x-kom hosting

Podejrzenie o Keyloggera.

Leeder
utworzono
utworzono

Ostatnio straciłem 3 konta i podejrzewam, że to nie jest przypadek.

Myślę, że to jest keylogger..

 

Bardzo bym was prosił o pomoc..

LOGI:

OTL

[log]OTL logfile created on: 2014-06-21 21:24:26 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\darek\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
1,95 Gb Total Physical Memory | 0,53 Gb Available Physical Memory | 27,47% Memory free
3,89 Gb Paging File | 1,66 Gb Available in Paging File | 42,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 102,68 Gb Total Space | 59,01 Gb Free Space | 57,47% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 48,25 Gb Free Space | 49,41% Space Free | Partition Type: NTFS
Drive E: | 97,66 Gb Total Space | 78,95 Gb Free Space | 80,85% Space Free | Partition Type: NTFS
 
Computer Name: DAREK-KOMPUTER | User Name: darek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014-06-21 21:22:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\darek\Downloads\OTL.exe
PRC - [2014-06-21 16:05:24 | 002,392,064 | ---- | M] (CipSoft GmbH) -- C:\Users\darek\Desktop\Mateusz\NSS 2.0\Tibia.exe
PRC - [2014-06-18 20:20:38 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014-06-18 20:05:54 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014-06-10 22:39:34 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014-01-22 12:45:58 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe
PRC - [2014-01-22 12:45:58 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe
PRC - [2013-11-08 22:39:51 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013-08-23 14:10:09 | 000,424,104 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) -- C:\Program Files (x86)\WinZipper\winzipersvc.exe
PRC - [2013-06-15 16:52:21 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2010-12-21 04:30:38 | 002,656,280 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010-12-21 04:30:36 | 000,325,656 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014-06-21 16:05:24 | 001,445,888 | ---- | M] () -- E:\ElfBot NG\elfbot.dll
MOD - [2014-06-18 20:05:55 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014-06-10 22:39:30 | 003,852,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013-06-15 16:52:21 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2010-08-23 15:46:48 | 000,659,456 | ---- | M] () -- C:\Windows\SysWOW64\vmprp332.ax
MOD - [2010-01-30 03:41:12 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2009-12-09 15:19:54 | 000,036,352 | ---- | M] () -- E:\ElfBot NG\elfload.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014-06-18 20:05:54 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011-01-30 19:22:58 | 000,499,200 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2011-01-30 19:17:08 | 000,885,248 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2011-01-05 13:41:38 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011-01-05 13:28:50 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011-01-05 13:26:56 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014-06-10 22:39:30 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014-01-22 12:45:58 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2013-11-08 22:39:51 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013-11-06 18:29:46 | 004,609,416 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2013-10-23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-08-23 14:10:09 | 000,424,104 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) [Auto | Running] -- C:\Program Files (x86)\WinZipper\winzipersvc.exe -- (winzipersvc)
SRV - [2013-07-20 12:26:26 | 000,148,000 | ---- | M] (DealPly Technologies Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe -- (dealplylivem)
SRV - [2013-07-20 12:26:26 | 000,148,000 | ---- | M] (DealPly Technologies Ltd) [Auto | Stopped] -- C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe -- (dealplylive)
SRV - [2012-07-09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-12-21 04:30:38 | 002,656,280 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010-12-21 04:30:36 | 000,325,656 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014-06-18 20:17:45 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014-06-18 20:17:45 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014-06-18 20:17:45 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014-06-18 20:05:56 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014-06-18 20:05:56 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014-06-18 20:05:56 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014-06-18 20:05:56 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014-06-18 20:05:56 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2013-08-13 01:10:26 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013-06-14 09:11:05 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2013-06-14 09:11:01 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2013-02-05 23:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012-07-18 14:58:24 | 000,132,104 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zghsser.sys -- (zghsser)
DRV:64bit: - [2012-06-20 12:51:32 | 000,020,232 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV:64bit: - [2011-04-08 03:59:58 | 001,430,576 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011-03-25 12:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011-03-10 11:01:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011-01-18 11:16:04 | 000,075,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2010-12-10 19:43:40 | 000,234,960 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs)
DRV:64bit: - [2010-11-24 11:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010-10-21 08:57:30 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010-10-20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010-09-30 10:45:22 | 000,299,520 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010-09-21 22:04:54 | 000,015,056 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm2uvcflt.sys -- (vm2uvcflt)
DRV:64bit: - [2009-07-14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009-07-14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-03-18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXN1A717802478024&ts=1380211191
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com/web/?utm_source=b&utm_medium=bnd&from=bnd&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXN1A717802478024&ts=0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXN1A717802478024&ts=1380211191
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXN1A717802478024&ts=1380211191
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files (x86)\SiteFinder\SiteFinder.dll (Site Finder)
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com/web/?utm_source=b&utm_medium=bnd&from=bnd&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXN1A717802478024&ts=0
 
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6CD000FF4EFF94D8&affID=128491&tsp=5190
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXN1A717802478024&ts=1377259841
IE - HKCU\..\SearchScopes\{A8160AF9-3E1B-40EA-A2A0-1F9877FEFCEC}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=512435&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_38: C:\Windows\system32\npdeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF - HKLM\Software\MozillaPlugins\BYOND: C:\Program Files (x86)\BYOND\bin\npbyond.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\darek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-18 20:05:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014-04-30 07:35:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\support@mozilla.com: C:\Users\darek\AppData\Roaming\support@mozilla.com [2013-10-05 20:15:05 | 000,000,000 | ---D | M]
 
[2013-06-15 16:29:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\darek\AppData\Roaming\mozilla\Extensions
[2014-06-04 21:41:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\darek\AppData\Roaming\mozilla\Firefox\Profiles\ce1yzzxv.default-1401462181965\extensions
[2014-04-13 13:36:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\darek\AppData\Roaming\mozilla\Firefox\Profiles\g5oicw0c.default-1377648373679\Extensions
[2014-02-13 19:40:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\darek\AppData\Roaming\mozilla\Firefox\Profilesg5oicw0c.default-1377648373679\extensions
[2014-02-13 19:40:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\darek\AppData\Roaming\mozilla\Firefox\Profilesg5oicw0c.default-1377648373679\extensions\staged
[2014-06-04 21:41:06 | 000,967,387 | ---- | M] () (No name found) -- C:\Users\darek\AppData\Roaming\mozilla\firefox\profiles\ce1yzzxv.default-1401462181965\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014-04-30 07:35:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014-06-10 22:39:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014-04-30 07:35:47 | 000,000,000 | ---D | M] (Hotspot Shield Extension) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\afext@anchorfree.com
[2014-06-10 19:22:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\updated\browser\extensions
[2014-06-10 19:23:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014-06-10 19:22:45 | 000,000,000 | ---D | M] (Hotspot Shield Extension) -- C:\Program Files (x86)\mozilla firefox\updated\browser\extensions\afext@anchorfree.com
 
========== Chrome  ==========
 
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Users\darek\AppData\Local\Google\Chrome\User Data\default\extensions\beahobhgpojnjfdjglaehfhdanaioode\1.4_0\
CHR - Extension: No name found = C:\Users\darek\AppData\Local\Google\Chrome\User Data\default\extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0\
CHR - Extension: No name found = C:\Users\darek\AppData\Local\Google\Chrome\User Data\default\extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_1\
CHR - Extension: No name found = C:\Users\darek\AppData\Local\Google\Chrome\User Data\default\extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_2\
CHR - Extension: No name found = C:\Users\darek\AppData\Local\Google\Chrome\User Data\default\extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0\
CHR - Extension: No name found = C:\Users\darek\AppData\Local\Google\Chrome\User Data\default\extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_1\
CHR - Extension: No name found = C:\Users\darek\AppData\Local\Google\Chrome\User Data\default\extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_2\
CHR - Extension: No name found = C:\Users\darek\AppData\Local\Google\Chrome\User Data\default\extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_3\
CHR - Extension: No name found = C:\Users\darek\AppData\Local\Google\Chrome\User Data\default\extensions\fkjonigebafgfomfofbodcbbijbibokl\14062.617.6371_0\crossrider
CHR - Extension: No name found = C:\Users\darek\AppData\Local\Google\Chrome\User Data\default\extensions\fkjonigebafgfomfofbodcbbijbibokl\14062.617.6371_0\
CHR - Extension: No name found = C:\Users\darek\AppData\Local\Google\Chrome\User Data\default\extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\0.0.4.1_0\
CHR - Extension: No name found = C:\Users\darek\AppData\Local\Google\Chrome\User Data\default\extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\0.0.4.1_1\
CHR - Extension: No name found = C:\Users\darek\AppData\Local\Google\Chrome\User Data\default\extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\0.0.4.1_2\
CHR - Extension: No name found = C:\Users\darek\AppData\Local\Google\Chrome\User Data\default\extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\1.1.4.7_0\
CHR - Extension: No name found = C:\Users\darek\AppData\Local\Google\Chrome\User Data\default\extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_1\
 
O1 HOSTS File: ([2014-04-12 16:35:29 | 000,000,059 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       198.144.182.42
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (buenosearch Helper Object) - {F1C81E40-2485-4DB6-8C9D-04BD596B281E} - C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\bh\buenosearch.dll (Montiera Technologies LTD)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (buenosearch Toolbar) - {828DC97A-2277-4E10-92A9-4907FA0922A9} - C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\buenosearchTlbr.dll (Montiera Technologies LTD)
O3 - HKLM\..\Toolbar: (SiteFinder) - {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files (x86)\SiteFinder\SiteFinder.dll (Site Finder)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [spoolsv32] C:\Windows\SysWow64\javaw.exe (Oracle Corporation)
O4 - Startup: C:\Users\darek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\trzD50B.tmp ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: Site Finder - {CCC7B152-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files (x86)\SiteFinder\SiteFinder.dll (Site Finder)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{062F3F4F-ACCE-41E6-9095-5E1FD034BBCB}: DhcpNameServer = 192.168.3.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0841DEAA-D24A-482E-8FF9-DDB1A76FCC8D}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (e:\lol\rads\projects\lol_air_client\releases\0.0.1.63\deploy\lolclientsrv.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (c:\program files (x86)\microsoft\desktoplayer.exe) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014-05-15 19:21:24 | 000,000,205 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2014-02-06 20:31:42 | 000,000,218 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /M:22e4a9e5c /wow /dir:"C:\Program Files\AVAST Software\Avast")
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014-06-21 15:47:37 | 000,000,000 | ---D | C] -- C:\Users\darek\Desktop\Mateusz
[2014-06-20 01:10:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElfBot NG
[2014-06-19 20:35:38 | 000,000,000 | ---D | C] -- C:\Users\darek\AppData\Local\gtk-2.0
[2014-06-18 20:11:11 | 000,000,000 | ---D | C] -- C:\Users\darek\AppData\Roaming\AVAST Software
[2014-06-18 20:06:11 | 000,085,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014-06-18 20:05:55 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014-06-14 14:37:40 | 000,000,000 | ---D | C] -- C:\Users\darek\Desktop\programy ;3
[2014-06-14 14:34:30 | 000,000,000 | ---D | C] -- C:\Users\darek\Desktop\Mama
[2014-06-03 23:47:45 | 000,000,000 | ---D | C] -- C:\Users\darek\otNaruto
[4 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\darek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.tmp files -> C:\Users\darek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.tmp -> ]
[1 C:\Users\darek\AppData\Local\*.tmp files -> C:\Users\darek\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014-06-21 21:31:02 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\DealPlyLiveUpdateTaskMachineUA.job
[2014-06-21 20:58:04 | 000,383,101 | ---- | M] () -- C:\Users\darek\Desktop\dd.png
[2014-06-21 15:08:04 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-06-21 15:08:04 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-06-21 15:06:57 | 001,673,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014-06-21 15:06:57 | 000,742,054 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2014-06-21 15:06:57 | 000,655,590 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014-06-21 15:06:57 | 000,156,040 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2014-06-21 15:06:57 | 000,121,932 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014-06-21 15:00:49 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\DealPlyLiveUpdateTaskMachineCore.job
[2014-06-21 15:00:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-06-21 14:59:27 | 1566,461,952 | -HS- | M] () -- C:\hiberfil.sys
[2014-06-20 11:46:11 | 001,568,600 | ---- | M] () -- C:\Users\darek\Desktop\Jason Derulo - Wiggle ft. Snoop Dogg (Audio).mp3
[2014-06-19 22:39:12 | 001,646,182 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014-06-19 20:46:38 | 000,003,030 | ---- | M] () -- C:\Users\darek\AppData\Local\recently-used.xbel
[2014-06-18 20:17:45 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014-06-18 20:17:45 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014-06-18 20:17:45 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014-06-18 20:05:56 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys.1403115464210
[2014-06-18 20:05:56 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys.1403115464210
[2014-06-18 20:05:56 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014-06-18 20:05:56 | 000,208,416 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014-06-18 20:05:56 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014-06-18 20:05:56 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014-06-18 20:05:56 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014-06-18 20:05:56 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014-06-18 20:05:55 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014-06-18 19:58:54 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2014-06-18 10:23:50 | 003,763,334 | ---- | M] () -- C:\Users\darek\Desktop\zdjęcia.zip
[2014-06-17 17:03:12 | 001,732,649 | ---- | M] () -- C:\Users\darek\Desktop\Indila - Dernière Danse.mp3
[2014-06-16 20:23:52 | 001,749,159 | ---- | M] () -- C:\Users\darek\Desktop\Mateusz Mijal - Zabijasz mnie TEKST.mp3
[4 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\darek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.tmp files -> C:\Users\darek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.tmp -> ]
[1 C:\Users\darek\AppData\Local\*.tmp files -> C:\Users\darek\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014-06-21 20:58:03 | 000,383,101 | ---- | C] () -- C:\Users\darek\Desktop\dd.png
[2014-06-20 11:45:14 | 001,568,600 | ---- | C] () -- C:\Users\darek\Desktop\Jason Derulo - Wiggle ft. Snoop Dogg (Audio).mp3
[2014-06-19 20:46:38 | 000,003,030 | ---- | C] () -- C:\Users\darek\AppData\Local\recently-used.xbel
[2014-06-18 20:06:08 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014-06-18 10:22:51 | 003,763,334 | ---- | C] () -- C:\Users\darek\Desktop\zdjęcia.zip
[2014-06-17 17:01:23 | 001,732,649 | ---- | C] () -- C:\Users\darek\Desktop\Indila - Dernière Danse.mp3
[2014-06-16 20:21:59 | 001,749,159 | ---- | C] () -- C:\Users\darek\Desktop\Mateusz Mijal - Zabijasz mnie TEKST.mp3
[2014-04-22 14:54:49 | 000,000,147 | ---- | C] () -- C:\Users\darek\AppData\Roaming\config.ini
[2014-04-22 14:54:35 | 001,213,440 | ---- | C] () -- C:\Users\darek\AppData\Roaming\79354.exe
[2014-04-12 18:23:48 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2014-02-12 14:34:07 | 000,175,104 | -HS- | C] () -- C:\Users\darek\b38L10pB.UK4
[2014-02-11 21:53:43 | 000,000,023 | ---- | C] () -- C:\Users\darek\AppData\Roaming\tbi86.dll
[2014-01-22 18:26:55 | 000,000,000 | ---- | C] () -- C:\Users\darek\AppData\Local\{9A9DEA52-FC34-4D31-9FD5-401459935F48}
[2014-01-22 12:46:11 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe
[2014-01-22 12:46:11 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2014-01-21 22:51:52 | 000,584,584 | ---- | C] () -- C:\Windows\adb.exe
[2014-01-02 08:16:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014-01-02 08:16:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014-01-02 08:16:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014-01-02 08:16:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014-01-02 08:16:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013-12-30 14:41:32 | 000,000,030 | ---- | C] () -- C:\Users\darek\AppData\Roaming\WB.CFG
[2013-11-11 18:30:50 | 093,027,983 | ---- | C] () -- C:\Users\darek\AppData\Roaming\MeinPack 4.0 Instalacja.exe
[2013-11-03 18:29:02 | 000,282,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013-11-03 18:28:59 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013-11-03 18:28:58 | 002,484,592 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_p4f.exe
[2013-09-29 11:18:07 | 000,000,000 | -HS- | C] () -- C:\Users\darek\AppData\Local\LumaEmu
[2013-09-16 20:19:18 | 000,000,414 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013-08-22 22:33:55 | 000,000,000 | ---- | C] () -- C:\Users\darek\AppData\Local\{F3D23752-0DF4-4FD9-9E23-2257F24B5A85}
[2013-08-20 17:08:45 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2013-07-12 14:25:00 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2013-07-12 14:25:00 | 000,000,189 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013-07-12 14:25:00 | 000,000,132 | ---- | C] () -- C:\Windows\ODBC.INI
[2013-07-12 14:25:00 | 000,000,117 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.INI
[2013-07-11 16:59:10 | 000,000,501 | ---- | C] () -- C:\Windows\my.ini
[2013-06-22 00:35:17 | 000,013,262 | ---- | C] () -- C:\Users\darek\AppData\Roaming\sqlite.jar
[2013-06-22 00:35:15 | 000,803,987 | ---- | C] () -- C:\Users\darek\AppData\Roaming\java_u.jar
[2013-06-19 20:21:49 | 001,646,182 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013-06-14 09:08:04 | 000,001,823 | ---- | C] () -- C:\Windows\vm332Rmv.ini
[2013-06-14 09:08:04 | 000,001,823 | ---- | C] () -- C:\Windows\SysWow64\vm332Rmv.ini
[2013-06-14 09:03:13 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2013-06-14 08:45:12 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2013-06-14 08:45:12 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2013-06-14 08:45:12 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2013-05-28 22:22:48 | 000,641,024 | ---- | C] () -- C:\Windows\SysWow64\ficvdec_x86.dll
[2012-07-02 22:11:02 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\theowl.dll
 
========== ZeroAccess Check ==========
 
[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009-07-14 03:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009-07-14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 248 bytes -> C:\ProgramData\TEMP:6BE50C2B
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4EE74317

< End of report >

[/log]

 

 

Extras:

 

 

[log]

OTL Extras logfile created on: 2014-06-21 21:24:26 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\darek\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
1,95 Gb Total Physical Memory | 0,53 Gb Available Physical Memory | 27,47% Memory free
3,89 Gb Paging File | 1,66 Gb Available in Paging File | 42,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 102,68 Gb Total Space | 59,01 Gb Free Space | 57,47% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 48,25 Gb Free Space | 49,41% Space Free | Partition Type: NTFS
Drive E: | 97,66 Gb Total Space | 78,95 Gb Free Space | 80,85% Space Free | Partition Type: NTFS
 
Computer Name: DAREK-KOMPUTER | User Name: darek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Action!\Action.exe" = E:\Action!\Action.exe:*:Enabled:ipsec
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" = C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe:*:Enabled:ipsec
"C:\Program Files (x86)\Skype\Phone\Skype.exe" = C:\Program Files (x86)\Skype\Phone\Skype.exe:*:Enabled:ipsec -- (Skype Technologies S.A.)
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe" = C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe:*:Enabled:ipsec -- (Adobe Systems, Inc.)
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" = C:\Program Files (x86)\Mozilla Firefox\firefox.exe:*:Enabled:ipsec -- (Mozilla Corporation)
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe:*:Enabled:ipsec
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" = C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe:*:Enabled:ipsec -- (Mozilla Corporation)
"C:\Windows\SysWOW64\netsh.exe" = C:\Windows\SysWOW64\netsh.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Program Files (x86)\screenSHU\screenSHU.exe" = C:\Program Files (x86)\screenSHU\screenSHU.exe:*:Enabled:ipsec
"E:\Programy\Game Booster 3\AutoUpdate.exe" = E:\Programy\Game Booster 3\AutoUpdate.exe:*:Enabled:ipsec
"E:\PandoraMT2\patcher\metin2.bin" = E:\PandoraMT2\patcher\metin2.bin:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winuvcaad.exe" = C:\Users\darek\AppData\Local\Temp\winuvcaad.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winjjkj.exe" = C:\Users\darek\AppData\Local\Temp\winjjkj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winebjak.exe" = C:\Users\darek\AppData\Local\Temp\winebjak.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\idcdo.exe" = C:\Users\darek\AppData\Local\Temp\idcdo.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winiellg.exe" = C:\Users\darek\AppData\Local\Temp\winiellg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\dcbesx.exe" = C:\Users\darek\AppData\Local\Temp\dcbesx.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winfxwuf.exe" = C:\Users\darek\AppData\Local\Temp\winfxwuf.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wintotpvi.exe" = C:\Users\darek\AppData\Local\Temp\wintotpvi.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winmyjdrk.exe" = C:\Users\darek\AppData\Local\Temp\winmyjdrk.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winrvumg.exe" = C:\Users\darek\AppData\Local\Temp\winrvumg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\chdxcn.exe" = C:\Users\darek\AppData\Local\Temp\chdxcn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\bpap.exe" = C:\Users\darek\AppData\Local\Temp\bpap.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\xhbc.exe" = C:\Users\darek\AppData\Local\Temp\xhbc.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\nykkc.exe" = C:\Users\darek\AppData\Local\Temp\nykkc.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winjrtyyv.exe" = C:\Users\darek\AppData\Local\Temp\winjrtyyv.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\xtxjki.exe" = C:\Users\darek\AppData\Local\Temp\xtxjki.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\xidcu.exe" = C:\Users\darek\AppData\Local\Temp\xidcu.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winemje.exe" = C:\Users\darek\AppData\Local\Temp\winemje.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winufmaa.exe" = C:\Users\darek\AppData\Local\Temp\winufmaa.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winkvau.exe" = C:\Users\darek\AppData\Local\Temp\winkvau.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winukigxt.exe" = C:\Users\darek\AppData\Local\Temp\winukigxt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winqkyj.exe" = C:\Users\darek\AppData\Local\Temp\winqkyj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winingvh.exe" = C:\Users\darek\AppData\Local\Temp\winingvh.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winelbdr.exe" = C:\Users\darek\AppData\Local\Temp\winelbdr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ejor.exe" = C:\Users\darek\AppData\Local\Temp\ejor.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winbbrtct.exe" = C:\Users\darek\AppData\Local\Temp\winbbrtct.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\rllo.exe" = C:\Users\darek\AppData\Local\Temp\rllo.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winhuemna.exe" = C:\Users\darek\AppData\Local\Temp\winhuemna.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wincxxbk.exe" = C:\Users\darek\AppData\Local\Temp\wincxxbk.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\yrhp.exe" = C:\Users\darek\AppData\Local\Temp\yrhp.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\inqu.exe" = C:\Users\darek\AppData\Local\Temp\inqu.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\workox.exe" = C:\Users\darek\AppData\Local\Temp\workox.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\nkdth.exe" = C:\Users\darek\AppData\Local\Temp\nkdth.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winnxpoxt.exe" = C:\Users\darek\AppData\Local\Temp\winnxpoxt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvwsb.exe" = C:\Users\darek\AppData\Local\Temp\winvwsb.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wincyyfy.exe" = C:\Users\darek\AppData\Local\Temp\wincyyfy.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winccgpy.exe" = C:\Users\darek\AppData\Local\Temp\winccgpy.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winwmvcig.exe" = C:\Users\darek\AppData\Local\Temp\winwmvcig.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winmdfcjm.exe" = C:\Users\darek\AppData\Local\Temp\winmdfcjm.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winalwrx.exe" = C:\Users\darek\AppData\Local\Temp\winalwrx.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvejcki.exe" = C:\Users\darek\AppData\Local\Temp\winvejcki.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ljdjuj.exe" = C:\Users\darek\AppData\Local\Temp\ljdjuj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\gucdc.exe" = C:\Users\darek\AppData\Local\Temp\gucdc.exe:*:Enabled:ipsec
"E:\League of Legends\RADS\system\rads_user_kernel.exe" = E:\League of Legends\RADS\system\rads_user_kernel.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\enpvrg.exe" = C:\Users\darek\AppData\Local\Temp\enpvrg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winxvcwyb.exe" = C:\Users\darek\AppData\Local\Temp\winxvcwyb.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ayaj.exe" = C:\Users\darek\AppData\Local\Temp\ayaj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winiektt.exe" = C:\Users\darek\AppData\Local\Temp\winiektt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winnjqt.exe" = C:\Users\darek\AppData\Local\Temp\winnjqt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wingiyp.exe" = C:\Users\darek\AppData\Local\Temp\wingiyp.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\pxit.exe" = C:\Users\darek\AppData\Local\Temp\pxit.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winhdkr.exe" = C:\Users\darek\AppData\Local\Temp\winhdkr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\aehd.exe" = C:\Users\darek\AppData\Local\Temp\aehd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winqnqp.exe" = C:\Users\darek\AppData\Local\Temp\winqnqp.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winguyfyx.exe" = C:\Users\darek\AppData\Local\Temp\winguyfyx.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wincoqilx.exe" = C:\Users\darek\AppData\Local\Temp\wincoqilx.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\uujnrg.exe" = C:\Users\darek\AppData\Local\Temp\uujnrg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winontr.exe" = C:\Users\darek\AppData\Local\Temp\winontr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winqmos.exe" = C:\Users\darek\AppData\Local\Temp\winqmos.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\nkwemk.exe" = C:\Users\darek\AppData\Local\Temp\nkwemk.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winocnb.exe" = C:\Users\darek\AppData\Local\Temp\winocnb.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\lwhnj.exe" = C:\Users\darek\AppData\Local\Temp\lwhnj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winxeyi.exe" = C:\Users\darek\AppData\Local\Temp\winxeyi.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winrtug.exe" = C:\Users\darek\AppData\Local\Temp\winrtug.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winphit.exe" = C:\Users\darek\AppData\Local\Temp\winphit.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\gsaicy.exe" = C:\Users\darek\AppData\Local\Temp\gsaicy.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winaotblb.exe" = C:\Users\darek\AppData\Local\Temp\winaotblb.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ybvqyb.exe" = C:\Users\darek\AppData\Local\Temp\ybvqyb.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\evxsl.exe" = C:\Users\darek\AppData\Local\Temp\evxsl.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ibcr.exe" = C:\Users\darek\AppData\Local\Temp\ibcr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winixnnrs.exe" = C:\Users\darek\AppData\Local\Temp\winixnnrs.exe:*:Enabled:ipsec
"E:\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.247\deploy\League of Legends.exe" = E:\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.247\deploy\League of Legends.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winsxpx.exe" = C:\Users\darek\AppData\Local\Temp\winsxpx.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wmybmf.exe" = C:\Users\darek\AppData\Local\Temp\wmybmf.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\atax.exe" = C:\Users\darek\AppData\Local\Temp\atax.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\yprvoh.exe" = C:\Users\darek\AppData\Local\Temp\yprvoh.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\txlf.exe" = C:\Users\darek\AppData\Local\Temp\txlf.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ytdsjb.exe" = C:\Users\darek\AppData\Local\Temp\ytdsjb.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winhdovjg.exe" = C:\Users\darek\AppData\Local\Temp\winhdovjg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\dtwmr.exe" = C:\Users\darek\AppData\Local\Temp\dtwmr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\dovxp.exe" = C:\Users\darek\AppData\Local\Temp\dovxp.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winhyoj.exe" = C:\Users\darek\AppData\Local\Temp\winhyoj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ojsp.exe" = C:\Users\darek\AppData\Local\Temp\ojsp.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winspwkp.exe" = C:\Users\darek\AppData\Local\Temp\winspwkp.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wingxfkbb.exe" = C:\Users\darek\AppData\Local\Temp\wingxfkbb.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winepnuvx.exe" = C:\Users\darek\AppData\Local\Temp\winepnuvx.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wingsqa.exe" = C:\Users\darek\AppData\Local\Temp\wingsqa.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\qwju.exe" = C:\Users\darek\AppData\Local\Temp\qwju.exe:*:Enabled:ipsec
"G:\njsij.scr" = G:\njsij.scr:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\windxdllj.exe" = C:\Users\darek\AppData\Local\Temp\windxdllj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winbksss.exe" = C:\Users\darek\AppData\Local\Temp\winbksss.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winccmfl.exe" = C:\Users\darek\AppData\Local\Temp\winccmfl.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\jewxpr.exe" = C:\Users\darek\AppData\Local\Temp\jewxpr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wjecv.exe" = C:\Users\darek\AppData\Local\Temp\wjecv.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winieba.exe" = C:\Users\darek\AppData\Local\Temp\winieba.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvkpkgm.exe" = C:\Users\darek\AppData\Local\Temp\winvkpkgm.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\jqmfg.exe" = C:\Users\darek\AppData\Local\Temp\jqmfg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\hlutm.exe" = C:\Users\darek\AppData\Local\Temp\hlutm.exe:*:Enabled:ipsec
"E:\League of Legends\lol.launcher.admin.exe" = E:\League of Legends\lol.launcher.admin.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winnglfcb.exe" = C:\Users\darek\AppData\Local\Temp\winnglfcb.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winklsa.exe" = C:\Users\darek\AppData\Local\Temp\winklsa.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winrbbsn.exe" = C:\Users\darek\AppData\Local\Temp\winrbbsn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\nbmul.exe" = C:\Users\darek\AppData\Local\Temp\nbmul.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\hxxeq.exe" = C:\Users\darek\AppData\Local\Temp\hxxeq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\windpnoi.exe" = C:\Users\darek\AppData\Local\Temp\windpnoi.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wepl.exe" = C:\Users\darek\AppData\Local\Temp\wepl.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wbihcm.exe" = C:\Users\darek\AppData\Local\Temp\wbihcm.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winmtnoq.exe" = C:\Users\darek\AppData\Local\Temp\winmtnoq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winkidynh.exe" = C:\Users\darek\AppData\Local\Temp\winkidynh.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winjkfs.exe" = C:\Users\darek\AppData\Local\Temp\winjkfs.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ithtfw.exe" = C:\Users\darek\AppData\Local\Temp\ithtfw.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\lrep.exe" = C:\Users\darek\AppData\Local\Temp\lrep.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Roaming\METACR~1\UPDATE~1\UPDATE~1.EXE" = C:\Users\darek\AppData\Roaming\METACR~1\UPDATE~1\UPDATE~1.EXE:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winwaiu.exe" = C:\Users\darek\AppData\Local\Temp\winwaiu.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\sskqss.exe" = C:\Users\darek\AppData\Local\Temp\sskqss.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\olqkls.exe" = C:\Users\darek\AppData\Local\Temp\olqkls.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winxhhicv.exe" = C:\Users\darek\AppData\Local\Temp\winxhhicv.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winllon.exe" = C:\Users\darek\AppData\Local\Temp\winllon.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winoilc.exe" = C:\Users\darek\AppData\Local\Temp\winoilc.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ybwfor.exe" = C:\Users\darek\AppData\Local\Temp\ybwfor.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winbvrjpk.exe" = C:\Users\darek\AppData\Local\Temp\winbvrjpk.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winhajsq.exe" = C:\Users\darek\AppData\Local\Temp\winhajsq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\cvcpew.exe" = C:\Users\darek\AppData\Local\Temp\cvcpew.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\tmkt.exe" = C:\Users\darek\AppData\Local\Temp\tmkt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winwmvonv.exe" = C:\Users\darek\AppData\Local\Temp\winwmvonv.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winsoasjb.exe" = C:\Users\darek\AppData\Local\Temp\winsoasjb.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\nawck.exe" = C:\Users\darek\AppData\Local\Temp\nawck.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\emfmfu.exe" = C:\Users\darek\AppData\Local\Temp\emfmfu.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ggfoq.exe" = C:\Users\darek\AppData\Local\Temp\ggfoq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winjipmso.exe" = C:\Users\darek\AppData\Local\Temp\winjipmso.exe:*:Enabled:ipsec
"C:\Users\darek\Desktop\Minecraft.exe" = C:\Users\darek\Desktop\Minecraft.exe:*:Enabled:ipsec
"E:\Programy\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe" = E:\Programy\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe:*:Enabled:ipsec
"E:\Programy\Asprate\Tibia Multi IP Changer\UNinstaller.exe" = E:\Programy\Asprate\Tibia Multi IP Changer\UNinstaller.exe:*:Enabled:ipsec
"E:\Programy\Asprate\Tibia Multi IP Changer\Ip Changer Updater.exe" = E:\Programy\Asprate\Tibia Multi IP Changer\Ip Changer Updater.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvfdh.exe" = C:\Users\darek\AppData\Local\Temp\winvfdh.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\pmpcj.exe" = C:\Users\darek\AppData\Local\Temp\pmpcj.exe:*:Enabled:ipsec
"E:\LOL\lol.launcher.exe" = E:\LOL\lol.launcher.exe:*:Enabled:ipsec -- ()
"E:\LOL\lol.launcher.admin.exe" = E:\LOL\lol.launcher.admin.exe:*:Enabled:ipsec -- ()
"C:\Users\darek\AppData\Local\Temp\winutbj.exe" = C:\Users\darek\AppData\Local\Temp\winutbj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\_iu14D2N.tmp" = C:\Users\darek\AppData\Local\Temp\_iu14D2N.tmp:*:Enabled:ipsec -- ()
"C:\Users\darek\AppData\Local\Temp\nkqwag.exe" = C:\Users\darek\AppData\Local\Temp\nkqwag.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winsjylr.exe" = C:\Users\darek\AppData\Local\Temp\winsjylr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wincylrlx.exe" = C:\Users\darek\AppData\Local\Temp\wincylrlx.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winmndd.exe" = C:\Users\darek\AppData\Local\Temp\winmndd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winnenv.exe" = C:\Users\darek\AppData\Local\Temp\winnenv.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\jfpdw.exe" = C:\Users\darek\AppData\Local\Temp\jfpdw.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\kldt.exe" = C:\Users\darek\AppData\Local\Temp\kldt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winyvvhgx.exe" = C:\Users\darek\AppData\Local\Temp\winyvvhgx.exe:*:Enabled:ipsec
"E:\Kingo Android ROOT\unins000.exe" = E:\Kingo Android ROOT\unins000.exe:*:Enabled:ipsec -- ()
"C:\Users\darek\AppData\Local\Temp\is-KFBEF.tmp\android_root.tmp" = C:\Users\darek\AppData\Local\Temp\is-KFBEF.tmp\android_root.tmp:*:Enabled:ipsec
"E:\LOL\RADS\projects\lol_air_client\releases\0.0.1.87\deploy\LolClient.exe" = E:\LOL\RADS\projects\lol_air_client\releases\0.0.1.87\deploy\LolClient.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winoock.exe" = C:\Users\darek\AppData\Local\Temp\winoock.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winxaflum.exe" = C:\Users\darek\AppData\Local\Temp\winxaflum.exe:*:Enabled:ipsec
"C:\Program Files (x86)\Notepad++\notepad++.exe" = C:\Program Files (x86)\Notepad++\notepad++.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winpemkyk.exe" = C:\Users\darek\AppData\Local\Temp\winpemkyk.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winugvlpr.exe" = C:\Users\darek\AppData\Local\Temp\winugvlpr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winygekr.exe" = C:\Users\darek\AppData\Local\Temp\winygekr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\kafq.exe" = C:\Users\darek\AppData\Local\Temp\kafq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winrhxey.exe" = C:\Users\darek\AppData\Local\Temp\winrhxey.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ttwyg.exe" = C:\Users\darek\AppData\Local\Temp\ttwyg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wgyowp.exe" = C:\Users\darek\AppData\Local\Temp\wgyowp.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winguup.exe" = C:\Users\darek\AppData\Local\Temp\winguup.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winqjspd.exe" = C:\Users\darek\AppData\Local\Temp\winqjspd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\tklyas.exe" = C:\Users\darek\AppData\Local\Temp\tklyas.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winmufg.exe" = C:\Users\darek\AppData\Local\Temp\winmufg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winyebgh.exe" = C:\Users\darek\AppData\Local\Temp\winyebgh.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ssdfwq.exe" = C:\Users\darek\AppData\Local\Temp\ssdfwq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wincgaujo.exe" = C:\Users\darek\AppData\Local\Temp\wincgaujo.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winhhwq.exe" = C:\Users\darek\AppData\Local\Temp\winhhwq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winbinfmp.exe" = C:\Users\darek\AppData\Local\Temp\winbinfmp.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\lryr.exe" = C:\Users\darek\AppData\Local\Temp\lryr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ubyom.exe" = C:\Users\darek\AppData\Local\Temp\ubyom.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvumgw.exe" = C:\Users\darek\AppData\Local\Temp\winvumgw.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wptd.exe" = C:\Users\darek\AppData\Local\Temp\wptd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winwjnkof.exe" = C:\Users\darek\AppData\Local\Temp\winwjnkof.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ndjss.exe" = C:\Users\darek\AppData\Local\Temp\ndjss.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winysvtla.exe" = C:\Users\darek\AppData\Local\Temp\winysvtla.exe:*:Enabled:ipsec
"E:\LOL\RADS\projects\lol_launcher\releases\0.0.0.207\deploy\LoLLauncher.exe" = E:\LOL\RADS\projects\lol_launcher\releases\0.0.0.207\deploy\LoLLauncher.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winqtglj.exe" = C:\Users\darek\AppData\Local\Temp\winqtglj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\udelv.exe" = C:\Users\darek\AppData\Local\Temp\udelv.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winxitvs.exe" = C:\Users\darek\AppData\Local\Temp\winxitvs.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winofkpub.exe" = C:\Users\darek\AppData\Local\Temp\winofkpub.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winhmuhis.exe" = C:\Users\darek\AppData\Local\Temp\winhmuhis.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\cypeko.exe" = C:\Users\darek\AppData\Local\Temp\cypeko.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winndut.exe" = C:\Users\darek\AppData\Local\Temp\winndut.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\windwcbc.exe" = C:\Users\darek\AppData\Local\Temp\windwcbc.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winrcva.exe" = C:\Users\darek\AppData\Local\Temp\winrcva.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\xrtnv.exe" = C:\Users\darek\AppData\Local\Temp\xrtnv.exe:*:Enabled:ipsec
"E:\LOL\RADS\projects\lol_air_client\releases\0.0.1.88\deploy\LolClient.exe" = E:\LOL\RADS\projects\lol_air_client\releases\0.0.1.88\deploy\LolClient.exe:*:Enabled:ipsec
"C:\Windows\SysWOW64\ctfmon.exe" = C:\Windows\SysWOW64\ctfmon.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Users\darek\AppData\Local\Temp\winmprinm.exe" = C:\Users\darek\AppData\Local\Temp\winmprinm.exe:*:Enabled:ipsec
"E:\Program Files (x86)\screenSHU\screenSHU.exe" = E:\Program Files (x86)\screenSHU\screenSHU.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\atcui.exe" = C:\Users\darek\AppData\Local\Temp\atcui.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winccpfhv.exe" = C:\Users\darek\AppData\Local\Temp\winccpfhv.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvebsif.exe" = C:\Users\darek\AppData\Local\Temp\winvebsif.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winbdgs.exe" = C:\Users\darek\AppData\Local\Temp\winbdgs.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\iafs.exe" = C:\Users\darek\AppData\Local\Temp\iafs.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\pfnupn.exe" = C:\Users\darek\AppData\Local\Temp\pfnupn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\lcgxj.exe" = C:\Users\darek\AppData\Local\Temp\lcgxj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winludt.exe" = C:\Users\darek\AppData\Local\Temp\winludt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\swnmuk.exe" = C:\Users\darek\AppData\Local\Temp\swnmuk.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\nxcfj.exe" = C:\Users\darek\AppData\Local\Temp\nxcfj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wpefj.exe" = C:\Users\darek\AppData\Local\Temp\wpefj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winjmxdfd.exe" = C:\Users\darek\AppData\Local\Temp\winjmxdfd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\mjrt.exe" = C:\Users\darek\AppData\Local\Temp\mjrt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winrmqan.exe" = C:\Users\darek\AppData\Local\Temp\winrmqan.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\inpmvy.exe" = C:\Users\darek\AppData\Local\Temp\inpmvy.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\npwerp.exe" = C:\Users\darek\AppData\Local\Temp\npwerp.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winwmya.exe" = C:\Users\darek\AppData\Local\Temp\winwmya.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winehalch.exe" = C:\Users\darek\AppData\Local\Temp\winehalch.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wincgtnma.exe" = C:\Users\darek\AppData\Local\Temp\wincgtnma.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winmsyfc.exe" = C:\Users\darek\AppData\Local\Temp\winmsyfc.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winfnkjta.exe" = C:\Users\darek\AppData\Local\Temp\winfnkjta.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\pgiv.exe" = C:\Users\darek\AppData\Local\Temp\pgiv.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winstyva.exe" = C:\Users\darek\AppData\Local\Temp\winstyva.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winwcbiyu.exe" = C:\Users\darek\AppData\Local\Temp\winwcbiyu.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\vowa.exe" = C:\Users\darek\AppData\Local\Temp\vowa.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winrobq.exe" = C:\Users\darek\AppData\Local\Temp\winrobq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winceqs.exe" = C:\Users\darek\AppData\Local\Temp\winceqs.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winxgos.exe" = C:\Users\darek\AppData\Local\Temp\winxgos.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winymauou.exe" = C:\Users\darek\AppData\Local\Temp\winymauou.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\hnrak.exe" = C:\Users\darek\AppData\Local\Temp\hnrak.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winwchr.exe" = C:\Users\darek\AppData\Local\Temp\winwchr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\yfwv.exe" = C:\Users\darek\AppData\Local\Temp\yfwv.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winhvevm.exe" = C:\Users\darek\AppData\Local\Temp\winhvevm.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\oyhph.exe" = C:\Users\darek\AppData\Local\Temp\oyhph.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winweqd.exe" = C:\Users\darek\AppData\Local\Temp\winweqd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winahwv.exe" = C:\Users\darek\AppData\Local\Temp\winahwv.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wrhgo.exe" = C:\Users\darek\AppData\Local\Temp\wrhgo.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wincnqan.exe" = C:\Users\darek\AppData\Local\Temp\wincnqan.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winwjkoh.exe" = C:\Users\darek\AppData\Local\Temp\winwjkoh.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winrfrt.exe" = C:\Users\darek\AppData\Local\Temp\winrfrt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winfdoue.exe" = C:\Users\darek\AppData\Local\Temp\winfdoue.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winxwfo.exe" = C:\Users\darek\AppData\Local\Temp\winxwfo.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\yrnygm.exe" = C:\Users\darek\AppData\Local\Temp\yrnygm.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winxlgibn.exe" = C:\Users\darek\AppData\Local\Temp\winxlgibn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\brgtb.exe" = C:\Users\darek\AppData\Local\Temp\brgtb.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\efib.exe" = C:\Users\darek\AppData\Local\Temp\efib.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\windlom.exe" = C:\Users\darek\AppData\Local\Temp\windlom.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\hoouv.exe" = C:\Users\darek\AppData\Local\Temp\hoouv.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winsxkq.exe" = C:\Users\darek\AppData\Local\Temp\winsxkq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winqmykfn.exe" = C:\Users\darek\AppData\Local\Temp\winqmykfn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\xusu.exe" = C:\Users\darek\AppData\Local\Temp\xusu.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winyngr.exe" = C:\Users\darek\AppData\Local\Temp\winyngr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\gnrl.exe" = C:\Users\darek\AppData\Local\Temp\gnrl.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ysid.exe" = C:\Users\darek\AppData\Local\Temp\ysid.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winifso.exe" = C:\Users\darek\AppData\Local\Temp\winifso.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\jbsxl.exe" = C:\Users\darek\AppData\Local\Temp\jbsxl.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvljd.exe" = C:\Users\darek\AppData\Local\Temp\winvljd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\mpdswn.exe" = C:\Users\darek\AppData\Local\Temp\mpdswn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winxejds.exe" = C:\Users\darek\AppData\Local\Temp\winxejds.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winqqri.exe" = C:\Users\darek\AppData\Local\Temp\winqqri.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wincorn.exe" = C:\Users\darek\AppData\Local\Temp\wincorn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winedkyjj.exe" = C:\Users\darek\AppData\Local\Temp\winedkyjj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wineoyyd.exe" = C:\Users\darek\AppData\Local\Temp\wineoyyd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winxvsen.exe" = C:\Users\darek\AppData\Local\Temp\winxvsen.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winpbwibc.exe" = C:\Users\darek\AppData\Local\Temp\winpbwibc.exe:*:Enabled:ipsec
"E:\bot lol\BoL Studio.exe" = E:\bot lol\BoL Studio.exe:*:Enabled:ipsec -- ()
"C:\Users\darek\AppData\Local\Temp\mutqs.exe" = C:\Users\darek\AppData\Local\Temp\mutqs.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\bdnn.exe" = C:\Users\darek\AppData\Local\Temp\bdnn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\otosv.exe" = C:\Users\darek\AppData\Local\Temp\otosv.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\oswa.exe" = C:\Users\darek\AppData\Local\Temp\oswa.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winryscb.exe" = C:\Users\darek\AppData\Local\Temp\winryscb.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winrjvnvt.exe" = C:\Users\darek\AppData\Local\Temp\winrjvnvt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winrqyhsq.exe" = C:\Users\darek\AppData\Local\Temp\winrqyhsq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winbbvsoy.exe" = C:\Users\darek\AppData\Local\Temp\winbbvsoy.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winperluc.exe" = C:\Users\darek\AppData\Local\Temp\winperluc.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winktmshq.exe" = C:\Users\darek\AppData\Local\Temp\winktmshq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winhipy.exe" = C:\Users\darek\AppData\Local\Temp\winhipy.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\vtfrs.exe" = C:\Users\darek\AppData\Local\Temp\vtfrs.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wflol.exe" = C:\Users\darek\AppData\Local\Temp\wflol.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\oovf.exe" = C:\Users\darek\AppData\Local\Temp\oovf.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\lhmbgt.exe" = C:\Users\darek\AppData\Local\Temp\lhmbgt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\mmml.exe" = C:\Users\darek\AppData\Local\Temp\mmml.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\htnoi.exe" = C:\Users\darek\AppData\Local\Temp\htnoi.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\tlgc.exe" = C:\Users\darek\AppData\Local\Temp\tlgc.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\qtllt.exe" = C:\Users\darek\AppData\Local\Temp\qtllt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winwhqy.exe" = C:\Users\darek\AppData\Local\Temp\winwhqy.exe:*:Enabled:ipsec
"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" = C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winqpjuox.exe" = C:\Users\darek\AppData\Local\Temp\winqpjuox.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winmdsp.exe" = C:\Users\darek\AppData\Local\Temp\winmdsp.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winkqmac.exe" = C:\Users\darek\AppData\Local\Temp\winkqmac.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winntdu.exe" = C:\Users\darek\AppData\Local\Temp\winntdu.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\yskn.exe" = C:\Users\darek\AppData\Local\Temp\yskn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winwndaf.exe" = C:\Users\darek\AppData\Local\Temp\winwndaf.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\fqjh.exe" = C:\Users\darek\AppData\Local\Temp\fqjh.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winebcej.exe" = C:\Users\darek\AppData\Local\Temp\winebcej.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\lela.exe" = C:\Users\darek\AppData\Local\Temp\lela.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winkxlp.exe" = C:\Users\darek\AppData\Local\Temp\winkxlp.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\mbvqp.exe" = C:\Users\darek\AppData\Local\Temp\mbvqp.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winbhgmac.exe" = C:\Users\darek\AppData\Local\Temp\winbhgmac.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ojixf.exe" = C:\Users\darek\AppData\Local\Temp\ojixf.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wintcktwl.exe" = C:\Users\darek\AppData\Local\Temp\wintcktwl.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winrcld.exe" = C:\Users\darek\AppData\Local\Temp\winrcld.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\icjj.exe" = C:\Users\darek\AppData\Local\Temp\icjj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wintwhlr.exe" = C:\Users\darek\AppData\Local\Temp\wintwhlr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wingdln.exe" = C:\Users\darek\AppData\Local\Temp\wingdln.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ugsanh.exe" = C:\Users\darek\AppData\Local\Temp\ugsanh.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winnxnqqf.exe" = C:\Users\darek\AppData\Local\Temp\winnxnqqf.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ithjio.exe" = C:\Users\darek\AppData\Local\Temp\ithjio.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\mctsy.exe" = C:\Users\darek\AppData\Local\Temp\mctsy.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winodhwi.exe" = C:\Users\darek\AppData\Local\Temp\winodhwi.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wkiy.exe" = C:\Users\darek\AppData\Local\Temp\wkiy.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winjdgnrg.exe" = C:\Users\darek\AppData\Local\Temp\winjdgnrg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\jqlpqe.exe" = C:\Users\darek\AppData\Local\Temp\jqlpqe.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\syot.exe" = C:\Users\darek\AppData\Local\Temp\syot.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\jxoskj.exe" = C:\Users\darek\AppData\Local\Temp\jxoskj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\scjy.exe" = C:\Users\darek\AppData\Local\Temp\scjy.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\akxrc.exe" = C:\Users\darek\AppData\Local\Temp\akxrc.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\vywlq.exe" = C:\Users\darek\AppData\Local\Temp\vywlq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winwohjpl.exe" = C:\Users\darek\AppData\Local\Temp\winwohjpl.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winioyqf.exe" = C:\Users\darek\AppData\Local\Temp\winioyqf.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvaby.exe" = C:\Users\darek\AppData\Local\Temp\winvaby.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\dsrk.exe" = C:\Users\darek\AppData\Local\Temp\dsrk.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wingkasp.exe" = C:\Users\darek\AppData\Local\Temp\wingkasp.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\lxkhj.exe" = C:\Users\darek\AppData\Local\Temp\lxkhj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winhdvkn.exe" = C:\Users\darek\AppData\Local\Temp\winhdvkn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winkuxcdc.exe" = C:\Users\darek\AppData\Local\Temp\winkuxcdc.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winkefdlk.exe" = C:\Users\darek\AppData\Local\Temp\winkefdlk.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winflioe.exe" = C:\Users\darek\AppData\Local\Temp\winflioe.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winwxwvn.exe" = C:\Users\darek\AppData\Local\Temp\winwxwvn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winmabj.exe" = C:\Users\darek\AppData\Local\Temp\winmabj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\uaqop.exe" = C:\Users\darek\AppData\Local\Temp\uaqop.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\adfk.exe" = C:\Users\darek\AppData\Local\Temp\adfk.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winnbwlbq.exe" = C:\Users\darek\AppData\Local\Temp\winnbwlbq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\pfni.exe" = C:\Users\darek\AppData\Local\Temp\pfni.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\hcibj.exe" = C:\Users\darek\AppData\Local\Temp\hcibj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\yfcwp.exe" = C:\Users\darek\AppData\Local\Temp\yfcwp.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\viyxev.exe" = C:\Users\darek\AppData\Local\Temp\viyxev.exe:*:Enabled:ipsec
"C:\Users\darek\Downloads\screenSHU-setup.exe" = C:\Users\darek\Downloads\screenSHU-setup.exe:*:Enabled:ipsec
"E:\LOL\RADS\projects\lol_air_client\releases\0.0.1.94\deploy\LolClient.exe" = E:\LOL\RADS\projects\lol_air_client\releases\0.0.1.94\deploy\LolClient.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\rxbdr.exe" = C:\Users\darek\AppData\Local\Temp\rxbdr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winnytyo.exe" = C:\Users\darek\AppData\Local\Temp\winnytyo.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\kbmoe.exe" = C:\Users\darek\AppData\Local\Temp\kbmoe.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winfvhhyd.exe" = C:\Users\darek\AppData\Local\Temp\winfvhhyd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\egufq.exe" = C:\Users\darek\AppData\Local\Temp\egufq.exe:*:Enabled:ipsec
"E:\LOL\RADS\projects\lol_launcher\releases\0.0.0.209\deploy\LoLLauncher.exe" = E:\LOL\RADS\projects\lol_launcher\releases\0.0.0.209\deploy\LoLLauncher.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wineyhy.exe" = C:\Users\darek\AppData\Local\Temp\wineyhy.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\bvsqib.exe" = C:\Users\darek\AppData\Local\Temp\bvsqib.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winlhdd.exe" = C:\Users\darek\AppData\Local\Temp\winlhdd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\windjjp.exe" = C:\Users\darek\AppData\Local\Temp\windjjp.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvhlq.exe" = C:\Users\darek\AppData\Local\Temp\winvhlq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\vhjtsy.exe" = C:\Users\darek\AppData\Local\Temp\vhjtsy.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\bduek.exe" = C:\Users\darek\AppData\Local\Temp\bduek.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winpmuybd.exe" = C:\Users\darek\AppData\Local\Temp\winpmuybd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\dxyqgt.exe" = C:\Users\darek\AppData\Local\Temp\dxyqgt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ntgqg.exe" = C:\Users\darek\AppData\Local\Temp\ntgqg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\oshdj.exe" = C:\Users\darek\AppData\Local\Temp\oshdj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winnidfbw.exe" = C:\Users\darek\AppData\Local\Temp\winnidfbw.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winbgptu.exe" = C:\Users\darek\AppData\Local\Temp\winbgptu.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winyrnwug.exe" = C:\Users\darek\AppData\Local\Temp\winyrnwug.exe:*:Enabled:ipsec
"E:\botlol2\BoL Studio.exe" = E:\botlol2\BoL Studio.exe:*:Enabled:ipsec -- ()
"C:\Users\darek\AppData\Local\Temp\winswehrh.exe" = C:\Users\darek\AppData\Local\Temp\winswehrh.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\sqhg.exe" = C:\Users\darek\AppData\Local\Temp\sqhg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winsntu.exe" = C:\Users\darek\AppData\Local\Temp\winsntu.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wtbui.exe" = C:\Users\darek\AppData\Local\Temp\wtbui.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winhumd.exe" = C:\Users\darek\AppData\Local\Temp\winhumd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winmjgv.exe" = C:\Users\darek\AppData\Local\Temp\winmjgv.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winmcnr.exe" = C:\Users\darek\AppData\Local\Temp\winmcnr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winkjbgf.exe" = C:\Users\darek\AppData\Local\Temp\winkjbgf.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winrwndtv.exe" = C:\Users\darek\AppData\Local\Temp\winrwndtv.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\dvmnft.exe" = C:\Users\darek\AppData\Local\Temp\dvmnft.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wineevxi.exe" = C:\Users\darek\AppData\Local\Temp\wineevxi.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\xntmw.exe" = C:\Users\darek\AppData\Local\Temp\xntmw.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\btxen.exe" = C:\Users\darek\AppData\Local\Temp\btxen.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wincjob.exe" = C:\Users\darek\AppData\Local\Temp\wincjob.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winyssapt.exe" = C:\Users\darek\AppData\Local\Temp\winyssapt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winpbgq.exe" = C:\Users\darek\AppData\Local\Temp\winpbgq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\crtyod.exe" = C:\Users\darek\AppData\Local\Temp\crtyod.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\txmtn.exe" = C:\Users\darek\AppData\Local\Temp\txmtn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvantae.exe" = C:\Users\darek\AppData\Local\Temp\winvantae.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winbpudhq.exe" = C:\Users\darek\AppData\Local\Temp\winbpudhq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\dkrtk.exe" = C:\Users\darek\AppData\Local\Temp\dkrtk.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvvclub.exe" = C:\Users\darek\AppData\Local\Temp\winvvclub.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winsmpr.exe" = C:\Users\darek\AppData\Local\Temp\winsmpr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\aqtng.exe" = C:\Users\darek\AppData\Local\Temp\aqtng.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\pwlo.exe" = C:\Users\darek\AppData\Local\Temp\pwlo.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\vukqcn.exe" = C:\Users\darek\AppData\Local\Temp\vukqcn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\cwwq.exe" = C:\Users\darek\AppData\Local\Temp\cwwq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winomtjnt.exe" = C:\Users\darek\AppData\Local\Temp\winomtjnt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wintrcgd.exe" = C:\Users\darek\AppData\Local\Temp\wintrcgd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\khlsw.exe" = C:\Users\darek\AppData\Local\Temp\khlsw.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winpvtn.exe" = C:\Users\darek\AppData\Local\Temp\winpvtn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\rmff.exe" = C:\Users\darek\AppData\Local\Temp\rmff.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\epwa.exe" = C:\Users\darek\AppData\Local\Temp\epwa.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winoqewg.exe" = C:\Users\darek\AppData\Local\Temp\winoqewg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winfsni.exe" = C:\Users\darek\AppData\Local\Temp\winfsni.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wininlxi.exe" = C:\Users\darek\AppData\Local\Temp\wininlxi.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winsbdfkq.exe" = C:\Users\darek\AppData\Local\Temp\winsbdfkq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winantd.exe" = C:\Users\darek\AppData\Local\Temp\winantd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvsnl.exe" = C:\Users\darek\AppData\Local\Temp\winvsnl.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winbcit.exe" = C:\Users\darek\AppData\Local\Temp\winbcit.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winosglst.exe" = C:\Users\darek\AppData\Local\Temp\winosglst.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvgyd.exe" = C:\Users\darek\AppData\Local\Temp\winvgyd.exe:*:Enabled:ipsec
"E:\LOL\RADS\system\rads_user_kernel.exe" = E:\LOL\RADS\system\rads_user_kernel.exe:*:Enabled:ipsec -- ()
"C:\Users\darek\AppData\Local\Temp\winixsq.exe" = C:\Users\darek\AppData\Local\Temp\winixsq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\dmsi.exe" = C:\Users\darek\AppData\Local\Temp\dmsi.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winyslm.exe" = C:\Users\darek\AppData\Local\Temp\winyslm.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winptpxu.exe" = C:\Users\darek\AppData\Local\Temp\winptpxu.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wincsfw.exe" = C:\Users\darek\AppData\Local\Temp\wincsfw.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winwhdmb.exe" = C:\Users\darek\AppData\Local\Temp\winwhdmb.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\mhan.exe" = C:\Users\darek\AppData\Local\Temp\mhan.exe:*:Enabled:ipsec
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" = C:\Program Files (x86)\Windows Media Player\wmplayer.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"E:\LOL\RADS\solutions\lol_game_client_sln\releases\0.0.1.44\deploy\League of Legends.exe" = E:\LOL\RADS\solutions\lol_game_client_sln\releases\0.0.1.44\deploy\League of Legends.exe:*:Enabled:ipsec -- ()
"C:\Users\darek\AppData\Local\Temp\windiuixl.exe" = C:\Users\darek\AppData\Local\Temp\windiuixl.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winuytsb.exe" = C:\Users\darek\AppData\Local\Temp\winuytsb.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winpflic.exe" = C:\Users\darek\AppData\Local\Temp\winpflic.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winahec.exe" = C:\Users\darek\AppData\Local\Temp\winahec.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wpwm.exe" = C:\Users\darek\AppData\Local\Temp\wpwm.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\shaq.exe" = C:\Users\darek\AppData\Local\Temp\shaq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\itlnu.exe" = C:\Users\darek\AppData\Local\Temp\itlnu.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\fpsu.exe" = C:\Users\darek\AppData\Local\Temp\fpsu.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wincbvdo.exe" = C:\Users\darek\AppData\Local\Temp\wincbvdo.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\fkcjo.exe" = C:\Users\darek\AppData\Local\Temp\fkcjo.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\gnowx.exe" = C:\Users\darek\AppData\Local\Temp\gnowx.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\lyftn.exe" = C:\Users\darek\AppData\Local\Temp\lyftn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\srbmg.exe" = C:\Users\darek\AppData\Local\Temp\srbmg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winwffb.exe" = C:\Users\darek\AppData\Local\Temp\winwffb.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\feitt.exe" = C:\Users\darek\AppData\Local\Temp\feitt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\hvrcrd.exe" = C:\Users\darek\AppData\Local\Temp\hvrcrd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvqwqge.exe" = C:\Users\darek\AppData\Local\Temp\winvqwqge.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winqddr.exe" = C:\Users\darek\AppData\Local\Temp\winqddr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winbaxm.exe" = C:\Users\darek\AppData\Local\Temp\winbaxm.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winbfigg.exe" = C:\Users\darek\AppData\Local\Temp\winbfigg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvbjln.exe" = C:\Users\darek\AppData\Local\Temp\winvbjln.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winrffcm.exe" = C:\Users\darek\AppData\Local\Temp\winrffcm.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\oooa.exe" = C:\Users\darek\AppData\Local\Temp\oooa.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\smfwvf.exe" = C:\Users\darek\AppData\Local\Temp\smfwvf.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winwpdl.exe" = C:\Users\darek\AppData\Local\Temp\winwpdl.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winqlwpmq.exe" = C:\Users\darek\AppData\Local\Temp\winqlwpmq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wingfdvsn.exe" = C:\Users\darek\AppData\Local\Temp\wingfdvsn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winuoyg.exe" = C:\Users\darek\AppData\Local\Temp\winuoyg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winnqddbg.exe" = C:\Users\darek\AppData\Local\Temp\winnqddbg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\oumicn.exe" = C:\Users\darek\AppData\Local\Temp\oumicn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winqqqk.exe" = C:\Users\darek\AppData\Local\Temp\winqqqk.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\rqpj.exe" = C:\Users\darek\AppData\Local\Temp\rqpj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\cdmbom.exe" = C:\Users\darek\AppData\Local\Temp\cdmbom.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\infjfu.exe" = C:\Users\darek\AppData\Local\Temp\infjfu.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winrlvdj.exe" = C:\Users\darek\AppData\Local\Temp\winrlvdj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winfxsfi.exe" = C:\Users\darek\AppData\Local\Temp\winfxsfi.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winthemtc.exe" = C:\Users\darek\AppData\Local\Temp\winthemtc.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winhvklv.exe" = C:\Users\darek\AppData\Local\Temp\winhvklv.exe:*:Enabled:ipsec
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" = C:\Program Files (x86)\Internet Explorer\iexplore.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Users\darek\AppData\Local\Temp\dtknql.exe" = C:\Users\darek\AppData\Local\Temp\dtknql.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvjfvg.exe" = C:\Users\darek\AppData\Local\Temp\winvjfvg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\psgb.exe" = C:\Users\darek\AppData\Local\Temp\psgb.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winmaomr.exe" = C:\Users\darek\AppData\Local\Temp\winmaomr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\iufi.exe" = C:\Users\darek\AppData\Local\Temp\iufi.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winlojr.exe" = C:\Users\darek\AppData\Local\Temp\winlojr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winpeex.exe" = C:\Users\darek\AppData\Local\Temp\winpeex.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winkduu.exe" = C:\Users\darek\AppData\Local\Temp\winkduu.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\rcnrym.exe" = C:\Users\darek\AppData\Local\Temp\rcnrym.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\pwvt.exe" = C:\Users\darek\AppData\Local\Temp\pwvt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winlftk.exe" = C:\Users\darek\AppData\Local\Temp\winlftk.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wincdlj.exe" = C:\Users\darek\AppData\Local\Temp\wincdlj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wincriaid.exe" = C:\Users\darek\AppData\Local\Temp\wincriaid.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winpkla.exe" = C:\Users\darek\AppData\Local\Temp\winpkla.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winnbui.exe" = C:\Users\darek\AppData\Local\Temp\winnbui.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winprarbk.exe" = C:\Users\darek\AppData\Local\Temp\winprarbk.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winywko.exe" = C:\Users\darek\AppData\Local\Temp\winywko.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\sqwell.exe" = C:\Users\darek\AppData\Local\Temp\sqwell.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winpveuhh.exe" = C:\Users\darek\AppData\Local\Temp\winpveuhh.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvmxx.exe" = C:\Users\darek\AppData\Local\Temp\winvmxx.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winhkaf.exe" = C:\Users\darek\AppData\Local\Temp\winhkaf.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winmrlkrd.exe" = C:\Users\darek\AppData\Local\Temp\winmrlkrd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\igvn.exe" = C:\Users\darek\AppData\Local\Temp\igvn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winbwhwqn.exe" = C:\Users\darek\AppData\Local\Temp\winbwhwqn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\gqno.exe" = C:\Users\darek\AppData\Local\Temp\gqno.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winoigecu.exe" = C:\Users\darek\AppData\Local\Temp\winoigecu.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wingxuh.exe" = C:\Users\darek\AppData\Local\Temp\wingxuh.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winmxfp.exe" = C:\Users\darek\AppData\Local\Temp\winmxfp.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\iytemq.exe" = C:\Users\darek\AppData\Local\Temp\iytemq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\windrvd.exe" = C:\Users\darek\AppData\Local\Temp\windrvd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winlycc.exe" = C:\Users\darek\AppData\Local\Temp\winlycc.exe:*:Enabled:ipsec
"E:\Action!\Action.exe" = E:\Action!\Action.exe:*:Enabled:ipsec
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" = C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe:*:Enabled:ipsec
"C:\Program Files (x86)\Skype\Phone\Skype.exe" = C:\Program Files (x86)\Skype\Phone\Skype.exe:*:Enabled:ipsec -- (Skype Technologies S.A.)
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe" = C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe:*:Enabled:ipsec -- (Adobe Systems, Inc.)
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" = C:\Program Files (x86)\Mozilla Firefox\firefox.exe:*:Enabled:ipsec -- (Mozilla Corporation)
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe:*:Enabled:ipsec
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" = C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe:*:Enabled:ipsec -- (Mozilla Corporation)
"C:\Windows\SysWOW64\netsh.exe" = C:\Windows\SysWOW64\netsh.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Program Files (x86)\screenSHU\screenSHU.exe" = C:\Program Files (x86)\screenSHU\screenSHU.exe:*:Enabled:ipsec
"E:\Programy\Game Booster 3\AutoUpdate.exe" = E:\Programy\Game Booster 3\AutoUpdate.exe:*:Enabled:ipsec
"E:\PandoraMT2\patcher\metin2.bin" = E:\PandoraMT2\patcher\metin2.bin:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winuvcaad.exe" = C:\Users\darek\AppData\Local\Temp\winuvcaad.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winjjkj.exe" = C:\Users\darek\AppData\Local\Temp\winjjkj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winebjak.exe" = C:\Users\darek\AppData\Local\Temp\winebjak.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\idcdo.exe" = C:\Users\darek\AppData\Local\Temp\idcdo.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winiellg.exe" = C:\Users\darek\AppData\Local\Temp\winiellg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\dcbesx.exe" = C:\Users\darek\AppData\Local\Temp\dcbesx.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winfxwuf.exe" = C:\Users\darek\AppData\Local\Temp\winfxwuf.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wintotpvi.exe" = C:\Users\darek\AppData\Local\Temp\wintotpvi.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winmyjdrk.exe" = C:\Users\darek\AppData\Local\Temp\winmyjdrk.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winrvumg.exe" = C:\Users\darek\AppData\Local\Temp\winrvumg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\chdxcn.exe" = C:\Users\darek\AppData\Local\Temp\chdxcn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\bpap.exe" = C:\Users\darek\AppData\Local\Temp\bpap.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\xhbc.exe" = C:\Users\darek\AppData\Local\Temp\xhbc.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\nykkc.exe" = C:\Users\darek\AppData\Local\Temp\nykkc.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winjrtyyv.exe" = C:\Users\darek\AppData\Local\Temp\winjrtyyv.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\xtxjki.exe" = C:\Users\darek\AppData\Local\Temp\xtxjki.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\xidcu.exe" = C:\Users\darek\AppData\Local\Temp\xidcu.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winemje.exe" = C:\Users\darek\AppData\Local\Temp\winemje.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winufmaa.exe" = C:\Users\darek\AppData\Local\Temp\winufmaa.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winkvau.exe" = C:\Users\darek\AppData\Local\Temp\winkvau.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winukigxt.exe" = C:\Users\darek\AppData\Local\Temp\winukigxt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winqkyj.exe" = C:\Users\darek\AppData\Local\Temp\winqkyj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winingvh.exe" = C:\Users\darek\AppData\Local\Temp\winingvh.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winelbdr.exe" = C:\Users\darek\AppData\Local\Temp\winelbdr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ejor.exe" = C:\Users\darek\AppData\Local\Temp\ejor.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winbbrtct.exe" = C:\Users\darek\AppData\Local\Temp\winbbrtct.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\rllo.exe" = C:\Users\darek\AppData\Local\Temp\rllo.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winhuemna.exe" = C:\Users\darek\AppData\Local\Temp\winhuemna.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wincxxbk.exe" = C:\Users\darek\AppData\Local\Temp\wincxxbk.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\yrhp.exe" = C:\Users\darek\AppData\Local\Temp\yrhp.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\inqu.exe" = C:\Users\darek\AppData\Local\Temp\inqu.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\workox.exe" = C:\Users\darek\AppData\Local\Temp\workox.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\nkdth.exe" = C:\Users\darek\AppData\Local\Temp\nkdth.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winnxpoxt.exe" = C:\Users\darek\AppData\Local\Temp\winnxpoxt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvwsb.exe" = C:\Users\darek\AppData\Local\Temp\winvwsb.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wincyyfy.exe" = C:\Users\darek\AppData\Local\Temp\wincyyfy.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winccgpy.exe" = C:\Users\darek\AppData\Local\Temp\winccgpy.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winwmvcig.exe" = C:\Users\darek\AppData\Local\Temp\winwmvcig.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winmdfcjm.exe" = C:\Users\darek\AppData\Local\Temp\winmdfcjm.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winalwrx.exe" = C:\Users\darek\AppData\Local\Temp\winalwrx.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvejcki.exe" = C:\Users\darek\AppData\Local\Temp\winvejcki.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ljdjuj.exe" = C:\Users\darek\AppData\Local\Temp\ljdjuj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\gucdc.exe" = C:\Users\darek\AppData\Local\Temp\gucdc.exe:*:Enabled:ipsec
"E:\League of Legends\RADS\system\rads_user_kernel.exe" = E:\League of Legends\RADS\system\rads_user_kernel.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\enpvrg.exe" = C:\Users\darek\AppData\Local\Temp\enpvrg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winxvcwyb.exe" = C:\Users\darek\AppData\Local\Temp\winxvcwyb.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ayaj.exe" = C:\Users\darek\AppData\Local\Temp\ayaj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winiektt.exe" = C:\Users\darek\AppData\Local\Temp\winiektt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winnjqt.exe" = C:\Users\darek\AppData\Local\Temp\winnjqt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wingiyp.exe" = C:\Users\darek\AppData\Local\Temp\wingiyp.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\pxit.exe" = C:\Users\darek\AppData\Local\Temp\pxit.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winhdkr.exe" = C:\Users\darek\AppData\Local\Temp\winhdkr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\aehd.exe" = C:\Users\darek\AppData\Local\Temp\aehd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winqnqp.exe" = C:\Users\darek\AppData\Local\Temp\winqnqp.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winguyfyx.exe" = C:\Users\darek\AppData\Local\Temp\winguyfyx.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wincoqilx.exe" = C:\Users\darek\AppData\Local\Temp\wincoqilx.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\uujnrg.exe" = C:\Users\darek\AppData\Local\Temp\uujnrg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winontr.exe" = C:\Users\darek\AppData\Local\Temp\winontr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winqmos.exe" = C:\Users\darek\AppData\Local\Temp\winqmos.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\nkwemk.exe" = C:\Users\darek\AppData\Local\Temp\nkwemk.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winocnb.exe" = C:\Users\darek\AppData\Local\Temp\winocnb.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\lwhnj.exe" = C:\Users\darek\AppData\Local\Temp\lwhnj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winxeyi.exe" = C:\Users\darek\AppData\Local\Temp\winxeyi.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winrtug.exe" = C:\Users\darek\AppData\Local\Temp\winrtug.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winphit.exe" = C:\Users\darek\AppData\Local\Temp\winphit.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\gsaicy.exe" = C:\Users\darek\AppData\Local\Temp\gsaicy.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winaotblb.exe" = C:\Users\darek\AppData\Local\Temp\winaotblb.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ybvqyb.exe" = C:\Users\darek\AppData\Local\Temp\ybvqyb.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\evxsl.exe" = C:\Users\darek\AppData\Local\Temp\evxsl.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ibcr.exe" = C:\Users\darek\AppData\Local\Temp\ibcr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winixnnrs.exe" = C:\Users\darek\AppData\Local\Temp\winixnnrs.exe:*:Enabled:ipsec
"E:\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.247\deploy\League of Legends.exe" = E:\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.247\deploy\League of Legends.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winsxpx.exe" = C:\Users\darek\AppData\Local\Temp\winsxpx.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wmybmf.exe" = C:\Users\darek\AppData\Local\Temp\wmybmf.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\atax.exe" = C:\Users\darek\AppData\Local\Temp\atax.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\yprvoh.exe" = C:\Users\darek\AppData\Local\Temp\yprvoh.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\txlf.exe" = C:\Users\darek\AppData\Local\Temp\txlf.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ytdsjb.exe" = C:\Users\darek\AppData\Local\Temp\ytdsjb.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winhdovjg.exe" = C:\Users\darek\AppData\Local\Temp\winhdovjg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\dtwmr.exe" = C:\Users\darek\AppData\Local\Temp\dtwmr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\dovxp.exe" = C:\Users\darek\AppData\Local\Temp\dovxp.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winhyoj.exe" = C:\Users\darek\AppData\Local\Temp\winhyoj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ojsp.exe" = C:\Users\darek\AppData\Local\Temp\ojsp.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winspwkp.exe" = C:\Users\darek\AppData\Local\Temp\winspwkp.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wingxfkbb.exe" = C:\Users\darek\AppData\Local\Temp\wingxfkbb.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winepnuvx.exe" = C:\Users\darek\AppData\Local\Temp\winepnuvx.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wingsqa.exe" = C:\Users\darek\AppData\Local\Temp\wingsqa.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\qwju.exe" = C:\Users\darek\AppData\Local\Temp\qwju.exe:*:Enabled:ipsec
"G:\njsij.scr" = G:\njsij.scr:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\windxdllj.exe" = C:\Users\darek\AppData\Local\Temp\windxdllj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winbksss.exe" = C:\Users\darek\AppData\Local\Temp\winbksss.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winccmfl.exe" = C:\Users\darek\AppData\Local\Temp\winccmfl.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\jewxpr.exe" = C:\Users\darek\AppData\Local\Temp\jewxpr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wjecv.exe" = C:\Users\darek\AppData\Local\Temp\wjecv.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winieba.exe" = C:\Users\darek\AppData\Local\Temp\winieba.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvkpkgm.exe" = C:\Users\darek\AppData\Local\Temp\winvkpkgm.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\jqmfg.exe" = C:\Users\darek\AppData\Local\Temp\jqmfg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\hlutm.exe" = C:\Users\darek\AppData\Local\Temp\hlutm.exe:*:Enabled:ipsec
"E:\League of Legends\lol.launcher.admin.exe" = E:\League of Legends\lol.launcher.admin.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winnglfcb.exe" = C:\Users\darek\AppData\Local\Temp\winnglfcb.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winklsa.exe" = C:\Users\darek\AppData\Local\Temp\winklsa.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winrbbsn.exe" = C:\Users\darek\AppData\Local\Temp\winrbbsn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\nbmul.exe" = C:\Users\darek\AppData\Local\Temp\nbmul.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\hxxeq.exe" = C:\Users\darek\AppData\Local\Temp\hxxeq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\windpnoi.exe" = C:\Users\darek\AppData\Local\Temp\windpnoi.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wepl.exe" = C:\Users\darek\AppData\Local\Temp\wepl.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wbihcm.exe" = C:\Users\darek\AppData\Local\Temp\wbihcm.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winmtnoq.exe" = C:\Users\darek\AppData\Local\Temp\winmtnoq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winkidynh.exe" = C:\Users\darek\AppData\Local\Temp\winkidynh.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winjkfs.exe" = C:\Users\darek\AppData\Local\Temp\winjkfs.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ithtfw.exe" = C:\Users\darek\AppData\Local\Temp\ithtfw.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\lrep.exe" = C:\Users\darek\AppData\Local\Temp\lrep.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Roaming\METACR~1\UPDATE~1\UPDATE~1.EXE" = C:\Users\darek\AppData\Roaming\METACR~1\UPDATE~1\UPDATE~1.EXE:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winwaiu.exe" = C:\Users\darek\AppData\Local\Temp\winwaiu.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\sskqss.exe" = C:\Users\darek\AppData\Local\Temp\sskqss.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\olqkls.exe" = C:\Users\darek\AppData\Local\Temp\olqkls.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winxhhicv.exe" = C:\Users\darek\AppData\Local\Temp\winxhhicv.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winllon.exe" = C:\Users\darek\AppData\Local\Temp\winllon.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winoilc.exe" = C:\Users\darek\AppData\Local\Temp\winoilc.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ybwfor.exe" = C:\Users\darek\AppData\Local\Temp\ybwfor.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winbvrjpk.exe" = C:\Users\darek\AppData\Local\Temp\winbvrjpk.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winhajsq.exe" = C:\Users\darek\AppData\Local\Temp\winhajsq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\cvcpew.exe" = C:\Users\darek\AppData\Local\Temp\cvcpew.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\tmkt.exe" = C:\Users\darek\AppData\Local\Temp\tmkt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winwmvonv.exe" = C:\Users\darek\AppData\Local\Temp\winwmvonv.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winsoasjb.exe" = C:\Users\darek\AppData\Local\Temp\winsoasjb.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\nawck.exe" = C:\Users\darek\AppData\Local\Temp\nawck.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\emfmfu.exe" = C:\Users\darek\AppData\Local\Temp\emfmfu.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ggfoq.exe" = C:\Users\darek\AppData\Local\Temp\ggfoq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winjipmso.exe" = C:\Users\darek\AppData\Local\Temp\winjipmso.exe:*:Enabled:ipsec
"C:\Users\darek\Desktop\Minecraft.exe" = C:\Users\darek\Desktop\Minecraft.exe:*:Enabled:ipsec
"E:\Programy\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe" = E:\Programy\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe:*:Enabled:ipsec
"E:\Programy\Asprate\Tibia Multi IP Changer\UNinstaller.exe" = E:\Programy\Asprate\Tibia Multi IP Changer\UNinstaller.exe:*:Enabled:ipsec
"E:\Programy\Asprate\Tibia Multi IP Changer\Ip Changer Updater.exe" = E:\Programy\Asprate\Tibia Multi IP Changer\Ip Changer Updater.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvfdh.exe" = C:\Users\darek\AppData\Local\Temp\winvfdh.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\pmpcj.exe" = C:\Users\darek\AppData\Local\Temp\pmpcj.exe:*:Enabled:ipsec
"E:\LOL\lol.launcher.exe" = E:\LOL\lol.launcher.exe:*:Enabled:ipsec -- ()
"E:\LOL\lol.launcher.admin.exe" = E:\LOL\lol.launcher.admin.exe:*:Enabled:ipsec -- ()
"C:\Users\darek\AppData\Local\Temp\winutbj.exe" = C:\Users\darek\AppData\Local\Temp\winutbj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\_iu14D2N.tmp" = C:\Users\darek\AppData\Local\Temp\_iu14D2N.tmp:*:Enabled:ipsec -- ()
"C:\Users\darek\AppData\Local\Temp\nkqwag.exe" = C:\Users\darek\AppData\Local\Temp\nkqwag.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winsjylr.exe" = C:\Users\darek\AppData\Local\Temp\winsjylr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wincylrlx.exe" = C:\Users\darek\AppData\Local\Temp\wincylrlx.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winmndd.exe" = C:\Users\darek\AppData\Local\Temp\winmndd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winnenv.exe" = C:\Users\darek\AppData\Local\Temp\winnenv.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\jfpdw.exe" = C:\Users\darek\AppData\Local\Temp\jfpdw.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\kldt.exe" = C:\Users\darek\AppData\Local\Temp\kldt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winyvvhgx.exe" = C:\Users\darek\AppData\Local\Temp\winyvvhgx.exe:*:Enabled:ipsec
"E:\Kingo Android ROOT\unins000.exe" = E:\Kingo Android ROOT\unins000.exe:*:Enabled:ipsec -- ()
"C:\Users\darek\AppData\Local\Temp\is-KFBEF.tmp\android_root.tmp" = C:\Users\darek\AppData\Local\Temp\is-KFBEF.tmp\android_root.tmp:*:Enabled:ipsec
"E:\LOL\RADS\projects\lol_air_client\releases\0.0.1.87\deploy\LolClient.exe" = E:\LOL\RADS\projects\lol_air_client\releases\0.0.1.87\deploy\LolClient.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winoock.exe" = C:\Users\darek\AppData\Local\Temp\winoock.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winxaflum.exe" = C:\Users\darek\AppData\Local\Temp\winxaflum.exe:*:Enabled:ipsec
"C:\Program Files (x86)\Notepad++\notepad++.exe" = C:\Program Files (x86)\Notepad++\notepad++.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winpemkyk.exe" = C:\Users\darek\AppData\Local\Temp\winpemkyk.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winugvlpr.exe" = C:\Users\darek\AppData\Local\Temp\winugvlpr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winygekr.exe" = C:\Users\darek\AppData\Local\Temp\winygekr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\kafq.exe" = C:\Users\darek\AppData\Local\Temp\kafq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winrhxey.exe" = C:\Users\darek\AppData\Local\Temp\winrhxey.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ttwyg.exe" = C:\Users\darek\AppData\Local\Temp\ttwyg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wgyowp.exe" = C:\Users\darek\AppData\Local\Temp\wgyowp.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winguup.exe" = C:\Users\darek\AppData\Local\Temp\winguup.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winqjspd.exe" = C:\Users\darek\AppData\Local\Temp\winqjspd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\tklyas.exe" = C:\Users\darek\AppData\Local\Temp\tklyas.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winmufg.exe" = C:\Users\darek\AppData\Local\Temp\winmufg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winyebgh.exe" = C:\Users\darek\AppData\Local\Temp\winyebgh.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ssdfwq.exe" = C:\Users\darek\AppData\Local\Temp\ssdfwq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wincgaujo.exe" = C:\Users\darek\AppData\Local\Temp\wincgaujo.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winhhwq.exe" = C:\Users\darek\AppData\Local\Temp\winhhwq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winbinfmp.exe" = C:\Users\darek\AppData\Local\Temp\winbinfmp.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\lryr.exe" = C:\Users\darek\AppData\Local\Temp\lryr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ubyom.exe" = C:\Users\darek\AppData\Local\Temp\ubyom.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvumgw.exe" = C:\Users\darek\AppData\Local\Temp\winvumgw.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wptd.exe" = C:\Users\darek\AppData\Local\Temp\wptd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winwjnkof.exe" = C:\Users\darek\AppData\Local\Temp\winwjnkof.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ndjss.exe" = C:\Users\darek\AppData\Local\Temp\ndjss.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winysvtla.exe" = C:\Users\darek\AppData\Local\Temp\winysvtla.exe:*:Enabled:ipsec
"E:\LOL\RADS\projects\lol_launcher\releases\0.0.0.207\deploy\LoLLauncher.exe" = E:\LOL\RADS\projects\lol_launcher\releases\0.0.0.207\deploy\LoLLauncher.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winqtglj.exe" = C:\Users\darek\AppData\Local\Temp\winqtglj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\udelv.exe" = C:\Users\darek\AppData\Local\Temp\udelv.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winxitvs.exe" = C:\Users\darek\AppData\Local\Temp\winxitvs.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winofkpub.exe" = C:\Users\darek\AppData\Local\Temp\winofkpub.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winhmuhis.exe" = C:\Users\darek\AppData\Local\Temp\winhmuhis.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\cypeko.exe" = C:\Users\darek\AppData\Local\Temp\cypeko.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winndut.exe" = C:\Users\darek\AppData\Local\Temp\winndut.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\windwcbc.exe" = C:\Users\darek\AppData\Local\Temp\windwcbc.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winrcva.exe" = C:\Users\darek\AppData\Local\Temp\winrcva.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\xrtnv.exe" = C:\Users\darek\AppData\Local\Temp\xrtnv.exe:*:Enabled:ipsec
"E:\LOL\RADS\projects\lol_air_client\releases\0.0.1.88\deploy\LolClient.exe" = E:\LOL\RADS\projects\lol_air_client\releases\0.0.1.88\deploy\LolClient.exe:*:Enabled:ipsec
"C:\Windows\SysWOW64\ctfmon.exe" = C:\Windows\SysWOW64\ctfmon.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Users\darek\AppData\Local\Temp\winmprinm.exe" = C:\Users\darek\AppData\Local\Temp\winmprinm.exe:*:Enabled:ipsec
"E:\Program Files (x86)\screenSHU\screenSHU.exe" = E:\Program Files (x86)\screenSHU\screenSHU.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\atcui.exe" = C:\Users\darek\AppData\Local\Temp\atcui.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winccpfhv.exe" = C:\Users\darek\AppData\Local\Temp\winccpfhv.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvebsif.exe" = C:\Users\darek\AppData\Local\Temp\winvebsif.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winbdgs.exe" = C:\Users\darek\AppData\Local\Temp\winbdgs.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\iafs.exe" = C:\Users\darek\AppData\Local\Temp\iafs.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\pfnupn.exe" = C:\Users\darek\AppData\Local\Temp\pfnupn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\lcgxj.exe" = C:\Users\darek\AppData\Local\Temp\lcgxj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winludt.exe" = C:\Users\darek\AppData\Local\Temp\winludt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\swnmuk.exe" = C:\Users\darek\AppData\Local\Temp\swnmuk.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\nxcfj.exe" = C:\Users\darek\AppData\Local\Temp\nxcfj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wpefj.exe" = C:\Users\darek\AppData\Local\Temp\wpefj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winjmxdfd.exe" = C:\Users\darek\AppData\Local\Temp\winjmxdfd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\mjrt.exe" = C:\Users\darek\AppData\Local\Temp\mjrt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winrmqan.exe" = C:\Users\darek\AppData\Local\Temp\winrmqan.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\inpmvy.exe" = C:\Users\darek\AppData\Local\Temp\inpmvy.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\npwerp.exe" = C:\Users\darek\AppData\Local\Temp\npwerp.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winwmya.exe" = C:\Users\darek\AppData\Local\Temp\winwmya.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winehalch.exe" = C:\Users\darek\AppData\Local\Temp\winehalch.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wincgtnma.exe" = C:\Users\darek\AppData\Local\Temp\wincgtnma.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winmsyfc.exe" = C:\Users\darek\AppData\Local\Temp\winmsyfc.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winfnkjta.exe" = C:\Users\darek\AppData\Local\Temp\winfnkjta.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\pgiv.exe" = C:\Users\darek\AppData\Local\Temp\pgiv.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winstyva.exe" = C:\Users\darek\AppData\Local\Temp\winstyva.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winwcbiyu.exe" = C:\Users\darek\AppData\Local\Temp\winwcbiyu.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\vowa.exe" = C:\Users\darek\AppData\Local\Temp\vowa.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winrobq.exe" = C:\Users\darek\AppData\Local\Temp\winrobq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winceqs.exe" = C:\Users\darek\AppData\Local\Temp\winceqs.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winxgos.exe" = C:\Users\darek\AppData\Local\Temp\winxgos.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winymauou.exe" = C:\Users\darek\AppData\Local\Temp\winymauou.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\hnrak.exe" = C:\Users\darek\AppData\Local\Temp\hnrak.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winwchr.exe" = C:\Users\darek\AppData\Local\Temp\winwchr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\yfwv.exe" = C:\Users\darek\AppData\Local\Temp\yfwv.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winhvevm.exe" = C:\Users\darek\AppData\Local\Temp\winhvevm.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\oyhph.exe" = C:\Users\darek\AppData\Local\Temp\oyhph.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winweqd.exe" = C:\Users\darek\AppData\Local\Temp\winweqd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winahwv.exe" = C:\Users\darek\AppData\Local\Temp\winahwv.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wrhgo.exe" = C:\Users\darek\AppData\Local\Temp\wrhgo.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wincnqan.exe" = C:\Users\darek\AppData\Local\Temp\wincnqan.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winwjkoh.exe" = C:\Users\darek\AppData\Local\Temp\winwjkoh.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winrfrt.exe" = C:\Users\darek\AppData\Local\Temp\winrfrt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winfdoue.exe" = C:\Users\darek\AppData\Local\Temp\winfdoue.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winxwfo.exe" = C:\Users\darek\AppData\Local\Temp\winxwfo.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\yrnygm.exe" = C:\Users\darek\AppData\Local\Temp\yrnygm.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winxlgibn.exe" = C:\Users\darek\AppData\Local\Temp\winxlgibn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\brgtb.exe" = C:\Users\darek\AppData\Local\Temp\brgtb.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\efib.exe" = C:\Users\darek\AppData\Local\Temp\efib.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\windlom.exe" = C:\Users\darek\AppData\Local\Temp\windlom.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\hoouv.exe" = C:\Users\darek\AppData\Local\Temp\hoouv.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winsxkq.exe" = C:\Users\darek\AppData\Local\Temp\winsxkq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winqmykfn.exe" = C:\Users\darek\AppData\Local\Temp\winqmykfn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\xusu.exe" = C:\Users\darek\AppData\Local\Temp\xusu.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winyngr.exe" = C:\Users\darek\AppData\Local\Temp\winyngr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\gnrl.exe" = C:\Users\darek\AppData\Local\Temp\gnrl.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ysid.exe" = C:\Users\darek\AppData\Local\Temp\ysid.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winifso.exe" = C:\Users\darek\AppData\Local\Temp\winifso.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\jbsxl.exe" = C:\Users\darek\AppData\Local\Temp\jbsxl.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvljd.exe" = C:\Users\darek\AppData\Local\Temp\winvljd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\mpdswn.exe" = C:\Users\darek\AppData\Local\Temp\mpdswn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winxejds.exe" = C:\Users\darek\AppData\Local\Temp\winxejds.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winqqri.exe" = C:\Users\darek\AppData\Local\Temp\winqqri.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wincorn.exe" = C:\Users\darek\AppData\Local\Temp\wincorn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winedkyjj.exe" = C:\Users\darek\AppData\Local\Temp\winedkyjj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wineoyyd.exe" = C:\Users\darek\AppData\Local\Temp\wineoyyd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winxvsen.exe" = C:\Users\darek\AppData\Local\Temp\winxvsen.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winpbwibc.exe" = C:\Users\darek\AppData\Local\Temp\winpbwibc.exe:*:Enabled:ipsec
"E:\bot lol\BoL Studio.exe" = E:\bot lol\BoL Studio.exe:*:Enabled:ipsec -- ()
"C:\Users\darek\AppData\Local\Temp\mutqs.exe" = C:\Users\darek\AppData\Local\Temp\mutqs.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\bdnn.exe" = C:\Users\darek\AppData\Local\Temp\bdnn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\otosv.exe" = C:\Users\darek\AppData\Local\Temp\otosv.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\oswa.exe" = C:\Users\darek\AppData\Local\Temp\oswa.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winryscb.exe" = C:\Users\darek\AppData\Local\Temp\winryscb.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winrjvnvt.exe" = C:\Users\darek\AppData\Local\Temp\winrjvnvt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winrqyhsq.exe" = C:\Users\darek\AppData\Local\Temp\winrqyhsq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winbbvsoy.exe" = C:\Users\darek\AppData\Local\Temp\winbbvsoy.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winperluc.exe" = C:\Users\darek\AppData\Local\Temp\winperluc.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winktmshq.exe" = C:\Users\darek\AppData\Local\Temp\winktmshq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winhipy.exe" = C:\Users\darek\AppData\Local\Temp\winhipy.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\vtfrs.exe" = C:\Users\darek\AppData\Local\Temp\vtfrs.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wflol.exe" = C:\Users\darek\AppData\Local\Temp\wflol.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\oovf.exe" = C:\Users\darek\AppData\Local\Temp\oovf.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\lhmbgt.exe" = C:\Users\darek\AppData\Local\Temp\lhmbgt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\mmml.exe" = C:\Users\darek\AppData\Local\Temp\mmml.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\htnoi.exe" = C:\Users\darek\AppData\Local\Temp\htnoi.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\tlgc.exe" = C:\Users\darek\AppData\Local\Temp\tlgc.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\qtllt.exe" = C:\Users\darek\AppData\Local\Temp\qtllt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winwhqy.exe" = C:\Users\darek\AppData\Local\Temp\winwhqy.exe:*:Enabled:ipsec
"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" = C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winqpjuox.exe" = C:\Users\darek\AppData\Local\Temp\winqpjuox.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winmdsp.exe" = C:\Users\darek\AppData\Local\Temp\winmdsp.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winkqmac.exe" = C:\Users\darek\AppData\Local\Temp\winkqmac.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winntdu.exe" = C:\Users\darek\AppData\Local\Temp\winntdu.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\yskn.exe" = C:\Users\darek\AppData\Local\Temp\yskn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winwndaf.exe" = C:\Users\darek\AppData\Local\Temp\winwndaf.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\fqjh.exe" = C:\Users\darek\AppData\Local\Temp\fqjh.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winebcej.exe" = C:\Users\darek\AppData\Local\Temp\winebcej.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\lela.exe" = C:\Users\darek\AppData\Local\Temp\lela.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winkxlp.exe" = C:\Users\darek\AppData\Local\Temp\winkxlp.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\mbvqp.exe" = C:\Users\darek\AppData\Local\Temp\mbvqp.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winbhgmac.exe" = C:\Users\darek\AppData\Local\Temp\winbhgmac.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ojixf.exe" = C:\Users\darek\AppData\Local\Temp\ojixf.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wintcktwl.exe" = C:\Users\darek\AppData\Local\Temp\wintcktwl.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winrcld.exe" = C:\Users\darek\AppData\Local\Temp\winrcld.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\icjj.exe" = C:\Users\darek\AppData\Local\Temp\icjj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wintwhlr.exe" = C:\Users\darek\AppData\Local\Temp\wintwhlr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wingdln.exe" = C:\Users\darek\AppData\Local\Temp\wingdln.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ugsanh.exe" = C:\Users\darek\AppData\Local\Temp\ugsanh.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winnxnqqf.exe" = C:\Users\darek\AppData\Local\Temp\winnxnqqf.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ithjio.exe" = C:\Users\darek\AppData\Local\Temp\ithjio.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\mctsy.exe" = C:\Users\darek\AppData\Local\Temp\mctsy.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winodhwi.exe" = C:\Users\darek\AppData\Local\Temp\winodhwi.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wkiy.exe" = C:\Users\darek\AppData\Local\Temp\wkiy.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winjdgnrg.exe" = C:\Users\darek\AppData\Local\Temp\winjdgnrg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\jqlpqe.exe" = C:\Users\darek\AppData\Local\Temp\jqlpqe.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\syot.exe" = C:\Users\darek\AppData\Local\Temp\syot.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\jxoskj.exe" = C:\Users\darek\AppData\Local\Temp\jxoskj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\scjy.exe" = C:\Users\darek\AppData\Local\Temp\scjy.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\akxrc.exe" = C:\Users\darek\AppData\Local\Temp\akxrc.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\vywlq.exe" = C:\Users\darek\AppData\Local\Temp\vywlq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winwohjpl.exe" = C:\Users\darek\AppData\Local\Temp\winwohjpl.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winioyqf.exe" = C:\Users\darek\AppData\Local\Temp\winioyqf.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvaby.exe" = C:\Users\darek\AppData\Local\Temp\winvaby.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\dsrk.exe" = C:\Users\darek\AppData\Local\Temp\dsrk.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wingkasp.exe" = C:\Users\darek\AppData\Local\Temp\wingkasp.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\lxkhj.exe" = C:\Users\darek\AppData\Local\Temp\lxkhj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winhdvkn.exe" = C:\Users\darek\AppData\Local\Temp\winhdvkn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winkuxcdc.exe" = C:\Users\darek\AppData\Local\Temp\winkuxcdc.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winkefdlk.exe" = C:\Users\darek\AppData\Local\Temp\winkefdlk.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winflioe.exe" = C:\Users\darek\AppData\Local\Temp\winflioe.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winwxwvn.exe" = C:\Users\darek\AppData\Local\Temp\winwxwvn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winmabj.exe" = C:\Users\darek\AppData\Local\Temp\winmabj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\uaqop.exe" = C:\Users\darek\AppData\Local\Temp\uaqop.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\adfk.exe" = C:\Users\darek\AppData\Local\Temp\adfk.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winnbwlbq.exe" = C:\Users\darek\AppData\Local\Temp\winnbwlbq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\pfni.exe" = C:\Users\darek\AppData\Local\Temp\pfni.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\hcibj.exe" = C:\Users\darek\AppData\Local\Temp\hcibj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\yfcwp.exe" = C:\Users\darek\AppData\Local\Temp\yfcwp.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\viyxev.exe" = C:\Users\darek\AppData\Local\Temp\viyxev.exe:*:Enabled:ipsec
"C:\Users\darek\Downloads\screenSHU-setup.exe" = C:\Users\darek\Downloads\screenSHU-setup.exe:*:Enabled:ipsec
"E:\LOL\RADS\projects\lol_air_client\releases\0.0.1.94\deploy\LolClient.exe" = E:\LOL\RADS\projects\lol_air_client\releases\0.0.1.94\deploy\LolClient.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\rxbdr.exe" = C:\Users\darek\AppData\Local\Temp\rxbdr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winnytyo.exe" = C:\Users\darek\AppData\Local\Temp\winnytyo.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\kbmoe.exe" = C:\Users\darek\AppData\Local\Temp\kbmoe.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winfvhhyd.exe" = C:\Users\darek\AppData\Local\Temp\winfvhhyd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\egufq.exe" = C:\Users\darek\AppData\Local\Temp\egufq.exe:*:Enabled:ipsec
"E:\LOL\RADS\projects\lol_launcher\releases\0.0.0.209\deploy\LoLLauncher.exe" = E:\LOL\RADS\projects\lol_launcher\releases\0.0.0.209\deploy\LoLLauncher.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wineyhy.exe" = C:\Users\darek\AppData\Local\Temp\wineyhy.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\bvsqib.exe" = C:\Users\darek\AppData\Local\Temp\bvsqib.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winlhdd.exe" = C:\Users\darek\AppData\Local\Temp\winlhdd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\windjjp.exe" = C:\Users\darek\AppData\Local\Temp\windjjp.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvhlq.exe" = C:\Users\darek\AppData\Local\Temp\winvhlq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\vhjtsy.exe" = C:\Users\darek\AppData\Local\Temp\vhjtsy.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\bduek.exe" = C:\Users\darek\AppData\Local\Temp\bduek.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winpmuybd.exe" = C:\Users\darek\AppData\Local\Temp\winpmuybd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\dxyqgt.exe" = C:\Users\darek\AppData\Local\Temp\dxyqgt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\ntgqg.exe" = C:\Users\darek\AppData\Local\Temp\ntgqg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\oshdj.exe" = C:\Users\darek\AppData\Local\Temp\oshdj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winnidfbw.exe" = C:\Users\darek\AppData\Local\Temp\winnidfbw.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winbgptu.exe" = C:\Users\darek\AppData\Local\Temp\winbgptu.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winyrnwug.exe" = C:\Users\darek\AppData\Local\Temp\winyrnwug.exe:*:Enabled:ipsec
"E:\botlol2\BoL Studio.exe" = E:\botlol2\BoL Studio.exe:*:Enabled:ipsec -- ()
"C:\Users\darek\AppData\Local\Temp\winswehrh.exe" = C:\Users\darek\AppData\Local\Temp\winswehrh.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\sqhg.exe" = C:\Users\darek\AppData\Local\Temp\sqhg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winsntu.exe" = C:\Users\darek\AppData\Local\Temp\winsntu.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wtbui.exe" = C:\Users\darek\AppData\Local\Temp\wtbui.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winhumd.exe" = C:\Users\darek\AppData\Local\Temp\winhumd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winmjgv.exe" = C:\Users\darek\AppData\Local\Temp\winmjgv.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winmcnr.exe" = C:\Users\darek\AppData\Local\Temp\winmcnr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winkjbgf.exe" = C:\Users\darek\AppData\Local\Temp\winkjbgf.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winrwndtv.exe" = C:\Users\darek\AppData\Local\Temp\winrwndtv.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\dvmnft.exe" = C:\Users\darek\AppData\Local\Temp\dvmnft.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wineevxi.exe" = C:\Users\darek\AppData\Local\Temp\wineevxi.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\xntmw.exe" = C:\Users\darek\AppData\Local\Temp\xntmw.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\btxen.exe" = C:\Users\darek\AppData\Local\Temp\btxen.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wincjob.exe" = C:\Users\darek\AppData\Local\Temp\wincjob.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winyssapt.exe" = C:\Users\darek\AppData\Local\Temp\winyssapt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winpbgq.exe" = C:\Users\darek\AppData\Local\Temp\winpbgq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\crtyod.exe" = C:\Users\darek\AppData\Local\Temp\crtyod.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\txmtn.exe" = C:\Users\darek\AppData\Local\Temp\txmtn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvantae.exe" = C:\Users\darek\AppData\Local\Temp\winvantae.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winbpudhq.exe" = C:\Users\darek\AppData\Local\Temp\winbpudhq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\dkrtk.exe" = C:\Users\darek\AppData\Local\Temp\dkrtk.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvvclub.exe" = C:\Users\darek\AppData\Local\Temp\winvvclub.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winsmpr.exe" = C:\Users\darek\AppData\Local\Temp\winsmpr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\aqtng.exe" = C:\Users\darek\AppData\Local\Temp\aqtng.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\pwlo.exe" = C:\Users\darek\AppData\Local\Temp\pwlo.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\vukqcn.exe" = C:\Users\darek\AppData\Local\Temp\vukqcn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\cwwq.exe" = C:\Users\darek\AppData\Local\Temp\cwwq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winomtjnt.exe" = C:\Users\darek\AppData\Local\Temp\winomtjnt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wintrcgd.exe" = C:\Users\darek\AppData\Local\Temp\wintrcgd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\khlsw.exe" = C:\Users\darek\AppData\Local\Temp\khlsw.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winpvtn.exe" = C:\Users\darek\AppData\Local\Temp\winpvtn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\rmff.exe" = C:\Users\darek\AppData\Local\Temp\rmff.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\epwa.exe" = C:\Users\darek\AppData\Local\Temp\epwa.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winoqewg.exe" = C:\Users\darek\AppData\Local\Temp\winoqewg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winfsni.exe" = C:\Users\darek\AppData\Local\Temp\winfsni.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wininlxi.exe" = C:\Users\darek\AppData\Local\Temp\wininlxi.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winsbdfkq.exe" = C:\Users\darek\AppData\Local\Temp\winsbdfkq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winantd.exe" = C:\Users\darek\AppData\Local\Temp\winantd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvsnl.exe" = C:\Users\darek\AppData\Local\Temp\winvsnl.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winbcit.exe" = C:\Users\darek\AppData\Local\Temp\winbcit.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winosglst.exe" = C:\Users\darek\AppData\Local\Temp\winosglst.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvgyd.exe" = C:\Users\darek\AppData\Local\Temp\winvgyd.exe:*:Enabled:ipsec
"E:\LOL\RADS\system\rads_user_kernel.exe" = E:\LOL\RADS\system\rads_user_kernel.exe:*:Enabled:ipsec -- ()
"C:\Users\darek\AppData\Local\Temp\winixsq.exe" = C:\Users\darek\AppData\Local\Temp\winixsq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\dmsi.exe" = C:\Users\darek\AppData\Local\Temp\dmsi.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winyslm.exe" = C:\Users\darek\AppData\Local\Temp\winyslm.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winptpxu.exe" = C:\Users\darek\AppData\Local\Temp\winptpxu.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wincsfw.exe" = C:\Users\darek\AppData\Local\Temp\wincsfw.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winwhdmb.exe" = C:\Users\darek\AppData\Local\Temp\winwhdmb.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\mhan.exe" = C:\Users\darek\AppData\Local\Temp\mhan.exe:*:Enabled:ipsec
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" = C:\Program Files (x86)\Windows Media Player\wmplayer.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"E:\LOL\RADS\solutions\lol_game_client_sln\releases\0.0.1.44\deploy\League of Legends.exe" = E:\LOL\RADS\solutions\lol_game_client_sln\releases\0.0.1.44\deploy\League of Legends.exe:*:Enabled:ipsec -- ()
"C:\Users\darek\AppData\Local\Temp\windiuixl.exe" = C:\Users\darek\AppData\Local\Temp\windiuixl.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winuytsb.exe" = C:\Users\darek\AppData\Local\Temp\winuytsb.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winpflic.exe" = C:\Users\darek\AppData\Local\Temp\winpflic.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winahec.exe" = C:\Users\darek\AppData\Local\Temp\winahec.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wpwm.exe" = C:\Users\darek\AppData\Local\Temp\wpwm.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\shaq.exe" = C:\Users\darek\AppData\Local\Temp\shaq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\itlnu.exe" = C:\Users\darek\AppData\Local\Temp\itlnu.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\fpsu.exe" = C:\Users\darek\AppData\Local\Temp\fpsu.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wincbvdo.exe" = C:\Users\darek\AppData\Local\Temp\wincbvdo.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\fkcjo.exe" = C:\Users\darek\AppData\Local\Temp\fkcjo.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\gnowx.exe" = C:\Users\darek\AppData\Local\Temp\gnowx.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\lyftn.exe" = C:\Users\darek\AppData\Local\Temp\lyftn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\srbmg.exe" = C:\Users\darek\AppData\Local\Temp\srbmg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winwffb.exe" = C:\Users\darek\AppData\Local\Temp\winwffb.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\feitt.exe" = C:\Users\darek\AppData\Local\Temp\feitt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\hvrcrd.exe" = C:\Users\darek\AppData\Local\Temp\hvrcrd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvqwqge.exe" = C:\Users\darek\AppData\Local\Temp\winvqwqge.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winqddr.exe" = C:\Users\darek\AppData\Local\Temp\winqddr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winbaxm.exe" = C:\Users\darek\AppData\Local\Temp\winbaxm.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winbfigg.exe" = C:\Users\darek\AppData\Local\Temp\winbfigg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvbjln.exe" = C:\Users\darek\AppData\Local\Temp\winvbjln.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winrffcm.exe" = C:\Users\darek\AppData\Local\Temp\winrffcm.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\oooa.exe" = C:\Users\darek\AppData\Local\Temp\oooa.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\smfwvf.exe" = C:\Users\darek\AppData\Local\Temp\smfwvf.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winwpdl.exe" = C:\Users\darek\AppData\Local\Temp\winwpdl.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winqlwpmq.exe" = C:\Users\darek\AppData\Local\Temp\winqlwpmq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wingfdvsn.exe" = C:\Users\darek\AppData\Local\Temp\wingfdvsn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winuoyg.exe" = C:\Users\darek\AppData\Local\Temp\winuoyg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winnqddbg.exe" = C:\Users\darek\AppData\Local\Temp\winnqddbg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\oumicn.exe" = C:\Users\darek\AppData\Local\Temp\oumicn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winqqqk.exe" = C:\Users\darek\AppData\Local\Temp\winqqqk.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\rqpj.exe" = C:\Users\darek\AppData\Local\Temp\rqpj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\cdmbom.exe" = C:\Users\darek\AppData\Local\Temp\cdmbom.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\infjfu.exe" = C:\Users\darek\AppData\Local\Temp\infjfu.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winrlvdj.exe" = C:\Users\darek\AppData\Local\Temp\winrlvdj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winfxsfi.exe" = C:\Users\darek\AppData\Local\Temp\winfxsfi.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winthemtc.exe" = C:\Users\darek\AppData\Local\Temp\winthemtc.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winhvklv.exe" = C:\Users\darek\AppData\Local\Temp\winhvklv.exe:*:Enabled:ipsec
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" = C:\Program Files (x86)\Internet Explorer\iexplore.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Users\darek\AppData\Local\Temp\dtknql.exe" = C:\Users\darek\AppData\Local\Temp\dtknql.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvjfvg.exe" = C:\Users\darek\AppData\Local\Temp\winvjfvg.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\psgb.exe" = C:\Users\darek\AppData\Local\Temp\psgb.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winmaomr.exe" = C:\Users\darek\AppData\Local\Temp\winmaomr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\iufi.exe" = C:\Users\darek\AppData\Local\Temp\iufi.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winlojr.exe" = C:\Users\darek\AppData\Local\Temp\winlojr.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winpeex.exe" = C:\Users\darek\AppData\Local\Temp\winpeex.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winkduu.exe" = C:\Users\darek\AppData\Local\Temp\winkduu.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\rcnrym.exe" = C:\Users\darek\AppData\Local\Temp\rcnrym.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\pwvt.exe" = C:\Users\darek\AppData\Local\Temp\pwvt.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winlftk.exe" = C:\Users\darek\AppData\Local\Temp\winlftk.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wincdlj.exe" = C:\Users\darek\AppData\Local\Temp\wincdlj.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wincriaid.exe" = C:\Users\darek\AppData\Local\Temp\wincriaid.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winpkla.exe" = C:\Users\darek\AppData\Local\Temp\winpkla.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winnbui.exe" = C:\Users\darek\AppData\Local\Temp\winnbui.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winprarbk.exe" = C:\Users\darek\AppData\Local\Temp\winprarbk.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winywko.exe" = C:\Users\darek\AppData\Local\Temp\winywko.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\sqwell.exe" = C:\Users\darek\AppData\Local\Temp\sqwell.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winpveuhh.exe" = C:\Users\darek\AppData\Local\Temp\winpveuhh.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winvmxx.exe" = C:\Users\darek\AppData\Local\Temp\winvmxx.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winhkaf.exe" = C:\Users\darek\AppData\Local\Temp\winhkaf.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winmrlkrd.exe" = C:\Users\darek\AppData\Local\Temp\winmrlkrd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\igvn.exe" = C:\Users\darek\AppData\Local\Temp\igvn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winbwhwqn.exe" = C:\Users\darek\AppData\Local\Temp\winbwhwqn.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\gqno.exe" = C:\Users\darek\AppData\Local\Temp\gqno.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winoigecu.exe" = C:\Users\darek\AppData\Local\Temp\winoigecu.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\wingxuh.exe" = C:\Users\darek\AppData\Local\Temp\wingxuh.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winmxfp.exe" = C:\Users\darek\AppData\Local\Temp\winmxfp.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\iytemq.exe" = C:\Users\darek\AppData\Local\Temp\iytemq.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\windrvd.exe" = C:\Users\darek\AppData\Local\Temp\windrvd.exe:*:Enabled:ipsec
"C:\Users\darek\AppData\Local\Temp\winlycc.exe" = C:\Users\darek\AppData\Local\Temp\winlycc.exe:*:Enabled:ipsec
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F1C8DD-35FC-40FE-AF41-DD691B520C24}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0C604D15-BAFC-4106-BA0C-9326F8E7906C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0EE98E43-1110-424B-A8AF-DC4EAEB5DFB9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{12188104-6F0D-489B-AA44-C9EDDBF00469}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{19349C09-75DB-46E2-82FD-CF948D3D821F}" = rport=139 | protocol=6 | dir=out | app=system |
"{2751C6D7-845C-4CD4-8216-EA6228798D03}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{27A510B0-FEE8-44C2-9E3F-0741166599EB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{30CD75B5-9ABE-4026-90EF-A6F14F08FA29}" = lport=138 | protocol=17 | dir=in | app=system |
"{35A757B3-DE66-41F5-BD4B-EA7EEE1BE72E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4064F53D-CCF8-4B32-AB78-0C347F495DEE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4175403A-742F-4559-83EB-EE1F1902B254}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4C6F3CB4-6855-4E81-8F0D-41D957E98573}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{526A36B1-3B91-4E72-8540-2E600CFB59D5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{529A654E-7F83-40E6-AD41-672C8DAA6ACF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{55B11C11-C895-4733-A2E2-F301CFEBE674}" = rport=138 | protocol=17 | dir=out | app=system |
"{5CBEED45-D312-4A38-82AC-76E253C1EB92}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6EBFE1C3-E6F5-42CB-A957-DA3AC0EC1BBC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F28DC92-DD50-4461-9005-10FFF7A07F2B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{75A9E74D-E07A-4B6B-80E2-3FB814DD2A84}" = lport=139 | protocol=6 | dir=in | app=system |
"{788C2223-34F0-4335-98C9-700FADB1CE0F}" = lport=445 | protocol=6 | dir=in | app=system |
"{8087C1A4-747A-4990-9891-19875529C8E8}" = rport=445 | protocol=6 | dir=out | app=system |
"{83E6E9DD-332D-4B8C-8F79-50D2E89C3F15}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{872B241E-0DD4-464B-9A99-BDC8FCAADFB1}" = lport=137 | protocol=17 | dir=in | app=system |
"{8B997564-CCB0-46B2-A29E-BA2F91CF3F84}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8D55DA53-6B4D-4A7D-987F-07793BC6E3D5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{904F465A-9132-4F6B-A420-DE03299B76D1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{948DF66A-D254-4E7F-91CC-617FD447C2DC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{968DF6FC-231B-44AC-88FA-4FFF2B1C11C1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A76AEC45-A96D-4724-B481-52A41A552DE6}" = lport=8317 | protocol=6 | dir=in | name=techsmith camtasia studio |
"{B50C0BB2-E709-4CD1-BFE7-7657F4266884}" = rport=137 | protocol=17 | dir=out | app=system |
"{D004ED46-14D3-4CA3-BB16-5AD55BC4870F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D1A68A96-8C40-48D1-8C6E-448689F2A49D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D200D693-3A98-4882-B46E-E6816F531058}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D9E46D00-0894-43B7-B29D-854197B5FF1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EA560895-1A40-4CB1-B900-808851930095}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C61201B-4654-404D-89AF-DA1AE0B2434C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{1C73237A-C5C0-43D6-AA59-002A22FA4518}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2A35E177-DC96-477D-8F80-D34292DCB390}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{31935BAB-3FA1-4FCF-BDD4-2D38B3F57E83}" = dir=in | name=ytlimit |
"{339F85E0-661F-4F1C-8D1C-C6B8B24F4F59}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{359D31D1-78C3-4724-965E-AAE4413FAADD}" = dir=in | app=c:\users\darek\appdata\local\microsoft\skydrive\skydrive.exe |
"{385B6E97-C572-4EB6-85ED-DEEE7112F792}" = protocol=6 | dir=out | app=system |
"{3A62C9D3-5B62-469D-A81B-F38B170D02E7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3BBCB4C0-A46D-432B-A680-D8D9DCFB6BA1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{48BE11DB-E446-4E4B-BC30-11A78926DE72}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{56900AA2-9222-4A08-8A34-EB777AECB2B1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{58D0C6D4-C43A-44F0-9491-264580B0ABCD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{59E8FDF7-4181-4BB7-9611-277CF07B33FF}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{5CF7BF53-4D75-4038-916D-4EC863773016}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5EA3B441-1E81-44C7-8E6A-03F8ED0278B3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{61CBB253-B6AA-48EC-9B0C-C4C92FE2C96E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{671F2AE1-4534-41F8-A71E-3B87335A2E5E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{68E6A0C3-DEF6-4509-B13E-E1B49366130F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6BBE74D7-6E9F-415A-8749-55B81929F759}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{729CEFDB-8187-465B-9743-C315A2CD1FE0}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{740590C2-33A3-487F-A47D-4338AAC5B7E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{777E8D80-4C28-4C0A-A557-804FC4BB06A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7AB5158E-F036-43B0-B567-B3A508B4C72C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{7C69B19E-4F21-4793-9230-A1FB1504376A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{82E6FD9B-D6F5-459D-98CD-96E9E844308B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{8872A1EE-E456-45DF-8724-3D2AF5EA5B54}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8DCD20D5-BA28-470C-B24F-72ADC1B87020}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{901C13B9-871B-4DE7-A3F1-3AB2916FFA14}" = protocol=6 | dir=in | app=c:\programdata\esafe\egdpsvc.exe |
"{95145BB4-9C71-4F2E-B043-6ABF86C995A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A304D43E-90A2-4B4B-9E8C-3E786F41A889}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BDC5673D-CEB1-4302-8107-374C03AD147A}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{BF7DA832-7C91-49BF-A5C1-1A960B2D5D55}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C158AB83-9BE1-403C-8701-EBAE679E454A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C23BDF5C-AC38-47E7-B974-E53338C729DC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C4A1AC2A-7E16-40A6-ACBC-133B37187C36}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{D4588794-8A96-4883-94B9-452BAB5B91DF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E387D761-6CDB-45ED-B4CA-EB2CFD985D4A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F77DB512-7650-43ED-AA9B-0C1B799F6726}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FF45A435-E8D9-48D0-BD25-DFA0AC2D8FC1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{0E829AB7-2044-475A-9DE7-D31B93A07786}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{377454C5-5130-4A57-BD56-133F8DE1A31B}C:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\apache.exe |
"TCP Query User{49CC5008-9844-4A39-A44A-13BD1CC67CE7}G:\njsij.scr" = protocol=6 | dir=in | app=g:\njsij.scr |
"TCP Query User{4C872295-0864-4328-8999-8CD4998D1F06}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"TCP Query User{7BEE67F1-72BD-48FA-ABD0-012A2AD9DBE4}C:\programdata\browserdefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserdefender.exe" = protocol=6 | dir=in | app=c:\programdata\browserdefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserdefender.exe |
"TCP Query User{B481380E-01B4-4148-AC09-4153D2E1CAE6}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{CFFD941E-99D2-42CE-A638-FDA3DB1F6CD2}C:\windows\syswow64\netsh.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\netsh.exe |
"TCP Query User{ECEEF144-9C4B-4817-8E37-7279F151DA0D}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{FEE16BE0-8CE4-439E-82B6-F5747C689BEE}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{0881B6F6-0595-423C-95E1-A5735861B137}C:\programdata\browserdefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserdefender.exe" = protocol=17 | dir=in | app=c:\programdata\browserdefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserdefender.exe |
"UDP Query User{0D82A9FE-9E75-4F97-9259-482A77025B15}C:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\apache.exe |
"UDP Query User{11159B83-B183-4F68-9EF1-6B04778611C9}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{3435F9F4-3915-426E-BA7A-42CBA0E354C1}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{78A292D2-4C00-4B1A-B0E8-0635C370DBFC}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{B551D826-4F87-479D-B82A-53BA58125095}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{BCC33534-0307-4F76-8FA3-454762CC21C9}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"UDP Query User{CA0885C0-6E70-4731-9C4D-1AA11AEEE091}G:\njsij.scr" = protocol=17 | dir=in | app=g:\njsij.scr |
"UDP Query User{D4E89B8F-CA37-4769-B124-A8AC526903AE}C:\windows\syswow64\netsh.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\netsh.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D42BF0-ED08-463f-8A28-99EB6FEE962B}" = ZTE Handset USB Driver
"{18A6B663-A646-457B-A314-5CF58AECB06A}" = Intel® PROSet/Wireless WiMAX Software
"{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}" = Oprogramowanie Intel(R) PROSet/Wireless WiFi
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{26A24AE4-039D-4CA4-87B4-2F86416038FF}" = Java(TM) 6 Update 38 (64-bit)
"{2FD0FA0A-7A21-4C4A-B268-1142B54E035E}" = Windows Live Family Safety
"{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1188CD2-9C9F-11E2-B88F-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{A528BDDE-9C9F-11E2-9F0C-F04DA23A5C58}" = MSVCRT Redists
"{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}" = WebCake 3.00
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Pakiet sterowników systemu Windows - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)
"GIMP-2_is1" = GIMP 2.8.10
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-bitowy)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{207DA277-6A6D-4863-B535-129931D2BB21}" = Galeria fotografii
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2F2363F9-102C-448B-8E3E-02FCFE78A28D}" = Movie Maker
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{379DA4C6-8C91-4F36-9D25-F08E8959E0DF}" = Poczta usługi Windows Live
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{46BC55A2-B4CE-46B5-8303-A2076B899505}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F4A4FBF-133D-460E-8617-6D48E0A2B4E4}" = Windows Live Writer Resources
"{5303CFB5-D635-44F0-A94B-9611E81F07C4}" = Camtasia Studio 8
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67DD11CB-7C27-4072-B970-B57755294B28}" = Windows Macro Recorder
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2010
"{90140000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2010
"{90140000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2010
"{90140000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2010
"{90140000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2010
"{90140000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010
"{90140000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2010
"{90140000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2010
"{90140000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2010
"{90140000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2010
"{90140000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2010
"{90850415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95140000-007A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1" = Kingo Android ROOT version 1.1.8.1835
"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger
"{B5D81102-EFE5-4A7B-BE60-019E07C1BD93}" = Windows Live Messenger
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{cc2659bc-d27d-3593-a0a0-9ac0de07a430}" = Python 3.3.4
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}" = Curse
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F188B46C-A389-4142-9765-1D66459D6929}" = Windows Live Family Safety
"{F5350A47-59EE-4A4C-BDBF-05A17F0B8CEB}" = Windows Live Writer
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"{FA12037C-B6FA-4825-86BC-D58AA6A9CC24}" = Podstawowe programy Windows Live
"{FBA73805-0F67-428B-8E4F-FAE16A452685}" = Photo Common
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Android SDK Tools" = Android SDK Tools
"ASIO4ALL" = ASIO4ALL
"avast" = avast! Free Antivirus
"buenosearch" = buenosearch toolbar  
"ElfBot NG_is1" = ElfBot NG 4.5.4
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"metaCrawler" = metaCrawler
"Mirillis Action!" = Action!
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MySQL ODBC 3.51 Driver" = MySQL ODBC 3.51 Driver
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Scribblenauts Unlimited_is1" = Scribblenauts Unlimited
"SiteFinder" = SiteFinder
"WinLiveSuite" = Podstawowe programy Windows Live
"WinZipper" = WinZipper
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free (darek)
"SkyDriveSetup.exe" = Microsoft SkyDrive
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2014-05-16 14:07:29 | Computer Name = darek-Komputer | Source = Application Hang | ID = 1002
Description = Program firefox.exe w wersji 29.0.1.5239 zatrzymał interakcję z systemem
 Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji
 dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum
 akcji.    Identyfikator procesu: 29c    Godzina rozpoczęcia: 01cf71274758e2b9    Godzina zakończenia:
 29    Ścieżka aplikacji: C:\Program Files (x86)\Mozilla Firefox\firefox.exe    Identyfikator
 raportu: ed03f7b5-dd24-11e3-be2c-dc0ea17f8906  
 
Error - 2014-05-16 17:02:30 | Computer Name = darek-Komputer | Source = Application Hang | ID = 1002
Description = Program League of Legends.exe w wersji 4.7.0.298 zatrzymał interakcję
 z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej
 informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania
 Centrum akcji.    Identyfikator procesu: 420    Godzina rozpoczęcia: 01cf714a0fc9977a    Godzina
 zakończenia: 36    Ścieżka aplikacji: E:\LOL\RADS\solutions\lol_game_client_sln\releases\0.0.1.39\deploy\League
 of Legends.exe    Identyfikator raportu: 61cc8916-dd3d-11e3-844e-dc0ea17f8906  
 
Error - 2014-05-29 15:22:24 | Computer Name = darek-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: , wersja: 0.0.0.0, sygnatura czasowa:
 0x537e8b30  Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa:
 0x00000000  Kod wyjątku: 0xc0000005  Przesunięcie błędu: 0x6e69644f  Identyfikator procesu
 powodującego błąd: 0xb14  Godzina uruchomienia aplikacji powodującej błąd: 0x01cf7b6f53b65973
Ścieżka
 aplikacji powodującej błąd:   Ścieżka modułu powodującego błąd: unknown  Identyfikator
 raportu: 8f774b11-e766-11e3-bedd-dc0ea17f8906
 
Error - 2014-06-18 08:20:54 | Computer Name = darek-Komputer | Source = Application Hang | ID = 1002
Description = Program rads_user_kernel.exe w wersji 0.0.0.0 zatrzymał interakcję
 z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej
 informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania
 Centrum akcji.    Identyfikator procesu: 53c    Godzina rozpoczęcia: 01cf8aef996c6b58    Godzina
 zakończenia: 4    Ścieżka aplikacji: E:\LOL\RADS\system\rads_user_kernel.exe    Identyfikator
 raportu: faad0eaf-f6e2-11e3-bb3e-dc0ea17f8906  
 
Error - 2014-06-18 13:57:18 | Computer Name = darek-Komputer | Source = MsiInstaller | ID = 11001
Description =
 
Error - 2014-06-18 14:40:52 | Computer Name = darek-Komputer | Source = Application Hang | ID = 1002
Description = Program AvastUI.exe w wersji 9.0.2018.391 zatrzymał interakcję z systemem
 Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji
 dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum
 akcji.    Identyfikator procesu: fc0    Godzina rozpoczęcia: 01cf8b2079dc10c2    Godzina zakończenia:
 60000    Ścieżka aplikacji: C:\Program Files\AVAST Software\Avast\AvastUI.exe    Identyfikator
 raportu: db53bb18-f717-11e3-b46e-dc0ea17f8906  
 
Error - 2014-06-19 05:50:50 | Computer Name = darek-Komputer | Source = Application Hang | ID = 1002
Description = Program iexplore.exe w wersji 8.0.7600.16385 zatrzymał interakcję
z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej
informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania
 Centrum akcji.    Identyfikator procesu: 1780    Godzina rozpoczęcia: 01cf8ba3e1783b76    Godzina
 zakończenia: 130    Ścieżka aplikacji: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Identyfikator
 raportu: 2d6544bd-f797-11e3-b46e-dc0ea17f8906  
 
Error - 2014-06-19 12:14:46 | Computer Name = darek-Komputer | Source = Application Hang | ID = 1002
Description = Program Explorer.EXE w wersji 6.1.7600.16385 zatrzymał interakcję
z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej
informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania
 Centrum akcji.    Identyfikator procesu: 4d4    Godzina rozpoczęcia: 01cf8b205cfcd11c    Godzina
 zakończenia: 2811    Ścieżka aplikacji: C:\Windows\Explorer.EXE    Identyfikator raportu:
 49552de3-f7cb-11e3-b46e-dc0ea17f8906  
 
Error - 2014-06-19 16:42:52 | Computer Name = darek-Komputer | Source = .NET Runtime Optimization Service | ID = 1101
Description =
 
Error - 2014-06-19 16:42:53 | Computer Name = darek-Komputer | Source = .NET Runtime Optimization Service | ID = 1101
Description =
 
[ Media Center Events ]
Error - 2013-08-24 17:19:25 | Computer Name = darek-Komputer | Source = MCUpdate | ID = 0
Description = 23:19:25 - Błąd podczas nawiązywania połączenia z Internetem.  23:19:25
 -     Nie można skontaktować się z serwerem..  
 
Error - 2013-08-25 12:16:04 | Computer Name = darek-Komputer | Source = MCUpdate | ID = 0
Description = 18:15:25 - Błąd podczas nawiązywania połączenia z Internetem.  18:15:44
 -     Nie można skontaktować się z serwerem..  
 
Error - 2013-08-25 12:20:42 | Computer Name = darek-Komputer | Source = MCUpdate | ID = 0
Description = 18:16:19 - Błąd podczas nawiązywania połączenia z Internetem.  18:16:20
 -     Nie można skontaktować się z serwerem..  
 
Error - 2014-06-10 09:38:47 | Computer Name = darek-Komputer | Source = MCUpdate | ID = 0
Description = 15:38:46 - Błąd podczas nawiązywania połączenia z Internetem.  15:38:46
 -     Nie można skontaktować się z serwerem..  
 
[ System Events ]
Error - 2014-06-19 07:53:27 | Computer Name = darek-Komputer | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2.
 
Error - 2014-06-20 05:39:15 | Computer Name = darek-Komputer | Source = Service Control Manager | ID = 7011
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji
 z usługi PlugPlay.
 
Error - 2014-06-20 11:55:44 | Computer Name = darek-Komputer | Source = Service Control Manager | ID = 7011
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji
 z usługi SDRSVC.
 
Error - 2014-06-21 08:56:56 | Computer Name = darek-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Agent zasad IPsec z powodu następującego
 błędu:   %%109
 
Error - 2014-06-21 08:56:56 | Computer Name = darek-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Użytkowanie aplikacji z powodu następującego
 błędu:   %%1115
 
Error - 2014-06-21 08:56:56 | Computer Name = darek-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Host systemu diagnostyki z powodu następującego
 błędu:   %%1115
 
Error - 2014-06-21 08:56:56 | Computer Name = darek-Komputer | Source = Service Control Manager | ID = 7038
Description = Usługa SSDPSRV nie może zalogować się jako NT AUTHORITY\LocalService
 za pomocą obecnie skonfigurowanego hasła z powodu następującego błędu:   %%50    Aby
upewnić się, że usługa jest skonfigurowana prawidłowo, użyj przystawki Usługi w
programie Microsoft Management Console (MMC).
 
Error - 2014-06-21 08:56:56 | Computer Name = darek-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Odnajdywanie SSDP z powodu następującego
 błędu:   %%1069
 
Error - 2014-06-21 08:56:56 | Computer Name = darek-Komputer | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description = Uruchomienie usługi BITS nie powiodło się. Błąd 2147942450.
 
Error - 2014-06-21 08:56:56 | Computer Name = darek-Komputer | Source = Service Control Manager | ID = 7024
Description = Usługa Usługa inteligentnego transferu w tle zakończyła działanie;
 wystąpił specyficzny dla niej błąd %%-2147024846.
 
 
< End of report >
 

[/log]

 

FRST

[log]Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-06-2014 01
Ran by darek (administrator) on DAREK-KOMPUTER on 21-06-2014 21:44:37
Running from C:\Users\darek\Downloads
Platform: Windows 7 Ultimate (X64) OS Language: Polski (Polska)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
() C:\Windows\SysWOW64\srvany.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Windows\KMService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(CipSoft GmbH) C:\Users\darek\Desktop\Mateusz\NSS 2.0\Tibia.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel(R) Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1617920 2011-01-26] (Intel® Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2013-06-14] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2013-06-14] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-18] (AVAST Software)
HKLM-x32\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,,e:\lol\rads\projects\lol_air_client\releases\0.0.1.63\deploy\lolclientsrv.exe,c:\program files (x86)\microsoft\desktoplayer.exe [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3555291836-3210127844-3947176126-1000\...\Run: [spoolsv32] => "C:\Windows\system32\javaw.exe" -jar "C:\Users\darek\AppData\Roaming\Win32\spoolsv32.jar"
HKU\S-1-5-21-3555291836-3210127844-3947176126-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
Startup: C:\Users\darek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\trzD50B.tmp ()
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * aswBoot.exe /M:22e4a9e5c /wow /dir:"C:\Program Files\AVAST Software\Avast"
AlternateShell:

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXN1A717802478024&ts=1380211191
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXN1A717802478024&ts=1380211191
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXN1A717802478024&ts=1380211191
URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
URLSearchHook: HKLM-x32 - SiteFinder - {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files (x86)\SiteFinder\SiteFinder.dll (Site Finder)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?utm_source=b&utm_medium=bnd&from=bnd&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXN1A717802478024&ts=0
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?utm_source=b&utm_medium=bnd&from=bnd&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXN1A717802478024&ts=0
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?utm_source=b&utm_medium=bnd&from=bnd&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXN1A717802478024&ts=0
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?utm_source=b&utm_medium=bnd&from=bnd&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXN1A717802478024&ts=0
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6CD000FF4EFF94D8&affID=128491&tsp=5190
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6CD000FF4EFF94D8&affID=128491&tsp=5190
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXN1A717802478024&ts=1377259841
SearchScopes: HKCU - {A8160AF9-3E1B-40EA-A2A0-1F9877FEFCEC} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=512435&p={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: No Name - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Pomocnik logowania za pomocą konta Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} -  No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: buenosearch Helper Object - {F1C81E40-2485-4DB6-8C9D-04BD596B281E} - C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\bh\buenosearch.dll (Montiera Technologies LTD)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - SiteFinder - {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files (x86)\SiteFinder\SiteFinder.dll (Site Finder)
Toolbar: HKLM-x32 - buenosearch Toolbar - {828DC97A-2277-4E10-92A9-4907FA0922A9} - C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\buenosearchTlbr.dll (Montiera Technologies LTD)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.3.1 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\darek\AppData\Roaming\Mozilla\Firefox\Profiles\ce1yzzxv.default-1401462181965
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_38 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=3 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=9 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin-x32: BYOND - C:\Program Files (x86)\BYOND\bin\npbyond.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\darek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Adblock Plus - C:\Users\darek\AppData\Roaming\Mozilla\Firefox\Profiles\ce1yzzxv.default-1401462181965\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-31]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com [2014-04-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-17]
FF HKCU\...\Firefox\Extensions: [support@mozilla.com] - C:\Users\darek\AppData\Roaming\support@mozilla.com
FF Extension: Firefox Extension Manager - C:\Users\darek\AppData\Roaming\support@mozilla.com [2013-06-22]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (__MSG_appName__) - C:\Users\darek\AppData\Local\Google\Chrome\User Data\Default\Extensions\beahobhgpojnjfdjglaehfhdanaioode [2014-05-04]
CHR Extension: (Delta Toolbar) - C:\Users\darek\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-08-22]
CHR Extension: (Web Cake) - C:\Users\darek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh [2013-08-22]
CHR Extension: (Plus-HD-8.1) - C:\Users\darek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkjonigebafgfomfofbodcbbijbibokl [2014-02-20]
CHR Extension: (Lightning Newtab) - C:\Users\darek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2013-08-23]
CHR Extension: (Chrome In-App Payments service) - C:\Users\darek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR HKLM-x32\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files (x86)\Betcat\WebCakeLayers.crx [2013-08-13]
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\darek\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [2013-08-23]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-18] (AVAST Software)
S2 dealplylive; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-07-20] (DealPly Technologies Ltd)
S3 dealplylivem; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-07-20] (DealPly Technologies Ltd)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2011-01-30] (Red Bend Ltd.) [File not signed]
R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2014-01-22] () [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4609416 2013-11-06] (INCA Internet Co., Ltd.) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-08] ()
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [885248 2011-01-30] (Intel(R) Corporation) [File not signed]
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424104 2013-08-23] (Taiwan Shui Mu Chih Ching Technology Limited.)
S4 Apache2.2; "c:\xampp\apache\bin\apache.exe" -k runservice [X]
S4 mysql; c:\xampp\mysql\bin\mysqld-nt.exe --defaults-file=c:\xampp\mysql\bin\my.cnf mysql

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-18] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-18] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-18] ()
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-08-13] (Anchorfree Inc.)
S3 zghsser; C:\Windows\System32\DRIVERS\zghsser.sys [132104 2012-07-18] (ZTE Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 WinRing0_1_2_0; \??\E:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-21 21:44 - 2014-06-21 21:45 - 00020243 _____ () C:\Users\darek\Downloads\FRST.txt
2014-06-21 21:44 - 2014-06-21 21:44 - 02083328 _____ (Farbar) C:\Users\darek\Downloads\FRST64.exe
2014-06-21 21:44 - 2014-06-21 21:44 - 00000000 ____D () C:\FRST
2014-06-21 21:40 - 2014-06-21 21:40 - 00294450 _____ () C:\Users\darek\Downloads\Extras.Txt
2014-06-21 21:37 - 2014-06-21 21:37 - 00087338 _____ () C:\Users\darek\Downloads\OTL.Txt
2014-06-21 21:23 - 2014-06-21 21:24 - 00370943 _____ () C:\Users\darek\Downloads\gmer.zip
2014-06-21 21:22 - 2014-06-21 21:22 - 00602112 _____ (OldTimer Tools) C:\Users\darek\Downloads\OTL.exe
2014-06-21 15:47 - 2014-06-21 15:50 - 00000000 ____D () C:\Users\darek\Desktop\Mateusz
2014-06-20 01:10 - 2014-06-21 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElfBot NG
2014-06-19 20:46 - 2014-06-19 20:46 - 00003030 _____ () C:\Users\darek\AppData\Local\recently-used.xbel
2014-06-19 20:35 - 2014-06-19 20:46 - 00000000 ____D () C:\Users\darek\AppData\Local\gtk-2.0
2014-06-18 20:11 - 2014-06-18 20:11 - 00000000 ____D () C:\Users\darek\AppData\Roaming\AVAST Software
2014-06-18 20:08 - 2014-06-21 15:00 - 00000280 _____ () C:\Windows\setupact.log
2014-06-18 20:08 - 2014-06-20 18:27 - 00327966 _____ () C:\Windows\PFRO.log
2014-06-18 20:08 - 2014-06-18 20:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-18 20:06 - 2014-06-18 20:17 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-06-18 20:06 - 2014-06-18 20:05 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-18 20:05 - 2014-06-18 20:05 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-18 19:49 - 2014-06-18 19:49 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-18 10:22 - 2014-06-18 10:23 - 03763334 _____ () C:\Users\darek\Desktop\zdjęcia.zip
2014-06-14 14:37 - 2014-06-20 11:48 - 00000000 ____D () C:\Users\darek\Desktop\programy ;3
2014-06-14 14:34 - 2014-06-14 14:35 - 00000000 ____D () C:\Users\darek\Desktop\Mama
2014-06-03 23:47 - 2014-06-04 00:15 - 00000000 ____D () C:\Users\darek\otNaruto

==================== One Month Modified Files and Folders =======

2014-06-21 21:45 - 2014-06-21 21:44 - 00020243 _____ () C:\Users\darek\Downloads\FRST.txt
2014-06-21 21:45 - 2013-06-21 13:45 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-21 21:44 - 2014-06-21 21:44 - 02083328 _____ (Farbar) C:\Users\darek\Downloads\FRST64.exe
2014-06-21 21:44 - 2014-06-21 21:44 - 00000000 ____D () C:\FRST
2014-06-21 21:40 - 2014-06-21 21:40 - 00294450 _____ () C:\Users\darek\Downloads\Extras.Txt
2014-06-21 21:37 - 2014-06-21 21:37 - 00087338 _____ () C:\Users\darek\Downloads\OTL.Txt
2014-06-21 21:35 - 2013-06-16 21:32 - 00000000 ____D () C:\Users\darek\AppData\Roaming\Skype
2014-06-21 21:31 - 2013-07-20 12:26 - 00000904 _____ () C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2014-06-21 21:24 - 2014-06-21 21:23 - 00370943 _____ () C:\Users\darek\Downloads\gmer.zip
2014-06-21 21:22 - 2014-06-21 21:22 - 00602112 _____ (OldTimer Tools) C:\Users\darek\Downloads\OTL.exe
2014-06-21 20:32 - 2013-06-14 07:59 - 02043845 _____ () C:\Windows\WindowsUpdate.log
2014-06-21 16:05 - 2014-06-20 01:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElfBot NG
2014-06-21 16:03 - 2014-03-08 17:12 - 00000000 ____D () C:\Python33
2014-06-21 15:55 - 2013-06-14 08:26 - 00000000 ____D () C:\Users\darek
2014-06-21 15:50 - 2014-06-21 15:47 - 00000000 ____D () C:\Users\darek\Desktop\Mateusz
2014-06-21 15:49 - 2014-02-12 16:45 - 00000000 __SHD () C:\Users\darek\i15Z28qV
2014-06-21 15:08 - 2009-07-14 06:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-21 15:08 - 2009-07-14 06:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-21 15:06 - 2009-07-14 19:55 - 00742054 _____ () C:\Windows\system32\perfh015.dat
2014-06-21 15:06 - 2009-07-14 19:55 - 00156040 _____ () C:\Windows\system32\perfc015.dat
2014-06-21 15:06 - 2009-07-14 07:13 - 01673392 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-21 15:03 - 2013-08-23 14:10 - 00000000 ____D () C:\Program Files (x86)\WinZipper
2014-06-21 15:01 - 2013-08-26 18:35 - 00000000 ____D () C:\Users\darek\AppData\Local\screenSHU
2014-06-21 15:00 - 2014-06-18 20:08 - 00000280 _____ () C:\Windows\setupact.log
2014-06-21 15:00 - 2013-07-20 12:26 - 00000900 _____ () C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2014-06-21 15:00 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-20 18:27 - 2014-06-18 20:08 - 00327966 _____ () C:\Windows\PFRO.log
2014-06-20 11:48 - 2014-06-14 14:37 - 00000000 ____D () C:\Users\darek\Desktop\programy ;3
2014-06-19 23:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-19 22:39 - 2013-06-19 20:21 - 01646182 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-06-19 20:55 - 2013-06-27 19:11 - 00000000 ____D () C:\Users\darek\.gimp-2.8
2014-06-19 20:46 - 2014-06-19 20:46 - 00003030 _____ () C:\Users\darek\AppData\Local\recently-used.xbel
2014-06-19 20:46 - 2014-06-19 20:35 - 00000000 ____D () C:\Users\darek\AppData\Local\gtk-2.0
2014-06-19 17:18 - 2014-04-12 16:32 - 00000000 ____D () C:\Users\darek\AppData\Roaming\Bol
2014-06-19 00:34 - 2013-06-27 19:11 - 00000894 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-06-19 00:09 - 2013-08-30 20:53 - 00000000 ____D () C:\Users\darek\AppData\Local\Adobe
2014-06-18 20:17 - 2014-06-18 20:06 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-06-18 20:17 - 2013-09-17 18:23 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-18 20:17 - 2013-09-17 18:22 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-18 20:11 - 2014-06-18 20:11 - 00000000 ____D () C:\Users\darek\AppData\Roaming\AVAST Software
2014-06-18 20:11 - 2013-09-17 18:22 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-18 20:08 - 2014-06-18 20:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-18 20:05 - 2014-06-18 20:06 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-18 20:05 - 2014-06-18 20:05 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-18 20:05 - 2013-09-17 18:23 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1403115464210
2014-06-18 20:05 - 2013-09-17 18:22 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1403115464210
2014-06-18 20:05 - 2013-09-17 18:22 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-18 20:05 - 2013-09-17 18:22 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-18 20:05 - 2013-09-17 18:22 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-06-18 20:05 - 2013-09-17 18:22 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-18 20:05 - 2013-09-17 18:22 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-18 19:59 - 2013-09-16 23:50 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-18 19:58 - 2013-09-17 18:22 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-06-18 19:56 - 2014-04-20 18:21 - 00000000 ____D () C:\Users\darek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSub
2014-06-18 19:53 - 2014-04-21 15:41 - 00000000 ____D () C:\Users\darek\AppData\Local\CrashDumps
2014-06-18 19:53 - 2014-02-12 23:32 - 00000000 ____D () C:\Windows\Minidump
2014-06-18 19:49 - 2014-06-18 19:49 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-18 19:49 - 2013-09-03 21:33 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-18 15:33 - 2013-10-31 22:17 - 00000000 ____D () C:\Users\darek\AppData\Roaming\Tibia
2014-06-18 10:23 - 2014-06-18 10:22 - 03763334 _____ () C:\Users\darek\Desktop\zdjęcia.zip
2014-06-17 23:38 - 2013-06-28 21:26 - 00000000 ____D () C:\Users\darek\AppData\Roaming\OBS
2014-06-14 14:35 - 2014-06-14 14:34 - 00000000 ____D () C:\Users\darek\Desktop\Mama
2014-06-14 14:33 - 2014-05-11 09:31 - 00000000 ____D () C:\Users\darek\Desktop\muzyka
2014-06-11 09:56 - 2014-04-30 07:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-11 08:06 - 2013-06-15 16:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-04 00:15 - 2014-06-03 23:47 - 00000000 ____D () C:\Users\darek\otNaruto
2014-05-31 15:04 - 2009-07-14 07:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-22 17:17 - 2014-02-27 07:10 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-22 17:17 - 2013-06-16 21:32 - 00000000 ____D () C:\ProgramData\Skype

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-12 00:47

==================== End Of Log ============================ [/log]

 

 

Addition:

[log]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2014 01
Ran by darek at 2014-06-21 21:45:53
Running from C:\Users\darek\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.17.3 - Mirillis)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta1 - Michael Tippach)
Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
Battlefield Play4Free (darek) (HKCU\...\{87686C21-8A15-4b4d-A3F1-11141D9BE094}) (Version:  - EA Digital illusions)
buenosearch toolbar   (HKLM-x32\...\buenosearch) (Version: 1.8.28.7 - Montiera technologies LTD) <==== ATTENTION
Camtasia Studio 8 (HKLM-x32\...\{5303CFB5-D635-44F0-A94B-9611E81F07C4}) (Version: 8.3.0.1471 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.51 - Conexant)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ElfBot NG 4.5.4 (HKLM-x32\...\ElfBot NG_is1) (Version:  - NGSoft, LLC)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.0 - Lenovo)
Energy Management (x32 Version: 6.0.2.0 - Lenovo) Hidden
Galeria fotografii (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{18A6B663-A646-457B-A314-5CF58AECB06A}) (Version: 6.02.0000 - Intel Corporation)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 38 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416038FF}) (Version: 6.0.380 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Kingo Android ROOT version 1.1.8.1835 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.1.8.1835 - Kingosoft Technology Ltd.)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.10.1209.1 - Lenovo EasyCamera)
metaCrawler (HKLM-x32\...\metaCrawler) (Version:  - metaCrawler) <==== ATTENTION
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0415-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Polish) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850415-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MySQL ODBC 3.51 Driver (HKLM-x32\...\MySQL ODBC 3.51 Driver) (Version: 03.51 - MySQL AB)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.1 - Notepad++ Team)
Oprogramowanie Intel(R) PROSet/Wireless WiFi (HKLM\...\{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}) (Version: 14.0.2000 - Intel Corporation)
Pakiet sterowników systemu Windows - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Poczta usługi Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Podstawowe programy Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Python 3.3.4 (HKLM-x32\...\{cc2659bc-d27d-3593-a0a0-9ac0de07a430}) (Version: 3.3.4150 - Python Software Foundation)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10003 - Realtek Semiconductor Corp.)
Scribblenauts Unlimited (HKLM-x32\...\Scribblenauts Unlimited_is1) (Version:  - )
SiteFinder (HKLM-x32\...\SiteFinder) (Version: 1.0.0.0 - SiteFinder) <==== ATTENTION
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.0.0 - Synaptics Incorporated)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Vegas Pro 12.0 (64-bit) (HKLM\...\{A1188CD2-9C9F-11E2-B88F-F04DA23A5C58}) (Version: 12.0.563 - Sony)
WebCake 3.00 (HKLM\...\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}) (Version: 3.00 - WebCake LLC) <==== ATTENTION
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Macro Recorder (HKLM-x32\...\{67DD11CB-7C27-4072-B970-B57755294B28}) (Version: 1.0.0 - Free Labs)
WinRAR 4.20 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZipper (HKLM-x32\...\WinZipper) (Version: 1.4.8 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)

==================== Restore Points  =========================

07-06-2014 02:43:43 Zaplanowany punkt kontrolny
15-06-2014 05:04:06 Zaplanowany punkt kontrolny
18-06-2014 17:56:27 Removed Windows Macro Recorder
18-06-2014 17:59:38 avast! antivirus system restore point

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-04-12 16:35 - 00000059 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1       198.144.182.42


==================== Scheduled Tasks (whitelisted) =============

Task: {048ACD87-AEDC-42A6-B22F-662538BAB811} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3555291836-3210127844-3947176126-1000
Task: {125C322D-2472-4D09-833F-A244B8C2A43F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {6C3A33D0-96CD-4672-9DD2-B39424448814} - System32\Tasks\DealPlyLiveUpdateTaskMachineCore => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-07-20] (DealPly Technologies Ltd) <==== ATTENTION
Task: {967CAEDE-5067-446F-B2F7-D92BB6AB417B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-18] (AVAST Software)
Task: {AA53A387-9059-4C5A-8166-1CAFF056E003} - System32\Tasks\EPUpdater => C:\Users\darek\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-12-12] () <==== ATTENTION
Task: {D4A284A4-D53E-45EC-A8C3-9B2D3ADFF361} - System32\Tasks\DealPlyLiveUpdateTaskMachineUA => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-07-20] (DealPly Technologies Ltd) <==== ATTENTION
Task: {DCA09C0C-C22D-4415-B2AB-D47855F1B1DA} - System32\Tasks\Game_Booster_AutoUpdate => E:\Programy\Game Booster 3\AutoUpdate.exe
Task: {F3744B45-3A7F-4117-ADC1-A4ECFAB6C1B3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-01-05 12:53 - 2011-01-05 12:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-01-22 12:46 - 2014-01-22 12:45 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe
2013-06-14 08:45 - 2011-03-25 11:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-22 12:46 - 2014-01-22 12:45 - 00151552 _____ () C:\Windows\KMService.exe
2011-01-05 12:53 - 2011-01-05 12:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-11-03 18:28 - 2013-11-08 22:39 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2008-12-20 03:20 - 2013-06-14 09:11 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-20 03:20 - 2013-06-14 09:11 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2014-06-21 12:12 - 2014-06-21 12:12 - 02783744 _____ () C:\Program Files\AVAST Software\Avast\defs\14062100\algo.dll
2013-08-23 14:10 - 2013-08-23 14:10 - 00612520 _____ () C:\Program Files (x86)\WinZipper\sqlite3.dll
2014-06-18 20:05 - 2014-06-18 20:05 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-21 16:05 - 2009-12-09 15:19 - 00036352 _____ () E:\ElfBot NG\elfload.dll
2014-06-20 01:10 - 2014-06-21 16:05 - 01445888 _____ () E:\ElfBot NG\elfbot.dll
2014-06-10 22:39 - 2014-06-10 22:39 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-06-15 16:52 - 2013-06-15 16:52 - 16033160 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:4EE74317
AlternateDataStreams: C:\ProgramData\TEMP:6BE50C2B

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/19/2014 10:42:53 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06

Error: (06/19/2014 10:42:52 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06

Error: (06/19/2014 06:14:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Explorer.EXE w wersji 6.1.7600.16385 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.

Identyfikator procesu: 4d4

Godzina rozpoczęcia: 01cf8b205cfcd11c

Godzina zakończenia: 2811

Ścieżka aplikacji: C:\Windows\Explorer.EXE

Identyfikator raportu: 49552de3-f7cb-11e3-b46e-dc0ea17f8906

Error: (06/19/2014 11:50:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program iexplore.exe w wersji 8.0.7600.16385 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.

Identyfikator procesu: 1780

Godzina rozpoczęcia: 01cf8ba3e1783b76

Godzina zakończenia: 130

Ścieżka aplikacji: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Identyfikator raportu: 2d6544bd-f797-11e3-b46e-dc0ea17f8906

Error: (06/18/2014 08:40:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program AvastUI.exe w wersji 9.0.2018.391 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.

Identyfikator procesu: fc0

Godzina rozpoczęcia: 01cf8b2079dc10c2

Godzina zakończenia: 60000

Ścieżka aplikacji: C:\Program Files\AVAST Software\Avast\AvastUI.exe

Identyfikator raportu: db53bb18-f717-11e3-b46e-dc0ea17f8906

Error: (06/18/2014 07:57:18 PM) (Source: MsiInstaller) (EventID: 11001) (User: darek-Komputer)
Description: Product: Windows Macro Recorder -- Error 1001. (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/18/2014 02:20:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program rads_user_kernel.exe w wersji 0.0.0.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.

Identyfikator procesu: 53c

Godzina rozpoczęcia: 01cf8aef996c6b58

Godzina zakończenia: 4

Ścieżka aplikacji: E:\LOL\RADS\system\rads_user_kernel.exe

Identyfikator raportu: faad0eaf-f6e2-11e3-bb3e-dc0ea17f8906

Error: (05/29/2014 09:22:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: , wersja: 0.0.0.0, sygnatura czasowa: 0x537e8b30
Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x6e69644f
Identyfikator procesu powodującego błąd: 0xb14
Godzina uruchomienia aplikacji powodującej błąd: 0x0
Ścieżka aplikacji powodującej błąd: 1
Ścieżka modułu powodującego błąd: 2
Identyfikator raportu: 3

Error: (05/16/2014 11:02:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program League of Legends.exe w wersji 4.7.0.298 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.

Identyfikator procesu: 420

Godzina rozpoczęcia: 01cf714a0fc9977a

Godzina zakończenia: 36

Ścieżka aplikacji: E:\LOL\RADS\solutions\lol_game_client_sln\releases\0.0.1.39\deploy\League of Legends.exe

Identyfikator raportu: 61cc8916-dd3d-11e3-844e-dc0ea17f8906

Error: (05/16/2014 08:07:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program firefox.exe w wersji 29.0.1.5239 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.

Identyfikator procesu: 29c

Godzina rozpoczęcia: 01cf71274758e2b9

Godzina zakończenia: 29

Ścieżka aplikacji: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Identyfikator raportu: ed03f7b5-dd24-11e3-be2c-dc0ea17f8906


System errors:
=============
Error: (06/21/2014 02:56:56 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Usługa Usługa inteligentnego transferu w tle zakończyła działanie; wystąpił specyficzny dla niej błąd %%-2147024846.

Error: (06/21/2014 02:56:56 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: ZARZĄDZANIE NT)
Description: Uruchomienie usługi BITS nie powiodło się. Błąd 2147942450.

Error: (06/21/2014 02:56:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi Odnajdywanie SSDP z powodu następującego błędu:
%%1069

Error: (06/21/2014 02:56:56 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Usługa SSDPSRV nie może zalogować się jako NT AUTHORITY\LocalService za pomocą obecnie skonfigurowanego hasła z powodu następującego błędu:
%%50

Aby upewnić się, że usługa jest skonfigurowana prawidłowo, użyj przystawki Usługi w programie Microsoft Management Console (MMC).

Error: (06/21/2014 02:56:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi Host systemu diagnostyki z powodu następującego błędu:
%%1115

Error: (06/21/2014 02:56:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi Użytkowanie aplikacji z powodu następującego błędu:
%%1115

Error: (06/21/2014 02:56:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi Agent zasad IPsec z powodu następującego błędu:
%%109

Error: (06/20/2014 05:55:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji z usługi SDRSVC.

Error: (06/20/2014 11:39:15 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji z usługi PlugPlay.

Error: (06/19/2014 01:53:27 PM) (Source: Disk) (EventID: 11) (User: )
Description: Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2.


Microsoft Office Sessions:
=========================
Error: (06/19/2014 10:42:53 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06
System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Error: (06/19/2014 10:42:52 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06
System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Error: (06/19/2014 06:14:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7600.163854d401cf8b205cfcd11c2811C:\Windows\Explorer.EXE49552de3-f7cb-11e3-b46e-dc0ea17f8906

Error: (06/19/2014 11:50:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.7600.16385178001cf8ba3e1783b76130C:\Program Files (x86)\Internet Explorer\iexplore.exe2d6544bd-f797-11e3-b46e-dc0ea17f8906

Error: (06/18/2014 08:40:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AvastUI.exe9.0.2018.391fc001cf8b2079dc10c260000C:\Program Files\AVAST Software\Avast\AvastUI.exedb53bb18-f717-11e3-b46e-dc0ea17f8906

Error: (06/18/2014 07:57:18 PM) (Source: MsiInstaller) (EventID: 11001) (User: darek-Komputer)
Description: Product: Windows Macro Recorder -- Error 1001. (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/18/2014 02:20:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rads_user_kernel.exe0.0.0.053c01cf8aef996c6b584E:\LOL\RADS\system\rads_user_kernel.exefaad0eaf-f6e2-11e3-bb3e-dc0ea17f8906

Error: (05/29/2014 09:22:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 0.0.0.0537e8b30unknown0.0.0.000000000c00000056e69644fb1401cf7b6f53b65973unknown8f774b11-e766-11e3-bedd-dc0ea17f8906

Error: (05/16/2014 11:02:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: League of Legends.exe4.7.0.29842001cf714a0fc9977a36E:\LOL\RADS\solutions\lol_game_client_sln\releases\0.0.1.39\deploy\League of Legends.exe61cc8916-dd3d-11e3-844e-dc0ea17f8906

Error: (05/16/2014 08:07:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe29.0.1.523929c01cf71274758e2b929C:\Program Files (x86)\Mozilla Firefox\firefox.exeed03f7b5-dd24-11e3-be2c-dc0ea17f8906


CodeIntegrity Errors:
===================================
  Date: 2014-01-02 07:28:02.777
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-02 07:28:02.761
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 84%
Total physical RAM: 1991.86 MB
Available physical RAM: 300.63 MB
Total Pagefile: 3983.72 MB
Available Pagefile: 1624.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:102.68 GB) (Free:58.7 GB) NTFS
Drive d: () (Fixed) (Total:97.66 GB) (Free:48.25 GB) NTFS
Drive e: () (Fixed) (Total:97.66 GB) (Free:78.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 79CF0D0F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=103 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=98 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[/log]

 

 

Gmer

[log]GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-06-21 22:03:23
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BPVT-24JJ5T0 rev.01.01A01 298,09GB
Running: gmer.exe; Driver: C:\Users\darek\AppData\Local\Temp\kwddikog.sys


---- User code sections - GMER 2.1 ----

.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                     00000000777fff60 5 bytes JMP 0000000100070460
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                              00000000777fffb0 5 bytes JMP 0000000100070450
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                              0000000077800110 5 bytes JMP 0000000100070370
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                   0000000077800160 5 bytes JMP 0000000100070470
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                         0000000077800170 5 bytes JMP 00000001000703e0
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                              0000000077800220 5 bytes JMP 0000000100070320
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                       0000000077800250 5 bytes JMP 00000001000703b0
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                          0000000077800270 5 bytes JMP 0000000100070390
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                00000000778002b0 5 bytes JMP 00000001000702e0
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                              0000000077800330 5 bytes JMP 00000001000702d0
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                            0000000077800350 5 bytes JMP 0000000100070310
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                             0000000077800390 5 bytes JMP 00000001000703c0
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                          00000000778003e0 5 bytes JMP 00000001000703f0
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                             0000000077800540 5 bytes JMP 0000000100070230
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                  0000000077800700 5 bytes JMP 0000000100070480
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                 0000000077800730 5 bytes JMP 00000001000703a0
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                          0000000077800810 5 bytes JMP 00000001000702f0
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                       0000000077800820 5 bytes JMP 0000000100070350
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                             0000000077800880 5 bytes JMP 0000000100070290
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                          0000000077800910 5 bytes JMP 00000001000702b0
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                           0000000077800930 5 bytes JMP 00000001000703d0
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                              0000000077800940 5 bytes JMP 0000000100070330
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                       00000000778009b0 5 bytes JMP 0000000100070410
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                          00000000778009e0 5 bytes JMP 0000000100070240
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                               0000000077800ca0 5 bytes JMP 00000001000701e0
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                          0000000077800d60 5 bytes JMP 0000000100070250
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                          0000000077800d90 5 bytes JMP 0000000100070490
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                 0000000077800da0 5 bytes JMP 00000001000704a0
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                            0000000077800dd0 5 bytes JMP 0000000100070300
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                         0000000077800de0 5 bytes JMP 0000000100070360
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                               0000000077800e40 5 bytes JMP 00000001000702a0
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                            0000000077800e90 5 bytes JMP 00000001000702c0
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                               0000000077800ec0 5 bytes JMP 0000000100070380
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                0000000077800ed0 5 bytes JMP 0000000100070340
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                         00000000778011c0 5 bytes JMP 0000000100070440
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                        00000000778013c0 5 bytes JMP 0000000100070260
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                           00000000778013d0 5 bytes JMP 0000000100070270
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                         00000000778013e0 5 bytes JMP 0000000100070400
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                     00000000778015a0 5 bytes JMP 00000001000701f0
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                      00000000778015b0 5 bytes JMP 0000000100070210
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                           0000000077801620 5 bytes JMP 0000000100070200
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                           0000000077801680 5 bytes JMP 0000000100070420
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                            0000000077801690 5 bytes JMP 0000000100070430
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                       00000000778016a0 5 bytes JMP 0000000100070220
.text    C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                               0000000077801780 5 bytes JMP 0000000100070280
.text    C:\Windows\system32\services.exe[636] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                    00000000776ef1bd 1 byte [62]
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                        00000000777fff60 5 bytes JMP 0000000077960460
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                                 00000000777fffb0 5 bytes JMP 0000000077960450
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                 0000000077800110 5 bytes JMP 0000000077960370
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                      0000000077800160 5 bytes JMP 0000000077960470
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                            0000000077800170 5 bytes JMP 00000000779603e0
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                 0000000077800220 5 bytes JMP 0000000077960320
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                          0000000077800250 5 bytes JMP 00000000779603b0
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                             0000000077800270 5 bytes JMP 0000000077960390
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                   00000000778002b0 5 bytes JMP 00000000779602e0
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                                 0000000077800330 5 bytes JMP 00000000779602d0
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                               0000000077800350 5 bytes JMP 0000000077960310
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                0000000077800390 5 bytes JMP 00000000779603c0
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                             00000000778003e0 5 bytes JMP 00000000779603f0
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                                0000000077800540 5 bytes JMP 0000000077960230
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                     0000000077800700 5 bytes JMP 0000000077960480
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                    0000000077800730 5 bytes JMP 00000000779603a0
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                             0000000077800810 5 bytes JMP 00000000779602f0
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                          0000000077800820 5 bytes JMP 0000000077960350
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                0000000077800880 5 bytes JMP 0000000077960290
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                             0000000077800910 5 bytes JMP 00000000779602b0
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                              0000000077800930 5 bytes JMP 00000000779603d0
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                                 0000000077800940 5 bytes JMP 0000000077960330
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                          00000000778009b0 5 bytes JMP 0000000077960410
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                             00000000778009e0 5 bytes JMP 0000000077960240
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                  0000000077800ca0 5 bytes JMP 00000000779601e0
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                             0000000077800d60 5 bytes JMP 0000000077960250
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                             0000000077800d90 5 bytes JMP 0000000077960490
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                    0000000077800da0 5 bytes JMP 00000000779604a0
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                               0000000077800dd0 5 bytes JMP 0000000077960300
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                            0000000077800de0 5 bytes JMP 0000000077960360
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                  0000000077800e40 5 bytes JMP 00000000779602a0
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                               0000000077800e90 5 bytes JMP 00000000779602c0
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                  0000000077800ec0 5 bytes JMP 0000000077960380
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                   0000000077800ed0 5 bytes JMP 0000000077960340
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                            00000000778011c0 5 bytes JMP 0000000077960440
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                           00000000778013c0 5 bytes JMP 0000000077960260
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                              00000000778013d0 5 bytes JMP 0000000077960270
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                            00000000778013e0 5 bytes JMP 0000000077960400
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                        00000000778015a0 5 bytes JMP 00000000779601f0
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                         00000000778015b0 5 bytes JMP 0000000077960210
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                              0000000077801620 5 bytes JMP 0000000077960200
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                              0000000077801680 5 bytes JMP 0000000077960420
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                               0000000077801690 5 bytes JMP 0000000077960430
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                          00000000778016a0 5 bytes JMP 0000000077960220
.text    C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                  0000000077801780 5 bytes JMP 0000000077960280
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                      00000000777fff60 5 bytes JMP 0000000077960460
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                               00000000777fffb0 5 bytes JMP 0000000077960450
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                               0000000077800110 5 bytes JMP 0000000077960370
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                    0000000077800160 5 bytes JMP 0000000077960470
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                          0000000077800170 5 bytes JMP 00000000779603e0
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                               0000000077800220 5 bytes JMP 0000000077960320
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                        0000000077800250 5 bytes JMP 00000000779603b0
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                           0000000077800270 5 bytes JMP 0000000077960390
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                 00000000778002b0 5 bytes JMP 00000000779602e0
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                               0000000077800330 5 bytes JMP 00000000779602d0
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                             0000000077800350 5 bytes JMP 0000000077960310
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                              0000000077800390 5 bytes JMP 00000000779603c0
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                           00000000778003e0 5 bytes JMP 00000000779603f0
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                              0000000077800540 5 bytes JMP 0000000077960230
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                   0000000077800700 5 bytes JMP 0000000077960480
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                  0000000077800730 5 bytes JMP 00000000779603a0
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                           0000000077800810 5 bytes JMP 00000000779602f0
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                        0000000077800820 5 bytes JMP 0000000077960350
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                              0000000077800880 5 bytes JMP 0000000077960290
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                           0000000077800910 5 bytes JMP 00000000779602b0
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                            0000000077800930 5 bytes JMP 00000000779603d0
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                               0000000077800940 5 bytes JMP 0000000077960330
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                        00000000778009b0 5 bytes JMP 0000000077960410
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                           00000000778009e0 5 bytes JMP 0000000077960240
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                0000000077800ca0 5 bytes JMP 00000000779601e0
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                           0000000077800d60 5 bytes JMP 0000000077960250
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                           0000000077800d90 5 bytes JMP 0000000077960490
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                  0000000077800da0 5 bytes JMP 00000000779604a0
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                             0000000077800dd0 5 bytes JMP 0000000077960300
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                          0000000077800de0 5 bytes JMP 0000000077960360
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                0000000077800e40 5 bytes JMP 00000000779602a0
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                             0000000077800e90 5 bytes JMP 00000000779602c0
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                0000000077800ec0 5 bytes JMP 0000000077960380
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                 0000000077800ed0 5 bytes JMP 0000000077960340
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                          00000000778011c0 5 bytes JMP 0000000077960440
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                         00000000778013c0 5 bytes JMP 0000000077960260
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                            00000000778013d0 5 bytes JMP 0000000077960270
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                          00000000778013e0 5 bytes JMP 0000000077960400
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                      00000000778015a0 5 bytes JMP 00000000779601f0
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                       00000000778015b0 5 bytes JMP 0000000077960210
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                            0000000077801620 5 bytes JMP 0000000077960200
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                            0000000077801680 5 bytes JMP 0000000077960420
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                             0000000077801690 5 bytes JMP 0000000077960430
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                        00000000778016a0 5 bytes JMP 0000000077960220
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                0000000077801780 5 bytes JMP 0000000077960280
.text    C:\Windows\System32\svchost.exe[984] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                     00000000776ef1bd 1 byte [62]
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                      00000000777fff60 5 bytes JMP 0000000077960460
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                               00000000777fffb0 5 bytes JMP 0000000077960450
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                               0000000077800110 5 bytes JMP 0000000077960370
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                    0000000077800160 5 bytes JMP 0000000077960470
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                          0000000077800170 5 bytes JMP 00000000779603e0
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                               0000000077800220 5 bytes JMP 0000000077960320
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                        0000000077800250 5 bytes JMP 00000000779603b0
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                           0000000077800270 5 bytes JMP 0000000077960390
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                 00000000778002b0 5 bytes JMP 00000000779602e0
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                               0000000077800330 5 bytes JMP 00000000779602d0
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                             0000000077800350 5 bytes JMP 0000000077960310
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                              0000000077800390 5 bytes JMP 00000000779603c0
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                           00000000778003e0 5 bytes JMP 00000000779603f0
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                              0000000077800540 5 bytes JMP 0000000077960230
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                   0000000077800700 5 bytes JMP 0000000077960480
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                  0000000077800730 5 bytes JMP 00000000779603a0
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                           0000000077800810 5 bytes JMP 00000000779602f0
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                        0000000077800820 5 bytes JMP 0000000077960350
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                              0000000077800880 5 bytes JMP 0000000077960290
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                           0000000077800910 5 bytes JMP 00000000779602b0
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                            0000000077800930 5 bytes JMP 00000000779603d0
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                               0000000077800940 5 bytes JMP 0000000077960330
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                        00000000778009b0 5 bytes JMP 0000000077960410
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                           00000000778009e0 5 bytes JMP 0000000077960240
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                0000000077800ca0 5 bytes JMP 00000000779601e0
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                           0000000077800d60 5 bytes JMP 0000000077960250
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                           0000000077800d90 5 bytes JMP 0000000077960490
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                  0000000077800da0 5 bytes JMP 00000000779604a0
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                             0000000077800dd0 5 bytes JMP 0000000077960300
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                          0000000077800de0 5 bytes JMP 0000000077960360
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                0000000077800e40 5 bytes JMP 00000000779602a0
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                             0000000077800e90 5 bytes JMP 00000000779602c0
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                0000000077800ec0 5 bytes JMP 0000000077960380
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                 0000000077800ed0 5 bytes JMP 0000000077960340
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                          00000000778011c0 5 bytes JMP 0000000077960440
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                         00000000778013c0 5 bytes JMP 0000000077960260
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                            00000000778013d0 5 bytes JMP 0000000077960270
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                          00000000778013e0 5 bytes JMP 0000000077960400
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                      00000000778015a0 5 bytes JMP 00000000779601f0
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                       00000000778015b0 5 bytes JMP 0000000077960210
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                            0000000077801620 5 bytes JMP 0000000077960200
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                            0000000077801680 5 bytes JMP 0000000077960420
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                             0000000077801690 5 bytes JMP 0000000077960430
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                        00000000778016a0 5 bytes JMP 0000000077960220
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                0000000077801780 5 bytes JMP 0000000077960280
.text    C:\Windows\System32\svchost.exe[356] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                     00000000776ef1bd 1 byte [62]
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                      00000000777fff60 5 bytes JMP 0000000100070460
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                               00000000777fffb0 5 bytes JMP 0000000100070450
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                               0000000077800110 5 bytes JMP 0000000100070370
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                    0000000077800160 5 bytes JMP 0000000100070470
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                          0000000077800170 5 bytes JMP 00000001000703e0
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                               0000000077800220 5 bytes JMP 0000000100070320
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                        0000000077800250 5 bytes JMP 00000001000703b0
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                           0000000077800270 5 bytes JMP 0000000100070390
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                 00000000778002b0 5 bytes JMP 00000001000702e0
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                               0000000077800330 5 bytes JMP 00000001000702d0
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                             0000000077800350 5 bytes JMP 0000000100070310
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                              0000000077800390 5 bytes JMP 00000001000703c0
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                           00000000778003e0 5 bytes JMP 00000001000703f0
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                              0000000077800540 5 bytes JMP 0000000100070230
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                   0000000077800700 5 bytes JMP 0000000100070480
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                  0000000077800730 5 bytes JMP 00000001000703a0
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                           0000000077800810 5 bytes JMP 00000001000702f0
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                        0000000077800820 5 bytes JMP 0000000100070350
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                              0000000077800880 5 bytes JMP 0000000100070290
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                           0000000077800910 5 bytes JMP 00000001000702b0
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                            0000000077800930 5 bytes JMP 00000001000703d0
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                               0000000077800940 5 bytes JMP 0000000100070330
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                        00000000778009b0 5 bytes JMP 0000000100070410
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                           00000000778009e0 5 bytes JMP 0000000100070240
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                0000000077800ca0 5 bytes JMP 00000001000701e0
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                           0000000077800d60 5 bytes JMP 0000000100070250
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                           0000000077800d90 5 bytes JMP 0000000100070490
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                  0000000077800da0 5 bytes JMP 00000001000704a0
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                             0000000077800dd0 5 bytes JMP 0000000100070300
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                          0000000077800de0 5 bytes JMP 0000000100070360
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                0000000077800e40 5 bytes JMP 00000001000702a0
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                             0000000077800e90 5 bytes JMP 00000001000702c0
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                0000000077800ec0 5 bytes JMP 0000000100070380
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                 0000000077800ed0 5 bytes JMP 0000000100070340
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                          00000000778011c0 5 bytes JMP 0000000100070440
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                         00000000778013c0 5 bytes JMP 0000000100070260
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                            00000000778013d0 5 bytes JMP 0000000100070270
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                          00000000778013e0 5 bytes JMP 0000000100070400
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                      00000000778015a0 5 bytes JMP 00000001000701f0
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                       00000000778015b0 5 bytes JMP 0000000100070210
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                            0000000077801620 5 bytes JMP 0000000100070200
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                            0000000077801680 5 bytes JMP 0000000100070420
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                             0000000077801690 5 bytes JMP 0000000100070430
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                        00000000778016a0 5 bytes JMP 0000000100070220
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                0000000077801780 5 bytes JMP 0000000100070280
.text    C:\Windows\system32\svchost.exe[472] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                     00000000776ef1bd 1 byte [62]
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                     00000000777fff60 5 bytes JMP 0000000077960460
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                              00000000777fffb0 5 bytes JMP 0000000077960450
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                              0000000077800110 5 bytes JMP 0000000077960370
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                   0000000077800160 5 bytes JMP 0000000077960470
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                         0000000077800170 5 bytes JMP 00000000779603e0
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                              0000000077800220 5 bytes JMP 0000000077960320
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                       0000000077800250 5 bytes JMP 00000000779603b0
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                          0000000077800270 5 bytes JMP 0000000077960390
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                00000000778002b0 5 bytes JMP 00000000779602e0
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                              0000000077800330 5 bytes JMP 00000000779602d0
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                            0000000077800350 5 bytes JMP 0000000077960310
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                             0000000077800390 5 bytes JMP 00000000779603c0
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                          00000000778003e0 5 bytes JMP 00000000779603f0
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                             0000000077800540 5 bytes JMP 0000000077960230
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                  0000000077800700 5 bytes JMP 0000000077960480
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                 0000000077800730 5 bytes JMP 00000000779603a0
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                          0000000077800810 5 bytes JMP 00000000779602f0
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                       0000000077800820 5 bytes JMP 0000000077960350
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                             0000000077800880 5 bytes JMP 0000000077960290
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                          0000000077800910 5 bytes JMP 00000000779602b0
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                           0000000077800930 5 bytes JMP 00000000779603d0
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                              0000000077800940 5 bytes JMP 0000000077960330
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                       00000000778009b0 5 bytes JMP 0000000077960410
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                          00000000778009e0 5 bytes JMP 0000000077960240
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                               0000000077800ca0 5 bytes JMP 00000000779601e0
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                          0000000077800d60 5 bytes JMP 0000000077960250
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                          0000000077800d90 5 bytes JMP 0000000077960490
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                 0000000077800da0 5 bytes JMP 00000000779604a0
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                            0000000077800dd0 5 bytes JMP 0000000077960300
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                         0000000077800de0 5 bytes JMP 0000000077960360
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                               0000000077800e40 5 bytes JMP 00000000779602a0
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                            0000000077800e90 5 bytes JMP 00000000779602c0
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                               0000000077800ec0 5 bytes JMP 0000000077960380
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                0000000077800ed0 5 bytes JMP 0000000077960340
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                         00000000778011c0 5 bytes JMP 0000000077960440
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                        00000000778013c0 5 bytes JMP 0000000077960260
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                           00000000778013d0 5 bytes JMP 0000000077960270
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                         00000000778013e0 5 bytes JMP 0000000077960400
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                     00000000778015a0 5 bytes JMP 00000000779601f0
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                      00000000778015b0 5 bytes JMP 0000000077960210
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                           0000000077801620 5 bytes JMP 0000000077960200
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                           0000000077801680 5 bytes JMP 0000000077960420
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                            0000000077801690 5 bytes JMP 0000000077960430
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                       00000000778016a0 5 bytes JMP 0000000077960220
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                               0000000077801780 5 bytes JMP 0000000077960280
.text    C:\Windows\system32\svchost.exe[1132] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                    00000000776ef1bd 1 byte [62]
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                                                             00000000777fff60 5 bytes JMP 0000000077960460
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                                                                      00000000777fffb0 5 bytes JMP 0000000077960450
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                                                                      0000000077800110 5 bytes JMP 0000000077960370
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                                                           0000000077800160 5 bytes JMP 0000000077960470
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                                                                 0000000077800170 5 bytes JMP 00000000779603e0
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                                                                      0000000077800220 5 bytes JMP 0000000077960320
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                                               0000000077800250 5 bytes JMP 00000000779603b0
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                                                                  0000000077800270 5 bytes JMP 0000000077960390
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                                                        00000000778002b0 5 bytes JMP 00000000779602e0
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                                                                      0000000077800330 5 bytes JMP 00000000779602d0
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                                                                    0000000077800350 5 bytes JMP 0000000077960310
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                                                                     0000000077800390 5 bytes JMP 00000000779603c0
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                                                                  00000000778003e0 5 bytes JMP 00000000779603f0
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                                                                     0000000077800540 5 bytes JMP 0000000077960230
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                                                          0000000077800700 5 bytes JMP 0000000077960480
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                                                         0000000077800730 5 bytes JMP 00000000779603a0
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                                                                  0000000077800810 5 bytes JMP 00000000779602f0
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                                                               0000000077800820 5 bytes JMP 0000000077960350
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                                                                     0000000077800880 5 bytes JMP 0000000077960290
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                                                                  0000000077800910 5 bytes JMP 00000000779602b0
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                                                   0000000077800930 5 bytes JMP 00000000779603d0
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                                                                      0000000077800940 5 bytes JMP 0000000077960330
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                                                               00000000778009b0 5 bytes JMP 0000000077960410
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                                                                  00000000778009e0 5 bytes JMP 0000000077960240
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                                                       0000000077800ca0 5 bytes JMP 00000000779601e0
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                                                                  0000000077800d60 5 bytes JMP 0000000077960250
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                                                                  0000000077800d90 5 bytes JMP 0000000077960490
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                                         0000000077800da0 5 bytes JMP 00000000779604a0
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                                                                    0000000077800dd0 5 bytes JMP 0000000077960300
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                                                                 0000000077800de0 5 bytes JMP 0000000077960360
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                                                       0000000077800e40 5 bytes JMP 00000000779602a0
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                                                                    0000000077800e90 5 bytes JMP 00000000779602c0
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                                                       0000000077800ec0 5 bytes JMP 0000000077960380
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                                                        0000000077800ed0 5 bytes JMP 0000000077960340
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                                                                 00000000778011c0 5 bytes JMP 0000000077960440
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                                                                00000000778013c0 5 bytes JMP 0000000077960260
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                                                                   00000000778013d0 5 bytes JMP 0000000077960270
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                                                 00000000778013e0 5 bytes JMP 0000000077960400
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                                                             00000000778015a0 5 bytes JMP 00000000779601f0
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                                                              00000000778015b0 5 bytes JMP 0000000077960210
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                                                                   0000000077801620 5 bytes JMP 0000000077960200
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                                                                   0000000077801680 5 bytes JMP 0000000077960420
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                                                                    0000000077801690 5 bytes JMP 0000000077960430
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                                                               00000000778016a0 5 bytes JMP 0000000077960220
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                                                       0000000077801780 5 bytes JMP 0000000077960280
.text    C:\Windows\Explorer.EXE[1428] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                            00000000776ef1bd 1 byte [62]
.text    C:\Program Files (x86)\WinZipper\winzipersvc.exe[1448] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                                   0000000076f3b0c5 1 byte [62]
.text    C:\Windows\system32\taskhost.exe[1716] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                   00000000776ef1bd 1 byte [62]
.text    C:\Program Files\AVAST Software\Avast\avastui.exe[2368] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                                                                                                           0000000076f1d03c 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text    C:\Program Files\AVAST Software\Avast\avastui.exe[2368] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                                  0000000076f3b0c5 1 byte [62]
.text    C:\Windows\system32\SearchIndexer.exe[1264] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                              00000000776ef1bd 1 byte [62]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[4384] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                 00000000776ef1bd 1 byte [62]
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[1988] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                                       0000000076f3b0c5 1 byte [62]
.text    C:\Windows\notepad.exe[2976] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                             00000000776ef1bd 1 byte [62]
.text    C:\Windows\notepad.exe[328] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                              00000000776ef1bd 1 byte [62]
.text    C:\Windows\system32\notepad.exe[3120] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                    00000000776ef1bd 1 byte [62]
.text    C:\Windows\system32\notepad.exe[3112] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                    00000000776ef1bd 1 byte [62]
.text    C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                                     0000000076f3b0c5 1 byte [62]
.text    C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                                   0000000077961401 2 bytes JMP 76f2eb26 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                                     0000000077961419 2 bytes JMP 76f3b513 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                                   0000000077961431 2 bytes JMP 76fb8609 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                                   000000007796144a 2 bytes CALL 76f11dfa C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                                            * 9
.text    C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                                      00000000779614dd 2 bytes JMP 76fb7efe C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                               00000000779614f5 2 bytes JMP 76fb80d8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                                      000000007796150d 2 bytes JMP 76fb7df4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                               0000000077961525 2 bytes JMP 76fb81c2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                                     000000007796153d 2 bytes JMP 76f2f088 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                                          0000000077961555 2 bytes JMP 76f3b885 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                                   000000007796156d 2 bytes JMP 76fb86c1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                                     0000000077961585 2 bytes JMP 76fb8222 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                                        000000007796159d 2 bytes JMP 76fb7db8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                                     00000000779615b5 2 bytes JMP 76f2f121 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                                   00000000779615cd 2 bytes JMP 76f3b29f C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                               00000000779616b2 2 bytes JMP 76fb8584 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                               00000000779616bd 2 bytes JMP 76fb7d4d C:\Windows\syswow64\kernel32.dll
.text    C:\Users\darek\AppData\Local\Temp\WzEF251.tmp\gmer.exe[4396] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                             0000000076f3b0c5 1 byte [62]

---- Threads - GMER 2.1 ----

Thread   C:\Windows\system32\AUDIODG.EXE [724:4224]                                                                                                                                                                                                     0000000069395658
Thread   C:\Windows\system32\AUDIODG.EXE [724:4540]                                                                                                                                                                                                     0000000069382104
Thread   C:\Windows\system32\AUDIODG.EXE [724:1812]                                                                                                                                                                                                     000007fef1f07cfc
---- Processes - GMER 2.1 ----

Library  C:\Users\darek\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1428] (Microsoft SkyDrive Shell Extension/Microsoft Corporation)(2014-02-15 21:35:53)                 000007fef9f90000
Library  C:\Users\darek\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\MSVCP110.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1428] (Microsoft® C Runtime Library/Microsoft Corporation)(2014-02-15 21:35:52)                              000007fef9ee0000
Library  C:\Users\darek\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\MSVCR110.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1428] (Microsoft® C Runtime Library/Microsoft Corporation)(2014-02-15 21:35:53)                              000007fef9e10000
Library  C:\Users\darek\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (*** suspicious ***) @ C:\Program Files (x86)\Skype\Phone\Skype.exe [1988] (Microsoft SkyDrive Shell Extension/Microsoft Corporation)(2014-02-15 21:35:44)    000000006f8b0000
Library  C:\Users\darek\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\MSVCP110.dll (*** suspicious ***) @ C:\Program Files (x86)\Skype\Phone\Skype.exe [1988] (Microsoft® C Runtime Library/Microsoft Corporation)(2014-02-15 21:35:39)               000000006ef00000
Library  C:\Users\darek\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\MSVCR110.dll (*** suspicious ***) @ C:\Program Files (x86)\Skype\Phone\Skype.exe [1988] (Microsoft® C Runtime Library/Microsoft Corporation)(2014-02-15 21:35:40)               000000006ee20000
Library  C:\Users\darek\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\Telemetry.dll (*** suspicious ***) @ C:\Program Files (x86)\Skype\Phone\Skype.exe [1988] (Telemetry Library/Microsoft Corporation)(2014-02-15 21:35:47)                         000000006ed90000
Library  C:\Users\darek\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\logging.dll (*** suspicious ***) @ C:\Program Files (x86)\Skype\Phone\Skype.exe [1988] (Logging Library/Microsoft Corporation)(2014-02-15 21:35:38)                             0000000074680000
Library  C:\Users\darek\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (*** suspicious ***) @ C:\Program Files (x86)\WinZipper\WinZipper.exe [2600] (Microsoft SkyDrive Shell Extension/Microsoft Corporation)(2014-02-15 21:35:44)  000000006f8b0000
Library  C:\Users\darek\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\MSVCP110.dll (*** suspicious ***) @ C:\Program Files (x86)\WinZipper\WinZipper.exe [2600] (Microsoft® C Runtime Library/Microsoft Corporation)(2014-02-15 21:35:39)             000000006ef00000
Library  C:\Users\darek\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\MSVCR110.dll (*** suspicious ***) @ C:\Program Files (x86)\WinZipper\WinZipper.exe [2600] (Microsoft® C Runtime Library/Microsoft Corporation)(2014-02-15 21:35:40)             000000006ee20000
Library  C:\Users\darek\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\Telemetry.dll (*** suspicious ***) @ C:\Program Files (x86)\WinZipper\WinZipper.exe [2600] (Telemetry Library/Microsoft Corporation)(2014-02-15 21:35:47)                       000000006ed90000
Library  C:\Users\darek\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\logging.dll (*** suspicious ***) @ C:\Program Files (x86)\WinZipper\WinZipper.exe [2600] (Logging Library/Microsoft Corporation)(2014-02-15 21:35:38)                           0000000074680000
Process  C:\Users\darek\AppData\Local\Temp\WzEF251.tmp\gmer.exe (*** suspicious ***) @ C:\Users\darek\AppData\Local\Temp\WzEF251.tmp\gmer.exe [4396](2014-06-21 19:48:49)                                                                               0000000000400000

---- EOF - GMER 2.1 ----

[/log]

 

Jak coś źle podałem to napiszcie co i jak zrobić dobrze to to zrobie.. Bardzo bym prosił o pomoc.. ;x

 

RoNnI
komentarz
komentarz

Keyloggera łatwo sprawdzić ,  naciskasz przycisk windowsa+R na pulpicie lub wyszukujesz "Uruchom" i gdy pojawi sie okienko wpisujesz "cmd" wtedy otwiera sie konsola w której wpisujesz "netstat -ano" wyjdzie lista(długa w zależności od włączonych procesów) i jeśli po prawej stronie przy któreś będzie podsłuchiwanie to oznacza że ktos ci wysłał keyloggera , a jeśli wszedzie jest nasłuchiwanie to wszystko w normie, sprawdź też czy po lewej będzie gdzieś jakiś obcy adres.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.