Free 3.2.6 (HKLM-x32\...\Duplicate Cleaner Free) (Version: 3.2.6 - DigitalVolcano Software Ltd) <==== ATTENTION
Popcorn Time (HKU\S-1-5-21-10298347-2271905917-748380152-1000\...\Popcorn Time) (Version: - Popcorn Official) <==== ATTENTION

====

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicyScripts: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-10298347-2271905917-748380152-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR HKLM-x32\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx <non trouvé(e)>
S2 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz139; \??\C:\Users\ANDR~1\AppData\Local\Temp\cpuz139\cpuz139_x64.sys [X]
S3 MFE_RR; \??\C:\Users\ANDR~1\AppData\Local\Temp\mfe_rr.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {6A659A3A-0F9E-4646-AB53-6010CDA9B0C7} - \CCleanerSkipUAC -> Pas de fichier <==== ATTENTION
AlternateDataStreams: C:\P8P67-REV31-ASUS-3602.ROM:$CmdZnID [26]
AlternateDataStreams: C:\Windows\RtlExUpd.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\AcpiServiceVnA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AERTAC64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AERTAR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audioLibVc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CaptureAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CapturePropPage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CONEQMSAPOGUILibrary.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CX64APO.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_35.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DDPA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DDPA64F3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DDPD64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DDPD64AF3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DDPO64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DDPO64AF3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DDPP64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DDPP64AF3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DolbyDAX2APOProp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DolbyDAX2APOv201.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DolbyDAX2APOv211.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSBassEnhancementDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSBoostDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSGainCompensatorDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSGFXAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSGFXAPONS64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSLFXAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSLimiterDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DTSNeoPCDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSS2HeadphoneDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSS2SpeakerDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSSymmetryDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSU2PGFX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSU2PLFX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSU2PREC64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSVoiceClarityDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DxtoryCodec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FMAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\HiFiDAX2API.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ICEsoundAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IntelSSTAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IntelSstCApoPropPage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KAAPORT64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO20.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO30.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO4064.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO5064.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO6064.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO7064.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPOShell64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioEQ64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioRealtek64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxSpeechAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxVoiceAPO2064.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxVoiceAPO3064.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxVoiceAPO4064.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxVolumeSDAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MISS_APO.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NAHIMICAPOlfx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NahimicAPONSControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NAHIMICV2apo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\R4EEA64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\R4EED64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\R4EEG64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\R4EEL64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\R4EEP64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RCoInstII64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RenderAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RenderPropPage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RltkAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RP3DAA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RP3DHT64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTCOM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtDataProc64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTEED64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTEEG64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTEEL64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTEEP64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtkApi64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtkCfg64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtkCoLDR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtlCPAPI64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtPgEx64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTSnMg64.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SEAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SECOMN64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SEHDRA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SFAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SFCOM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SFNHK64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SFSS_APO.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sl3apo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\slcnt64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\slprp64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sltech64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRCOM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRRPTR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRSHP64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRSTSH64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRSTSX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRSWOW64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tadefxapo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tadefxapo264.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tepeqapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tosade.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tosasfapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\toseaeapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tossaeapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tossaemaxapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WavesGUILib64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_10.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\YamahaAE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\YamahaAE2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_36.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DxtoryCodec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RltkAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SECOMN32.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SFCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SRCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WNASPI32.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_7.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_4.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\avgntflt.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\avipbb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\avkmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\avnetflt.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\lgLowAudio.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mcaudrv_x64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mcvidrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mcvidrv_x64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\RAMDiskVE.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\RTKVHD64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxNetAdp6.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxNetLwf.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxUSBMon.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Drivers\ASPI32.SYS:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\TEMP:6EB5A6F9 [122]
AlternateDataStreams: C:\Users\André\Desktop\adwcleaner_5.109.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\André\Desktop\adwcleaner_5.109.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Desktop\ComboFix.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\André\Desktop\ComboFix.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Desktop\FRST64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\André\Desktop\FRST64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Desktop\RogueKillerX64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\André\Desktop\RogueKillerX64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Desktop\rootkitremover (4).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\André\Desktop\rootkitremover (4).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Desktop\tdsskiller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\André\Desktop\tdsskiller.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\1Q84 - Livre 3, Octobre-decembre - Haruki Murakami.epub:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\20160226_mail_0.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\20160311_mail_0.MP3:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\adwcleaner_5.101 (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\André\Downloads\adwcleaner_5.101 (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\adwcleaner_5.101.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\André\Downloads\adwcleaner_5.101.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\antizeroaccess.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\André\Downloads\antizeroaccess.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\AVG_Protection_Free_698.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\André\Downloads\AVG_Protection_Free_698.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\avira_fr_av_56e5e98fb4f43__ws.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\avira_fr_av_5708442e5aa0f__ws.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\André\Downloads\avira_fr_av_5708442e5aa0f__ws.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\client (2).ovpn:$CmdTcID [64]
AlternateDataStreams: C:\Users\André\Downloads\client (2).ovpn:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\ComboFix (1).exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\André\Downloads\ComboFix (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\ComboFix.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\André\Downloads\ComboFix.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\cpu-z_1.75-en.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\Dataram_RAMDisk_4_4_0_RC36.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\Demande_Partenariat_commercial.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\EmsisoftAntiMalwareSetup (2).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\André\Downloads\EmsisoftAntiMalwareSetup (2).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\EmsisoftEmergencyKit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\André\Downloads\EmsisoftEmergencyKit.exe.6ffr2mk.partial:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\ESETPoweliksCleaner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\André\Downloads\ESETPoweliksCleaner.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\ESETSirefefCleaner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\André\Downloads\ESETSirefefCleaner.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\everest-ultimate_everest_ultimate_5.50.2100_francais_12281.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\André\Downloads\everest-ultimate_everest_ultimate_5.50.2100_francais_12281.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\F6531_P8P67_REV_3_1.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\facture_freemobile_20151108.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\FileZilla_3.14.0_win64-setup.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\André\Downloads\gmer.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\Install_CopyTransControlCenter.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\André\Downloads\Install_CopyTransControlCenter.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\Intel Driver Update Utility Installer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\André\Downloads\Intel Driver Update Utility Installer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\KVRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\André\Downloads\KVRT.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\mbam-setup-org-2.2.0.1024.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\André\Downloads\mbam-setup-org-2.2.0.1024.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\mr-robot-season-1-episode-2-english-8182.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\mr-robot-season-1-episode-3-english-8318.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\mr-robot-season-1-episode-4-english-8512.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\mr.robot.s01.e01.eps1.0_hellofriend.mov.(2015).eng.1cd.(6186379).zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\notes_aux_devoir_547eb649c9a8e0.34398166ELE.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\openvpn-connect-2.0.18.202.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\porsche-cayenne-turbo-s--a2e095c,0,920,0,0.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\QQPCDownload1322.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\André\Downloads\QQPCDownload1322.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\RAMMap.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\Releve_de_notes_André_KRYUCHKOV.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\repository.xbmchub-1.0.6.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\revouninstaller_1-95_fr_39528.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\André\Downloads\revouninstaller_1-95_fr_39528.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\RogueKillerX64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\André\Downloads\RogueKillerX64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\André\Downloads\setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\Simonov.avi:$CmdTcID [64]
AlternateDataStreams: C:\Users\André\Downloads\Simonov.avi:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\subaru-wrx-sti-autre-95475.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\subaru-wrx-sti-autre-95477.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\SvchostAnalyzer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\André\Downloads\SvchostAnalyzer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\tdsskiller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\André\Downloads\tdsskiller.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\UserBenchMark.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\André\Downloads\UserBenchMark.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\Windows6.1-KB3065987-v2-x64 (1).msu:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\Windows6.1-KB3065987-v2-x64.msu:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\Windows6.1-KB3102810-x86.msu:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\WKS2200.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\André\Downloads\WKS2200.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\[kat.cr]mr.robot.s01e01.720p.hdtv.x264.aac.ozlem (1).torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\[kat.cr]mr.robot.s01e01.720p.hdtv.x264.aac.ozlem.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\[kat.cr]mr.robot.s01e02.hdtv.x264.killers.ettv.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\[kat.cr]mr.robot.s01e03.hdtv.x264.asap.ettv.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\[kat.cr]mr.robot.s01e04.hdtv.x264.killers.ettv.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\[kat.cr]the.x.files.s10e01.hdtv.x264.killers.ettv.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\[kat.cr]the.x.files.s10e02.hdtv.x264.killers.ettv.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\[kat.cr]the.x.files.s10e03.hdtv.x264.killers.ettv.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\André\Downloads\[rutracker.org].t5138468.torrent:$CmdZnID [26]
FirewallRules: [TCP Query User{82BD968D-188A-43EF-87EF-B99C80EAC544}C:\users\andré\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Block) C:\users\andré\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{6C2483D9-B85A-41AD-8711-20A5F20723E6}C:\users\andré\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Block) C:\users\andré\appdata\local\popcorn time\node-webkit\popcorn time.exe[/B]
C:\Users\André\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please post the logs a let me know if the problem persists.

#4 league

league
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
    •  
  • Local time:03:26 PM

Posted 22 May 2016 - 09:43 AM

Hello nasdaq,

 

Thanks you to help me. Here is the attached fixlog.

I lost all my internet browser history, can I recover it ?

Attached Files


#5 league

league
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
    •  
  • Local time:03:26 PM

Posted 22 May 2016 - 09:54 AM

Here is the adwcleaner log.

 

My PC seems working better. How can I be sure that my internet is not hacked ?

Attached Files


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,573 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:26 AM

Posted 22 May 2016 - 01:57 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,573 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:26 AM

Posted 28 May 2016 - 07:35 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·