Leeder utworzono 21 czerwca 2014 utworzono 21 czerwca 2014 Ostatnio straciłem 3 konta i podejrzewam, że to nie jest przypadek. Myślę, że to jest keylogger.. Bardzo bym was prosił o pomoc.. LOGI: OTL [log]OTL logfile created on: 2014-06-21 21:24:26 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\darek\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,95 Gb Total Physical Memory | 0,53 Gb Available Physical Memory | 27,47% Memory free 3,89 Gb Paging File | 1,66 Gb Available in Paging File | 42,58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 102,68 Gb Total Space | 59,01 Gb Free Space | 57,47% Space Free | Partition Type: NTFS Drive D: | 97,66 Gb Total Space | 48,25 Gb Free Space | 49,41% Space Free | Partition Type: NTFS Drive E: | 97,66 Gb Total Space | 78,95 Gb Free Space | 80,85% Space Free | Partition Type: NTFS Computer Name: DAREK-KOMPUTER | User Name: darek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014-06-21 21:22:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\darek\Downloads\OTL.exe PRC - [2014-06-21 16:05:24 | 002,392,064 | ---- | M] (CipSoft GmbH) -- C:\Users\darek\Desktop\Mateusz\NSS 2.0\Tibia.exe PRC - [2014-06-18 20:20:38 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe PRC - [2014-06-18 20:05:54 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2014-06-10 22:39:34 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2014-01-22 12:45:58 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe PRC - [2014-01-22 12:45:58 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe PRC - [2013-11-08 22:39:51 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013-08-23 14:10:09 | 000,424,104 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) -- C:\Program Files (x86)\WinZipper\winzipersvc.exe PRC - [2013-06-15 16:52:21 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe PRC - [2010-12-21 04:30:38 | 002,656,280 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010-12-21 04:30:36 | 000,325,656 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ========== Modules (No Company Name) ========== MOD - [2014-06-21 16:05:24 | 001,445,888 | ---- | M] () -- E:\ElfBot NG\elfbot.dll MOD - [2014-06-18 20:05:55 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll MOD - [2014-06-10 22:39:30 | 003,852,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013-06-15 16:52:21 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll MOD - [2010-08-23 15:46:48 | 000,659,456 | ---- | M] () -- C:\Windows\SysWOW64\vmprp332.ax MOD - [2010-01-30 03:41:12 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2009-12-09 15:19:54 | 000,036,352 | ---- | M] () -- E:\ElfBot NG\elfload.dll ========== Services (SafeList) ========== SRV:64bit: - [2014-06-18 20:05:54 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2011-01-30 19:22:58 | 000,499,200 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent) SRV:64bit: - [2011-01-30 19:17:08 | 000,885,248 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv) SRV:64bit: - [2011-01-05 13:41:38 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2011-01-05 13:28:50 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2011-01-05 13:26:56 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2014-06-10 22:39:30 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014-01-22 12:45:58 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (KMService) SRV - [2013-11-08 22:39:51 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013-11-06 18:29:46 | 004,609,416 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2013-10-23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013-08-23 14:10:09 | 000,424,104 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) [Auto | Running] -- C:\Program Files (x86)\WinZipper\winzipersvc.exe -- (winzipersvc) SRV - [2013-07-20 12:26:26 | 000,148,000 | ---- | M] (DealPly Technologies Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe -- (dealplylivem) SRV - [2013-07-20 12:26:26 | 000,148,000 | ---- | M] (DealPly Technologies Ltd) [Auto | Stopped] -- C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe -- (dealplylive) SRV - [2012-07-09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-12-21 04:30:38 | 002,656,280 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010-12-21 04:30:36 | 000,325,656 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2014-06-18 20:17:45 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx) DRV:64bit: - [2014-06-18 20:17:45 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP) DRV:64bit: - [2014-06-18 20:17:45 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm) DRV:64bit: - [2014-06-18 20:05:56 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2014-06-18 20:05:56 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2014-06-18 20:05:56 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2014-06-18 20:05:56 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2014-06-18 20:05:56 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid) DRV:64bit: - [2013-08-13 01:10:26 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6) DRV:64bit: - [2013-06-14 09:11:05 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr) DRV:64bit: - [2013-06-14 09:11:01 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC) DRV:64bit: - [2013-02-05 23:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012-07-18 14:58:24 | 000,132,104 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zghsser.sys -- (zghsser) DRV:64bit: - [2012-06-20 12:51:32 | 000,020,232 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs) DRV:64bit: - [2011-04-08 03:59:58 | 001,430,576 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011-03-25 12:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011-03-10 11:01:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011-01-18 11:16:04 | 000,075,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum) DRV:64bit: - [2010-12-10 19:43:40 | 000,234,960 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs) DRV:64bit: - [2010-11-24 11:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010-10-21 08:57:30 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010-10-20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010-09-30 10:45:22 | 000,299,520 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2010-09-21 22:04:54 | 000,015,056 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm2uvcflt.sys -- (vm2uvcflt) DRV:64bit: - [2009-07-14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009-07-14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009-07-14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009-07-14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009-03-18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXN1A717802478024&ts=1380211191 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com/web/?utm_source=b&utm_medium=bnd&from=bnd&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXN1A717802478024&ts=0 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXN1A717802478024&ts=1380211191 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXN1A717802478024&ts=1380211191 IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files (x86)\SiteFinder\SiteFinder.dll (Site Finder) IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com/web/?utm_source=b&utm_medium=bnd&from=bnd&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXN1A717802478024&ts=0 IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6CD000FF4EFF94D8&affID=128491&tsp=5190 IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXN1A717802478024&ts=1377259841 IE - HKCU\..\SearchScopes\{A8160AF9-3E1B-40EA-A2A0-1F9877FEFCEC}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=512435&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_38: C:\Windows\system32\npdeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd) FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd) FF - HKLM\Software\MozillaPlugins\BYOND: C:\Program Files (x86)\BYOND\bin\npbyond.dll File not found FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\darek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-18 20:05:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014-04-30 07:35:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\support@mozilla.com: C:\Users\darek\AppData\Roaming\support@mozilla.com [2013-10-05 20:15:05 | 000,000,000 | ---D | M] [2013-06-15 16:29:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\darek\AppData\Roaming\mozilla\Extensions [2014-06-04 21:41:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\darek\AppData\Roaming\mozilla\Firefox\Profiles\ce1yzzxv.default-1401462181965\extensions [2014-04-13 13:36:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\darek\AppData\Roaming\mozilla\Firefox\Profiles\g5oicw0c.default-1377648373679\Extensions [2014-02-13 19:40:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\darek\AppData\Roaming\mozilla\Firefox\Profilesg5oicw0c.default-1377648373679\extensions [2014-02-13 19:40:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\darek\AppData\Roaming\mozilla\Firefox\Profilesg5oicw0c.default-1377648373679\extensions\staged [2014-06-04 21:41:06 | 000,967,387 | ---- | M] () (No name found) -- C:\Users\darek\AppData\Roaming\mozilla\firefox\profiles\ce1yzzxv.default-1401462181965\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-30 07:35:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2014-06-10 22:39:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2014-04-30 07:35:47 | 000,000,000 | ---D | M] (Hotspot Shield Extension) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\afext@anchorfree.com [2014-06-10 19:22:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\updated\browser\extensions [2014-06-10 19:23:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2014-06-10 19:22:45 | 000,000,000 | ---D | M] (Hotspot Shield Extension) -- C:\Program Files (x86)\mozilla firefox\updated\browser\extensions\afext@anchorfree.com ========== Chrome ========== CHR - homepage: http://www.google.com CHR - Extension: No name found = C:\Users\darek\AppData\Local\Google\Chrome\User Data\default\extensions\beahobhgpojnjfdjglaehfhdanaioode\1.4_0\ CHR - Extension: No name found = C:\Users\darek\AppData\Local\Google\Chrome\User Data\default\extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0\ CHR - Extension: No name found = C:\Users\darek\AppData\Local\Google\Chrome\User Data\default\extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_1\ CHR - Extension: No name found = C:\Users\darek\AppData\Local\Google\Chrome\User Data\default\extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_2\ CHR - Extension: No name found = C:\Users\darek\AppData\Local\Google\Chrome\User Data\default\extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0\ CHR - Extension: No name found = C:\Users\darek\AppData\Local\Google\Chrome\User Data\default\extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_1\ CHR - Extension: No name found = C:\Users\darek\AppData\Local\Google\Chrome\User Data\default\extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_2\ CHR - Extension: No name found = C:\Users\darek\AppData\Local\Google\Chrome\User Data\default\extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_3\ CHR - Extension: No name found = C:\Users\darek\AppData\Local\Google\Chrome\User Data\default\extensions\fkjonigebafgfomfofbodcbbijbibokl\14062.617.6371_0\crossrider CHR - Extension: No name found = C:\Users\darek\AppData\Local\Google\Chrome\User Data\default\extensions\fkjonigebafgfomfofbodcbbijbibokl\14062.617.6371_0\ CHR - Extension: No name found = C:\Users\darek\AppData\Local\Google\Chrome\User Data\default\extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\0.0.4.1_0\ CHR - Extension: No name found = C:\Users\darek\AppData\Local\Google\Chrome\User Data\default\extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\0.0.4.1_1\ CHR - Extension: No name found = C:\Users\darek\AppData\Local\Google\Chrome\User Data\default\extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\0.0.4.1_2\ CHR - Extension: No name found = C:\Users\darek\AppData\Local\Google\Chrome\User Data\default\extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\1.1.4.7_0\ CHR - Extension: No name found = C:\Users\darek\AppData\Local\Google\Chrome\User Data\default\extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_1\ O1 HOSTS File: ([2014-04-12 16:35:29 | 000,000,059 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 198.144.182.42 O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (no name) - {ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} - No CLSID value found. O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (buenosearch Helper Object) - {F1C81E40-2485-4DB6-8C9D-04BD596B281E} - C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\bh\buenosearch.dll (Montiera Technologies LTD) O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (buenosearch Toolbar) - {828DC97A-2277-4E10-92A9-4907FA0922A9} - C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\buenosearchTlbr.dll (Montiera Technologies LTD) O3 - HKLM\..\Toolbar: (SiteFinder) - {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files (x86)\SiteFinder\SiteFinder.dll (Site Finder) O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) O4 - HKCU..\Run: [spoolsv32] C:\Windows\SysWow64\javaw.exe (Oracle Corporation) O4 - Startup: C:\Users\darek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\trzD50B.tmp () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:64bit: - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O9 - Extra Button: Site Finder - {CCC7B152-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files (x86)\SiteFinder\SiteFinder.dll (Site Finder) O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.1 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{062F3F4F-ACCE-41E6-9095-5E1FD034BBCB}: DhcpNameServer = 192.168.3.1 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0841DEAA-D24A-482E-8FF9-DDB1A76FCC8D}: DhcpNameServer = 192.168.42.129 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (e:\lol\rads\projects\lol_air_client\releases\0.0.1.63\deploy\lolclientsrv.exe) - File not found O20 - HKLM Winlogon: UserInit - (c:\program files (x86)\microsoft\desktoplayer.exe) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2014-05-15 19:21:24 | 000,000,205 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2014-02-06 20:31:42 | 000,000,218 | RHS- | M] () - E:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (aswBoot.exe /M:22e4a9e5c /wow /dir:"C:\Program Files\AVAST Software\Avast") O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014-06-21 15:47:37 | 000,000,000 | ---D | C] -- C:\Users\darek\Desktop\Mateusz [2014-06-20 01:10:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElfBot NG [2014-06-19 20:35:38 | 000,000,000 | ---D | C] -- C:\Users\darek\AppData\Local\gtk-2.0 [2014-06-18 20:11:11 | 000,000,000 | ---D | C] -- C:\Users\darek\AppData\Roaming\AVAST Software [2014-06-18 20:06:11 | 000,085,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys [2014-06-18 20:05:55 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2014-06-14 14:37:40 | 000,000,000 | ---D | C] -- C:\Users\darek\Desktop\programy ;3 [2014-06-14 14:34:30 | 000,000,000 | ---D | C] -- C:\Users\darek\Desktop\Mama [2014-06-03 23:47:45 | 000,000,000 | ---D | C] -- C:\Users\darek\otNaruto [4 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\darek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.tmp files -> C:\Users\darek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.tmp -> ] [1 C:\Users\darek\AppData\Local\*.tmp files -> C:\Users\darek\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014-06-21 21:31:02 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\DealPlyLiveUpdateTaskMachineUA.job [2014-06-21 20:58:04 | 000,383,101 | ---- | M] () -- C:\Users\darek\Desktop\dd.png [2014-06-21 15:08:04 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014-06-21 15:08:04 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014-06-21 15:06:57 | 001,673,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014-06-21 15:06:57 | 000,742,054 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2014-06-21 15:06:57 | 000,655,590 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014-06-21 15:06:57 | 000,156,040 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2014-06-21 15:06:57 | 000,121,932 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014-06-21 15:00:49 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\DealPlyLiveUpdateTaskMachineCore.job [2014-06-21 15:00:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014-06-21 14:59:27 | 1566,461,952 | -HS- | M] () -- C:\hiberfil.sys [2014-06-20 11:46:11 | 001,568,600 | ---- | M] () -- C:\Users\darek\Desktop\Jason Derulo - Wiggle ft. Snoop Dogg (Audio).mp3 [2014-06-19 22:39:12 | 001,646,182 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2014-06-19 20:46:38 | 000,003,030 | ---- | M] () -- C:\Users\darek\AppData\Local\recently-used.xbel [2014-06-18 20:17:45 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys [2014-06-18 20:17:45 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys [2014-06-18 20:17:45 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys [2014-06-18 20:05:56 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys.1403115464210 [2014-06-18 20:05:56 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys.1403115464210 [2014-06-18 20:05:56 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2014-06-18 20:05:56 | 000,208,416 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2014-06-18 20:05:56 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2014-06-18 20:05:56 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2014-06-18 20:05:56 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2014-06-18 20:05:56 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys [2014-06-18 20:05:55 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2014-06-18 19:58:54 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2014-06-18 10:23:50 | 003,763,334 | ---- | M] () -- C:\Users\darek\Desktop\zdjęcia.zip [2014-06-17 17:03:12 | 001,732,649 | ---- | M] () -- C:\Users\darek\Desktop\Indila - Dernière Danse.mp3 [2014-06-16 20:23:52 | 001,749,159 | ---- | M] () -- C:\Users\darek\Desktop\Mateusz Mijal - Zabijasz mnie TEKST.mp3 [4 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\darek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.tmp files -> C:\Users\darek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.tmp -> ] [1 C:\Users\darek\AppData\Local\*.tmp files -> C:\Users\darek\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2014-06-21 20:58:03 | 000,383,101 | ---- | C] () -- C:\Users\darek\Desktop\dd.png [2014-06-20 11:45:14 | 001,568,600 | ---- | C] () -- C:\Users\darek\Desktop\Jason Derulo - Wiggle ft. Snoop Dogg (Audio).mp3 [2014-06-19 20:46:38 | 000,003,030 | ---- | C] () -- C:\Users\darek\AppData\Local\recently-used.xbel [2014-06-18 20:06:08 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys [2014-06-18 10:22:51 | 003,763,334 | ---- | C] () -- C:\Users\darek\Desktop\zdjęcia.zip [2014-06-17 17:01:23 | 001,732,649 | ---- | C] () -- C:\Users\darek\Desktop\Indila - Dernière Danse.mp3 [2014-06-16 20:21:59 | 001,749,159 | ---- | C] () -- C:\Users\darek\Desktop\Mateusz Mijal - Zabijasz mnie TEKST.mp3 [2014-04-22 14:54:49 | 000,000,147 | ---- | C] () -- C:\Users\darek\AppData\Roaming\config.ini [2014-04-22 14:54:35 | 001,213,440 | ---- | C] () -- C:\Users\darek\AppData\Roaming\79354.exe [2014-04-12 18:23:48 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2014-02-12 14:34:07 | 000,175,104 | -HS- | C] () -- C:\Users\darek\b38L10pB.UK4 [2014-02-11 21:53:43 | 000,000,023 | ---- | C] () -- C:\Users\darek\AppData\Roaming\tbi86.dll [2014-01-22 18:26:55 | 000,000,000 | ---- | C] () -- C:\Users\darek\AppData\Local\{9A9DEA52-FC34-4D31-9FD5-401459935F48} [2014-01-22 12:46:11 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe [2014-01-22 12:46:11 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2014-01-21 22:51:52 | 000,584,584 | ---- | C] () -- C:\Windows\adb.exe [2014-01-02 08:16:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2014-01-02 08:16:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2014-01-02 08:16:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2014-01-02 08:16:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2014-01-02 08:16:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013-12-30 14:41:32 | 000,000,030 | ---- | C] () -- C:\Users\darek\AppData\Roaming\WB.CFG [2013-11-11 18:30:50 | 093,027,983 | ---- | C] () -- C:\Users\darek\AppData\Roaming\MeinPack 4.0 Instalacja.exe [2013-11-03 18:29:02 | 000,282,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013-11-03 18:28:59 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013-11-03 18:28:58 | 002,484,592 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_p4f.exe [2013-09-29 11:18:07 | 000,000,000 | -HS- | C] () -- C:\Users\darek\AppData\Local\LumaEmu [2013-09-16 20:19:18 | 000,000,414 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2013-08-22 22:33:55 | 000,000,000 | ---- | C] () -- C:\Users\darek\AppData\Local\{F3D23752-0DF4-4FD9-9E23-2257F24B5A85} [2013-08-20 17:08:45 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll [2013-07-12 14:25:00 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE [2013-07-12 14:25:00 | 000,000,189 | ---- | C] () -- C:\Windows\ODBCINST.INI [2013-07-12 14:25:00 | 000,000,132 | ---- | C] () -- C:\Windows\ODBC.INI [2013-07-12 14:25:00 | 000,000,117 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.INI [2013-07-11 16:59:10 | 000,000,501 | ---- | C] () -- C:\Windows\my.ini [2013-06-22 00:35:17 | 000,013,262 | ---- | C] () -- C:\Users\darek\AppData\Roaming\sqlite.jar [2013-06-22 00:35:15 | 000,803,987 | ---- | C] () -- C:\Users\darek\AppData\Roaming\java_u.jar [2013-06-19 20:21:49 | 001,646,182 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013-06-14 09:08:04 | 000,001,823 | ---- | C] () -- C:\Windows\vm332Rmv.ini [2013-06-14 09:08:04 | 000,001,823 | ---- | C] () -- C:\Windows\SysWow64\vm332Rmv.ini [2013-06-14 09:03:13 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2013-06-14 08:45:12 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2013-06-14 08:45:12 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2013-06-14 08:45:12 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2013-05-28 22:22:48 | 000,641,024 | ---- | C] () -- C:\Windows\SysWow64\ficvdec_x86.dll [2012-07-02 22:11:02 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\theowl.dll ========== ZeroAccess Check ========== [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2009-07-14 03:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009-07-14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 248 bytes -> C:\ProgramData\TEMP:6BE50C2B @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4EE74317 < End of report > [/log] Extras: [log] OTL Extras logfile created on: 2014-06-21 21:24:26 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\darek\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,95 Gb Total Physical Memory | 0,53 Gb Available Physical Memory | 27,47% Memory free 3,89 Gb Paging File | 1,66 Gb Available in Paging File | 42,58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 102,68 Gb Total Space | 59,01 Gb Free Space | 57,47% Space Free | Partition Type: NTFS Drive D: | 97,66 Gb Total Space | 48,25 Gb Free Space | 49,41% Space Free | Partition Type: NTFS Drive E: | 97,66 Gb Total Space | 78,95 Gb Free Space | 80,85% Space Free | Partition Type: NTFS Computer Name: DAREK-KOMPUTER | User Name: darek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusOverride" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "FirewallOverride" = 1 "UpdatesDisableNotify" = 1 "UacDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "FirewallOverride" = 1 "UpdatesDisableNotify" = 1 "UacDisableNotify" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 1 "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "E:\Action!\Action.exe" = E:\Action!\Action.exe:*:Enabled:ipsec "C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" = C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe:*:Enabled:ipsec "C:\Program Files (x86)\Skype\Phone\Skype.exe" = C:\Program Files (x86)\Skype\Phone\Skype.exe:*:Enabled:ipsec -- (Skype Technologies S.A.) "C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe" = C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe:*:Enabled:ipsec -- (Adobe Systems, Inc.) "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" = C:\Program Files (x86)\Mozilla Firefox\firefox.exe:*:Enabled:ipsec -- (Mozilla Corporation) "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe:*:Enabled:ipsec "C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" = C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe:*:Enabled:ipsec -- (Mozilla Corporation) "C:\Windows\SysWOW64\netsh.exe" = C:\Windows\SysWOW64\netsh.exe:*:Enabled:ipsec -- (Microsoft Corporation) "C:\Program Files (x86)\screenSHU\screenSHU.exe" = C:\Program Files (x86)\screenSHU\screenSHU.exe:*:Enabled:ipsec "E:\Programy\Game Booster 3\AutoUpdate.exe" = E:\Programy\Game Booster 3\AutoUpdate.exe:*:Enabled:ipsec "E:\PandoraMT2\patcher\metin2.bin" = E:\PandoraMT2\patcher\metin2.bin:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winuvcaad.exe" = C:\Users\darek\AppData\Local\Temp\winuvcaad.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winjjkj.exe" = C:\Users\darek\AppData\Local\Temp\winjjkj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winebjak.exe" = C:\Users\darek\AppData\Local\Temp\winebjak.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\idcdo.exe" = C:\Users\darek\AppData\Local\Temp\idcdo.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winiellg.exe" = C:\Users\darek\AppData\Local\Temp\winiellg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\dcbesx.exe" = C:\Users\darek\AppData\Local\Temp\dcbesx.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winfxwuf.exe" = C:\Users\darek\AppData\Local\Temp\winfxwuf.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wintotpvi.exe" = C:\Users\darek\AppData\Local\Temp\wintotpvi.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winmyjdrk.exe" = C:\Users\darek\AppData\Local\Temp\winmyjdrk.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winrvumg.exe" = C:\Users\darek\AppData\Local\Temp\winrvumg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\chdxcn.exe" = C:\Users\darek\AppData\Local\Temp\chdxcn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\bpap.exe" = C:\Users\darek\AppData\Local\Temp\bpap.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\xhbc.exe" = C:\Users\darek\AppData\Local\Temp\xhbc.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\nykkc.exe" = C:\Users\darek\AppData\Local\Temp\nykkc.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winjrtyyv.exe" = C:\Users\darek\AppData\Local\Temp\winjrtyyv.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\xtxjki.exe" = C:\Users\darek\AppData\Local\Temp\xtxjki.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\xidcu.exe" = C:\Users\darek\AppData\Local\Temp\xidcu.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winemje.exe" = C:\Users\darek\AppData\Local\Temp\winemje.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winufmaa.exe" = C:\Users\darek\AppData\Local\Temp\winufmaa.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winkvau.exe" = C:\Users\darek\AppData\Local\Temp\winkvau.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winukigxt.exe" = C:\Users\darek\AppData\Local\Temp\winukigxt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winqkyj.exe" = C:\Users\darek\AppData\Local\Temp\winqkyj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winingvh.exe" = C:\Users\darek\AppData\Local\Temp\winingvh.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winelbdr.exe" = C:\Users\darek\AppData\Local\Temp\winelbdr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ejor.exe" = C:\Users\darek\AppData\Local\Temp\ejor.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winbbrtct.exe" = C:\Users\darek\AppData\Local\Temp\winbbrtct.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\rllo.exe" = C:\Users\darek\AppData\Local\Temp\rllo.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winhuemna.exe" = C:\Users\darek\AppData\Local\Temp\winhuemna.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wincxxbk.exe" = C:\Users\darek\AppData\Local\Temp\wincxxbk.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\yrhp.exe" = C:\Users\darek\AppData\Local\Temp\yrhp.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\inqu.exe" = C:\Users\darek\AppData\Local\Temp\inqu.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\workox.exe" = C:\Users\darek\AppData\Local\Temp\workox.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\nkdth.exe" = C:\Users\darek\AppData\Local\Temp\nkdth.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winnxpoxt.exe" = C:\Users\darek\AppData\Local\Temp\winnxpoxt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvwsb.exe" = C:\Users\darek\AppData\Local\Temp\winvwsb.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wincyyfy.exe" = C:\Users\darek\AppData\Local\Temp\wincyyfy.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winccgpy.exe" = C:\Users\darek\AppData\Local\Temp\winccgpy.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winwmvcig.exe" = C:\Users\darek\AppData\Local\Temp\winwmvcig.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winmdfcjm.exe" = C:\Users\darek\AppData\Local\Temp\winmdfcjm.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winalwrx.exe" = C:\Users\darek\AppData\Local\Temp\winalwrx.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvejcki.exe" = C:\Users\darek\AppData\Local\Temp\winvejcki.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ljdjuj.exe" = C:\Users\darek\AppData\Local\Temp\ljdjuj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\gucdc.exe" = C:\Users\darek\AppData\Local\Temp\gucdc.exe:*:Enabled:ipsec "E:\League of Legends\RADS\system\rads_user_kernel.exe" = E:\League of Legends\RADS\system\rads_user_kernel.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\enpvrg.exe" = C:\Users\darek\AppData\Local\Temp\enpvrg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winxvcwyb.exe" = C:\Users\darek\AppData\Local\Temp\winxvcwyb.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ayaj.exe" = C:\Users\darek\AppData\Local\Temp\ayaj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winiektt.exe" = C:\Users\darek\AppData\Local\Temp\winiektt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winnjqt.exe" = C:\Users\darek\AppData\Local\Temp\winnjqt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wingiyp.exe" = C:\Users\darek\AppData\Local\Temp\wingiyp.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\pxit.exe" = C:\Users\darek\AppData\Local\Temp\pxit.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winhdkr.exe" = C:\Users\darek\AppData\Local\Temp\winhdkr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\aehd.exe" = C:\Users\darek\AppData\Local\Temp\aehd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winqnqp.exe" = C:\Users\darek\AppData\Local\Temp\winqnqp.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winguyfyx.exe" = C:\Users\darek\AppData\Local\Temp\winguyfyx.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wincoqilx.exe" = C:\Users\darek\AppData\Local\Temp\wincoqilx.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\uujnrg.exe" = C:\Users\darek\AppData\Local\Temp\uujnrg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winontr.exe" = C:\Users\darek\AppData\Local\Temp\winontr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winqmos.exe" = C:\Users\darek\AppData\Local\Temp\winqmos.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\nkwemk.exe" = C:\Users\darek\AppData\Local\Temp\nkwemk.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winocnb.exe" = C:\Users\darek\AppData\Local\Temp\winocnb.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\lwhnj.exe" = C:\Users\darek\AppData\Local\Temp\lwhnj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winxeyi.exe" = C:\Users\darek\AppData\Local\Temp\winxeyi.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winrtug.exe" = C:\Users\darek\AppData\Local\Temp\winrtug.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winphit.exe" = C:\Users\darek\AppData\Local\Temp\winphit.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\gsaicy.exe" = C:\Users\darek\AppData\Local\Temp\gsaicy.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winaotblb.exe" = C:\Users\darek\AppData\Local\Temp\winaotblb.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ybvqyb.exe" = C:\Users\darek\AppData\Local\Temp\ybvqyb.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\evxsl.exe" = C:\Users\darek\AppData\Local\Temp\evxsl.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ibcr.exe" = C:\Users\darek\AppData\Local\Temp\ibcr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winixnnrs.exe" = C:\Users\darek\AppData\Local\Temp\winixnnrs.exe:*:Enabled:ipsec "E:\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.247\deploy\League of Legends.exe" = E:\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.247\deploy\League of Legends.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winsxpx.exe" = C:\Users\darek\AppData\Local\Temp\winsxpx.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wmybmf.exe" = C:\Users\darek\AppData\Local\Temp\wmybmf.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\atax.exe" = C:\Users\darek\AppData\Local\Temp\atax.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\yprvoh.exe" = C:\Users\darek\AppData\Local\Temp\yprvoh.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\txlf.exe" = C:\Users\darek\AppData\Local\Temp\txlf.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ytdsjb.exe" = C:\Users\darek\AppData\Local\Temp\ytdsjb.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winhdovjg.exe" = C:\Users\darek\AppData\Local\Temp\winhdovjg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\dtwmr.exe" = C:\Users\darek\AppData\Local\Temp\dtwmr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\dovxp.exe" = C:\Users\darek\AppData\Local\Temp\dovxp.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winhyoj.exe" = C:\Users\darek\AppData\Local\Temp\winhyoj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ojsp.exe" = C:\Users\darek\AppData\Local\Temp\ojsp.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winspwkp.exe" = C:\Users\darek\AppData\Local\Temp\winspwkp.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wingxfkbb.exe" = C:\Users\darek\AppData\Local\Temp\wingxfkbb.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winepnuvx.exe" = C:\Users\darek\AppData\Local\Temp\winepnuvx.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wingsqa.exe" = C:\Users\darek\AppData\Local\Temp\wingsqa.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\qwju.exe" = C:\Users\darek\AppData\Local\Temp\qwju.exe:*:Enabled:ipsec "G:\njsij.scr" = G:\njsij.scr:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\windxdllj.exe" = C:\Users\darek\AppData\Local\Temp\windxdllj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winbksss.exe" = C:\Users\darek\AppData\Local\Temp\winbksss.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winccmfl.exe" = C:\Users\darek\AppData\Local\Temp\winccmfl.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\jewxpr.exe" = C:\Users\darek\AppData\Local\Temp\jewxpr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wjecv.exe" = C:\Users\darek\AppData\Local\Temp\wjecv.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winieba.exe" = C:\Users\darek\AppData\Local\Temp\winieba.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvkpkgm.exe" = C:\Users\darek\AppData\Local\Temp\winvkpkgm.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\jqmfg.exe" = C:\Users\darek\AppData\Local\Temp\jqmfg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\hlutm.exe" = C:\Users\darek\AppData\Local\Temp\hlutm.exe:*:Enabled:ipsec "E:\League of Legends\lol.launcher.admin.exe" = E:\League of Legends\lol.launcher.admin.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winnglfcb.exe" = C:\Users\darek\AppData\Local\Temp\winnglfcb.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winklsa.exe" = C:\Users\darek\AppData\Local\Temp\winklsa.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winrbbsn.exe" = C:\Users\darek\AppData\Local\Temp\winrbbsn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\nbmul.exe" = C:\Users\darek\AppData\Local\Temp\nbmul.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\hxxeq.exe" = C:\Users\darek\AppData\Local\Temp\hxxeq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\windpnoi.exe" = C:\Users\darek\AppData\Local\Temp\windpnoi.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wepl.exe" = C:\Users\darek\AppData\Local\Temp\wepl.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wbihcm.exe" = C:\Users\darek\AppData\Local\Temp\wbihcm.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winmtnoq.exe" = C:\Users\darek\AppData\Local\Temp\winmtnoq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winkidynh.exe" = C:\Users\darek\AppData\Local\Temp\winkidynh.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winjkfs.exe" = C:\Users\darek\AppData\Local\Temp\winjkfs.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ithtfw.exe" = C:\Users\darek\AppData\Local\Temp\ithtfw.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\lrep.exe" = C:\Users\darek\AppData\Local\Temp\lrep.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Roaming\METACR~1\UPDATE~1\UPDATE~1.EXE" = C:\Users\darek\AppData\Roaming\METACR~1\UPDATE~1\UPDATE~1.EXE:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winwaiu.exe" = C:\Users\darek\AppData\Local\Temp\winwaiu.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\sskqss.exe" = C:\Users\darek\AppData\Local\Temp\sskqss.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\olqkls.exe" = C:\Users\darek\AppData\Local\Temp\olqkls.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winxhhicv.exe" = C:\Users\darek\AppData\Local\Temp\winxhhicv.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winllon.exe" = C:\Users\darek\AppData\Local\Temp\winllon.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winoilc.exe" = C:\Users\darek\AppData\Local\Temp\winoilc.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ybwfor.exe" = C:\Users\darek\AppData\Local\Temp\ybwfor.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winbvrjpk.exe" = C:\Users\darek\AppData\Local\Temp\winbvrjpk.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winhajsq.exe" = C:\Users\darek\AppData\Local\Temp\winhajsq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\cvcpew.exe" = C:\Users\darek\AppData\Local\Temp\cvcpew.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\tmkt.exe" = C:\Users\darek\AppData\Local\Temp\tmkt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winwmvonv.exe" = C:\Users\darek\AppData\Local\Temp\winwmvonv.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winsoasjb.exe" = C:\Users\darek\AppData\Local\Temp\winsoasjb.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\nawck.exe" = C:\Users\darek\AppData\Local\Temp\nawck.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\emfmfu.exe" = C:\Users\darek\AppData\Local\Temp\emfmfu.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ggfoq.exe" = C:\Users\darek\AppData\Local\Temp\ggfoq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winjipmso.exe" = C:\Users\darek\AppData\Local\Temp\winjipmso.exe:*:Enabled:ipsec "C:\Users\darek\Desktop\Minecraft.exe" = C:\Users\darek\Desktop\Minecraft.exe:*:Enabled:ipsec "E:\Programy\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe" = E:\Programy\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe:*:Enabled:ipsec "E:\Programy\Asprate\Tibia Multi IP Changer\UNinstaller.exe" = E:\Programy\Asprate\Tibia Multi IP Changer\UNinstaller.exe:*:Enabled:ipsec "E:\Programy\Asprate\Tibia Multi IP Changer\Ip Changer Updater.exe" = E:\Programy\Asprate\Tibia Multi IP Changer\Ip Changer Updater.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvfdh.exe" = C:\Users\darek\AppData\Local\Temp\winvfdh.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\pmpcj.exe" = C:\Users\darek\AppData\Local\Temp\pmpcj.exe:*:Enabled:ipsec "E:\LOL\lol.launcher.exe" = E:\LOL\lol.launcher.exe:*:Enabled:ipsec -- () "E:\LOL\lol.launcher.admin.exe" = E:\LOL\lol.launcher.admin.exe:*:Enabled:ipsec -- () "C:\Users\darek\AppData\Local\Temp\winutbj.exe" = C:\Users\darek\AppData\Local\Temp\winutbj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\_iu14D2N.tmp" = C:\Users\darek\AppData\Local\Temp\_iu14D2N.tmp:*:Enabled:ipsec -- () "C:\Users\darek\AppData\Local\Temp\nkqwag.exe" = C:\Users\darek\AppData\Local\Temp\nkqwag.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winsjylr.exe" = C:\Users\darek\AppData\Local\Temp\winsjylr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wincylrlx.exe" = C:\Users\darek\AppData\Local\Temp\wincylrlx.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winmndd.exe" = C:\Users\darek\AppData\Local\Temp\winmndd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winnenv.exe" = C:\Users\darek\AppData\Local\Temp\winnenv.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\jfpdw.exe" = C:\Users\darek\AppData\Local\Temp\jfpdw.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\kldt.exe" = C:\Users\darek\AppData\Local\Temp\kldt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winyvvhgx.exe" = C:\Users\darek\AppData\Local\Temp\winyvvhgx.exe:*:Enabled:ipsec "E:\Kingo Android ROOT\unins000.exe" = E:\Kingo Android ROOT\unins000.exe:*:Enabled:ipsec -- () "C:\Users\darek\AppData\Local\Temp\is-KFBEF.tmp\android_root.tmp" = C:\Users\darek\AppData\Local\Temp\is-KFBEF.tmp\android_root.tmp:*:Enabled:ipsec "E:\LOL\RADS\projects\lol_air_client\releases\0.0.1.87\deploy\LolClient.exe" = E:\LOL\RADS\projects\lol_air_client\releases\0.0.1.87\deploy\LolClient.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winoock.exe" = C:\Users\darek\AppData\Local\Temp\winoock.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winxaflum.exe" = C:\Users\darek\AppData\Local\Temp\winxaflum.exe:*:Enabled:ipsec "C:\Program Files (x86)\Notepad++\notepad++.exe" = C:\Program Files (x86)\Notepad++\notepad++.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winpemkyk.exe" = C:\Users\darek\AppData\Local\Temp\winpemkyk.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winugvlpr.exe" = C:\Users\darek\AppData\Local\Temp\winugvlpr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winygekr.exe" = C:\Users\darek\AppData\Local\Temp\winygekr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\kafq.exe" = C:\Users\darek\AppData\Local\Temp\kafq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winrhxey.exe" = C:\Users\darek\AppData\Local\Temp\winrhxey.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ttwyg.exe" = C:\Users\darek\AppData\Local\Temp\ttwyg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wgyowp.exe" = C:\Users\darek\AppData\Local\Temp\wgyowp.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winguup.exe" = C:\Users\darek\AppData\Local\Temp\winguup.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winqjspd.exe" = C:\Users\darek\AppData\Local\Temp\winqjspd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\tklyas.exe" = C:\Users\darek\AppData\Local\Temp\tklyas.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winmufg.exe" = C:\Users\darek\AppData\Local\Temp\winmufg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winyebgh.exe" = C:\Users\darek\AppData\Local\Temp\winyebgh.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ssdfwq.exe" = C:\Users\darek\AppData\Local\Temp\ssdfwq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wincgaujo.exe" = C:\Users\darek\AppData\Local\Temp\wincgaujo.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winhhwq.exe" = C:\Users\darek\AppData\Local\Temp\winhhwq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winbinfmp.exe" = C:\Users\darek\AppData\Local\Temp\winbinfmp.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\lryr.exe" = C:\Users\darek\AppData\Local\Temp\lryr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ubyom.exe" = C:\Users\darek\AppData\Local\Temp\ubyom.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvumgw.exe" = C:\Users\darek\AppData\Local\Temp\winvumgw.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wptd.exe" = C:\Users\darek\AppData\Local\Temp\wptd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winwjnkof.exe" = C:\Users\darek\AppData\Local\Temp\winwjnkof.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ndjss.exe" = C:\Users\darek\AppData\Local\Temp\ndjss.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winysvtla.exe" = C:\Users\darek\AppData\Local\Temp\winysvtla.exe:*:Enabled:ipsec "E:\LOL\RADS\projects\lol_launcher\releases\0.0.0.207\deploy\LoLLauncher.exe" = E:\LOL\RADS\projects\lol_launcher\releases\0.0.0.207\deploy\LoLLauncher.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winqtglj.exe" = C:\Users\darek\AppData\Local\Temp\winqtglj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\udelv.exe" = C:\Users\darek\AppData\Local\Temp\udelv.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winxitvs.exe" = C:\Users\darek\AppData\Local\Temp\winxitvs.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winofkpub.exe" = C:\Users\darek\AppData\Local\Temp\winofkpub.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winhmuhis.exe" = C:\Users\darek\AppData\Local\Temp\winhmuhis.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\cypeko.exe" = C:\Users\darek\AppData\Local\Temp\cypeko.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winndut.exe" = C:\Users\darek\AppData\Local\Temp\winndut.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\windwcbc.exe" = C:\Users\darek\AppData\Local\Temp\windwcbc.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winrcva.exe" = C:\Users\darek\AppData\Local\Temp\winrcva.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\xrtnv.exe" = C:\Users\darek\AppData\Local\Temp\xrtnv.exe:*:Enabled:ipsec "E:\LOL\RADS\projects\lol_air_client\releases\0.0.1.88\deploy\LolClient.exe" = E:\LOL\RADS\projects\lol_air_client\releases\0.0.1.88\deploy\LolClient.exe:*:Enabled:ipsec "C:\Windows\SysWOW64\ctfmon.exe" = C:\Windows\SysWOW64\ctfmon.exe:*:Enabled:ipsec -- (Microsoft Corporation) "C:\Users\darek\AppData\Local\Temp\winmprinm.exe" = C:\Users\darek\AppData\Local\Temp\winmprinm.exe:*:Enabled:ipsec "E:\Program Files (x86)\screenSHU\screenSHU.exe" = E:\Program Files (x86)\screenSHU\screenSHU.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\atcui.exe" = C:\Users\darek\AppData\Local\Temp\atcui.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winccpfhv.exe" = C:\Users\darek\AppData\Local\Temp\winccpfhv.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvebsif.exe" = C:\Users\darek\AppData\Local\Temp\winvebsif.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winbdgs.exe" = C:\Users\darek\AppData\Local\Temp\winbdgs.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\iafs.exe" = C:\Users\darek\AppData\Local\Temp\iafs.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\pfnupn.exe" = C:\Users\darek\AppData\Local\Temp\pfnupn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\lcgxj.exe" = C:\Users\darek\AppData\Local\Temp\lcgxj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winludt.exe" = C:\Users\darek\AppData\Local\Temp\winludt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\swnmuk.exe" = C:\Users\darek\AppData\Local\Temp\swnmuk.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\nxcfj.exe" = C:\Users\darek\AppData\Local\Temp\nxcfj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wpefj.exe" = C:\Users\darek\AppData\Local\Temp\wpefj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winjmxdfd.exe" = C:\Users\darek\AppData\Local\Temp\winjmxdfd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\mjrt.exe" = C:\Users\darek\AppData\Local\Temp\mjrt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winrmqan.exe" = C:\Users\darek\AppData\Local\Temp\winrmqan.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\inpmvy.exe" = C:\Users\darek\AppData\Local\Temp\inpmvy.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\npwerp.exe" = C:\Users\darek\AppData\Local\Temp\npwerp.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winwmya.exe" = C:\Users\darek\AppData\Local\Temp\winwmya.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winehalch.exe" = C:\Users\darek\AppData\Local\Temp\winehalch.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wincgtnma.exe" = C:\Users\darek\AppData\Local\Temp\wincgtnma.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winmsyfc.exe" = C:\Users\darek\AppData\Local\Temp\winmsyfc.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winfnkjta.exe" = C:\Users\darek\AppData\Local\Temp\winfnkjta.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\pgiv.exe" = C:\Users\darek\AppData\Local\Temp\pgiv.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winstyva.exe" = C:\Users\darek\AppData\Local\Temp\winstyva.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winwcbiyu.exe" = C:\Users\darek\AppData\Local\Temp\winwcbiyu.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\vowa.exe" = C:\Users\darek\AppData\Local\Temp\vowa.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winrobq.exe" = C:\Users\darek\AppData\Local\Temp\winrobq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winceqs.exe" = C:\Users\darek\AppData\Local\Temp\winceqs.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winxgos.exe" = C:\Users\darek\AppData\Local\Temp\winxgos.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winymauou.exe" = C:\Users\darek\AppData\Local\Temp\winymauou.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\hnrak.exe" = C:\Users\darek\AppData\Local\Temp\hnrak.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winwchr.exe" = C:\Users\darek\AppData\Local\Temp\winwchr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\yfwv.exe" = C:\Users\darek\AppData\Local\Temp\yfwv.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winhvevm.exe" = C:\Users\darek\AppData\Local\Temp\winhvevm.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\oyhph.exe" = C:\Users\darek\AppData\Local\Temp\oyhph.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winweqd.exe" = C:\Users\darek\AppData\Local\Temp\winweqd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winahwv.exe" = C:\Users\darek\AppData\Local\Temp\winahwv.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wrhgo.exe" = C:\Users\darek\AppData\Local\Temp\wrhgo.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wincnqan.exe" = C:\Users\darek\AppData\Local\Temp\wincnqan.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winwjkoh.exe" = C:\Users\darek\AppData\Local\Temp\winwjkoh.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winrfrt.exe" = C:\Users\darek\AppData\Local\Temp\winrfrt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winfdoue.exe" = C:\Users\darek\AppData\Local\Temp\winfdoue.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winxwfo.exe" = C:\Users\darek\AppData\Local\Temp\winxwfo.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\yrnygm.exe" = C:\Users\darek\AppData\Local\Temp\yrnygm.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winxlgibn.exe" = C:\Users\darek\AppData\Local\Temp\winxlgibn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\brgtb.exe" = C:\Users\darek\AppData\Local\Temp\brgtb.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\efib.exe" = C:\Users\darek\AppData\Local\Temp\efib.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\windlom.exe" = C:\Users\darek\AppData\Local\Temp\windlom.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\hoouv.exe" = C:\Users\darek\AppData\Local\Temp\hoouv.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winsxkq.exe" = C:\Users\darek\AppData\Local\Temp\winsxkq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winqmykfn.exe" = C:\Users\darek\AppData\Local\Temp\winqmykfn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\xusu.exe" = C:\Users\darek\AppData\Local\Temp\xusu.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winyngr.exe" = C:\Users\darek\AppData\Local\Temp\winyngr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\gnrl.exe" = C:\Users\darek\AppData\Local\Temp\gnrl.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ysid.exe" = C:\Users\darek\AppData\Local\Temp\ysid.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winifso.exe" = C:\Users\darek\AppData\Local\Temp\winifso.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\jbsxl.exe" = C:\Users\darek\AppData\Local\Temp\jbsxl.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvljd.exe" = C:\Users\darek\AppData\Local\Temp\winvljd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\mpdswn.exe" = C:\Users\darek\AppData\Local\Temp\mpdswn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winxejds.exe" = C:\Users\darek\AppData\Local\Temp\winxejds.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winqqri.exe" = C:\Users\darek\AppData\Local\Temp\winqqri.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wincorn.exe" = C:\Users\darek\AppData\Local\Temp\wincorn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winedkyjj.exe" = C:\Users\darek\AppData\Local\Temp\winedkyjj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wineoyyd.exe" = C:\Users\darek\AppData\Local\Temp\wineoyyd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winxvsen.exe" = C:\Users\darek\AppData\Local\Temp\winxvsen.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winpbwibc.exe" = C:\Users\darek\AppData\Local\Temp\winpbwibc.exe:*:Enabled:ipsec "E:\bot lol\BoL Studio.exe" = E:\bot lol\BoL Studio.exe:*:Enabled:ipsec -- () "C:\Users\darek\AppData\Local\Temp\mutqs.exe" = C:\Users\darek\AppData\Local\Temp\mutqs.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\bdnn.exe" = C:\Users\darek\AppData\Local\Temp\bdnn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\otosv.exe" = C:\Users\darek\AppData\Local\Temp\otosv.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\oswa.exe" = C:\Users\darek\AppData\Local\Temp\oswa.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winryscb.exe" = C:\Users\darek\AppData\Local\Temp\winryscb.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winrjvnvt.exe" = C:\Users\darek\AppData\Local\Temp\winrjvnvt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winrqyhsq.exe" = C:\Users\darek\AppData\Local\Temp\winrqyhsq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winbbvsoy.exe" = C:\Users\darek\AppData\Local\Temp\winbbvsoy.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winperluc.exe" = C:\Users\darek\AppData\Local\Temp\winperluc.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winktmshq.exe" = C:\Users\darek\AppData\Local\Temp\winktmshq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winhipy.exe" = C:\Users\darek\AppData\Local\Temp\winhipy.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\vtfrs.exe" = C:\Users\darek\AppData\Local\Temp\vtfrs.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wflol.exe" = C:\Users\darek\AppData\Local\Temp\wflol.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\oovf.exe" = C:\Users\darek\AppData\Local\Temp\oovf.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\lhmbgt.exe" = C:\Users\darek\AppData\Local\Temp\lhmbgt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\mmml.exe" = C:\Users\darek\AppData\Local\Temp\mmml.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\htnoi.exe" = C:\Users\darek\AppData\Local\Temp\htnoi.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\tlgc.exe" = C:\Users\darek\AppData\Local\Temp\tlgc.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\qtllt.exe" = C:\Users\darek\AppData\Local\Temp\qtllt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winwhqy.exe" = C:\Users\darek\AppData\Local\Temp\winwhqy.exe:*:Enabled:ipsec "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" = C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winqpjuox.exe" = C:\Users\darek\AppData\Local\Temp\winqpjuox.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winmdsp.exe" = C:\Users\darek\AppData\Local\Temp\winmdsp.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winkqmac.exe" = C:\Users\darek\AppData\Local\Temp\winkqmac.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winntdu.exe" = C:\Users\darek\AppData\Local\Temp\winntdu.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\yskn.exe" = C:\Users\darek\AppData\Local\Temp\yskn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winwndaf.exe" = C:\Users\darek\AppData\Local\Temp\winwndaf.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\fqjh.exe" = C:\Users\darek\AppData\Local\Temp\fqjh.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winebcej.exe" = C:\Users\darek\AppData\Local\Temp\winebcej.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\lela.exe" = C:\Users\darek\AppData\Local\Temp\lela.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winkxlp.exe" = C:\Users\darek\AppData\Local\Temp\winkxlp.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\mbvqp.exe" = C:\Users\darek\AppData\Local\Temp\mbvqp.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winbhgmac.exe" = C:\Users\darek\AppData\Local\Temp\winbhgmac.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ojixf.exe" = C:\Users\darek\AppData\Local\Temp\ojixf.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wintcktwl.exe" = C:\Users\darek\AppData\Local\Temp\wintcktwl.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winrcld.exe" = C:\Users\darek\AppData\Local\Temp\winrcld.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\icjj.exe" = C:\Users\darek\AppData\Local\Temp\icjj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wintwhlr.exe" = C:\Users\darek\AppData\Local\Temp\wintwhlr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wingdln.exe" = C:\Users\darek\AppData\Local\Temp\wingdln.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ugsanh.exe" = C:\Users\darek\AppData\Local\Temp\ugsanh.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winnxnqqf.exe" = C:\Users\darek\AppData\Local\Temp\winnxnqqf.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ithjio.exe" = C:\Users\darek\AppData\Local\Temp\ithjio.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\mctsy.exe" = C:\Users\darek\AppData\Local\Temp\mctsy.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winodhwi.exe" = C:\Users\darek\AppData\Local\Temp\winodhwi.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wkiy.exe" = C:\Users\darek\AppData\Local\Temp\wkiy.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winjdgnrg.exe" = C:\Users\darek\AppData\Local\Temp\winjdgnrg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\jqlpqe.exe" = C:\Users\darek\AppData\Local\Temp\jqlpqe.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\syot.exe" = C:\Users\darek\AppData\Local\Temp\syot.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\jxoskj.exe" = C:\Users\darek\AppData\Local\Temp\jxoskj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\scjy.exe" = C:\Users\darek\AppData\Local\Temp\scjy.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\akxrc.exe" = C:\Users\darek\AppData\Local\Temp\akxrc.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\vywlq.exe" = C:\Users\darek\AppData\Local\Temp\vywlq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winwohjpl.exe" = C:\Users\darek\AppData\Local\Temp\winwohjpl.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winioyqf.exe" = C:\Users\darek\AppData\Local\Temp\winioyqf.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvaby.exe" = C:\Users\darek\AppData\Local\Temp\winvaby.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\dsrk.exe" = C:\Users\darek\AppData\Local\Temp\dsrk.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wingkasp.exe" = C:\Users\darek\AppData\Local\Temp\wingkasp.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\lxkhj.exe" = C:\Users\darek\AppData\Local\Temp\lxkhj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winhdvkn.exe" = C:\Users\darek\AppData\Local\Temp\winhdvkn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winkuxcdc.exe" = C:\Users\darek\AppData\Local\Temp\winkuxcdc.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winkefdlk.exe" = C:\Users\darek\AppData\Local\Temp\winkefdlk.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winflioe.exe" = C:\Users\darek\AppData\Local\Temp\winflioe.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winwxwvn.exe" = C:\Users\darek\AppData\Local\Temp\winwxwvn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winmabj.exe" = C:\Users\darek\AppData\Local\Temp\winmabj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\uaqop.exe" = C:\Users\darek\AppData\Local\Temp\uaqop.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\adfk.exe" = C:\Users\darek\AppData\Local\Temp\adfk.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winnbwlbq.exe" = C:\Users\darek\AppData\Local\Temp\winnbwlbq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\pfni.exe" = C:\Users\darek\AppData\Local\Temp\pfni.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\hcibj.exe" = C:\Users\darek\AppData\Local\Temp\hcibj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\yfcwp.exe" = C:\Users\darek\AppData\Local\Temp\yfcwp.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\viyxev.exe" = C:\Users\darek\AppData\Local\Temp\viyxev.exe:*:Enabled:ipsec "C:\Users\darek\Downloads\screenSHU-setup.exe" = C:\Users\darek\Downloads\screenSHU-setup.exe:*:Enabled:ipsec "E:\LOL\RADS\projects\lol_air_client\releases\0.0.1.94\deploy\LolClient.exe" = E:\LOL\RADS\projects\lol_air_client\releases\0.0.1.94\deploy\LolClient.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\rxbdr.exe" = C:\Users\darek\AppData\Local\Temp\rxbdr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winnytyo.exe" = C:\Users\darek\AppData\Local\Temp\winnytyo.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\kbmoe.exe" = C:\Users\darek\AppData\Local\Temp\kbmoe.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winfvhhyd.exe" = C:\Users\darek\AppData\Local\Temp\winfvhhyd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\egufq.exe" = C:\Users\darek\AppData\Local\Temp\egufq.exe:*:Enabled:ipsec "E:\LOL\RADS\projects\lol_launcher\releases\0.0.0.209\deploy\LoLLauncher.exe" = E:\LOL\RADS\projects\lol_launcher\releases\0.0.0.209\deploy\LoLLauncher.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wineyhy.exe" = C:\Users\darek\AppData\Local\Temp\wineyhy.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\bvsqib.exe" = C:\Users\darek\AppData\Local\Temp\bvsqib.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winlhdd.exe" = C:\Users\darek\AppData\Local\Temp\winlhdd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\windjjp.exe" = C:\Users\darek\AppData\Local\Temp\windjjp.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvhlq.exe" = C:\Users\darek\AppData\Local\Temp\winvhlq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\vhjtsy.exe" = C:\Users\darek\AppData\Local\Temp\vhjtsy.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\bduek.exe" = C:\Users\darek\AppData\Local\Temp\bduek.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winpmuybd.exe" = C:\Users\darek\AppData\Local\Temp\winpmuybd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\dxyqgt.exe" = C:\Users\darek\AppData\Local\Temp\dxyqgt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ntgqg.exe" = C:\Users\darek\AppData\Local\Temp\ntgqg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\oshdj.exe" = C:\Users\darek\AppData\Local\Temp\oshdj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winnidfbw.exe" = C:\Users\darek\AppData\Local\Temp\winnidfbw.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winbgptu.exe" = C:\Users\darek\AppData\Local\Temp\winbgptu.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winyrnwug.exe" = C:\Users\darek\AppData\Local\Temp\winyrnwug.exe:*:Enabled:ipsec "E:\botlol2\BoL Studio.exe" = E:\botlol2\BoL Studio.exe:*:Enabled:ipsec -- () "C:\Users\darek\AppData\Local\Temp\winswehrh.exe" = C:\Users\darek\AppData\Local\Temp\winswehrh.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\sqhg.exe" = C:\Users\darek\AppData\Local\Temp\sqhg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winsntu.exe" = C:\Users\darek\AppData\Local\Temp\winsntu.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wtbui.exe" = C:\Users\darek\AppData\Local\Temp\wtbui.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winhumd.exe" = C:\Users\darek\AppData\Local\Temp\winhumd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winmjgv.exe" = C:\Users\darek\AppData\Local\Temp\winmjgv.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winmcnr.exe" = C:\Users\darek\AppData\Local\Temp\winmcnr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winkjbgf.exe" = C:\Users\darek\AppData\Local\Temp\winkjbgf.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winrwndtv.exe" = C:\Users\darek\AppData\Local\Temp\winrwndtv.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\dvmnft.exe" = C:\Users\darek\AppData\Local\Temp\dvmnft.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wineevxi.exe" = C:\Users\darek\AppData\Local\Temp\wineevxi.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\xntmw.exe" = C:\Users\darek\AppData\Local\Temp\xntmw.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\btxen.exe" = C:\Users\darek\AppData\Local\Temp\btxen.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wincjob.exe" = C:\Users\darek\AppData\Local\Temp\wincjob.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winyssapt.exe" = C:\Users\darek\AppData\Local\Temp\winyssapt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winpbgq.exe" = C:\Users\darek\AppData\Local\Temp\winpbgq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\crtyod.exe" = C:\Users\darek\AppData\Local\Temp\crtyod.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\txmtn.exe" = C:\Users\darek\AppData\Local\Temp\txmtn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvantae.exe" = C:\Users\darek\AppData\Local\Temp\winvantae.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winbpudhq.exe" = C:\Users\darek\AppData\Local\Temp\winbpudhq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\dkrtk.exe" = C:\Users\darek\AppData\Local\Temp\dkrtk.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvvclub.exe" = C:\Users\darek\AppData\Local\Temp\winvvclub.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winsmpr.exe" = C:\Users\darek\AppData\Local\Temp\winsmpr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\aqtng.exe" = C:\Users\darek\AppData\Local\Temp\aqtng.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\pwlo.exe" = C:\Users\darek\AppData\Local\Temp\pwlo.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\vukqcn.exe" = C:\Users\darek\AppData\Local\Temp\vukqcn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\cwwq.exe" = C:\Users\darek\AppData\Local\Temp\cwwq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winomtjnt.exe" = C:\Users\darek\AppData\Local\Temp\winomtjnt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wintrcgd.exe" = C:\Users\darek\AppData\Local\Temp\wintrcgd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\khlsw.exe" = C:\Users\darek\AppData\Local\Temp\khlsw.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winpvtn.exe" = C:\Users\darek\AppData\Local\Temp\winpvtn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\rmff.exe" = C:\Users\darek\AppData\Local\Temp\rmff.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\epwa.exe" = C:\Users\darek\AppData\Local\Temp\epwa.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winoqewg.exe" = C:\Users\darek\AppData\Local\Temp\winoqewg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winfsni.exe" = C:\Users\darek\AppData\Local\Temp\winfsni.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wininlxi.exe" = C:\Users\darek\AppData\Local\Temp\wininlxi.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winsbdfkq.exe" = C:\Users\darek\AppData\Local\Temp\winsbdfkq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winantd.exe" = C:\Users\darek\AppData\Local\Temp\winantd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvsnl.exe" = C:\Users\darek\AppData\Local\Temp\winvsnl.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winbcit.exe" = C:\Users\darek\AppData\Local\Temp\winbcit.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winosglst.exe" = C:\Users\darek\AppData\Local\Temp\winosglst.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvgyd.exe" = C:\Users\darek\AppData\Local\Temp\winvgyd.exe:*:Enabled:ipsec "E:\LOL\RADS\system\rads_user_kernel.exe" = E:\LOL\RADS\system\rads_user_kernel.exe:*:Enabled:ipsec -- () "C:\Users\darek\AppData\Local\Temp\winixsq.exe" = C:\Users\darek\AppData\Local\Temp\winixsq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\dmsi.exe" = C:\Users\darek\AppData\Local\Temp\dmsi.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winyslm.exe" = C:\Users\darek\AppData\Local\Temp\winyslm.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winptpxu.exe" = C:\Users\darek\AppData\Local\Temp\winptpxu.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wincsfw.exe" = C:\Users\darek\AppData\Local\Temp\wincsfw.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winwhdmb.exe" = C:\Users\darek\AppData\Local\Temp\winwhdmb.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\mhan.exe" = C:\Users\darek\AppData\Local\Temp\mhan.exe:*:Enabled:ipsec "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" = C:\Program Files (x86)\Windows Media Player\wmplayer.exe:*:Enabled:ipsec -- (Microsoft Corporation) "E:\LOL\RADS\solutions\lol_game_client_sln\releases\0.0.1.44\deploy\League of Legends.exe" = E:\LOL\RADS\solutions\lol_game_client_sln\releases\0.0.1.44\deploy\League of Legends.exe:*:Enabled:ipsec -- () "C:\Users\darek\AppData\Local\Temp\windiuixl.exe" = C:\Users\darek\AppData\Local\Temp\windiuixl.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winuytsb.exe" = C:\Users\darek\AppData\Local\Temp\winuytsb.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winpflic.exe" = C:\Users\darek\AppData\Local\Temp\winpflic.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winahec.exe" = C:\Users\darek\AppData\Local\Temp\winahec.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wpwm.exe" = C:\Users\darek\AppData\Local\Temp\wpwm.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\shaq.exe" = C:\Users\darek\AppData\Local\Temp\shaq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\itlnu.exe" = C:\Users\darek\AppData\Local\Temp\itlnu.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\fpsu.exe" = C:\Users\darek\AppData\Local\Temp\fpsu.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wincbvdo.exe" = C:\Users\darek\AppData\Local\Temp\wincbvdo.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\fkcjo.exe" = C:\Users\darek\AppData\Local\Temp\fkcjo.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\gnowx.exe" = C:\Users\darek\AppData\Local\Temp\gnowx.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\lyftn.exe" = C:\Users\darek\AppData\Local\Temp\lyftn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\srbmg.exe" = C:\Users\darek\AppData\Local\Temp\srbmg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winwffb.exe" = C:\Users\darek\AppData\Local\Temp\winwffb.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\feitt.exe" = C:\Users\darek\AppData\Local\Temp\feitt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\hvrcrd.exe" = C:\Users\darek\AppData\Local\Temp\hvrcrd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvqwqge.exe" = C:\Users\darek\AppData\Local\Temp\winvqwqge.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winqddr.exe" = C:\Users\darek\AppData\Local\Temp\winqddr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winbaxm.exe" = C:\Users\darek\AppData\Local\Temp\winbaxm.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winbfigg.exe" = C:\Users\darek\AppData\Local\Temp\winbfigg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvbjln.exe" = C:\Users\darek\AppData\Local\Temp\winvbjln.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winrffcm.exe" = C:\Users\darek\AppData\Local\Temp\winrffcm.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\oooa.exe" = C:\Users\darek\AppData\Local\Temp\oooa.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\smfwvf.exe" = C:\Users\darek\AppData\Local\Temp\smfwvf.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winwpdl.exe" = C:\Users\darek\AppData\Local\Temp\winwpdl.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winqlwpmq.exe" = C:\Users\darek\AppData\Local\Temp\winqlwpmq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wingfdvsn.exe" = C:\Users\darek\AppData\Local\Temp\wingfdvsn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winuoyg.exe" = C:\Users\darek\AppData\Local\Temp\winuoyg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winnqddbg.exe" = C:\Users\darek\AppData\Local\Temp\winnqddbg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\oumicn.exe" = C:\Users\darek\AppData\Local\Temp\oumicn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winqqqk.exe" = C:\Users\darek\AppData\Local\Temp\winqqqk.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\rqpj.exe" = C:\Users\darek\AppData\Local\Temp\rqpj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\cdmbom.exe" = C:\Users\darek\AppData\Local\Temp\cdmbom.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\infjfu.exe" = C:\Users\darek\AppData\Local\Temp\infjfu.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winrlvdj.exe" = C:\Users\darek\AppData\Local\Temp\winrlvdj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winfxsfi.exe" = C:\Users\darek\AppData\Local\Temp\winfxsfi.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winthemtc.exe" = C:\Users\darek\AppData\Local\Temp\winthemtc.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winhvklv.exe" = C:\Users\darek\AppData\Local\Temp\winhvklv.exe:*:Enabled:ipsec "C:\Program Files (x86)\Internet Explorer\iexplore.exe" = C:\Program Files (x86)\Internet Explorer\iexplore.exe:*:Enabled:ipsec -- (Microsoft Corporation) "C:\Users\darek\AppData\Local\Temp\dtknql.exe" = C:\Users\darek\AppData\Local\Temp\dtknql.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvjfvg.exe" = C:\Users\darek\AppData\Local\Temp\winvjfvg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\psgb.exe" = C:\Users\darek\AppData\Local\Temp\psgb.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winmaomr.exe" = C:\Users\darek\AppData\Local\Temp\winmaomr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\iufi.exe" = C:\Users\darek\AppData\Local\Temp\iufi.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winlojr.exe" = C:\Users\darek\AppData\Local\Temp\winlojr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winpeex.exe" = C:\Users\darek\AppData\Local\Temp\winpeex.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winkduu.exe" = C:\Users\darek\AppData\Local\Temp\winkduu.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\rcnrym.exe" = C:\Users\darek\AppData\Local\Temp\rcnrym.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\pwvt.exe" = C:\Users\darek\AppData\Local\Temp\pwvt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winlftk.exe" = C:\Users\darek\AppData\Local\Temp\winlftk.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wincdlj.exe" = C:\Users\darek\AppData\Local\Temp\wincdlj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wincriaid.exe" = C:\Users\darek\AppData\Local\Temp\wincriaid.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winpkla.exe" = C:\Users\darek\AppData\Local\Temp\winpkla.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winnbui.exe" = C:\Users\darek\AppData\Local\Temp\winnbui.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winprarbk.exe" = C:\Users\darek\AppData\Local\Temp\winprarbk.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winywko.exe" = C:\Users\darek\AppData\Local\Temp\winywko.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\sqwell.exe" = C:\Users\darek\AppData\Local\Temp\sqwell.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winpveuhh.exe" = C:\Users\darek\AppData\Local\Temp\winpveuhh.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvmxx.exe" = C:\Users\darek\AppData\Local\Temp\winvmxx.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winhkaf.exe" = C:\Users\darek\AppData\Local\Temp\winhkaf.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winmrlkrd.exe" = C:\Users\darek\AppData\Local\Temp\winmrlkrd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\igvn.exe" = C:\Users\darek\AppData\Local\Temp\igvn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winbwhwqn.exe" = C:\Users\darek\AppData\Local\Temp\winbwhwqn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\gqno.exe" = C:\Users\darek\AppData\Local\Temp\gqno.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winoigecu.exe" = C:\Users\darek\AppData\Local\Temp\winoigecu.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wingxuh.exe" = C:\Users\darek\AppData\Local\Temp\wingxuh.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winmxfp.exe" = C:\Users\darek\AppData\Local\Temp\winmxfp.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\iytemq.exe" = C:\Users\darek\AppData\Local\Temp\iytemq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\windrvd.exe" = C:\Users\darek\AppData\Local\Temp\windrvd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winlycc.exe" = C:\Users\darek\AppData\Local\Temp\winlycc.exe:*:Enabled:ipsec "E:\Action!\Action.exe" = E:\Action!\Action.exe:*:Enabled:ipsec "C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" = C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe:*:Enabled:ipsec "C:\Program Files (x86)\Skype\Phone\Skype.exe" = C:\Program Files (x86)\Skype\Phone\Skype.exe:*:Enabled:ipsec -- (Skype Technologies S.A.) "C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe" = C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe:*:Enabled:ipsec -- (Adobe Systems, Inc.) "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" = C:\Program Files (x86)\Mozilla Firefox\firefox.exe:*:Enabled:ipsec -- (Mozilla Corporation) "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe:*:Enabled:ipsec "C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" = C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe:*:Enabled:ipsec -- (Mozilla Corporation) "C:\Windows\SysWOW64\netsh.exe" = C:\Windows\SysWOW64\netsh.exe:*:Enabled:ipsec -- (Microsoft Corporation) "C:\Program Files (x86)\screenSHU\screenSHU.exe" = C:\Program Files (x86)\screenSHU\screenSHU.exe:*:Enabled:ipsec "E:\Programy\Game Booster 3\AutoUpdate.exe" = E:\Programy\Game Booster 3\AutoUpdate.exe:*:Enabled:ipsec "E:\PandoraMT2\patcher\metin2.bin" = E:\PandoraMT2\patcher\metin2.bin:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winuvcaad.exe" = C:\Users\darek\AppData\Local\Temp\winuvcaad.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winjjkj.exe" = C:\Users\darek\AppData\Local\Temp\winjjkj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winebjak.exe" = C:\Users\darek\AppData\Local\Temp\winebjak.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\idcdo.exe" = C:\Users\darek\AppData\Local\Temp\idcdo.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winiellg.exe" = C:\Users\darek\AppData\Local\Temp\winiellg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\dcbesx.exe" = C:\Users\darek\AppData\Local\Temp\dcbesx.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winfxwuf.exe" = C:\Users\darek\AppData\Local\Temp\winfxwuf.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wintotpvi.exe" = C:\Users\darek\AppData\Local\Temp\wintotpvi.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winmyjdrk.exe" = C:\Users\darek\AppData\Local\Temp\winmyjdrk.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winrvumg.exe" = C:\Users\darek\AppData\Local\Temp\winrvumg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\chdxcn.exe" = C:\Users\darek\AppData\Local\Temp\chdxcn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\bpap.exe" = C:\Users\darek\AppData\Local\Temp\bpap.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\xhbc.exe" = C:\Users\darek\AppData\Local\Temp\xhbc.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\nykkc.exe" = C:\Users\darek\AppData\Local\Temp\nykkc.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winjrtyyv.exe" = C:\Users\darek\AppData\Local\Temp\winjrtyyv.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\xtxjki.exe" = C:\Users\darek\AppData\Local\Temp\xtxjki.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\xidcu.exe" = C:\Users\darek\AppData\Local\Temp\xidcu.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winemje.exe" = C:\Users\darek\AppData\Local\Temp\winemje.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winufmaa.exe" = C:\Users\darek\AppData\Local\Temp\winufmaa.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winkvau.exe" = C:\Users\darek\AppData\Local\Temp\winkvau.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winukigxt.exe" = C:\Users\darek\AppData\Local\Temp\winukigxt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winqkyj.exe" = C:\Users\darek\AppData\Local\Temp\winqkyj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winingvh.exe" = C:\Users\darek\AppData\Local\Temp\winingvh.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winelbdr.exe" = C:\Users\darek\AppData\Local\Temp\winelbdr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ejor.exe" = C:\Users\darek\AppData\Local\Temp\ejor.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winbbrtct.exe" = C:\Users\darek\AppData\Local\Temp\winbbrtct.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\rllo.exe" = C:\Users\darek\AppData\Local\Temp\rllo.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winhuemna.exe" = C:\Users\darek\AppData\Local\Temp\winhuemna.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wincxxbk.exe" = C:\Users\darek\AppData\Local\Temp\wincxxbk.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\yrhp.exe" = C:\Users\darek\AppData\Local\Temp\yrhp.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\inqu.exe" = C:\Users\darek\AppData\Local\Temp\inqu.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\workox.exe" = C:\Users\darek\AppData\Local\Temp\workox.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\nkdth.exe" = C:\Users\darek\AppData\Local\Temp\nkdth.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winnxpoxt.exe" = C:\Users\darek\AppData\Local\Temp\winnxpoxt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvwsb.exe" = C:\Users\darek\AppData\Local\Temp\winvwsb.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wincyyfy.exe" = C:\Users\darek\AppData\Local\Temp\wincyyfy.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winccgpy.exe" = C:\Users\darek\AppData\Local\Temp\winccgpy.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winwmvcig.exe" = C:\Users\darek\AppData\Local\Temp\winwmvcig.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winmdfcjm.exe" = C:\Users\darek\AppData\Local\Temp\winmdfcjm.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winalwrx.exe" = C:\Users\darek\AppData\Local\Temp\winalwrx.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvejcki.exe" = C:\Users\darek\AppData\Local\Temp\winvejcki.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ljdjuj.exe" = C:\Users\darek\AppData\Local\Temp\ljdjuj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\gucdc.exe" = C:\Users\darek\AppData\Local\Temp\gucdc.exe:*:Enabled:ipsec "E:\League of Legends\RADS\system\rads_user_kernel.exe" = E:\League of Legends\RADS\system\rads_user_kernel.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\enpvrg.exe" = C:\Users\darek\AppData\Local\Temp\enpvrg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winxvcwyb.exe" = C:\Users\darek\AppData\Local\Temp\winxvcwyb.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ayaj.exe" = C:\Users\darek\AppData\Local\Temp\ayaj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winiektt.exe" = C:\Users\darek\AppData\Local\Temp\winiektt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winnjqt.exe" = C:\Users\darek\AppData\Local\Temp\winnjqt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wingiyp.exe" = C:\Users\darek\AppData\Local\Temp\wingiyp.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\pxit.exe" = C:\Users\darek\AppData\Local\Temp\pxit.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winhdkr.exe" = C:\Users\darek\AppData\Local\Temp\winhdkr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\aehd.exe" = C:\Users\darek\AppData\Local\Temp\aehd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winqnqp.exe" = C:\Users\darek\AppData\Local\Temp\winqnqp.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winguyfyx.exe" = C:\Users\darek\AppData\Local\Temp\winguyfyx.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wincoqilx.exe" = C:\Users\darek\AppData\Local\Temp\wincoqilx.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\uujnrg.exe" = C:\Users\darek\AppData\Local\Temp\uujnrg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winontr.exe" = C:\Users\darek\AppData\Local\Temp\winontr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winqmos.exe" = C:\Users\darek\AppData\Local\Temp\winqmos.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\nkwemk.exe" = C:\Users\darek\AppData\Local\Temp\nkwemk.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winocnb.exe" = C:\Users\darek\AppData\Local\Temp\winocnb.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\lwhnj.exe" = C:\Users\darek\AppData\Local\Temp\lwhnj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winxeyi.exe" = C:\Users\darek\AppData\Local\Temp\winxeyi.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winrtug.exe" = C:\Users\darek\AppData\Local\Temp\winrtug.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winphit.exe" = C:\Users\darek\AppData\Local\Temp\winphit.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\gsaicy.exe" = C:\Users\darek\AppData\Local\Temp\gsaicy.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winaotblb.exe" = C:\Users\darek\AppData\Local\Temp\winaotblb.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ybvqyb.exe" = C:\Users\darek\AppData\Local\Temp\ybvqyb.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\evxsl.exe" = C:\Users\darek\AppData\Local\Temp\evxsl.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ibcr.exe" = C:\Users\darek\AppData\Local\Temp\ibcr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winixnnrs.exe" = C:\Users\darek\AppData\Local\Temp\winixnnrs.exe:*:Enabled:ipsec "E:\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.247\deploy\League of Legends.exe" = E:\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.247\deploy\League of Legends.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winsxpx.exe" = C:\Users\darek\AppData\Local\Temp\winsxpx.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wmybmf.exe" = C:\Users\darek\AppData\Local\Temp\wmybmf.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\atax.exe" = C:\Users\darek\AppData\Local\Temp\atax.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\yprvoh.exe" = C:\Users\darek\AppData\Local\Temp\yprvoh.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\txlf.exe" = C:\Users\darek\AppData\Local\Temp\txlf.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ytdsjb.exe" = C:\Users\darek\AppData\Local\Temp\ytdsjb.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winhdovjg.exe" = C:\Users\darek\AppData\Local\Temp\winhdovjg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\dtwmr.exe" = C:\Users\darek\AppData\Local\Temp\dtwmr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\dovxp.exe" = C:\Users\darek\AppData\Local\Temp\dovxp.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winhyoj.exe" = C:\Users\darek\AppData\Local\Temp\winhyoj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ojsp.exe" = C:\Users\darek\AppData\Local\Temp\ojsp.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winspwkp.exe" = C:\Users\darek\AppData\Local\Temp\winspwkp.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wingxfkbb.exe" = C:\Users\darek\AppData\Local\Temp\wingxfkbb.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winepnuvx.exe" = C:\Users\darek\AppData\Local\Temp\winepnuvx.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wingsqa.exe" = C:\Users\darek\AppData\Local\Temp\wingsqa.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\qwju.exe" = C:\Users\darek\AppData\Local\Temp\qwju.exe:*:Enabled:ipsec "G:\njsij.scr" = G:\njsij.scr:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\windxdllj.exe" = C:\Users\darek\AppData\Local\Temp\windxdllj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winbksss.exe" = C:\Users\darek\AppData\Local\Temp\winbksss.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winccmfl.exe" = C:\Users\darek\AppData\Local\Temp\winccmfl.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\jewxpr.exe" = C:\Users\darek\AppData\Local\Temp\jewxpr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wjecv.exe" = C:\Users\darek\AppData\Local\Temp\wjecv.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winieba.exe" = C:\Users\darek\AppData\Local\Temp\winieba.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvkpkgm.exe" = C:\Users\darek\AppData\Local\Temp\winvkpkgm.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\jqmfg.exe" = C:\Users\darek\AppData\Local\Temp\jqmfg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\hlutm.exe" = C:\Users\darek\AppData\Local\Temp\hlutm.exe:*:Enabled:ipsec "E:\League of Legends\lol.launcher.admin.exe" = E:\League of Legends\lol.launcher.admin.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winnglfcb.exe" = C:\Users\darek\AppData\Local\Temp\winnglfcb.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winklsa.exe" = C:\Users\darek\AppData\Local\Temp\winklsa.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winrbbsn.exe" = C:\Users\darek\AppData\Local\Temp\winrbbsn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\nbmul.exe" = C:\Users\darek\AppData\Local\Temp\nbmul.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\hxxeq.exe" = C:\Users\darek\AppData\Local\Temp\hxxeq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\windpnoi.exe" = C:\Users\darek\AppData\Local\Temp\windpnoi.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wepl.exe" = C:\Users\darek\AppData\Local\Temp\wepl.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wbihcm.exe" = C:\Users\darek\AppData\Local\Temp\wbihcm.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winmtnoq.exe" = C:\Users\darek\AppData\Local\Temp\winmtnoq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winkidynh.exe" = C:\Users\darek\AppData\Local\Temp\winkidynh.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winjkfs.exe" = C:\Users\darek\AppData\Local\Temp\winjkfs.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ithtfw.exe" = C:\Users\darek\AppData\Local\Temp\ithtfw.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\lrep.exe" = C:\Users\darek\AppData\Local\Temp\lrep.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Roaming\METACR~1\UPDATE~1\UPDATE~1.EXE" = C:\Users\darek\AppData\Roaming\METACR~1\UPDATE~1\UPDATE~1.EXE:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winwaiu.exe" = C:\Users\darek\AppData\Local\Temp\winwaiu.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\sskqss.exe" = C:\Users\darek\AppData\Local\Temp\sskqss.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\olqkls.exe" = C:\Users\darek\AppData\Local\Temp\olqkls.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winxhhicv.exe" = C:\Users\darek\AppData\Local\Temp\winxhhicv.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winllon.exe" = C:\Users\darek\AppData\Local\Temp\winllon.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winoilc.exe" = C:\Users\darek\AppData\Local\Temp\winoilc.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ybwfor.exe" = C:\Users\darek\AppData\Local\Temp\ybwfor.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winbvrjpk.exe" = C:\Users\darek\AppData\Local\Temp\winbvrjpk.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winhajsq.exe" = C:\Users\darek\AppData\Local\Temp\winhajsq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\cvcpew.exe" = C:\Users\darek\AppData\Local\Temp\cvcpew.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\tmkt.exe" = C:\Users\darek\AppData\Local\Temp\tmkt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winwmvonv.exe" = C:\Users\darek\AppData\Local\Temp\winwmvonv.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winsoasjb.exe" = C:\Users\darek\AppData\Local\Temp\winsoasjb.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\nawck.exe" = C:\Users\darek\AppData\Local\Temp\nawck.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\emfmfu.exe" = C:\Users\darek\AppData\Local\Temp\emfmfu.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ggfoq.exe" = C:\Users\darek\AppData\Local\Temp\ggfoq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winjipmso.exe" = C:\Users\darek\AppData\Local\Temp\winjipmso.exe:*:Enabled:ipsec "C:\Users\darek\Desktop\Minecraft.exe" = C:\Users\darek\Desktop\Minecraft.exe:*:Enabled:ipsec "E:\Programy\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe" = E:\Programy\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe:*:Enabled:ipsec "E:\Programy\Asprate\Tibia Multi IP Changer\UNinstaller.exe" = E:\Programy\Asprate\Tibia Multi IP Changer\UNinstaller.exe:*:Enabled:ipsec "E:\Programy\Asprate\Tibia Multi IP Changer\Ip Changer Updater.exe" = E:\Programy\Asprate\Tibia Multi IP Changer\Ip Changer Updater.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvfdh.exe" = C:\Users\darek\AppData\Local\Temp\winvfdh.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\pmpcj.exe" = C:\Users\darek\AppData\Local\Temp\pmpcj.exe:*:Enabled:ipsec "E:\LOL\lol.launcher.exe" = E:\LOL\lol.launcher.exe:*:Enabled:ipsec -- () "E:\LOL\lol.launcher.admin.exe" = E:\LOL\lol.launcher.admin.exe:*:Enabled:ipsec -- () "C:\Users\darek\AppData\Local\Temp\winutbj.exe" = C:\Users\darek\AppData\Local\Temp\winutbj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\_iu14D2N.tmp" = C:\Users\darek\AppData\Local\Temp\_iu14D2N.tmp:*:Enabled:ipsec -- () "C:\Users\darek\AppData\Local\Temp\nkqwag.exe" = C:\Users\darek\AppData\Local\Temp\nkqwag.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winsjylr.exe" = C:\Users\darek\AppData\Local\Temp\winsjylr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wincylrlx.exe" = C:\Users\darek\AppData\Local\Temp\wincylrlx.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winmndd.exe" = C:\Users\darek\AppData\Local\Temp\winmndd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winnenv.exe" = C:\Users\darek\AppData\Local\Temp\winnenv.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\jfpdw.exe" = C:\Users\darek\AppData\Local\Temp\jfpdw.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\kldt.exe" = C:\Users\darek\AppData\Local\Temp\kldt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winyvvhgx.exe" = C:\Users\darek\AppData\Local\Temp\winyvvhgx.exe:*:Enabled:ipsec "E:\Kingo Android ROOT\unins000.exe" = E:\Kingo Android ROOT\unins000.exe:*:Enabled:ipsec -- () "C:\Users\darek\AppData\Local\Temp\is-KFBEF.tmp\android_root.tmp" = C:\Users\darek\AppData\Local\Temp\is-KFBEF.tmp\android_root.tmp:*:Enabled:ipsec "E:\LOL\RADS\projects\lol_air_client\releases\0.0.1.87\deploy\LolClient.exe" = E:\LOL\RADS\projects\lol_air_client\releases\0.0.1.87\deploy\LolClient.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winoock.exe" = C:\Users\darek\AppData\Local\Temp\winoock.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winxaflum.exe" = C:\Users\darek\AppData\Local\Temp\winxaflum.exe:*:Enabled:ipsec "C:\Program Files (x86)\Notepad++\notepad++.exe" = C:\Program Files (x86)\Notepad++\notepad++.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winpemkyk.exe" = C:\Users\darek\AppData\Local\Temp\winpemkyk.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winugvlpr.exe" = C:\Users\darek\AppData\Local\Temp\winugvlpr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winygekr.exe" = C:\Users\darek\AppData\Local\Temp\winygekr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\kafq.exe" = C:\Users\darek\AppData\Local\Temp\kafq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winrhxey.exe" = C:\Users\darek\AppData\Local\Temp\winrhxey.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ttwyg.exe" = C:\Users\darek\AppData\Local\Temp\ttwyg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wgyowp.exe" = C:\Users\darek\AppData\Local\Temp\wgyowp.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winguup.exe" = C:\Users\darek\AppData\Local\Temp\winguup.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winqjspd.exe" = C:\Users\darek\AppData\Local\Temp\winqjspd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\tklyas.exe" = C:\Users\darek\AppData\Local\Temp\tklyas.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winmufg.exe" = C:\Users\darek\AppData\Local\Temp\winmufg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winyebgh.exe" = C:\Users\darek\AppData\Local\Temp\winyebgh.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ssdfwq.exe" = C:\Users\darek\AppData\Local\Temp\ssdfwq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wincgaujo.exe" = C:\Users\darek\AppData\Local\Temp\wincgaujo.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winhhwq.exe" = C:\Users\darek\AppData\Local\Temp\winhhwq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winbinfmp.exe" = C:\Users\darek\AppData\Local\Temp\winbinfmp.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\lryr.exe" = C:\Users\darek\AppData\Local\Temp\lryr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ubyom.exe" = C:\Users\darek\AppData\Local\Temp\ubyom.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvumgw.exe" = C:\Users\darek\AppData\Local\Temp\winvumgw.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wptd.exe" = C:\Users\darek\AppData\Local\Temp\wptd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winwjnkof.exe" = C:\Users\darek\AppData\Local\Temp\winwjnkof.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ndjss.exe" = C:\Users\darek\AppData\Local\Temp\ndjss.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winysvtla.exe" = C:\Users\darek\AppData\Local\Temp\winysvtla.exe:*:Enabled:ipsec "E:\LOL\RADS\projects\lol_launcher\releases\0.0.0.207\deploy\LoLLauncher.exe" = E:\LOL\RADS\projects\lol_launcher\releases\0.0.0.207\deploy\LoLLauncher.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winqtglj.exe" = C:\Users\darek\AppData\Local\Temp\winqtglj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\udelv.exe" = C:\Users\darek\AppData\Local\Temp\udelv.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winxitvs.exe" = C:\Users\darek\AppData\Local\Temp\winxitvs.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winofkpub.exe" = C:\Users\darek\AppData\Local\Temp\winofkpub.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winhmuhis.exe" = C:\Users\darek\AppData\Local\Temp\winhmuhis.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\cypeko.exe" = C:\Users\darek\AppData\Local\Temp\cypeko.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winndut.exe" = C:\Users\darek\AppData\Local\Temp\winndut.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\windwcbc.exe" = C:\Users\darek\AppData\Local\Temp\windwcbc.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winrcva.exe" = C:\Users\darek\AppData\Local\Temp\winrcva.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\xrtnv.exe" = C:\Users\darek\AppData\Local\Temp\xrtnv.exe:*:Enabled:ipsec "E:\LOL\RADS\projects\lol_air_client\releases\0.0.1.88\deploy\LolClient.exe" = E:\LOL\RADS\projects\lol_air_client\releases\0.0.1.88\deploy\LolClient.exe:*:Enabled:ipsec "C:\Windows\SysWOW64\ctfmon.exe" = C:\Windows\SysWOW64\ctfmon.exe:*:Enabled:ipsec -- (Microsoft Corporation) "C:\Users\darek\AppData\Local\Temp\winmprinm.exe" = C:\Users\darek\AppData\Local\Temp\winmprinm.exe:*:Enabled:ipsec "E:\Program Files (x86)\screenSHU\screenSHU.exe" = E:\Program Files (x86)\screenSHU\screenSHU.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\atcui.exe" = C:\Users\darek\AppData\Local\Temp\atcui.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winccpfhv.exe" = C:\Users\darek\AppData\Local\Temp\winccpfhv.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvebsif.exe" = C:\Users\darek\AppData\Local\Temp\winvebsif.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winbdgs.exe" = C:\Users\darek\AppData\Local\Temp\winbdgs.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\iafs.exe" = C:\Users\darek\AppData\Local\Temp\iafs.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\pfnupn.exe" = C:\Users\darek\AppData\Local\Temp\pfnupn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\lcgxj.exe" = C:\Users\darek\AppData\Local\Temp\lcgxj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winludt.exe" = C:\Users\darek\AppData\Local\Temp\winludt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\swnmuk.exe" = C:\Users\darek\AppData\Local\Temp\swnmuk.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\nxcfj.exe" = C:\Users\darek\AppData\Local\Temp\nxcfj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wpefj.exe" = C:\Users\darek\AppData\Local\Temp\wpefj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winjmxdfd.exe" = C:\Users\darek\AppData\Local\Temp\winjmxdfd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\mjrt.exe" = C:\Users\darek\AppData\Local\Temp\mjrt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winrmqan.exe" = C:\Users\darek\AppData\Local\Temp\winrmqan.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\inpmvy.exe" = C:\Users\darek\AppData\Local\Temp\inpmvy.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\npwerp.exe" = C:\Users\darek\AppData\Local\Temp\npwerp.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winwmya.exe" = C:\Users\darek\AppData\Local\Temp\winwmya.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winehalch.exe" = C:\Users\darek\AppData\Local\Temp\winehalch.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wincgtnma.exe" = C:\Users\darek\AppData\Local\Temp\wincgtnma.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winmsyfc.exe" = C:\Users\darek\AppData\Local\Temp\winmsyfc.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winfnkjta.exe" = C:\Users\darek\AppData\Local\Temp\winfnkjta.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\pgiv.exe" = C:\Users\darek\AppData\Local\Temp\pgiv.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winstyva.exe" = C:\Users\darek\AppData\Local\Temp\winstyva.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winwcbiyu.exe" = C:\Users\darek\AppData\Local\Temp\winwcbiyu.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\vowa.exe" = C:\Users\darek\AppData\Local\Temp\vowa.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winrobq.exe" = C:\Users\darek\AppData\Local\Temp\winrobq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winceqs.exe" = C:\Users\darek\AppData\Local\Temp\winceqs.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winxgos.exe" = C:\Users\darek\AppData\Local\Temp\winxgos.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winymauou.exe" = C:\Users\darek\AppData\Local\Temp\winymauou.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\hnrak.exe" = C:\Users\darek\AppData\Local\Temp\hnrak.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winwchr.exe" = C:\Users\darek\AppData\Local\Temp\winwchr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\yfwv.exe" = C:\Users\darek\AppData\Local\Temp\yfwv.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winhvevm.exe" = C:\Users\darek\AppData\Local\Temp\winhvevm.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\oyhph.exe" = C:\Users\darek\AppData\Local\Temp\oyhph.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winweqd.exe" = C:\Users\darek\AppData\Local\Temp\winweqd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winahwv.exe" = C:\Users\darek\AppData\Local\Temp\winahwv.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wrhgo.exe" = C:\Users\darek\AppData\Local\Temp\wrhgo.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wincnqan.exe" = C:\Users\darek\AppData\Local\Temp\wincnqan.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winwjkoh.exe" = C:\Users\darek\AppData\Local\Temp\winwjkoh.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winrfrt.exe" = C:\Users\darek\AppData\Local\Temp\winrfrt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winfdoue.exe" = C:\Users\darek\AppData\Local\Temp\winfdoue.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winxwfo.exe" = C:\Users\darek\AppData\Local\Temp\winxwfo.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\yrnygm.exe" = C:\Users\darek\AppData\Local\Temp\yrnygm.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winxlgibn.exe" = C:\Users\darek\AppData\Local\Temp\winxlgibn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\brgtb.exe" = C:\Users\darek\AppData\Local\Temp\brgtb.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\efib.exe" = C:\Users\darek\AppData\Local\Temp\efib.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\windlom.exe" = C:\Users\darek\AppData\Local\Temp\windlom.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\hoouv.exe" = C:\Users\darek\AppData\Local\Temp\hoouv.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winsxkq.exe" = C:\Users\darek\AppData\Local\Temp\winsxkq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winqmykfn.exe" = C:\Users\darek\AppData\Local\Temp\winqmykfn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\xusu.exe" = C:\Users\darek\AppData\Local\Temp\xusu.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winyngr.exe" = C:\Users\darek\AppData\Local\Temp\winyngr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\gnrl.exe" = C:\Users\darek\AppData\Local\Temp\gnrl.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ysid.exe" = C:\Users\darek\AppData\Local\Temp\ysid.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winifso.exe" = C:\Users\darek\AppData\Local\Temp\winifso.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\jbsxl.exe" = C:\Users\darek\AppData\Local\Temp\jbsxl.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvljd.exe" = C:\Users\darek\AppData\Local\Temp\winvljd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\mpdswn.exe" = C:\Users\darek\AppData\Local\Temp\mpdswn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winxejds.exe" = C:\Users\darek\AppData\Local\Temp\winxejds.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winqqri.exe" = C:\Users\darek\AppData\Local\Temp\winqqri.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wincorn.exe" = C:\Users\darek\AppData\Local\Temp\wincorn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winedkyjj.exe" = C:\Users\darek\AppData\Local\Temp\winedkyjj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wineoyyd.exe" = C:\Users\darek\AppData\Local\Temp\wineoyyd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winxvsen.exe" = C:\Users\darek\AppData\Local\Temp\winxvsen.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winpbwibc.exe" = C:\Users\darek\AppData\Local\Temp\winpbwibc.exe:*:Enabled:ipsec "E:\bot lol\BoL Studio.exe" = E:\bot lol\BoL Studio.exe:*:Enabled:ipsec -- () "C:\Users\darek\AppData\Local\Temp\mutqs.exe" = C:\Users\darek\AppData\Local\Temp\mutqs.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\bdnn.exe" = C:\Users\darek\AppData\Local\Temp\bdnn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\otosv.exe" = C:\Users\darek\AppData\Local\Temp\otosv.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\oswa.exe" = C:\Users\darek\AppData\Local\Temp\oswa.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winryscb.exe" = C:\Users\darek\AppData\Local\Temp\winryscb.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winrjvnvt.exe" = C:\Users\darek\AppData\Local\Temp\winrjvnvt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winrqyhsq.exe" = C:\Users\darek\AppData\Local\Temp\winrqyhsq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winbbvsoy.exe" = C:\Users\darek\AppData\Local\Temp\winbbvsoy.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winperluc.exe" = C:\Users\darek\AppData\Local\Temp\winperluc.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winktmshq.exe" = C:\Users\darek\AppData\Local\Temp\winktmshq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winhipy.exe" = C:\Users\darek\AppData\Local\Temp\winhipy.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\vtfrs.exe" = C:\Users\darek\AppData\Local\Temp\vtfrs.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wflol.exe" = C:\Users\darek\AppData\Local\Temp\wflol.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\oovf.exe" = C:\Users\darek\AppData\Local\Temp\oovf.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\lhmbgt.exe" = C:\Users\darek\AppData\Local\Temp\lhmbgt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\mmml.exe" = C:\Users\darek\AppData\Local\Temp\mmml.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\htnoi.exe" = C:\Users\darek\AppData\Local\Temp\htnoi.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\tlgc.exe" = C:\Users\darek\AppData\Local\Temp\tlgc.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\qtllt.exe" = C:\Users\darek\AppData\Local\Temp\qtllt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winwhqy.exe" = C:\Users\darek\AppData\Local\Temp\winwhqy.exe:*:Enabled:ipsec "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" = C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winqpjuox.exe" = C:\Users\darek\AppData\Local\Temp\winqpjuox.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winmdsp.exe" = C:\Users\darek\AppData\Local\Temp\winmdsp.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winkqmac.exe" = C:\Users\darek\AppData\Local\Temp\winkqmac.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winntdu.exe" = C:\Users\darek\AppData\Local\Temp\winntdu.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\yskn.exe" = C:\Users\darek\AppData\Local\Temp\yskn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winwndaf.exe" = C:\Users\darek\AppData\Local\Temp\winwndaf.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\fqjh.exe" = C:\Users\darek\AppData\Local\Temp\fqjh.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winebcej.exe" = C:\Users\darek\AppData\Local\Temp\winebcej.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\lela.exe" = C:\Users\darek\AppData\Local\Temp\lela.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winkxlp.exe" = C:\Users\darek\AppData\Local\Temp\winkxlp.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\mbvqp.exe" = C:\Users\darek\AppData\Local\Temp\mbvqp.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winbhgmac.exe" = C:\Users\darek\AppData\Local\Temp\winbhgmac.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ojixf.exe" = C:\Users\darek\AppData\Local\Temp\ojixf.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wintcktwl.exe" = C:\Users\darek\AppData\Local\Temp\wintcktwl.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winrcld.exe" = C:\Users\darek\AppData\Local\Temp\winrcld.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\icjj.exe" = C:\Users\darek\AppData\Local\Temp\icjj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wintwhlr.exe" = C:\Users\darek\AppData\Local\Temp\wintwhlr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wingdln.exe" = C:\Users\darek\AppData\Local\Temp\wingdln.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ugsanh.exe" = C:\Users\darek\AppData\Local\Temp\ugsanh.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winnxnqqf.exe" = C:\Users\darek\AppData\Local\Temp\winnxnqqf.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ithjio.exe" = C:\Users\darek\AppData\Local\Temp\ithjio.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\mctsy.exe" = C:\Users\darek\AppData\Local\Temp\mctsy.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winodhwi.exe" = C:\Users\darek\AppData\Local\Temp\winodhwi.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wkiy.exe" = C:\Users\darek\AppData\Local\Temp\wkiy.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winjdgnrg.exe" = C:\Users\darek\AppData\Local\Temp\winjdgnrg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\jqlpqe.exe" = C:\Users\darek\AppData\Local\Temp\jqlpqe.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\syot.exe" = C:\Users\darek\AppData\Local\Temp\syot.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\jxoskj.exe" = C:\Users\darek\AppData\Local\Temp\jxoskj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\scjy.exe" = C:\Users\darek\AppData\Local\Temp\scjy.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\akxrc.exe" = C:\Users\darek\AppData\Local\Temp\akxrc.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\vywlq.exe" = C:\Users\darek\AppData\Local\Temp\vywlq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winwohjpl.exe" = C:\Users\darek\AppData\Local\Temp\winwohjpl.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winioyqf.exe" = C:\Users\darek\AppData\Local\Temp\winioyqf.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvaby.exe" = C:\Users\darek\AppData\Local\Temp\winvaby.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\dsrk.exe" = C:\Users\darek\AppData\Local\Temp\dsrk.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wingkasp.exe" = C:\Users\darek\AppData\Local\Temp\wingkasp.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\lxkhj.exe" = C:\Users\darek\AppData\Local\Temp\lxkhj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winhdvkn.exe" = C:\Users\darek\AppData\Local\Temp\winhdvkn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winkuxcdc.exe" = C:\Users\darek\AppData\Local\Temp\winkuxcdc.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winkefdlk.exe" = C:\Users\darek\AppData\Local\Temp\winkefdlk.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winflioe.exe" = C:\Users\darek\AppData\Local\Temp\winflioe.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winwxwvn.exe" = C:\Users\darek\AppData\Local\Temp\winwxwvn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winmabj.exe" = C:\Users\darek\AppData\Local\Temp\winmabj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\uaqop.exe" = C:\Users\darek\AppData\Local\Temp\uaqop.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\adfk.exe" = C:\Users\darek\AppData\Local\Temp\adfk.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winnbwlbq.exe" = C:\Users\darek\AppData\Local\Temp\winnbwlbq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\pfni.exe" = C:\Users\darek\AppData\Local\Temp\pfni.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\hcibj.exe" = C:\Users\darek\AppData\Local\Temp\hcibj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\yfcwp.exe" = C:\Users\darek\AppData\Local\Temp\yfcwp.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\viyxev.exe" = C:\Users\darek\AppData\Local\Temp\viyxev.exe:*:Enabled:ipsec "C:\Users\darek\Downloads\screenSHU-setup.exe" = C:\Users\darek\Downloads\screenSHU-setup.exe:*:Enabled:ipsec "E:\LOL\RADS\projects\lol_air_client\releases\0.0.1.94\deploy\LolClient.exe" = E:\LOL\RADS\projects\lol_air_client\releases\0.0.1.94\deploy\LolClient.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\rxbdr.exe" = C:\Users\darek\AppData\Local\Temp\rxbdr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winnytyo.exe" = C:\Users\darek\AppData\Local\Temp\winnytyo.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\kbmoe.exe" = C:\Users\darek\AppData\Local\Temp\kbmoe.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winfvhhyd.exe" = C:\Users\darek\AppData\Local\Temp\winfvhhyd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\egufq.exe" = C:\Users\darek\AppData\Local\Temp\egufq.exe:*:Enabled:ipsec "E:\LOL\RADS\projects\lol_launcher\releases\0.0.0.209\deploy\LoLLauncher.exe" = E:\LOL\RADS\projects\lol_launcher\releases\0.0.0.209\deploy\LoLLauncher.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wineyhy.exe" = C:\Users\darek\AppData\Local\Temp\wineyhy.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\bvsqib.exe" = C:\Users\darek\AppData\Local\Temp\bvsqib.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winlhdd.exe" = C:\Users\darek\AppData\Local\Temp\winlhdd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\windjjp.exe" = C:\Users\darek\AppData\Local\Temp\windjjp.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvhlq.exe" = C:\Users\darek\AppData\Local\Temp\winvhlq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\vhjtsy.exe" = C:\Users\darek\AppData\Local\Temp\vhjtsy.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\bduek.exe" = C:\Users\darek\AppData\Local\Temp\bduek.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winpmuybd.exe" = C:\Users\darek\AppData\Local\Temp\winpmuybd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\dxyqgt.exe" = C:\Users\darek\AppData\Local\Temp\dxyqgt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\ntgqg.exe" = C:\Users\darek\AppData\Local\Temp\ntgqg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\oshdj.exe" = C:\Users\darek\AppData\Local\Temp\oshdj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winnidfbw.exe" = C:\Users\darek\AppData\Local\Temp\winnidfbw.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winbgptu.exe" = C:\Users\darek\AppData\Local\Temp\winbgptu.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winyrnwug.exe" = C:\Users\darek\AppData\Local\Temp\winyrnwug.exe:*:Enabled:ipsec "E:\botlol2\BoL Studio.exe" = E:\botlol2\BoL Studio.exe:*:Enabled:ipsec -- () "C:\Users\darek\AppData\Local\Temp\winswehrh.exe" = C:\Users\darek\AppData\Local\Temp\winswehrh.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\sqhg.exe" = C:\Users\darek\AppData\Local\Temp\sqhg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winsntu.exe" = C:\Users\darek\AppData\Local\Temp\winsntu.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wtbui.exe" = C:\Users\darek\AppData\Local\Temp\wtbui.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winhumd.exe" = C:\Users\darek\AppData\Local\Temp\winhumd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winmjgv.exe" = C:\Users\darek\AppData\Local\Temp\winmjgv.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winmcnr.exe" = C:\Users\darek\AppData\Local\Temp\winmcnr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winkjbgf.exe" = C:\Users\darek\AppData\Local\Temp\winkjbgf.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winrwndtv.exe" = C:\Users\darek\AppData\Local\Temp\winrwndtv.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\dvmnft.exe" = C:\Users\darek\AppData\Local\Temp\dvmnft.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wineevxi.exe" = C:\Users\darek\AppData\Local\Temp\wineevxi.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\xntmw.exe" = C:\Users\darek\AppData\Local\Temp\xntmw.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\btxen.exe" = C:\Users\darek\AppData\Local\Temp\btxen.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wincjob.exe" = C:\Users\darek\AppData\Local\Temp\wincjob.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winyssapt.exe" = C:\Users\darek\AppData\Local\Temp\winyssapt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winpbgq.exe" = C:\Users\darek\AppData\Local\Temp\winpbgq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\crtyod.exe" = C:\Users\darek\AppData\Local\Temp\crtyod.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\txmtn.exe" = C:\Users\darek\AppData\Local\Temp\txmtn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvantae.exe" = C:\Users\darek\AppData\Local\Temp\winvantae.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winbpudhq.exe" = C:\Users\darek\AppData\Local\Temp\winbpudhq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\dkrtk.exe" = C:\Users\darek\AppData\Local\Temp\dkrtk.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvvclub.exe" = C:\Users\darek\AppData\Local\Temp\winvvclub.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winsmpr.exe" = C:\Users\darek\AppData\Local\Temp\winsmpr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\aqtng.exe" = C:\Users\darek\AppData\Local\Temp\aqtng.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\pwlo.exe" = C:\Users\darek\AppData\Local\Temp\pwlo.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\vukqcn.exe" = C:\Users\darek\AppData\Local\Temp\vukqcn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\cwwq.exe" = C:\Users\darek\AppData\Local\Temp\cwwq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winomtjnt.exe" = C:\Users\darek\AppData\Local\Temp\winomtjnt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wintrcgd.exe" = C:\Users\darek\AppData\Local\Temp\wintrcgd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\khlsw.exe" = C:\Users\darek\AppData\Local\Temp\khlsw.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winpvtn.exe" = C:\Users\darek\AppData\Local\Temp\winpvtn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\rmff.exe" = C:\Users\darek\AppData\Local\Temp\rmff.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\epwa.exe" = C:\Users\darek\AppData\Local\Temp\epwa.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winoqewg.exe" = C:\Users\darek\AppData\Local\Temp\winoqewg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winfsni.exe" = C:\Users\darek\AppData\Local\Temp\winfsni.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wininlxi.exe" = C:\Users\darek\AppData\Local\Temp\wininlxi.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winsbdfkq.exe" = C:\Users\darek\AppData\Local\Temp\winsbdfkq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winantd.exe" = C:\Users\darek\AppData\Local\Temp\winantd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvsnl.exe" = C:\Users\darek\AppData\Local\Temp\winvsnl.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winbcit.exe" = C:\Users\darek\AppData\Local\Temp\winbcit.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winosglst.exe" = C:\Users\darek\AppData\Local\Temp\winosglst.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvgyd.exe" = C:\Users\darek\AppData\Local\Temp\winvgyd.exe:*:Enabled:ipsec "E:\LOL\RADS\system\rads_user_kernel.exe" = E:\LOL\RADS\system\rads_user_kernel.exe:*:Enabled:ipsec -- () "C:\Users\darek\AppData\Local\Temp\winixsq.exe" = C:\Users\darek\AppData\Local\Temp\winixsq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\dmsi.exe" = C:\Users\darek\AppData\Local\Temp\dmsi.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winyslm.exe" = C:\Users\darek\AppData\Local\Temp\winyslm.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winptpxu.exe" = C:\Users\darek\AppData\Local\Temp\winptpxu.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wincsfw.exe" = C:\Users\darek\AppData\Local\Temp\wincsfw.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winwhdmb.exe" = C:\Users\darek\AppData\Local\Temp\winwhdmb.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\mhan.exe" = C:\Users\darek\AppData\Local\Temp\mhan.exe:*:Enabled:ipsec "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" = C:\Program Files (x86)\Windows Media Player\wmplayer.exe:*:Enabled:ipsec -- (Microsoft Corporation) "E:\LOL\RADS\solutions\lol_game_client_sln\releases\0.0.1.44\deploy\League of Legends.exe" = E:\LOL\RADS\solutions\lol_game_client_sln\releases\0.0.1.44\deploy\League of Legends.exe:*:Enabled:ipsec -- () "C:\Users\darek\AppData\Local\Temp\windiuixl.exe" = C:\Users\darek\AppData\Local\Temp\windiuixl.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winuytsb.exe" = C:\Users\darek\AppData\Local\Temp\winuytsb.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winpflic.exe" = C:\Users\darek\AppData\Local\Temp\winpflic.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winahec.exe" = C:\Users\darek\AppData\Local\Temp\winahec.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wpwm.exe" = C:\Users\darek\AppData\Local\Temp\wpwm.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\shaq.exe" = C:\Users\darek\AppData\Local\Temp\shaq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\itlnu.exe" = C:\Users\darek\AppData\Local\Temp\itlnu.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\fpsu.exe" = C:\Users\darek\AppData\Local\Temp\fpsu.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wincbvdo.exe" = C:\Users\darek\AppData\Local\Temp\wincbvdo.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\fkcjo.exe" = C:\Users\darek\AppData\Local\Temp\fkcjo.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\gnowx.exe" = C:\Users\darek\AppData\Local\Temp\gnowx.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\lyftn.exe" = C:\Users\darek\AppData\Local\Temp\lyftn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\srbmg.exe" = C:\Users\darek\AppData\Local\Temp\srbmg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winwffb.exe" = C:\Users\darek\AppData\Local\Temp\winwffb.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\feitt.exe" = C:\Users\darek\AppData\Local\Temp\feitt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\hvrcrd.exe" = C:\Users\darek\AppData\Local\Temp\hvrcrd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvqwqge.exe" = C:\Users\darek\AppData\Local\Temp\winvqwqge.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winqddr.exe" = C:\Users\darek\AppData\Local\Temp\winqddr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winbaxm.exe" = C:\Users\darek\AppData\Local\Temp\winbaxm.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winbfigg.exe" = C:\Users\darek\AppData\Local\Temp\winbfigg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvbjln.exe" = C:\Users\darek\AppData\Local\Temp\winvbjln.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winrffcm.exe" = C:\Users\darek\AppData\Local\Temp\winrffcm.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\oooa.exe" = C:\Users\darek\AppData\Local\Temp\oooa.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\smfwvf.exe" = C:\Users\darek\AppData\Local\Temp\smfwvf.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winwpdl.exe" = C:\Users\darek\AppData\Local\Temp\winwpdl.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winqlwpmq.exe" = C:\Users\darek\AppData\Local\Temp\winqlwpmq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wingfdvsn.exe" = C:\Users\darek\AppData\Local\Temp\wingfdvsn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winuoyg.exe" = C:\Users\darek\AppData\Local\Temp\winuoyg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winnqddbg.exe" = C:\Users\darek\AppData\Local\Temp\winnqddbg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\oumicn.exe" = C:\Users\darek\AppData\Local\Temp\oumicn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winqqqk.exe" = C:\Users\darek\AppData\Local\Temp\winqqqk.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\rqpj.exe" = C:\Users\darek\AppData\Local\Temp\rqpj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\cdmbom.exe" = C:\Users\darek\AppData\Local\Temp\cdmbom.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\infjfu.exe" = C:\Users\darek\AppData\Local\Temp\infjfu.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winrlvdj.exe" = C:\Users\darek\AppData\Local\Temp\winrlvdj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winfxsfi.exe" = C:\Users\darek\AppData\Local\Temp\winfxsfi.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winthemtc.exe" = C:\Users\darek\AppData\Local\Temp\winthemtc.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winhvklv.exe" = C:\Users\darek\AppData\Local\Temp\winhvklv.exe:*:Enabled:ipsec "C:\Program Files (x86)\Internet Explorer\iexplore.exe" = C:\Program Files (x86)\Internet Explorer\iexplore.exe:*:Enabled:ipsec -- (Microsoft Corporation) "C:\Users\darek\AppData\Local\Temp\dtknql.exe" = C:\Users\darek\AppData\Local\Temp\dtknql.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvjfvg.exe" = C:\Users\darek\AppData\Local\Temp\winvjfvg.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\psgb.exe" = C:\Users\darek\AppData\Local\Temp\psgb.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winmaomr.exe" = C:\Users\darek\AppData\Local\Temp\winmaomr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\iufi.exe" = C:\Users\darek\AppData\Local\Temp\iufi.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winlojr.exe" = C:\Users\darek\AppData\Local\Temp\winlojr.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winpeex.exe" = C:\Users\darek\AppData\Local\Temp\winpeex.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winkduu.exe" = C:\Users\darek\AppData\Local\Temp\winkduu.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\rcnrym.exe" = C:\Users\darek\AppData\Local\Temp\rcnrym.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\pwvt.exe" = C:\Users\darek\AppData\Local\Temp\pwvt.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winlftk.exe" = C:\Users\darek\AppData\Local\Temp\winlftk.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wincdlj.exe" = C:\Users\darek\AppData\Local\Temp\wincdlj.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wincriaid.exe" = C:\Users\darek\AppData\Local\Temp\wincriaid.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winpkla.exe" = C:\Users\darek\AppData\Local\Temp\winpkla.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winnbui.exe" = C:\Users\darek\AppData\Local\Temp\winnbui.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winprarbk.exe" = C:\Users\darek\AppData\Local\Temp\winprarbk.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winywko.exe" = C:\Users\darek\AppData\Local\Temp\winywko.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\sqwell.exe" = C:\Users\darek\AppData\Local\Temp\sqwell.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winpveuhh.exe" = C:\Users\darek\AppData\Local\Temp\winpveuhh.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winvmxx.exe" = C:\Users\darek\AppData\Local\Temp\winvmxx.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winhkaf.exe" = C:\Users\darek\AppData\Local\Temp\winhkaf.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winmrlkrd.exe" = C:\Users\darek\AppData\Local\Temp\winmrlkrd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\igvn.exe" = C:\Users\darek\AppData\Local\Temp\igvn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winbwhwqn.exe" = C:\Users\darek\AppData\Local\Temp\winbwhwqn.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\gqno.exe" = C:\Users\darek\AppData\Local\Temp\gqno.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winoigecu.exe" = C:\Users\darek\AppData\Local\Temp\winoigecu.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\wingxuh.exe" = C:\Users\darek\AppData\Local\Temp\wingxuh.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winmxfp.exe" = C:\Users\darek\AppData\Local\Temp\winmxfp.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\iytemq.exe" = C:\Users\darek\AppData\Local\Temp\iytemq.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\windrvd.exe" = C:\Users\darek\AppData\Local\Temp\windrvd.exe:*:Enabled:ipsec "C:\Users\darek\AppData\Local\Temp\winlycc.exe" = C:\Users\darek\AppData\Local\Temp\winlycc.exe:*:Enabled:ipsec ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03F1C8DD-35FC-40FE-AF41-DD691B520C24}" = lport=10243 | protocol=6 | dir=in | app=system | "{0C604D15-BAFC-4106-BA0C-9326F8E7906C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{0EE98E43-1110-424B-A8AF-DC4EAEB5DFB9}" = lport=2869 | protocol=6 | dir=in | app=system | "{12188104-6F0D-489B-AA44-C9EDDBF00469}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{19349C09-75DB-46E2-82FD-CF948D3D821F}" = rport=139 | protocol=6 | dir=out | app=system | "{2751C6D7-845C-4CD4-8216-EA6228798D03}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{27A510B0-FEE8-44C2-9E3F-0741166599EB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{30CD75B5-9ABE-4026-90EF-A6F14F08FA29}" = lport=138 | protocol=17 | dir=in | app=system | "{35A757B3-DE66-41F5-BD4B-EA7EEE1BE72E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4064F53D-CCF8-4B32-AB78-0C347F495DEE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4175403A-742F-4559-83EB-EE1F1902B254}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4C6F3CB4-6855-4E81-8F0D-41D957E98573}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{526A36B1-3B91-4E72-8540-2E600CFB59D5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{529A654E-7F83-40E6-AD41-672C8DAA6ACF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{55B11C11-C895-4733-A2E2-F301CFEBE674}" = rport=138 | protocol=17 | dir=out | app=system | "{5CBEED45-D312-4A38-82AC-76E253C1EB92}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6EBFE1C3-E6F5-42CB-A957-DA3AC0EC1BBC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6F28DC92-DD50-4461-9005-10FFF7A07F2B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{75A9E74D-E07A-4B6B-80E2-3FB814DD2A84}" = lport=139 | protocol=6 | dir=in | app=system | "{788C2223-34F0-4335-98C9-700FADB1CE0F}" = lport=445 | protocol=6 | dir=in | app=system | "{8087C1A4-747A-4990-9891-19875529C8E8}" = rport=445 | protocol=6 | dir=out | app=system | "{83E6E9DD-332D-4B8C-8F79-50D2E89C3F15}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{872B241E-0DD4-464B-9A99-BDC8FCAADFB1}" = lport=137 | protocol=17 | dir=in | app=system | "{8B997564-CCB0-46B2-A29E-BA2F91CF3F84}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8D55DA53-6B4D-4A7D-987F-07793BC6E3D5}" = rport=10243 | protocol=6 | dir=out | app=system | "{904F465A-9132-4F6B-A420-DE03299B76D1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{948DF66A-D254-4E7F-91CC-617FD447C2DC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{968DF6FC-231B-44AC-88FA-4FFF2B1C11C1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{A76AEC45-A96D-4724-B481-52A41A552DE6}" = lport=8317 | protocol=6 | dir=in | name=techsmith camtasia studio | "{B50C0BB2-E709-4CD1-BFE7-7657F4266884}" = rport=137 | protocol=17 | dir=out | app=system | "{D004ED46-14D3-4CA3-BB16-5AD55BC4870F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D1A68A96-8C40-48D1-8C6E-448689F2A49D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{D200D693-3A98-4882-B46E-E6816F531058}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D9E46D00-0894-43B7-B29D-854197B5FF1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EA560895-1A40-4CB1-B900-808851930095}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C61201B-4654-404D-89AF-DA1AE0B2434C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{1C73237A-C5C0-43D6-AA59-002A22FA4518}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2A35E177-DC96-477D-8F80-D34292DCB390}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{31935BAB-3FA1-4FCF-BDD4-2D38B3F57E83}" = dir=in | name=ytlimit | "{339F85E0-661F-4F1C-8D1C-C6B8B24F4F59}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{359D31D1-78C3-4724-965E-AAE4413FAADD}" = dir=in | app=c:\users\darek\appdata\local\microsoft\skydrive\skydrive.exe | "{385B6E97-C572-4EB6-85ED-DEEE7112F792}" = protocol=6 | dir=out | app=system | "{3A62C9D3-5B62-469D-A81B-F38B170D02E7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{3BBCB4C0-A46D-432B-A680-D8D9DCFB6BA1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{48BE11DB-E446-4E4B-BC30-11A78926DE72}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe | "{56900AA2-9222-4A08-8A34-EB777AECB2B1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{58D0C6D4-C43A-44F0-9491-264580B0ABCD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{59E8FDF7-4181-4BB7-9611-277CF07B33FF}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe | "{5CF7BF53-4D75-4038-916D-4EC863773016}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5EA3B441-1E81-44C7-8E6A-03F8ED0278B3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{61CBB253-B6AA-48EC-9B0C-C4C92FE2C96E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{671F2AE1-4534-41F8-A71E-3B87335A2E5E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{68E6A0C3-DEF6-4509-B13E-E1B49366130F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6BBE74D7-6E9F-415A-8749-55B81929F759}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{729CEFDB-8187-465B-9743-C315A2CD1FE0}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{740590C2-33A3-487F-A47D-4338AAC5B7E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{777E8D80-4C28-4C0A-A557-804FC4BB06A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{7AB5158E-F036-43B0-B567-B3A508B4C72C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{7C69B19E-4F21-4793-9230-A1FB1504376A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{82E6FD9B-D6F5-459D-98CD-96E9E844308B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{8872A1EE-E456-45DF-8724-3D2AF5EA5B54}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{8DCD20D5-BA28-470C-B24F-72ADC1B87020}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{901C13B9-871B-4DE7-A3F1-3AB2916FFA14}" = protocol=6 | dir=in | app=c:\programdata\esafe\egdpsvc.exe | "{95145BB4-9C71-4F2E-B043-6ABF86C995A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A304D43E-90A2-4B4B-9E8C-3E786F41A889}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{BDC5673D-CEB1-4302-8107-374C03AD147A}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe | "{BF7DA832-7C91-49BF-A5C1-1A960B2D5D55}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{C158AB83-9BE1-403C-8701-EBAE679E454A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{C23BDF5C-AC38-47E7-B974-E53338C729DC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{C4A1AC2A-7E16-40A6-ACBC-133B37187C36}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe | "{D4588794-8A96-4883-94B9-452BAB5B91DF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{E387D761-6CDB-45ED-B4CA-EB2CFD985D4A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F77DB512-7650-43ED-AA9B-0C1B799F6726}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FF45A435-E8D9-48D0-BD25-DFA0AC2D8FC1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{0E829AB7-2044-475A-9DE7-D31B93A07786}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "TCP Query User{377454C5-5130-4A57-BD56-133F8DE1A31B}C:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\apache.exe | "TCP Query User{49CC5008-9844-4A39-A44A-13BD1CC67CE7}G:\njsij.scr" = protocol=6 | dir=in | app=g:\njsij.scr | "TCP Query User{4C872295-0864-4328-8999-8CD4998D1F06}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe | "TCP Query User{7BEE67F1-72BD-48FA-ABD0-012A2AD9DBE4}C:\programdata\browserdefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserdefender.exe" = protocol=6 | dir=in | app=c:\programdata\browserdefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserdefender.exe | "TCP Query User{B481380E-01B4-4148-AC09-4153D2E1CAE6}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "TCP Query User{CFFD941E-99D2-42CE-A638-FDA3DB1F6CD2}C:\windows\syswow64\netsh.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\netsh.exe | "TCP Query User{ECEEF144-9C4B-4817-8E37-7279F151DA0D}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{FEE16BE0-8CE4-439E-82B6-F5747C689BEE}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{0881B6F6-0595-423C-95E1-A5735861B137}C:\programdata\browserdefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserdefender.exe" = protocol=17 | dir=in | app=c:\programdata\browserdefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserdefender.exe | "UDP Query User{0D82A9FE-9E75-4F97-9259-482A77025B15}C:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\apache.exe | "UDP Query User{11159B83-B183-4F68-9EF1-6B04778611C9}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{3435F9F4-3915-426E-BA7A-42CBA0E354C1}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{78A292D2-4C00-4B1A-B0E8-0635C370DBFC}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{B551D826-4F87-479D-B82A-53BA58125095}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "UDP Query User{BCC33534-0307-4F76-8FA3-454762CC21C9}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe | "UDP Query User{CA0885C0-6E70-4731-9C4D-1AA11AEEE091}G:\njsij.scr" = protocol=17 | dir=in | app=g:\njsij.scr | "UDP Query User{D4E89B8F-CA37-4769-B124-A8AC526903AE}C:\windows\syswow64\netsh.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\netsh.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01D42BF0-ED08-463f-8A28-99EB6FEE962B}" = ZTE Handset USB Driver "{18A6B663-A646-457B-A314-5CF58AECB06A}" = Intel® PROSet/Wireless WiMAX Software "{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}" = Oprogramowanie Intel(R) PROSet/Wireless WiFi "{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5 "{26A24AE4-039D-4CA4-87B4-2F86416038FF}" = Java(TM) 6 Update 38 (64-bit) "{2FD0FA0A-7A21-4C4A-B268-1142B54E035E}" = Windows Live Family Safety "{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2010 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A1188CD2-9C9F-11E2-B88F-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit) "{A528BDDE-9C9F-11E2-9F0C-F04DA23A5C58}" = MSVCRT Redists "{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}" = WebCake 3.00 "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64 "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant HD Audio "EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Pakiet sterowników systemu Windows - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) "GIMP-2_is1" = GIMP 2.8.10 "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR 4.20 (64-bitowy) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform "{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery "{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{207DA277-6A6D-4863-B535-129931D2BB21}" = Galeria fotografii "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45 "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{2F2363F9-102C-448B-8E3E-02FCFE78A28D}" = Movie Maker "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{379DA4C6-8C91-4F36-9D25-F08E8959E0DF}" = Poczta usługi Windows Live "{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker "{46BC55A2-B4CE-46B5-8303-A2076B899505}" = Windows Live UX Platform Language Pack "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F4A4FBF-133D-460E-8617-6D48E0A2B4E4}" = Windows Live Writer Resources "{5303CFB5-D635-44F0-A94B-9611E81F07C4}" = Camtasia Studio 8 "{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{67DD11CB-7C27-4072-B970-B57755294B28}" = Windows Macro Recorder "{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16 "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2010 "{90140000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2010 "{90140000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2010 "{90140000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2010 "{90140000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2010 "{90140000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010 "{90140000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2010 "{90140000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2010 "{90140000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2010 "{90140000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2010 "{90140000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2010 "{90850415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{95140000-007A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer "{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera "{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1" = Kingo Android ROOT version 1.1.8.1835 "{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger "{B5D81102-EFE5-4A7B-BE60-019E07C1BD93}" = Windows Live Messenger "{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common "{cc2659bc-d27d-3593-a0a0-9ac0de07a430}" = Python 3.3.4 "{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program "{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail "{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}" = Curse "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform "{F188B46C-A389-4142-9765-1D66459D6929}" = Windows Live Family Safety "{F5350A47-59EE-4A4C-BDBF-05A17F0B8CEB}" = Windows Live Writer "{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update "{FA12037C-B6FA-4825-86BC-D58AA6A9CC24}" = Podstawowe programy Windows Live "{FBA73805-0F67-428B-8E4F-FAE16A452685}" = Photo Common "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "Android SDK Tools" = Android SDK Tools "ASIO4ALL" = ASIO4ALL "avast" = avast! Free Antivirus "buenosearch" = buenosearch toolbar "ElfBot NG_is1" = ElfBot NG 4.5.4 "InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management "metaCrawler" = metaCrawler "Mirillis Action!" = Action! "MozillaMaintenanceService" = Mozilla Maintenance Service "MySQL ODBC 3.51 Driver" = MySQL ODBC 3.51 Driver "Notepad++" = Notepad++ "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Scribblenauts Unlimited_is1" = Scribblenauts Unlimited "SiteFinder" = SiteFinder "WinLiveSuite" = Podstawowe programy Windows Live "WinZipper" = WinZipper ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free (darek) "SkyDriveSetup.exe" = Microsoft SkyDrive "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2014-05-16 14:07:29 | Computer Name = darek-Komputer | Source = Application Hang | ID = 1002 Description = Program firefox.exe w wersji 29.0.1.5239 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 29c Godzina rozpoczęcia: 01cf71274758e2b9 Godzina zakończenia: 29 Ścieżka aplikacji: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Identyfikator raportu: ed03f7b5-dd24-11e3-be2c-dc0ea17f8906 Error - 2014-05-16 17:02:30 | Computer Name = darek-Komputer | Source = Application Hang | ID = 1002 Description = Program League of Legends.exe w wersji 4.7.0.298 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 420 Godzina rozpoczęcia: 01cf714a0fc9977a Godzina zakończenia: 36 Ścieżka aplikacji: E:\LOL\RADS\solutions\lol_game_client_sln\releases\0.0.1.39\deploy\League of Legends.exe Identyfikator raportu: 61cc8916-dd3d-11e3-844e-dc0ea17f8906 Error - 2014-05-29 15:22:24 | Computer Name = darek-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: , wersja: 0.0.0.0, sygnatura czasowa: 0x537e8b30 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x6e69644f Identyfikator procesu powodującego błąd: 0xb14 Godzina uruchomienia aplikacji powodującej błąd: 0x01cf7b6f53b65973 Ścieżka aplikacji powodującej błąd: Ścieżka modułu powodującego błąd: unknown Identyfikator raportu: 8f774b11-e766-11e3-bedd-dc0ea17f8906 Error - 2014-06-18 08:20:54 | Computer Name = darek-Komputer | Source = Application Hang | ID = 1002 Description = Program rads_user_kernel.exe w wersji 0.0.0.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 53c Godzina rozpoczęcia: 01cf8aef996c6b58 Godzina zakończenia: 4 Ścieżka aplikacji: E:\LOL\RADS\system\rads_user_kernel.exe Identyfikator raportu: faad0eaf-f6e2-11e3-bb3e-dc0ea17f8906 Error - 2014-06-18 13:57:18 | Computer Name = darek-Komputer | Source = MsiInstaller | ID = 11001 Description = Error - 2014-06-18 14:40:52 | Computer Name = darek-Komputer | Source = Application Hang | ID = 1002 Description = Program AvastUI.exe w wersji 9.0.2018.391 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: fc0 Godzina rozpoczęcia: 01cf8b2079dc10c2 Godzina zakończenia: 60000 Ścieżka aplikacji: C:\Program Files\AVAST Software\Avast\AvastUI.exe Identyfikator raportu: db53bb18-f717-11e3-b46e-dc0ea17f8906 Error - 2014-06-19 05:50:50 | Computer Name = darek-Komputer | Source = Application Hang | ID = 1002 Description = Program iexplore.exe w wersji 8.0.7600.16385 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 1780 Godzina rozpoczęcia: 01cf8ba3e1783b76 Godzina zakończenia: 130 Ścieżka aplikacji: C:\Program Files (x86)\Internet Explorer\iexplore.exe Identyfikator raportu: 2d6544bd-f797-11e3-b46e-dc0ea17f8906 Error - 2014-06-19 12:14:46 | Computer Name = darek-Komputer | Source = Application Hang | ID = 1002 Description = Program Explorer.EXE w wersji 6.1.7600.16385 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 4d4 Godzina rozpoczęcia: 01cf8b205cfcd11c Godzina zakończenia: 2811 Ścieżka aplikacji: C:\Windows\Explorer.EXE Identyfikator raportu: 49552de3-f7cb-11e3-b46e-dc0ea17f8906 Error - 2014-06-19 16:42:52 | Computer Name = darek-Komputer | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 2014-06-19 16:42:53 | Computer Name = darek-Komputer | Source = .NET Runtime Optimization Service | ID = 1101 Description = [ Media Center Events ] Error - 2013-08-24 17:19:25 | Computer Name = darek-Komputer | Source = MCUpdate | ID = 0 Description = 23:19:25 - Błąd podczas nawiązywania połączenia z Internetem. 23:19:25 - Nie można skontaktować się z serwerem.. Error - 2013-08-25 12:16:04 | Computer Name = darek-Komputer | Source = MCUpdate | ID = 0 Description = 18:15:25 - Błąd podczas nawiązywania połączenia z Internetem. 18:15:44 - Nie można skontaktować się z serwerem.. Error - 2013-08-25 12:20:42 | Computer Name = darek-Komputer | Source = MCUpdate | ID = 0 Description = 18:16:19 - Błąd podczas nawiązywania połączenia z Internetem. 18:16:20 - Nie można skontaktować się z serwerem.. Error - 2014-06-10 09:38:47 | Computer Name = darek-Komputer | Source = MCUpdate | ID = 0 Description = 15:38:46 - Błąd podczas nawiązywania połączenia z Internetem. 15:38:46 - Nie można skontaktować się z serwerem.. [ System Events ] Error - 2014-06-19 07:53:27 | Computer Name = darek-Komputer | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2. Error - 2014-06-20 05:39:15 | Computer Name = darek-Komputer | Source = Service Control Manager | ID = 7011 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji z usługi PlugPlay. Error - 2014-06-20 11:55:44 | Computer Name = darek-Komputer | Source = Service Control Manager | ID = 7011 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji z usługi SDRSVC. Error - 2014-06-21 08:56:56 | Computer Name = darek-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Agent zasad IPsec z powodu następującego błędu: %%109 Error - 2014-06-21 08:56:56 | Computer Name = darek-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Użytkowanie aplikacji z powodu następującego błędu: %%1115 Error - 2014-06-21 08:56:56 | Computer Name = darek-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Host systemu diagnostyki z powodu następującego błędu: %%1115 Error - 2014-06-21 08:56:56 | Computer Name = darek-Komputer | Source = Service Control Manager | ID = 7038 Description = Usługa SSDPSRV nie może zalogować się jako NT AUTHORITY\LocalService za pomocą obecnie skonfigurowanego hasła z powodu następującego błędu: %%50 Aby upewnić się, że usługa jest skonfigurowana prawidłowo, użyj przystawki Usługi w programie Microsoft Management Console (MMC). Error - 2014-06-21 08:56:56 | Computer Name = darek-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Odnajdywanie SSDP z powodu następującego błędu: %%1069 Error - 2014-06-21 08:56:56 | Computer Name = darek-Komputer | Source = Microsoft-Windows-Bits-Client | ID = 16392 Description = Uruchomienie usługi BITS nie powiodło się. Błąd 2147942450. Error - 2014-06-21 08:56:56 | Computer Name = darek-Komputer | Source = Service Control Manager | ID = 7024 Description = Usługa Usługa inteligentnego transferu w tle zakończyła działanie; wystąpił specyficzny dla niej błąd %%-2147024846. < End of report > [/log] FRST [log]Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-06-2014 01 Ran by darek (administrator) on DAREK-KOMPUTER on 21-06-2014 21:44:37 Running from C:\Users\darek\Downloads Platform: Windows 7 Ultimate (X64) OS Language: Polski (Polska) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe () C:\Windows\SysWOW64\srvany.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Windows\KMService.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Intel(R) Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (CipSoft GmbH) C:\Users\darek\Desktop\Mateusz\NSS 2.0\Tibia.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel(R) Corporation) HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1617920 2011-01-26] (Intel® Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2013-06-14] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2013-06-14] (Lenovo(beijing) Limited) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-18] (AVAST Software) HKLM-x32\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,,e:\lol\rads\projects\lol_air_client\releases\0.0.1.63\deploy\lolclientsrv.exe,c:\program files (x86)\microsoft\desktoplayer.exe [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3555291836-3210127844-3947176126-1000\...\Run: [spoolsv32] => "C:\Windows\system32\javaw.exe" -jar "C:\Users\darek\AppData\Roaming\Win32\spoolsv32.jar" HKU\S-1-5-21-3555291836-3210127844-3947176126-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) Startup: C:\Users\darek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\trzD50B.tmp () ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BootExecute: autocheck autochk * aswBoot.exe /M:22e4a9e5c /wow /dir:"C:\Program Files\AVAST Software\Avast" AlternateShell: ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXN1A717802478024&ts=1380211191 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXN1A717802478024&ts=1380211191 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXN1A717802478024&ts=1380211191 URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} URLSearchHook: HKLM-x32 - SiteFinder - {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files (x86)\SiteFinder\SiteFinder.dll (Site Finder) StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?utm_source=b&utm_medium=bnd&from=bnd&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXN1A717802478024&ts=0 SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?utm_source=b&utm_medium=bnd&from=bnd&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXN1A717802478024&ts=0 SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?utm_source=b&utm_medium=bnd&from=bnd&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXN1A717802478024&ts=0 SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?utm_source=b&utm_medium=bnd&from=bnd&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXN1A717802478024&ts=0 SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6CD000FF4EFF94D8&affID=128491&tsp=5190 SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6CD000FF4EFF94D8&affID=128491&tsp=5190 SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXN1A717802478024&ts=1377259841 SearchScopes: HKCU - {A8160AF9-3E1B-40EA-A2A0-1F9877FEFCEC} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=512435&p={searchTerms} BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: No Name - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No File BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Pomocnik logowania za pomocą konta Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: No Name - {ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} - No File BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: buenosearch Helper Object - {F1C81E40-2485-4DB6-8C9D-04BD596B281E} - C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\bh\buenosearch.dll (Montiera Technologies LTD) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - SiteFinder - {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files (x86)\SiteFinder\SiteFinder.dll (Site Finder) Toolbar: HKLM-x32 - buenosearch Toolbar - {828DC97A-2277-4E10-92A9-4907FA0922A9} - C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\buenosearchTlbr.dll (Montiera Technologies LTD) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.3.1 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\darek\AppData\Roaming\Mozilla\Firefox\Profiles\ce1yzzxv.default-1401462181965 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @java.com/DTPlugin,version=1.6.0_38 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=3 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd) FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=9 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd) FF Plugin-x32: BYOND - C:\Program Files (x86)\BYOND\bin\npbyond.dll No File FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\darek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Extension: Adblock Plus - C:\Users\darek\AppData\Roaming\Mozilla\Firefox\Profiles\ce1yzzxv.default-1401462181965\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-31] FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com [2014-04-30] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-17] FF HKCU\...\Firefox\Extensions: [support@mozilla.com] - C:\Users\darek\AppData\Roaming\support@mozilla.com FF Extension: Firefox Extension Manager - C:\Users\darek\AppData\Roaming\support@mozilla.com [2013-06-22] Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "hxxp://www.google.com/" CHR Extension: (__MSG_appName__) - C:\Users\darek\AppData\Local\Google\Chrome\User Data\Default\Extensions\beahobhgpojnjfdjglaehfhdanaioode [2014-05-04] CHR Extension: (Delta Toolbar) - C:\Users\darek\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-08-22] CHR Extension: (Web Cake) - C:\Users\darek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh [2013-08-22] CHR Extension: (Plus-HD-8.1) - C:\Users\darek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkjonigebafgfomfofbodcbbijbibokl [2014-02-20] CHR Extension: (Lightning Newtab) - C:\Users\darek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2013-08-23] CHR Extension: (Chrome In-App Payments service) - C:\Users\darek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26] CHR HKLM-x32\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files (x86)\Betcat\WebCakeLayers.crx [2013-08-13] CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\darek\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [2013-08-23] ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-18] (AVAST Software) S2 dealplylive; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-07-20] (DealPly Technologies Ltd) S3 dealplylivem; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-07-20] (DealPly Technologies Ltd) R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2011-01-30] (Red Bend Ltd.) [File not signed] R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2014-01-22] () [File not signed] S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] () S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4609416 2013-11-06] (INCA Internet Co., Ltd.) [File not signed] R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-08] () R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [885248 2011-01-30] (Intel(R) Corporation) [File not signed] R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424104 2013-08-23] (Taiwan Shui Mu Chih Ching Technology Limited.) S4 Apache2.2; "c:\xampp\apache\bin\apache.exe" -k runservice [X] S4 mysql; c:\xampp\mysql\bin\mysqld-nt.exe --defaults-file=c:\xampp\mysql\bin\my.cnf mysql ==================== Drivers (Whitelisted) ==================== R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-18] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-18] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-18] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-18] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-18] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-18] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-18] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-18] () S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-08-13] (Anchorfree Inc.) S3 zghsser; C:\Windows\System32\DRIVERS\zghsser.sys [132104 2012-07-18] (ZTE Incorporated) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 WinRing0_1_2_0; \??\E:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-21 21:44 - 2014-06-21 21:45 - 00020243 _____ () C:\Users\darek\Downloads\FRST.txt 2014-06-21 21:44 - 2014-06-21 21:44 - 02083328 _____ (Farbar) C:\Users\darek\Downloads\FRST64.exe 2014-06-21 21:44 - 2014-06-21 21:44 - 00000000 ____D () C:\FRST 2014-06-21 21:40 - 2014-06-21 21:40 - 00294450 _____ () C:\Users\darek\Downloads\Extras.Txt 2014-06-21 21:37 - 2014-06-21 21:37 - 00087338 _____ () C:\Users\darek\Downloads\OTL.Txt 2014-06-21 21:23 - 2014-06-21 21:24 - 00370943 _____ () C:\Users\darek\Downloads\gmer.zip 2014-06-21 21:22 - 2014-06-21 21:22 - 00602112 _____ (OldTimer Tools) C:\Users\darek\Downloads\OTL.exe 2014-06-21 15:47 - 2014-06-21 15:50 - 00000000 ____D () C:\Users\darek\Desktop\Mateusz 2014-06-20 01:10 - 2014-06-21 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElfBot NG 2014-06-19 20:46 - 2014-06-19 20:46 - 00003030 _____ () C:\Users\darek\AppData\Local\recently-used.xbel 2014-06-19 20:35 - 2014-06-19 20:46 - 00000000 ____D () C:\Users\darek\AppData\Local\gtk-2.0 2014-06-18 20:11 - 2014-06-18 20:11 - 00000000 ____D () C:\Users\darek\AppData\Roaming\AVAST Software 2014-06-18 20:08 - 2014-06-21 15:00 - 00000280 _____ () C:\Windows\setupact.log 2014-06-18 20:08 - 2014-06-20 18:27 - 00327966 _____ () C:\Windows\PFRO.log 2014-06-18 20:08 - 2014-06-18 20:08 - 00000000 _____ () C:\Windows\setuperr.log 2014-06-18 20:06 - 2014-06-18 20:17 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-06-18 20:06 - 2014-06-18 20:05 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-06-18 20:05 - 2014-06-18 20:05 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-06-18 19:49 - 2014-06-18 19:49 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-06-18 10:22 - 2014-06-18 10:23 - 03763334 _____ () C:\Users\darek\Desktop\zdjęcia.zip 2014-06-14 14:37 - 2014-06-20 11:48 - 00000000 ____D () C:\Users\darek\Desktop\programy ;3 2014-06-14 14:34 - 2014-06-14 14:35 - 00000000 ____D () C:\Users\darek\Desktop\Mama 2014-06-03 23:47 - 2014-06-04 00:15 - 00000000 ____D () C:\Users\darek\otNaruto ==================== One Month Modified Files and Folders ======= 2014-06-21 21:45 - 2014-06-21 21:44 - 00020243 _____ () C:\Users\darek\Downloads\FRST.txt 2014-06-21 21:45 - 2013-06-21 13:45 - 00000000 ____D () C:\ProgramData\TEMP 2014-06-21 21:44 - 2014-06-21 21:44 - 02083328 _____ (Farbar) C:\Users\darek\Downloads\FRST64.exe 2014-06-21 21:44 - 2014-06-21 21:44 - 00000000 ____D () C:\FRST 2014-06-21 21:40 - 2014-06-21 21:40 - 00294450 _____ () C:\Users\darek\Downloads\Extras.Txt 2014-06-21 21:37 - 2014-06-21 21:37 - 00087338 _____ () C:\Users\darek\Downloads\OTL.Txt 2014-06-21 21:35 - 2013-06-16 21:32 - 00000000 ____D () C:\Users\darek\AppData\Roaming\Skype 2014-06-21 21:31 - 2013-07-20 12:26 - 00000904 _____ () C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job 2014-06-21 21:24 - 2014-06-21 21:23 - 00370943 _____ () C:\Users\darek\Downloads\gmer.zip 2014-06-21 21:22 - 2014-06-21 21:22 - 00602112 _____ (OldTimer Tools) C:\Users\darek\Downloads\OTL.exe 2014-06-21 20:32 - 2013-06-14 07:59 - 02043845 _____ () C:\Windows\WindowsUpdate.log 2014-06-21 16:05 - 2014-06-20 01:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElfBot NG 2014-06-21 16:03 - 2014-03-08 17:12 - 00000000 ____D () C:\Python33 2014-06-21 15:55 - 2013-06-14 08:26 - 00000000 ____D () C:\Users\darek 2014-06-21 15:50 - 2014-06-21 15:47 - 00000000 ____D () C:\Users\darek\Desktop\Mateusz 2014-06-21 15:49 - 2014-02-12 16:45 - 00000000 __SHD () C:\Users\darek\i15Z28qV 2014-06-21 15:08 - 2009-07-14 06:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-21 15:08 - 2009-07-14 06:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-21 15:06 - 2009-07-14 19:55 - 00742054 _____ () C:\Windows\system32\perfh015.dat 2014-06-21 15:06 - 2009-07-14 19:55 - 00156040 _____ () C:\Windows\system32\perfc015.dat 2014-06-21 15:06 - 2009-07-14 07:13 - 01673392 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-21 15:03 - 2013-08-23 14:10 - 00000000 ____D () C:\Program Files (x86)\WinZipper 2014-06-21 15:01 - 2013-08-26 18:35 - 00000000 ____D () C:\Users\darek\AppData\Local\screenSHU 2014-06-21 15:00 - 2014-06-18 20:08 - 00000280 _____ () C:\Windows\setupact.log 2014-06-21 15:00 - 2013-07-20 12:26 - 00000900 _____ () C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job 2014-06-21 15:00 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-20 18:27 - 2014-06-18 20:08 - 00327966 _____ () C:\Windows\PFRO.log 2014-06-20 11:48 - 2014-06-14 14:37 - 00000000 ____D () C:\Users\darek\Desktop\programy ;3 2014-06-19 23:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-06-19 22:39 - 2013-06-19 20:21 - 01646182 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-06-19 20:55 - 2013-06-27 19:11 - 00000000 ____D () C:\Users\darek\.gimp-2.8 2014-06-19 20:46 - 2014-06-19 20:46 - 00003030 _____ () C:\Users\darek\AppData\Local\recently-used.xbel 2014-06-19 20:46 - 2014-06-19 20:35 - 00000000 ____D () C:\Users\darek\AppData\Local\gtk-2.0 2014-06-19 17:18 - 2014-04-12 16:32 - 00000000 ____D () C:\Users\darek\AppData\Roaming\Bol 2014-06-19 00:34 - 2013-06-27 19:11 - 00000894 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk 2014-06-19 00:09 - 2013-08-30 20:53 - 00000000 ____D () C:\Users\darek\AppData\Local\Adobe 2014-06-18 20:17 - 2014-06-18 20:06 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-06-18 20:17 - 2013-09-17 18:23 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-06-18 20:17 - 2013-09-17 18:22 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-06-18 20:11 - 2014-06-18 20:11 - 00000000 ____D () C:\Users\darek\AppData\Roaming\AVAST Software 2014-06-18 20:11 - 2013-09-17 18:22 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-06-18 20:08 - 2014-06-18 20:08 - 00000000 _____ () C:\Windows\setuperr.log 2014-06-18 20:05 - 2014-06-18 20:06 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-06-18 20:05 - 2014-06-18 20:05 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-06-18 20:05 - 2013-09-17 18:23 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1403115464210 2014-06-18 20:05 - 2013-09-17 18:22 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1403115464210 2014-06-18 20:05 - 2013-09-17 18:22 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-06-18 20:05 - 2013-09-17 18:22 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-06-18 20:05 - 2013-09-17 18:22 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-06-18 20:05 - 2013-09-17 18:22 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-06-18 20:05 - 2013-09-17 18:22 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-06-18 19:59 - 2013-09-16 23:50 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-06-18 19:58 - 2013-09-17 18:22 - 00000000 _____ () C:\Windows\SysWOW64\config.nt 2014-06-18 19:56 - 2014-04-20 18:21 - 00000000 ____D () C:\Users\darek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSub 2014-06-18 19:53 - 2014-04-21 15:41 - 00000000 ____D () C:\Users\darek\AppData\Local\CrashDumps 2014-06-18 19:53 - 2014-02-12 23:32 - 00000000 ____D () C:\Windows\Minidump 2014-06-18 19:49 - 2014-06-18 19:49 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-06-18 19:49 - 2013-09-03 21:33 - 00000000 ____D () C:\Program Files\CCleaner 2014-06-18 15:33 - 2013-10-31 22:17 - 00000000 ____D () C:\Users\darek\AppData\Roaming\Tibia 2014-06-18 10:23 - 2014-06-18 10:22 - 03763334 _____ () C:\Users\darek\Desktop\zdjęcia.zip 2014-06-17 23:38 - 2013-06-28 21:26 - 00000000 ____D () C:\Users\darek\AppData\Roaming\OBS 2014-06-14 14:35 - 2014-06-14 14:34 - 00000000 ____D () C:\Users\darek\Desktop\Mama 2014-06-14 14:33 - 2014-05-11 09:31 - 00000000 ____D () C:\Users\darek\Desktop\muzyka 2014-06-11 09:56 - 2014-04-30 07:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-11 08:06 - 2013-06-15 16:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-04 00:15 - 2014-06-03 23:47 - 00000000 ____D () C:\Users\darek\otNaruto 2014-05-31 15:04 - 2009-07-14 07:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-22 17:17 - 2014-02-27 07:10 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-05-22 17:17 - 2013-06-16 21:32 - 00000000 ____D () C:\ProgramData\Skype ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-12 00:47 ==================== End Of Log ============================ [/log] Addition: [log] Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2014 01 Ran by darek at 2014-06-21 21:45:53 Running from C:\Users\darek\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.17.3 - Mirillis) Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.) Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta1 - Michael Tippach) Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.) avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software) Battlefield Play4Free (darek) (HKCU\...\{87686C21-8A15-4b4d-A3F1-11141D9BE094}) (Version: - EA Digital illusions) buenosearch toolbar (HKLM-x32\...\buenosearch) (Version: 1.8.28.7 - Montiera technologies LTD) <==== ATTENTION Camtasia Studio 8 (HKLM-x32\...\{5303CFB5-D635-44F0-A94B-9611E81F07C4}) (Version: 8.3.0.1471 - TechSmith Corporation) CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.51 - Conexant) Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden ElfBot NG 4.5.4 (HKLM-x32\...\ElfBot NG_is1) (Version: - NGSoft, LLC) Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.0 - Lenovo) Energy Management (x32 Version: 6.0.2.0 - Lenovo) Hidden Galeria fotografii (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Intel PROSet Wireless (Version: - ) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation) Intel® PROSet/Wireless WiMAX Software (HKLM\...\{18A6B663-A646-457B-A314-5CF58AECB06A}) (Version: 6.02.0000 - Intel Corporation) Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 38 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416038FF}) (Version: 6.0.380 - Oracle) Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Kingo Android ROOT version 1.1.8.1835 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.1.8.1835 - Kingosoft Technology Ltd.) Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.10.1209.1 - Lenovo EasyCamera) metaCrawler (HKLM-x32\...\metaCrawler) (Version: - metaCrawler) <==== ATTENTION Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office Access MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0415-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Office Outlook MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (Polish) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (Polish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850415-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation) Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MySQL ODBC 3.51 Driver (HKLM-x32\...\MySQL ODBC 3.51 Driver) (Version: 03.51 - MySQL AB) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.1 - Notepad++ Team) Oprogramowanie Intel(R) PROSet/Wireless WiFi (HKLM\...\{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}) (Version: 14.0.2000 - Intel Corporation) Pakiet sterowników systemu Windows - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo) Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Poczta usługi Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Podstawowe programy Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Python 3.3.4 (HKLM-x32\...\{cc2659bc-d27d-3593-a0a0-9ac0de07a430}) (Version: 3.3.4150 - Python Software Foundation) Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10003 - Realtek Semiconductor Corp.) Scribblenauts Unlimited (HKLM-x32\...\Scribblenauts Unlimited_is1) (Version: - ) SiteFinder (HKLM-x32\...\SiteFinder) (Version: 1.0.0.0 - SiteFinder) <==== ATTENTION Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.0.0 - Synaptics Incorporated) Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Vegas Pro 12.0 (64-bit) (HKLM\...\{A1188CD2-9C9F-11E2-B88F-F04DA23A5C58}) (Version: 12.0.563 - Sony) WebCake 3.00 (HKLM\...\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}) (Version: 3.00 - WebCake LLC) <==== ATTENTION Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Macro Recorder (HKLM-x32\...\{67DD11CB-7C27-4072-B970-B57755294B28}) (Version: 1.0.0 - Free Labs) WinRAR 4.20 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) WinZipper (HKLM-x32\...\WinZipper) (Version: 1.4.8 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version: - ZTE Corporation) ==================== Restore Points ========================= 07-06-2014 02:43:43 Zaplanowany punkt kontrolny 15-06-2014 05:04:06 Zaplanowany punkt kontrolny 18-06-2014 17:56:27 Removed Windows Macro Recorder 18-06-2014 17:59:38 avast! antivirus system restore point ==================== Hosts content: ========================== 2009-07-14 04:34 - 2014-04-12 16:35 - 00000059 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 198.144.182.42 ==================== Scheduled Tasks (whitelisted) ============= Task: {048ACD87-AEDC-42A6-B22F-662538BAB811} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3555291836-3210127844-3947176126-1000 Task: {125C322D-2472-4D09-833F-A244B8C2A43F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {6C3A33D0-96CD-4672-9DD2-B39424448814} - System32\Tasks\DealPlyLiveUpdateTaskMachineCore => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-07-20] (DealPly Technologies Ltd) <==== ATTENTION Task: {967CAEDE-5067-446F-B2F7-D92BB6AB417B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-18] (AVAST Software) Task: {AA53A387-9059-4C5A-8166-1CAFF056E003} - System32\Tasks\EPUpdater => C:\Users\darek\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-12-12] () <==== ATTENTION Task: {D4A284A4-D53E-45EC-A8C3-9B2D3ADFF361} - System32\Tasks\DealPlyLiveUpdateTaskMachineUA => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-07-20] (DealPly Technologies Ltd) <==== ATTENTION Task: {DCA09C0C-C22D-4415-B2AB-D47855F1B1DA} - System32\Tasks\Game_Booster_AutoUpdate => E:\Programy\Game Booster 3\AutoUpdate.exe Task: {F3744B45-3A7F-4117-ADC1-A4ECFAB6C1B3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd) Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe <==== ATTENTION Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2011-01-05 12:53 - 2011-01-05 12:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2014-01-22 12:46 - 2014-01-22 12:45 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe 2013-06-14 08:45 - 2011-03-25 11:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-01-22 12:46 - 2014-01-22 12:45 - 00151552 _____ () C:\Windows\KMService.exe 2011-01-05 12:53 - 2011-01-05 12:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll 2013-11-03 18:28 - 2013-11-08 22:39 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2008-12-20 03:20 - 2013-06-14 09:11 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll 2008-12-20 03:20 - 2013-06-14 09:11 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll 2014-06-21 12:12 - 2014-06-21 12:12 - 02783744 _____ () C:\Program Files\AVAST Software\Avast\defs\14062100\algo.dll 2013-08-23 14:10 - 2013-08-23 14:10 - 00612520 _____ () C:\Program Files (x86)\WinZipper\sqlite3.dll 2014-06-18 20:05 - 2014-06-18 20:05 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-06-21 16:05 - 2009-12-09 15:19 - 00036352 _____ () E:\ElfBot NG\elfload.dll 2014-06-20 01:10 - 2014-06-21 16:05 - 01445888 _____ () E:\ElfBot NG\elfbot.dll 2014-06-10 22:39 - 2014-06-10 22:39 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2013-06-15 16:52 - 2013-06-15 16:52 - 16033160 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:4EE74317 AlternateDataStreams: C:\ProgramData\TEMP:6BE50C2B ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"="" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/19/2014 10:42:53 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06 Error: (06/19/2014 10:42:52 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06 Error: (06/19/2014 06:14:46 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Program Explorer.EXE w wersji 6.1.7600.16385 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 4d4 Godzina rozpoczęcia: 01cf8b205cfcd11c Godzina zakończenia: 2811 Ścieżka aplikacji: C:\Windows\Explorer.EXE Identyfikator raportu: 49552de3-f7cb-11e3-b46e-dc0ea17f8906 Error: (06/19/2014 11:50:50 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Program iexplore.exe w wersji 8.0.7600.16385 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 1780 Godzina rozpoczęcia: 01cf8ba3e1783b76 Godzina zakończenia: 130 Ścieżka aplikacji: C:\Program Files (x86)\Internet Explorer\iexplore.exe Identyfikator raportu: 2d6544bd-f797-11e3-b46e-dc0ea17f8906 Error: (06/18/2014 08:40:52 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Program AvastUI.exe w wersji 9.0.2018.391 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: fc0 Godzina rozpoczęcia: 01cf8b2079dc10c2 Godzina zakończenia: 60000 Ścieżka aplikacji: C:\Program Files\AVAST Software\Avast\AvastUI.exe Identyfikator raportu: db53bb18-f717-11e3-b46e-dc0ea17f8906 Error: (06/18/2014 07:57:18 PM) (Source: MsiInstaller) (EventID: 11001) (User: darek-Komputer) Description: Product: Windows Macro Recorder -- Error 1001. (NULL)(NULL)(NULL)(NULL)(NULL) Error: (06/18/2014 02:20:54 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Program rads_user_kernel.exe w wersji 0.0.0.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 53c Godzina rozpoczęcia: 01cf8aef996c6b58 Godzina zakończenia: 4 Ścieżka aplikacji: E:\LOL\RADS\system\rads_user_kernel.exe Identyfikator raportu: faad0eaf-f6e2-11e3-bb3e-dc0ea17f8906 Error: (05/29/2014 09:22:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: , wersja: 0.0.0.0, sygnatura czasowa: 0x537e8b30 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x6e69644f Identyfikator procesu powodującego błąd: 0xb14 Godzina uruchomienia aplikacji powodującej błąd: 0x0 Ścieżka aplikacji powodującej błąd: 1 Ścieżka modułu powodującego błąd: 2 Identyfikator raportu: 3 Error: (05/16/2014 11:02:30 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Program League of Legends.exe w wersji 4.7.0.298 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 420 Godzina rozpoczęcia: 01cf714a0fc9977a Godzina zakończenia: 36 Ścieżka aplikacji: E:\LOL\RADS\solutions\lol_game_client_sln\releases\0.0.1.39\deploy\League of Legends.exe Identyfikator raportu: 61cc8916-dd3d-11e3-844e-dc0ea17f8906 Error: (05/16/2014 08:07:29 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Program firefox.exe w wersji 29.0.1.5239 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 29c Godzina rozpoczęcia: 01cf71274758e2b9 Godzina zakończenia: 29 Ścieżka aplikacji: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Identyfikator raportu: ed03f7b5-dd24-11e3-be2c-dc0ea17f8906 System errors: ============= Error: (06/21/2014 02:56:56 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Usługa Usługa inteligentnego transferu w tle zakończyła działanie; wystąpił specyficzny dla niej błąd %%-2147024846. Error: (06/21/2014 02:56:56 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: ZARZĄDZANIE NT) Description: Uruchomienie usługi BITS nie powiodło się. Błąd 2147942450. Error: (06/21/2014 02:56:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Odnajdywanie SSDP z powodu następującego błędu: %%1069 Error: (06/21/2014 02:56:56 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Usługa SSDPSRV nie może zalogować się jako NT AUTHORITY\LocalService za pomocą obecnie skonfigurowanego hasła z powodu następującego błędu: %%50 Aby upewnić się, że usługa jest skonfigurowana prawidłowo, użyj przystawki Usługi w programie Microsoft Management Console (MMC). Error: (06/21/2014 02:56:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Host systemu diagnostyki z powodu następującego błędu: %%1115 Error: (06/21/2014 02:56:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Użytkowanie aplikacji z powodu następującego błędu: %%1115 Error: (06/21/2014 02:56:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Agent zasad IPsec z powodu następującego błędu: %%109 Error: (06/20/2014 05:55:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji z usługi SDRSVC. Error: (06/20/2014 11:39:15 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji z usługi PlugPlay. Error: (06/19/2014 01:53:27 PM) (Source: Disk) (EventID: 11) (User: ) Description: Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2. Microsoft Office Sessions: ========================= Error: (06/19/2014 10:42:53 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06 System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 Error: (06/19/2014 10:42:52 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131f06 System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 Error: (06/19/2014 06:14:46 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Explorer.EXE6.1.7600.163854d401cf8b205cfcd11c2811C:\Windows\Explorer.EXE49552de3-f7cb-11e3-b46e-dc0ea17f8906 Error: (06/19/2014 11:50:50 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: iexplore.exe8.0.7600.16385178001cf8ba3e1783b76130C:\Program Files (x86)\Internet Explorer\iexplore.exe2d6544bd-f797-11e3-b46e-dc0ea17f8906 Error: (06/18/2014 08:40:52 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: AvastUI.exe9.0.2018.391fc001cf8b2079dc10c260000C:\Program Files\AVAST Software\Avast\AvastUI.exedb53bb18-f717-11e3-b46e-dc0ea17f8906 Error: (06/18/2014 07:57:18 PM) (Source: MsiInstaller) (EventID: 11001) (User: darek-Komputer) Description: Product: Windows Macro Recorder -- Error 1001. (NULL)(NULL)(NULL)(NULL)(NULL) Error: (06/18/2014 02:20:54 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: rads_user_kernel.exe0.0.0.053c01cf8aef996c6b584E:\LOL\RADS\system\rads_user_kernel.exefaad0eaf-f6e2-11e3-bb3e-dc0ea17f8906 Error: (05/29/2014 09:22:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: 0.0.0.0537e8b30unknown0.0.0.000000000c00000056e69644fb1401cf7b6f53b65973unknown8f774b11-e766-11e3-bedd-dc0ea17f8906 Error: (05/16/2014 11:02:30 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: League of Legends.exe4.7.0.29842001cf714a0fc9977a36E:\LOL\RADS\solutions\lol_game_client_sln\releases\0.0.1.39\deploy\League of Legends.exe61cc8916-dd3d-11e3-844e-dc0ea17f8906 Error: (05/16/2014 08:07:29 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: firefox.exe29.0.1.523929c01cf71274758e2b929C:\Program Files (x86)\Mozilla Firefox\firefox.exeed03f7b5-dd24-11e3-be2c-dc0ea17f8906 CodeIntegrity Errors: =================================== Date: 2014-01-02 07:28:02.777 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-02 07:28:02.761 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 84% Total physical RAM: 1991.86 MB Available physical RAM: 300.63 MB Total Pagefile: 3983.72 MB Available Pagefile: 1624.15 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:102.68 GB) (Free:58.7 GB) NTFS Drive d: () (Fixed) (Total:97.66 GB) (Free:48.25 GB) NTFS Drive e: () (Fixed) (Total:97.66 GB) (Free:78.95 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 79CF0D0F) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=103 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=98 GB) - (Type=07 NTFS) ==================== End Of Log ============================ [/log] Gmer [log]GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-06-21 22:03:23 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BPVT-24JJ5T0 rev.01.01A01 298,09GB Running: gmer.exe; Driver: C:\Users\darek\AppData\Local\Temp\kwddikog.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777fff60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777fffb0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077800110 5 bytes JMP 0000000100070370 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077800160 5 bytes JMP 0000000100070470 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077800170 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077800220 5 bytes JMP 0000000100070320 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077800250 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077800270 5 bytes JMP 0000000100070390 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778002b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077800330 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077800350 5 bytes JMP 0000000100070310 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077800390 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778003e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077800540 5 bytes JMP 0000000100070230 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077800700 5 bytes JMP 0000000100070480 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077800730 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077800810 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077800820 5 bytes JMP 0000000100070350 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077800880 5 bytes JMP 0000000100070290 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077800910 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077800930 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077800940 5 bytes JMP 0000000100070330 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778009b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778009e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077800ca0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077800d60 5 bytes JMP 0000000100070250 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077800d90 5 bytes JMP 0000000100070490 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077800da0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077800dd0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077800de0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077800e40 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077800e90 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077800ec0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077800ed0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778011c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778013c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778013d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778013e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778015a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778015b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077801620 5 bytes JMP 0000000100070200 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077801680 5 bytes JMP 0000000100070420 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077801690 5 bytes JMP 0000000100070430 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778016a0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077801780 5 bytes JMP 0000000100070280 .text C:\Windows\system32\services.exe[636] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ef1bd 1 byte [62] .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777fff60 5 bytes JMP 0000000077960460 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777fffb0 5 bytes JMP 0000000077960450 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077800110 5 bytes JMP 0000000077960370 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077800160 5 bytes JMP 0000000077960470 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077800170 5 bytes JMP 00000000779603e0 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077800220 5 bytes JMP 0000000077960320 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077800250 5 bytes JMP 00000000779603b0 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077800270 5 bytes JMP 0000000077960390 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778002b0 5 bytes JMP 00000000779602e0 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077800330 5 bytes JMP 00000000779602d0 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077800350 5 bytes JMP 0000000077960310 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077800390 5 bytes JMP 00000000779603c0 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778003e0 5 bytes JMP 00000000779603f0 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077800540 5 bytes JMP 0000000077960230 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077800700 5 bytes JMP 0000000077960480 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077800730 5 bytes JMP 00000000779603a0 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077800810 5 bytes JMP 00000000779602f0 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077800820 5 bytes JMP 0000000077960350 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077800880 5 bytes JMP 0000000077960290 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077800910 5 bytes JMP 00000000779602b0 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077800930 5 bytes JMP 00000000779603d0 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077800940 5 bytes JMP 0000000077960330 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778009b0 5 bytes JMP 0000000077960410 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778009e0 5 bytes JMP 0000000077960240 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077800ca0 5 bytes JMP 00000000779601e0 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077800d60 5 bytes JMP 0000000077960250 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077800d90 5 bytes JMP 0000000077960490 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077800da0 5 bytes JMP 00000000779604a0 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077800dd0 5 bytes JMP 0000000077960300 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077800de0 5 bytes JMP 0000000077960360 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077800e40 5 bytes JMP 00000000779602a0 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077800e90 5 bytes JMP 00000000779602c0 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077800ec0 5 bytes JMP 0000000077960380 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077800ed0 5 bytes JMP 0000000077960340 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778011c0 5 bytes JMP 0000000077960440 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778013c0 5 bytes JMP 0000000077960260 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778013d0 5 bytes JMP 0000000077960270 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778013e0 5 bytes JMP 0000000077960400 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778015a0 5 bytes JMP 00000000779601f0 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778015b0 5 bytes JMP 0000000077960210 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077801620 5 bytes JMP 0000000077960200 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077801680 5 bytes JMP 0000000077960420 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077801690 5 bytes JMP 0000000077960430 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778016a0 5 bytes JMP 0000000077960220 .text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077801780 5 bytes JMP 0000000077960280 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777fff60 5 bytes JMP 0000000077960460 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777fffb0 5 bytes JMP 0000000077960450 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077800110 5 bytes JMP 0000000077960370 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077800160 5 bytes JMP 0000000077960470 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077800170 5 bytes JMP 00000000779603e0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077800220 5 bytes JMP 0000000077960320 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077800250 5 bytes JMP 00000000779603b0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077800270 5 bytes JMP 0000000077960390 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778002b0 5 bytes JMP 00000000779602e0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077800330 5 bytes JMP 00000000779602d0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077800350 5 bytes JMP 0000000077960310 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077800390 5 bytes JMP 00000000779603c0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778003e0 5 bytes JMP 00000000779603f0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077800540 5 bytes JMP 0000000077960230 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077800700 5 bytes JMP 0000000077960480 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077800730 5 bytes JMP 00000000779603a0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077800810 5 bytes JMP 00000000779602f0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077800820 5 bytes JMP 0000000077960350 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077800880 5 bytes JMP 0000000077960290 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077800910 5 bytes JMP 00000000779602b0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077800930 5 bytes JMP 00000000779603d0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077800940 5 bytes JMP 0000000077960330 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778009b0 5 bytes JMP 0000000077960410 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778009e0 5 bytes JMP 0000000077960240 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077800ca0 5 bytes JMP 00000000779601e0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077800d60 5 bytes JMP 0000000077960250 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077800d90 5 bytes JMP 0000000077960490 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077800da0 5 bytes JMP 00000000779604a0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077800dd0 5 bytes JMP 0000000077960300 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077800de0 5 bytes JMP 0000000077960360 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077800e40 5 bytes JMP 00000000779602a0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077800e90 5 bytes JMP 00000000779602c0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077800ec0 5 bytes JMP 0000000077960380 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077800ed0 5 bytes JMP 0000000077960340 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778011c0 5 bytes JMP 0000000077960440 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778013c0 5 bytes JMP 0000000077960260 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778013d0 5 bytes JMP 0000000077960270 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778013e0 5 bytes JMP 0000000077960400 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778015a0 5 bytes JMP 00000000779601f0 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778015b0 5 bytes JMP 0000000077960210 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077801620 5 bytes JMP 0000000077960200 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077801680 5 bytes JMP 0000000077960420 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077801690 5 bytes JMP 0000000077960430 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778016a0 5 bytes JMP 0000000077960220 .text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077801780 5 bytes JMP 0000000077960280 .text C:\Windows\System32\svchost.exe[984] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ef1bd 1 byte [62] .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777fff60 5 bytes JMP 0000000077960460 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777fffb0 5 bytes JMP 0000000077960450 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077800110 5 bytes JMP 0000000077960370 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077800160 5 bytes JMP 0000000077960470 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077800170 5 bytes JMP 00000000779603e0 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077800220 5 bytes JMP 0000000077960320 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077800250 5 bytes JMP 00000000779603b0 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077800270 5 bytes JMP 0000000077960390 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778002b0 5 bytes JMP 00000000779602e0 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077800330 5 bytes JMP 00000000779602d0 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077800350 5 bytes JMP 0000000077960310 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077800390 5 bytes JMP 00000000779603c0 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778003e0 5 bytes JMP 00000000779603f0 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077800540 5 bytes JMP 0000000077960230 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077800700 5 bytes JMP 0000000077960480 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077800730 5 bytes JMP 00000000779603a0 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077800810 5 bytes JMP 00000000779602f0 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077800820 5 bytes JMP 0000000077960350 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077800880 5 bytes JMP 0000000077960290 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077800910 5 bytes JMP 00000000779602b0 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077800930 5 bytes JMP 00000000779603d0 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077800940 5 bytes JMP 0000000077960330 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778009b0 5 bytes JMP 0000000077960410 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778009e0 5 bytes JMP 0000000077960240 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077800ca0 5 bytes JMP 00000000779601e0 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077800d60 5 bytes JMP 0000000077960250 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077800d90 5 bytes JMP 0000000077960490 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077800da0 5 bytes JMP 00000000779604a0 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077800dd0 5 bytes JMP 0000000077960300 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077800de0 5 bytes JMP 0000000077960360 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077800e40 5 bytes JMP 00000000779602a0 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077800e90 5 bytes JMP 00000000779602c0 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077800ec0 5 bytes JMP 0000000077960380 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077800ed0 5 bytes JMP 0000000077960340 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778011c0 5 bytes JMP 0000000077960440 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778013c0 5 bytes JMP 0000000077960260 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778013d0 5 bytes JMP 0000000077960270 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778013e0 5 bytes JMP 0000000077960400 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778015a0 5 bytes JMP 00000000779601f0 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778015b0 5 bytes JMP 0000000077960210 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077801620 5 bytes JMP 0000000077960200 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077801680 5 bytes JMP 0000000077960420 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077801690 5 bytes JMP 0000000077960430 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778016a0 5 bytes JMP 0000000077960220 .text C:\Windows\System32\svchost.exe[356] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077801780 5 bytes JMP 0000000077960280 .text C:\Windows\System32\svchost.exe[356] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ef1bd 1 byte [62] .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777fff60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777fffb0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077800110 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077800160 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077800170 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077800220 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077800250 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077800270 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778002b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077800330 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077800350 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077800390 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778003e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077800540 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077800700 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077800730 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077800810 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077800820 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077800880 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077800910 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077800930 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077800940 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778009b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778009e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077800ca0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077800d60 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077800d90 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077800da0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077800dd0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077800de0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077800e40 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077800e90 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077800ec0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077800ed0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778011c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778013c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778013d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778013e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778015a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778015b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077801620 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077801680 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077801690 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778016a0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077801780 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[472] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ef1bd 1 byte [62] .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777fff60 5 bytes JMP 0000000077960460 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777fffb0 5 bytes JMP 0000000077960450 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077800110 5 bytes JMP 0000000077960370 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077800160 5 bytes JMP 0000000077960470 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077800170 5 bytes JMP 00000000779603e0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077800220 5 bytes JMP 0000000077960320 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077800250 5 bytes JMP 00000000779603b0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077800270 5 bytes JMP 0000000077960390 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778002b0 5 bytes JMP 00000000779602e0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077800330 5 bytes JMP 00000000779602d0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077800350 5 bytes JMP 0000000077960310 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077800390 5 bytes JMP 00000000779603c0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778003e0 5 bytes JMP 00000000779603f0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077800540 5 bytes JMP 0000000077960230 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077800700 5 bytes JMP 0000000077960480 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077800730 5 bytes JMP 00000000779603a0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077800810 5 bytes JMP 00000000779602f0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077800820 5 bytes JMP 0000000077960350 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077800880 5 bytes JMP 0000000077960290 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077800910 5 bytes JMP 00000000779602b0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077800930 5 bytes JMP 00000000779603d0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077800940 5 bytes JMP 0000000077960330 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778009b0 5 bytes JMP 0000000077960410 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778009e0 5 bytes JMP 0000000077960240 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077800ca0 5 bytes JMP 00000000779601e0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077800d60 5 bytes JMP 0000000077960250 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077800d90 5 bytes JMP 0000000077960490 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077800da0 5 bytes JMP 00000000779604a0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077800dd0 5 bytes JMP 0000000077960300 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077800de0 5 bytes JMP 0000000077960360 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077800e40 5 bytes JMP 00000000779602a0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077800e90 5 bytes JMP 00000000779602c0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077800ec0 5 bytes JMP 0000000077960380 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077800ed0 5 bytes JMP 0000000077960340 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778011c0 5 bytes JMP 0000000077960440 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778013c0 5 bytes JMP 0000000077960260 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778013d0 5 bytes JMP 0000000077960270 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778013e0 5 bytes JMP 0000000077960400 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778015a0 5 bytes JMP 00000000779601f0 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778015b0 5 bytes JMP 0000000077960210 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077801620 5 bytes JMP 0000000077960200 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077801680 5 bytes JMP 0000000077960420 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077801690 5 bytes JMP 0000000077960430 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778016a0 5 bytes JMP 0000000077960220 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077801780 5 bytes JMP 0000000077960280 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ef1bd 1 byte [62] .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777fff60 5 bytes JMP 0000000077960460 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777fffb0 5 bytes JMP 0000000077960450 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077800110 5 bytes JMP 0000000077960370 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077800160 5 bytes JMP 0000000077960470 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077800170 5 bytes JMP 00000000779603e0 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077800220 5 bytes JMP 0000000077960320 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077800250 5 bytes JMP 00000000779603b0 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077800270 5 bytes JMP 0000000077960390 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778002b0 5 bytes JMP 00000000779602e0 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077800330 5 bytes JMP 00000000779602d0 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077800350 5 bytes JMP 0000000077960310 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077800390 5 bytes JMP 00000000779603c0 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778003e0 5 bytes JMP 00000000779603f0 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077800540 5 bytes JMP 0000000077960230 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077800700 5 bytes JMP 0000000077960480 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077800730 5 bytes JMP 00000000779603a0 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077800810 5 bytes JMP 00000000779602f0 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077800820 5 bytes JMP 0000000077960350 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077800880 5 bytes JMP 0000000077960290 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077800910 5 bytes JMP 00000000779602b0 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077800930 5 bytes JMP 00000000779603d0 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077800940 5 bytes JMP 0000000077960330 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778009b0 5 bytes JMP 0000000077960410 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778009e0 5 bytes JMP 0000000077960240 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077800ca0 5 bytes JMP 00000000779601e0 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077800d60 5 bytes JMP 0000000077960250 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077800d90 5 bytes JMP 0000000077960490 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077800da0 5 bytes JMP 00000000779604a0 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077800dd0 5 bytes JMP 0000000077960300 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077800de0 5 bytes JMP 0000000077960360 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077800e40 5 bytes JMP 00000000779602a0 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077800e90 5 bytes JMP 00000000779602c0 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077800ec0 5 bytes JMP 0000000077960380 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077800ed0 5 bytes JMP 0000000077960340 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778011c0 5 bytes JMP 0000000077960440 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778013c0 5 bytes JMP 0000000077960260 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778013d0 5 bytes JMP 0000000077960270 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778013e0 5 bytes JMP 0000000077960400 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778015a0 5 bytes JMP 00000000779601f0 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778015b0 5 bytes JMP 0000000077960210 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077801620 5 bytes JMP 0000000077960200 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077801680 5 bytes JMP 0000000077960420 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077801690 5 bytes JMP 0000000077960430 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778016a0 5 bytes JMP 0000000077960220 .text C:\Windows\Explorer.EXE[1428] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077801780 5 bytes JMP 0000000077960280 .text C:\Windows\Explorer.EXE[1428] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ef1bd 1 byte [62] .text C:\Program Files (x86)\WinZipper\winzipersvc.exe[1448] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f3b0c5 1 byte [62] .text C:\Windows\system32\taskhost.exe[1716] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ef1bd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\avastui.exe[2368] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076f1d03c 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[2368] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f3b0c5 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[1264] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ef1bd 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4384] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ef1bd 1 byte [62] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1988] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f3b0c5 1 byte [62] .text C:\Windows\notepad.exe[2976] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ef1bd 1 byte [62] .text C:\Windows\notepad.exe[328] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ef1bd 1 byte [62] .text C:\Windows\system32\notepad.exe[3120] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ef1bd 1 byte [62] .text C:\Windows\system32\notepad.exe[3112] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776ef1bd 1 byte [62] .text C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f3b0c5 1 byte [62] .text C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077961401 2 bytes JMP 76f2eb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077961419 2 bytes JMP 76f3b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077961431 2 bytes JMP 76fb8609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007796144a 2 bytes CALL 76f11dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779614dd 2 bytes JMP 76fb7efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779614f5 2 bytes JMP 76fb80d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007796150d 2 bytes JMP 76fb7df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077961525 2 bytes JMP 76fb81c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007796153d 2 bytes JMP 76f2f088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077961555 2 bytes JMP 76f3b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007796156d 2 bytes JMP 76fb86c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077961585 2 bytes JMP 76fb8222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007796159d 2 bytes JMP 76fb7db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779615b5 2 bytes JMP 76f2f121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779615cd 2 bytes JMP 76f3b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779616b2 2 bytes JMP 76fb8584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WinZipper\WinZipper.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779616bd 2 bytes JMP 76fb7d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\darek\AppData\Local\Temp\WzEF251.tmp\gmer.exe[4396] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f3b0c5 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\AUDIODG.EXE [724:4224] 0000000069395658 Thread C:\Windows\system32\AUDIODG.EXE [724:4540] 0000000069382104 Thread C:\Windows\system32\AUDIODG.EXE [724:1812] 000007fef1f07cfc ---- Processes - GMER 2.1 ---- Library C:\Users\darek\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1428] (Microsoft SkyDrive Shell Extension/Microsoft Corporation)(2014-02-15 21:35:53) 000007fef9f90000 Library C:\Users\darek\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\MSVCP110.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1428] (Microsoft® C Runtime Library/Microsoft Corporation)(2014-02-15 21:35:52) 000007fef9ee0000 Library C:\Users\darek\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\MSVCR110.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1428] (Microsoft® C Runtime Library/Microsoft Corporation)(2014-02-15 21:35:53) 000007fef9e10000 Library C:\Users\darek\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (*** suspicious ***) @ C:\Program Files (x86)\Skype\Phone\Skype.exe [1988] (Microsoft SkyDrive Shell Extension/Microsoft Corporation)(2014-02-15 21:35:44) 000000006f8b0000 Library C:\Users\darek\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\MSVCP110.dll (*** suspicious ***) @ C:\Program Files (x86)\Skype\Phone\Skype.exe [1988] (Microsoft® C Runtime Library/Microsoft Corporation)(2014-02-15 21:35:39) 000000006ef00000 Library C:\Users\darek\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\MSVCR110.dll (*** suspicious ***) @ C:\Program Files (x86)\Skype\Phone\Skype.exe [1988] (Microsoft® C Runtime Library/Microsoft Corporation)(2014-02-15 21:35:40) 000000006ee20000 Library C:\Users\darek\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\Telemetry.dll (*** suspicious ***) @ C:\Program Files (x86)\Skype\Phone\Skype.exe [1988] (Telemetry Library/Microsoft Corporation)(2014-02-15 21:35:47) 000000006ed90000 Library C:\Users\darek\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\logging.dll (*** suspicious ***) @ C:\Program Files (x86)\Skype\Phone\Skype.exe [1988] (Logging Library/Microsoft Corporation)(2014-02-15 21:35:38) 0000000074680000 Library C:\Users\darek\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (*** suspicious ***) @ C:\Program Files (x86)\WinZipper\WinZipper.exe [2600] (Microsoft SkyDrive Shell Extension/Microsoft Corporation)(2014-02-15 21:35:44) 000000006f8b0000 Library C:\Users\darek\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\MSVCP110.dll (*** suspicious ***) @ C:\Program Files (x86)\WinZipper\WinZipper.exe [2600] (Microsoft® C Runtime Library/Microsoft Corporation)(2014-02-15 21:35:39) 000000006ef00000 Library C:\Users\darek\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\MSVCR110.dll (*** suspicious ***) @ C:\Program Files (x86)\WinZipper\WinZipper.exe [2600] (Microsoft® C Runtime Library/Microsoft Corporation)(2014-02-15 21:35:40) 000000006ee20000 Library C:\Users\darek\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\Telemetry.dll (*** suspicious ***) @ C:\Program Files (x86)\WinZipper\WinZipper.exe [2600] (Telemetry Library/Microsoft Corporation)(2014-02-15 21:35:47) 000000006ed90000 Library C:\Users\darek\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\logging.dll (*** suspicious ***) @ C:\Program Files (x86)\WinZipper\WinZipper.exe [2600] (Logging Library/Microsoft Corporation)(2014-02-15 21:35:38) 0000000074680000 Process C:\Users\darek\AppData\Local\Temp\WzEF251.tmp\gmer.exe (*** suspicious ***) @ C:\Users\darek\AppData\Local\Temp\WzEF251.tmp\gmer.exe [4396](2014-06-21 19:48:49) 0000000000400000 ---- EOF - GMER 2.1 ---- [/log] Jak coś źle podałem to napiszcie co i jak zrobić dobrze to to zrobie.. Bardzo bym prosił o pomoc.. ;x
RoNnI komentarz 22 czerwca 2014 komentarz 22 czerwca 2014 Keyloggera łatwo sprawdzić , naciskasz przycisk windowsa+R na pulpicie lub wyszukujesz "Uruchom" i gdy pojawi sie okienko wpisujesz "cmd" wtedy otwiera sie konsola w której wpisujesz "netstat -ano" wyjdzie lista(długa w zależności od włączonych procesów) i jeśli po prawej stronie przy któreś będzie podsłuchiwanie to oznacza że ktos ci wysłał keyloggera , a jeśli wszedzie jest nasłuchiwanie to wszystko w normie, sprawdź też czy po lewej będzie gdzieś jakiś obcy adres.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.