MyCity » Ambulanta -> Arhiva Ambulante » Trebam pomoc, unapred hvala

Trebam pomoc, unapred hvala

Napisano na dan: 7.1.2009

Strana:
1
2
3

Trebam pomoc, unapred hvala

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

jelenkoo Poslao: 07 Jan 2009 20:29 Idi na vrh
offline jelenkoo Novi MyCity građanin Pridružio: 07 Jan 2009 Poruke: 11	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Racunar mi je zarazen.Ima veze sa fajlovima: C:\WINDOWS\system32\ckvo.exe C:\WINDOWS\system32\ckvo0.dll C:\WINDOWS\system32\ckvo1.dll i C:\2fiji.com Problemi su sto je u Windows firewall omogucena dolazeca konekcija.Iako je izbrisem, posle restarta racunara ponovo se pojavi.Takodje ne mogu da vidim sakrivene fajlove. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:53:38 PM, on 1/7/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\COMODO\SafeSurf\cssurf.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe C:\Documents and Settings\Biscom\Desktop\New Folder\TR3.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O8 - Extra context menu item: Convert link target to Adobe PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - [Link mogu videti samo ulogovani korisnici]\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Download video with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Preuzmi odabrano Free Download Manager-om - [Link mogu videti samo ulogovani korisnici]\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Preuzmi sa Free Download Managerom - [Link mogu videti samo ulogovani korisnici]\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Preuzmi sve sa Free Download Manager-om - [Link mogu videti samo ulogovani korisnici]\Program Files\Free Download Manager\dlall.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{D4CFF1B5-A265-42F2-BDC9-3AB35230648B}: NameServer = 81.94.2.2 81.94.2.3 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 6157 bytes

Profil

helen1 Poslao: 07 Jan 2009 20:42 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8652 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, * Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana). * Izaberi AMON iz Threat Protection grupe opcija. * Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled. * Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. ------------------------------ Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

jelenkoo Poslao: 07 Jan 2009 21:51 Idi na vrh
offline jelenkoo Novi MyCity građanin Pridružio: 07 Jan 2009 Poruke: 11	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-01-07.01 - Biscom 2009-01-07 21:23:58.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.503.160 [GMT 1:00] Running from: c:\documents and settings\Biscom\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Biscom\Desktop\ComboFix.exe AV: ESET NOD32 antivirus system 2.70 On-access scanning disabled (Outdated) FW: COMODO Firewall Pro enabled * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.exe C:\Autorun.inf c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013 c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\windowsupdate.com c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe C:\resycled c:\resycled\boot.com c:\windows\BM87ca1c56.txt c:\windows\IE4 Error Log.txt c:\windows\pskt.ini c:\windows\system32\ckvo0.dll c:\windows\system32\ckvo1.dll c:\windows\system32\mcrh.tmp D:\Autorun.inf D:\resycled d:\resycled\boot.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 ))))))))))))))))))))))))))))))) . 2009-01-07 21:28 . 4,096 c:\windows\system32\01.tmp 2009-01-07 21:21 . 2009-01-07 21:22 <DIR> d-------- C:\32788R22FWJFW 2009-01-07 19:20 . 2009-01-07 19:20 <DIR> d-------- c:\program files\CCleaner 2009-01-07 14:22 . 2009-01-07 14:22 <DIR> d-------- c:\program files\SUPERAntiSpyware 2009-01-07 14:22 . 2009-01-07 14:22 <DIR> d-------- c:\documents and settings\Biscom\Application Data\SUPERAntiSpyware.com 2009-01-07 14:22 . 2009-01-07 14:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-01-06 21:25 . 2009-01-06 21:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\comodo 2009-01-06 21:25 . 2009-01-06 21:25 249,592 --a------ c:\windows\system32\cssdll32.dll 2009-01-06 21:25 . 2009-01-06 21:25 143,104 --a------ c:\windows\system32\guard32.dll 2009-01-06 21:25 . 2009-01-06 21:25 87,056 --a------ c:\windows\system32\drivers\cmdguard.sys 2009-01-06 21:25 . 2009-01-06 21:25 24,208 --a------ c:\windows\system32\drivers\cmdhlp.sys 2009-01-04 17:35 . 2008-10-20 07:14 105,115 -r-hs---- C:\2fiji.com 2009-01-04 17:01 . 2009-01-06 00:18 <DIR> d-------- c:\program files\uTorrent 2008-12-28 17:13 . 2004-08-04 00:56 159,232 --a------ c:\windows\system32\ptpusd.dll 2008-12-28 17:13 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2008-12-28 17:13 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys 2008-12-28 17:13 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll 2008-12-24 12:33 . 2008-12-24 12:33 <DIR> d-------- c:\documents and settings\Biscom\Application Data\OpenOffice.org2 2008-12-24 12:32 . 2008-12-24 12:39 <DIR> d-------- c:\program files\OpenOffice.org 2.0 2008-12-24 10:46 . 2008-12-24 10:46 265,728 --a------ c:\windows\system32\MSCOMCTL.oca 2008-12-24 10:46 . 2008-12-24 10:46 64,000 --a------ c:\windows\system32\RICHTX32.oca 2008-12-24 10:46 . 2008-12-24 10:46 35,840 --a------ c:\windows\system32\comdlg32.oca 2008-12-24 10:23 . 2008-12-24 10:23 69,632 --a------ c:\windows\system32\MSDATLST.oca 2008-12-24 10:23 . 2008-12-24 10:23 65,536 --a------ c:\windows\system32\MSDATGRD.oca 2008-12-24 10:23 . 2008-12-24 10:23 44,032 --a------ c:\windows\system32\MSDATREP.oca 2008-12-24 10:23 . 2008-12-24 10:23 35,840 --a------ c:\windows\system32\MSADODC.oca 2008-12-13 01:07 . 2008-12-15 10:51 <DIR> d-------- c:\program files\Oddswiz 2008-12-11 22:04 . 1998-06-24 00:00 67,376 --a------ c:\windows\system32\SYSINFO.OCX 2008-12-11 19:55 . 2008-12-11 19:55 389 --a------ c:\windows\StockNeuroMaster.INI 2008-12-11 19:27 . 2008-12-29 15:33 <DIR> d-------- c:\program files\PC Soccer 2008-12-10 11:36 . 2009-01-03 21:01 <DIR> d-------- c:\program files\Soccer Stats Tracker 2008-12-10 11:22 . 2008-12-10 14:30 <DIR> d-------- C:\BetPredictor 2008-12-10 11:15 . 2008-12-10 18:40 <DIR> d-------- c:\program files\Bet For Win . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-07 20:08 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 4 2009-01-07 13:22 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-01-06 20:25 --------- d-----w c:\program files\COMODO 2009-01-06 20:25 --------- d-----w c:\documents and settings\Biscom\Application Data\Comodo 2009-01-06 18:28 --------- d-----w c:\program files\AIMP2 2009-01-05 23:18 --------- d-----w c:\documents and settings\Biscom\Application Data\uTorrent 2009-01-04 21:32 --------- d-----w c:\program files\LeaguePad 2009-01-04 13:11 --------- d-----w c:\program files\GoWin Deluxe45 2008-12-16 12:53 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-12-11 20:26 720,896 ----a-w c:\windows\iun6002.exe 2008-12-11 19:02 74,752 ----a-w c:\windows\ST6UNST.EXE 2008-12-11 19:02 253,952 ------w c:\windows\Setup1.exe 2008-12-11 10:28 --------- d-----w c:\program files\Mobile Master 2008-12-09 11:29 --------- d-----w c:\program files\Betting Genius 3.04 Trial Version 2008-12-03 12:39 --------- d-----w c:\documents and settings\All Users\Application Data\Firefly Studios 2008-12-03 12:38 98,304 ----a-w c:\windows\system32\CmdLineExt.dll 2008-12-03 12:33 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-03 12:33 --------- d-----w c:\program files\Firefly Studios 2008-11-29 19:47 --------- d-----w c:\program files\GameSpy Arcade 2008-11-27 23:38 --------- d-----w c:\program files\Mv2Player 2008-11-20 10:38 --------- d-----w c:\program files\THQ 2008-11-20 10:38 --------- d-----w c:\program files\Desktop Currency Converter 2008-11-18 18:30 --------- d-----w c:\documents and settings\Biscom\Application Data\Free Download Manager 2008-11-13 14:24 --------- d-----w c:\program files\LingvoSoft 2008-11-07 08:47 --------- d-----w c:\program files\MSECache 2008-11-07 08:39 --------- d-----w c:\program files\Di recnik 2006-07-30 22:20 959 --sha-r c:\windows\system32\autorun.bin 2004-08-04 12:43 761,344 --sha-r c:\windows\system32\Autorun.exe 2004-08-03 22:56 165,610 --sha-r c:\windows\system32\nlpkuomc.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-02-20 950664] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096] "COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2009-01-06 278264] "COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-01-06 1655552] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "msacm.divxa32"= divxa32.acm "VIDC.ACDV"= ACDV.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] --a------ 2004-12-14 01:12 483328 c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro] --a------ 2009-01-06 21:24 1655552 c:\program files\COMODO\Firewall\cfp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-03 23:56 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "MDM"=2 (0x2) "hpqwmiex"=2 (0x2) "AdobeActiveFileMonitor6.0"=2 (0x2) "RichVideo"=3 (0x3) "CiSvc"=3 (0x3) "Adobe LM Service"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "cmdAgent"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" "Free Uploader Oe Integration"=c:\program files\Free Download Manager\FUM\fumoei.exe "ctfmon.exe"=c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions "Persistence"=c:\windows\system32\igfxpers.exe "IgfxTray"=c:\windows\system32\igfxtray.exe "HotKeysCmds"=c:\windows\system32\hkcmd.exe "Cpqset"=c:\program files\Hewlett-Packard\Default Settings\cpqset.exe "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4336:TCP"= 4336:TCP:ltpnmeux R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-01-06 87056] R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-01-06 24208] R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2008-03-06 3026] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-02-20 15424] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-11-17 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-11-17 55024] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408] R4 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2007-09-19 21:37:48 41456] S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 124832] S4 rufmtrsbb;Image Server;c:\windows\system32\svchost.exe -k netsvcs [2004-08-03 14336] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp rufmtrsbb [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{252273d8-7430-11dd-9310-001cbf2df2f5}] \Shell\AutoRun\command - F:\nhbivui.exe \Shell\explore\Command - F:\nhbivui.exe \Shell\open\Command - F:\nhbivui.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e192f282-e2d5-11dc-917c-001cbf2df2f5}] \Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa2d7260-d330-11dd-93a0-001cbf2df2f5}] \Shell\AutoRun\command - F:\2fiji.com \Shell\explore\Command - F:\2fiji.com \Shell\open\Command - F:\2fiji.com . Contents of the 'Scheduled Tasks' folder 2009-01-07 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 13:24] 2009-01-07 c:\windows\Tasks\Winamp.job - c:\progra~1\Winamp\winamp.exe [2007-12-20 16:17] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-QlbCtrl - c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Download video with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\program files\Free Download Manager\dlfvideo.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Preuzmi odabrano Free Download Manager-om - [Link mogu videti samo ulogovani korisnici]\program files\Free Download Manager\dlselected.htm IE: Preuzmi sa Free Download Managerom - [Link mogu videti samo ulogovani korisnici]\program files\Free Download Manager\dllink.htm IE: Preuzmi sve sa Free Download Manager-om - [Link mogu videti samo ulogovani korisnici]\program files\Free Download Manager\dlall.htm IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\program files\Free Download Manager\FUM\fumiebtn.dll LSP: c:\windows\system32\imon.dll FF - ProfilePath - c:\documents and settings\Biscom\Application Data\Mozilla\Firefox\Profiles\ui0jx5at.default\ FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: browser.search.selectedEngine - Web Search FF - prefs.js: browser.startup.homepage - about:blank FF - component: c:\documents and settings\Biscom\Application Data\Mozilla\Firefox\Profiles\ui0jx5at.default\extensions\{b23920f4-4c2f-412b-9450-1d7028d5454e}\components\FFAlert.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 2 FF - user.js: content.max.tokenizing.time - 1500000 FF - user.js: content.notify.interval - 750000 FF - user.js: content.switch.threshold - 750000 FF - user.js: nglayout.initialpaint.delay - 100 FF - user.js: network.http.max-connections-per-server - 4 c:\program files\Mozilla Firefox 3 Beta 4\greprefs\all.js - pref("security.fileuri.origin_policy", 2); c:\program files\Mozilla Firefox 3 Beta 4\defaults\pref\firefox.js - pref("browser.places.importBookmarksHTML", true); c:\program files\Mozilla Firefox 3 Beta 4\defaults\pref\firefox.js - pref("browser.places.createdSmartBookmarks", false); . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]** Rootkit scan 2009-01-07 21:29:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... c:\windows\system32\zshp1020.exe [2624] 0xFDF75A98 c:\windows\system32\zshp1020.exe [2640] 0xFDE7E318 c:\windows\system32\zshp1020.exe [2664] 0xFDE86898 c:\windows\system32\zshp1020.exe [2684] 0x82789458 c:\windows\system32\zshp1020.exe [2736] 0xFDE115E8 c:\windows\system32\zshp1020.exe [2752] 0xFDDEB020 c:\windows\system32\zshp1020.exe [2816] 0xFDDEB3C0 c:\windows\system32\zshp1020.exe [2844] 0xFDE01DA0 c:\windows\system32\zshp1020.exe [2856] 0xFDE01630 c:\windows\system32\zshp1020.exe [2920] 0xFDDDC020 c:\windows\system32\zshp1020.exe [2936] 0xFDDDB020 c:\windows\system32\zshp1020.exe [2952] 0xFDDDB570 c:\windows\system32\zshp1020.exe [3016] 0xFDDD64A0 c:\windows\system32\zshp1020.exe [3032] 0xFDDD38B0 c:\windows\system32\zshp1020.exe [3044] 0xFDDD1DA0 c:\windows\system32\zshp1020.exe [3120] 0xFDDCD8B0 c:\windows\system32\zshp1020.exe [3248] 0xFDDF28C8 c:\windows\system32\zshp1020.exe [3308] 0xFDDDE020 c:\windows\system32\zshp1020.exe [3324] 0xFDDDA020 c:\windows\system32\zshp1020.exe [3348] 0xFDDDA500 c:\windows\system32\zshp1020.exe [3428] 0xFDDCA020 c:\windows\system32\zshp1020.exe [3512] 0xFDE0C708 c:\windows\system32\zshp1020.exe [3528] 0xFDDD0488 c:\windows\system32\zshp1020.exe [3596] 0xFDDC5368 c:\windows\system32\zshp1020.exe [3612] 0xFDDD6DA0 c:\windows\system32\zshp1020.exe [3672] 0xFDDCF630 c:\windows\system32\zshp1020.exe [3692] 0xFDDB2380 c:\windows\system32\zshp1020.exe [3704] 0xFDDB1B28 c:\windows\system32\zshp1020.exe [3756] 0xFDDB0DA0 c:\windows\system32\zshp1020.exe [3788] 0xFDDAF8B0 c:\windows\system32\zshp1020.exe [3860] 0xFDDD9020 c:\windows\system32\zshp1020.exe [3876] 0xFDDC5020 c:\windows\system32\zshp1020.exe [3892] 0xFDDE0500 c:\windows\system32\zshp1020.exe [3968] 0xFDDCA608 c:\windows\system32\zshp1020.exe [4004] 0xFDDAEAF8 c:\windows\system32\zshp1020.exe [4076] 0xFDDA08B0 c:\windows\system32\zshp1020.exe [4088] 0xFDDF2020 c:\windows\system32\zshp1020.exe [816] 0xFDDCB880 c:\windows\system32\zshp1020.exe [1576] 0xFDDCA8B0 c:\windows\system32\zshp1020.exe [1688] 0xFDDA1020 c:\windows\system32\zshp1020.exe [2076] 0xFDD8E8B0 c:\windows\system32\zshp1020.exe [2092] 0xFDD8DDA0 c:\windows\system32\zshp1020.exe [2108] 0xFDD8C020 c:\windows\system32\zshp1020.exe [2156] 0xFDD8C360 c:\windows\system32\zshp1020.exe [2212] 0xFDDA1B20 c:\windows\system32\zshp1020.exe [2284] 0xFDDD6020 c:\windows\system32\zshp1020.exe [2448] 0xFDD8FB28 c:\windows\system32\zshp1020.exe [2496] 0xFDD90870 c:\windows\system32\zshp1020.exe [2584] 0xFDDD7020 c:\windows\system32\zshp1020.exe [2712] 0xFDDFE550 c:\windows\system32\zshp1020.exe [2796] 0xFDD8F020 c:\windows\system32\zshp1020.exe [2720] 0xFDD8D360 c:\windows\system32\zshp1020.exe [2876] 0xFDD6E020 c:\windows\system32\zshp1020.exe [2916] 0xFDD9F020 c:\windows\system32\zshp1020.exe [2964] 0xFDDC5DA0 c:\windows\system32\zshp1020.exe [3104] 0xFDDA5898 c:\windows\system32\zshp1020.exe [3208] 0xFDD57DA0 c:\windows\system32\zshp1020.exe [3168] 0xFDD52B28 c:\windows\system32\zshp1020.exe [3292] 0xFDD50B28 c:\windows\system32\zshp1020.exe [3444] 0xFDD4CDA0 c:\windows\system32\zshp1020.exe [3416] 0xFDD4BDA0 c:\windows\system32\zshp1020.exe [3592] 0xFDD47020 c:\windows\system32\zshp1020.exe [3656] 0xFDD44AF8 c:\windows\system32\zshp1020.exe [3740] 0xFDD51020 c:\windows\system32\zshp1020.exe [3480] 0xFDD4E5F0 c:\windows\system32\zshp1020.exe [3928] 0xFDD8A630 c:\windows\system32\zshp1020.exe [1920] 0xFDD9F3E0 c:\windows\system32\zshp1020.exe [2120] 0xFDD30DA0 c:\windows\system32\zshp1020.exe [772] 0xFDD40020 c:\windows\system32\zshp1020.exe [780] 0xFDD58608 c:\windows\system32\zshp1020.exe [880] 0xFDD828A8 c:\windows\system32\zshp1020.exe [1592] 0xFDD6D020 c:\windows\system32\zshp1020.exe [2056] 0xFDD4B390 c:\windows\system32\zshp1020.exe [2144] 0xFDD33DA0 c:\windows\system32\zshp1020.exe [2488] 0xFDD71408 c:\windows\system32\zshp1020.exe [2452] 0xFDDA3020 c:\windows\system32\zshp1020.exe [2420] 0xFDDA3608 c:\windows\system32\zshp1020.exe [2556] 0xFDD08B28 c:\windows\system32\zshp1020.exe [2468] 0xFDD90020 c:\windows\system32\zshp1020.exe [3064] 0xFDD36638 c:\windows\system32\zshp1020.exe [2800] 0xFDD515E0 c:\windows\system32\zshp1020.exe [2868] 0xFDCFFDA0 c:\windows\system32\zshp1020.exe [3156] 0xFDD89020 c:\windows\system32\zshp1020.exe [3228] 0xFDD35020 c:\windows\system32\zshp1020.exe [3392] 0xFDD82020 c:\windows\system32\zshp1020.exe [3688] 0xFDCF1620 c:\windows\system32\zshp1020.exe [3752] 0xFDCEE608 c:\windows\system32\zshp1020.exe [3708] 0xFDD71020 c:\windows\system32\zshp1020.exe [1876] 0xFDCFDDA0 c:\windows\system32\zshp1020.exe [3728] 0xFDD01DA0 c:\windows\system32\zshp1020.exe [3124] 0xFDCEBDA0 c:\windows\system32\zshp1020.exe [3936] 0xFDCE4338 c:\windows\system32\zshp1020.exe [3996] 0xFDCF1380 c:\windows\system32\zshp1020.exe [4020] 0xFDD32020 c:\windows\system32\zshp1020.exe [4044] 0xFDD36DA0 c:\windows\system32\zshp1020.exe [4056] 0xFDD44DA0 c:\windows\system32\zshp1020.exe [1792] 0xFDCEF620 c:\windows\system32\zshp1020.exe [1616] 0xFDCE4690 c:\windows\system32\zshp1020.exe [788] 0xFDCFE898 c:\windows\system32\zshp1020.exe [2188] 0xFDCE4DA0 c:\windows\system32\zshp1020.exe [2376] 0xFDDCC5F0 c:\windows\system32\zshp1020.exe [2428] 0xFDCCE8B0 c:\windows\system32\zshp1020.exe [2276] 0xFDCF9020 c:\windows\system32\zshp1020.exe [856] 0x8279ED08 c:\windows\system32\zshp1020.exe [2388] 0xFDCE95F0 c:\windows\system32\zshp1020.exe [3100] 0xFDCD9020 c:\windows\system32\zshp1020.exe [3000] 0xFDCC1390 c:\windows\system32\zshp1020.exe [3084] 0xFDCCF878 c:\windows\system32\zshp1020.exe [3128] 0xFDCBC390 c:\windows\system32\zshp1020.exe [3184] 0xFDCC6DA0 c:\windows\system32\zshp1020.exe [3424] 0xFDCBB620 c:\windows\system32\zshp1020.exe [3412] 0xFDCDF020 c:\windows\system32\zshp1020.exe [3816] 0xFDCCF380 c:\windows\system32\zshp1020.exe [3828] 0xFDD26020 c:\windows\system32\zshp1020.exe [4024] 0xFDCB4020 c:\windows\system32\zshp1020.exe [664] 0xFDCA8020 c:\windows\system32\zshp1020.exe [1228] 0xFDCA78B0 c:\windows\system32\zshp1020.exe [2128] 0xFDCA4DA0 c:\windows\system32\zshp1020.exe [2412] 0xFDCA3DA0 c:\windows\system32\zshp1020.exe [2568] 0xFDCA33B8 c:\windows\system32\zshp1020.exe [2160] 0xFE013DA0 c:\windows\system32\zshp1020.exe [2400] 0xFDC9F390 c:\windows\system32\zshp1020.exe [2520] 0xFDDA5618 c:\windows\system32\zshp1020.exe [2404] 0xFDCBAB28 c:\windows\system32\zshp1020.exe [3144] 0xFDC95DA0 c:\windows\system32\zshp1020.exe [3080] 0xFDCA4B00 c:\windows\system32\zshp1020.exe [3256] 0xFDC933A8 c:\windows\system32\zshp1020.exe [3004] 0xFDC915F0 c:\windows\system32\zshp1020.exe [3524] 0xFDC8D620 c:\windows\system32\zshp1020.exe [3660] 0xFDC8CB28 c:\windows\system32\zshp1020.exe [3984] 0xFDDA0DA0 c:\windows\system32\zshp1020.exe [4016] 0xFDCA6020 c:\windows\system32\zshp1020.exe [804] 0xFDD08020 c:\windows\system32\zshp1020.exe [2200] 0xFDC72630 c:\windows\system32\zshp1020.exe [3636] 0xFDC78620 c:\windows\system32\zshp1020.exe [3468] 0xFDC6FDA0 c:\windows\system32\zshp1020.exe [2364] 0xFDC71DA0 c:\windows\system32\zshp1020.exe [3096] 0xFDC69DA0 c:\windows\system32\zshp1020.exe [3484] 0xFDCE4020 c:\windows\system32\zshp1020.exe [4156] 0xFDC70DA0 c:\windows\system32\zshp1020.exe [4184] 0xFDC608B0 c:\windows\system32\zshp1020.exe [4268] 0xFDC5EDA0 c:\windows\system32\zshp1020.exe [4308] 0xFDC6C378 c:\windows\system32\zshp1020.exe [4400] 0xFDC8E600 c:\windows\system32\zshp1020.exe [4472] 0xFDC523B8 c:\windows\system32\zshp1020.exe [4508] 0xFDC6B610 c:\windows\system32\zshp1020.exe [4540] 0xFDC5E020 c:\windows\system32\zshp1020.exe [4588] 0xFDC4C378 c:\windows\system32\zshp1020.exe [4620] 0xFDC49898 c:\windows\system32\zshp1020.exe [4660] 0xFDC47020 c:\windows\system32\zshp1020.exe [4676] 0xFDC46608 c:\windows\system32\zshp1020.exe [4696] 0xFDCA4020 c:\windows\system32\zshp1020.exe [4720] 0xFDC70020 c:\windows\system32\zshp1020.exe [4772] 0xFDC5E878 c:\windows\system32\zshp1020.exe [4884] 0xFDC46890 c:\windows\system32\zshp1020.exe [4912] 0xFDC38B28 c:\windows\system32\zshp1020.exe [5012] 0xFDC4D610 c:\windows\system32\zshp1020.exe [5036] 0xFDC72020 c:\windows\system32\zshp1020.exe [5060] 0xFDC6C898 c:\windows\system32\zshp1020.exe [5136] 0xFDC36020 c:\windows\system32\zshp1020.exe [5156] 0xFDC2ADA0 c:\windows\system32\zshp1020.exe [5168] 0xFDC2A390 c:\windows\system32\zshp1020.exe [5236] 0xFDC27880 c:\windows\system32\zshp1020.exe [5252] 0xFDC26DA0 c:\windows\system32\zshp1020.exe [5364] 0xFDC21DA0 c:\windows\system32\zshp1020.exe [5380] 0xFDC21390 c:\windows\system32\zshp1020.exe [5444] 0xFDC1D5F0 c:\windows\system32\zshp1020.exe [5480] 0xFDC38390 c:\windows\system32\zshp1020.exe [5496] 0xFDC293B8 c:\windows\system32\zshp1020.exe [5692] 0xFDC1FDA0 c:\windows\system32\zshp1020.exe [5708] 0xFDC1F5F0 c:\windows\system32\zshp1020.exe [5724] 0xFDC1EB28 c:\windows\system32\zshp1020.exe [5740] 0xFDC1E3A0 c:\windows\system32\zshp1020.exe [5760] 0xFDC0A020 c:\windows\system32\zshp1020.exe [5788] 0xFDC08DA0 c:\windows\system32\zshp1020.exe [5824] 0xFDC27020 c:\windows\system32\zshp1020.exe [5880] 0xFDC6B390 c:\windows\system32\zshp1020.exe [5952] 0xFDC15020 c:\windows\system32\zshp1020.exe [5968] 0xFDC1F370 c:\windows\system32\zshp1020.exe [440] 0xFDBFA868 c:\windows\system32\zshp1020.exe [2064] 0xFDBED360 c:\windows\system32\zshp1020.exe [4048] 0xFDC5A020 c:\windows\system32\zshp1020.exe [2352] 0xFDC25020 c:\windows\system32\zshp1020.exe [2148] 0xFDBF8888 c:\windows\system32\zshp1020.exe [1140] 0xFDBE9690 c:\windows\system32\zshp1020.exe [2832] 0xFDBE65F8 c:\windows\system32\zshp1020.exe [4244] 0xFDBE5620 c:\windows\system32\zshp1020.exe [2636] 0xFDC2C020 c:\windows\system32\zshp1020.exe [4124] 0xFDC01020 c:\windows\system32\zshp1020.exe [4252] 0xFDBED020 c:\windows\system32\zshp1020.exe [4392] 0xFDBFAAF8 c:\windows\system32\zshp1020.exe [4380] 0xFDBE9B28 c:\windows\system32\zshp1020.exe [4480] 0xFDBCDB20 c:\windows\system32\zshp1020.exe [4512] 0xFDBCC388 c:\windows\system32\zshp1020.exe [4528] 0xFDBCADA0 c:\windows\system32\zshp1020.exe [4636] 0xFDBC9B28 c:\windows\system32\zshp1020.exe [4632] 0xFDBC88B0 c:\windows\system32\zshp1020.exe [4692] 0xFDBC7608 c:\windows\system32\zshp1020.exe [4744] 0xFDBC6630 c:\windows\system32\zshp1020.exe [4800] 0xFDBC4020 c:\windows\system32\zshp1020.exe [4828] 0xFDBC48B0 c:\windows\system32\zshp1020.exe [4820] 0xFDBC4630 c:\windows\system32\zshp1020.exe [4844] 0xFDBEA020 c:\windows\system32\zshp1020.exe [5044] 0xFDBF4020 c:\windows\system32\zshp1020.exe [5088] 0xFDBBA5D8 c:\windows\system32\zshp1020.exe [5092] 0xFDBB8DA0 c:\windows\system32\zshp1020.exe [5112] 0xFDBC7890 c:\windows\system32\zshp1020.exe [5196] 0xFDBB4DA0 c:\windows\system32\zshp1020.exe [5308] 0xFDBAEB28 c:\windows\system32\zshp1020.exe [5412] 0xFDC36890 c:\windows\system32\zshp1020.exe [5544] 0xFDFF6C20 c:\windows\system32\zshp1020.exe [5520] 0xFDBB1020 c:\windows\system32\zshp1020.exe [5576] 0xFDC4C020 c:\windows\system32\zshp1020.exe [5596] 0xFDB9DDA0 c:\windows\system32\zshp1020.exe [5636] 0xFDB9CDA0 c:\windows\system32\zshp1020.exe [5652] 0xFDB9B868 c:\windows\system32\zshp1020.exe [5656] 0xFDB97868 c:\windows\system32\zshp1020.exe [5712] 0xFDB96AE0 c:\windows\system32\zshp1020.exe [5704] 0xFDB95020 c:\windows\system32\zshp1020.exe [5816] 0xFDB90020 c:\windows\system32\zshp1020.exe [5868] 0xFDB8F020 c:\windows\system32\zshp1020.exe [5844] 0xFDB8EDA0 c:\windows\system32\zshp1020.exe [5916] 0xFDB92DA0 c:\windows\system32\zshp1020.exe [5924] 0xFDB98B28 c:\windows\system32\zshp1020.exe [5984] 0xFDB9A880 c:\windows\system32\zshp1020.exe [6052] 0xFDBAF618 c:\windows\system32\zshp1020.exe [6040] 0xFDB8CB28 c:\windows\system32\zshp1020.exe [6024] 0xFDB8C3B8 c:\windows\system32\zshp1020.exe [6064] 0xFDB8A3B8 c:\windows\system32\zshp1020.exe [6100] 0xFDB89B28 c:\windows\system32\zshp1020.exe [6132] 0xFDB89630 c:\windows\system32\zshp1020.exe [4072] 0xFDB873B8 c:\windows\system32\zshp1020.exe [6136] 0xFDD70B28 c:\windows\system32\zshp1020.exe [3584] 0x825EA758 c:\windows\system32\zshp1020.exe [688] 0xFDB6D550 c:\windows\system32\zshp1020.exe [2124] 0xFDB83DA0 c:\windows\system32\zshp1020.exe [1596] 0xFDB65778 c:\windows\system32\zshp1020.exe [1784] 0xFDB5B3B8 c:\windows\system32\zshp1020.exe [580] 0xFDB5A3B8 c:\windows\system32\zshp1020.exe [1536] 0xFDB593B8 c:\windows\system32\zshp1020.exe [2772] 0xFDB6A020 c:\windows\system32\zshp1020.exe [4104] 0xFDB6D898 c:\windows\system32\zshp1020.exe [3488] 0xFDB78020 c:\windows\system32\zshp1020.exe [2984] 0xFDB5DDA0 c:\windows\system32\zshp1020.exe [4112] 0xFDB56020 c:\windows\system32\zshp1020.exe [4816] 0xFDB5CDA0 c:\windows\system32\zshp1020.exe [4872] 0xFDB6ABF0 c:\windows\system32\zshp1020.exe [5096] 0xFDB5B020 c:\windows\system32\zshp1020.exe [5292] 0xFDE1E020 c:\windows\system32\zshp1020.exe [5524] 0xFDB5C020 c:\windows\system32\zshp1020.exe [5084] 0xFDB573C0 c:\windows\system32\zshp1020.exe [5204] 0xFDB5DB00 c:\windows\system32\zshp1020.exe [5324] 0xFDB776A8 c:\windows\system32\zshp1020.exe [5132] 0xFDB5E898 c:\windows\system32\zshp1020.exe [4328] 0xFDD4F2F8 c:\windows\system32\zshp1020.exe [5872] 0xFDB3B840 c:\windows\system32\zshp1020.exe [3836] 0xFDB3A8B0 c:\windows\system32\zshp1020.exe [5552] 0xFDB37020 c:\windows\system32\zshp1020.exe [6048] 0xFDB373A8 c:\windows\system32\zshp1020.exe [5980] 0xFDB8E020 c:\windows\system32\zshp1020.exe [4228] 0xFDB56350 c:\windows\system32\zshp1020.exe [5804] 0xFDB37638 c:\windows\system32\zshp1020.exe [5464] 0xFDBAC020 c:\windows\system32\zshp1020.exe [5440] 0xFDB4EDA0 c:\windows\system32\zshp1020.exe [4364] 0xFDB5B8F8 c:\windows\system32\zshp1020.exe [5792] 0xFDBCCB08 c:\windows\system32\zshp1020.exe [4360] 0xFDB3B590 c:\windows\system32\zshp1020.exe [5840] 0xFDBC8020 c:\windows\system32\zshp1020.exe [3456] 0xFDB1D020 c:\windows\system32\zshp1020.exe [4708] 0xFDB1A630 c:\windows\system32\zshp1020.exe [5016] 0xFDB19B28 c:\windows\system32\zshp1020.exe [4812] 0xFDB19378 c:\windows\system32\zshp1020.exe [4572] 0xFDB19878 c:\windows\system32\zshp1020.exe [4688] 0xFDB9A5E0 c:\windows\system32\zshp1020.exe [2888] 0xFDB8A898 c:\windows\system32\zshp1020.exe [5276] 0xFDB0E378 c:\windows\system32\zshp1020.exe [5348] 0xFDB0D8B0 c:\windows\system32\zshp1020.exe [5336] 0xFDB0CB28 c:\windows\system32\zshp1020.exe [5332] 0xFDB0A020 c:\windows\system32\zshp1020.exe [4216] 0xFDB0A878 c:\windows\system32\zshp1020.exe [5032] 0xFDB0B020 c:\windows\system32\zshp1020.exe [5912] 0xFDB0D020 c:\windows\system32\zshp1020.exe [3924] 0xFDB97DA0 c:\windows\system32\zshp1020.exe [2564] 0xFDB26DA0 c:\windows\system32\zshp1020.exe [5584] 0xFDAFF020 c:\windows\system32\zshp1020.exe [4348] 0xFDAFFDA0 c:\windows\system32\zshp1020.exe [4984] 0xFDB25398 c:\windows\system32\zshp1020.exe [6080] 0xFDAFE2D0 c:\windows\system32\zshp1020.exe [4544] 0xFDAF6B28 c:\windows\system32\zshp1020.exe [4712] 0xFDAF28B0 c:\windows\system32\zshp1020.exe [2344] 0xFDAF1DA0 c:\windows\system32\zshp1020.exe [2208] 0xFDAF5630 c:\windows\system32\zshp1020.exe [6160] 0xFDAEF718 c:\windows\system32\zshp1020.exe [6176] 0xFDAEE920 c:\windows\system32\zshp1020.exe [6192] 0xFDAED020 c:\windows\system32\zshp1020.exe [6288] 0xFDAF5020 c:\windows\system32\zshp1020.exe [6304] 0xFDAF0DA0 c:\windows\system32\zshp1020.exe [6320] 0xFDAE0DA0 c:\windows\system32\zshp1020.exe [6400] 0xFDADB020 c:\windows\system32\zshp1020.exe [6416] 0xFDADAD40 c:\windows\system32\zshp1020.exe [6432] 0xFDAD9470 c:\windows\system32\zshp1020.exe [6512] 0xFDAD28D8 c:\windows\system32\zshp1020.exe [6528] 0xFDAD0660 c:\windows\system32\zshp1020.exe [6540] 0xFDACF828 c:\windows\system32\zshp1020.exe [6624] 0xFDB92020 c:\windows\system32\zshp1020.exe [6708] 0xFDB26430 c:\windows\system32\zshp1020.exe [6744] 0xFDAF3020 c:\windows\system32\zshp1020.exe [6776] 0xFDADF020 c:\windows\system32\zshp1020.exe [6808] 0xFDAD9908 c:\windows\system32\zshp1020.exe [6840] 0xFDAE0398 c:\windows\system32\zshp1020.exe [6964] 0xFDBBF630 c:\windows\system32\zshp1020.exe [6980] 0xFDADC370 c:\windows\system32\zshp1020.exe [6996] 0xFDB57DA0 c:\windows\system32\zshp1020.exe [7060] 0xFDAAE020 c:\windows\system32\zshp1020.exe [7076] 0xFDAAE638 c:\windows\system32\zshp1020.exe [7092] 0xFDAADB28 c:\windows\system32\zshp1020.exe [7156] 0xFDAAB3B8 c:\windows\system32\zshp1020.exe [7172] 0xFDAA9020 c:\windows\system32\zshp1020.exe [7188] 0xFDAA98B0 c:\windows\system32\zshp1020.exe [7248] 0xFDAA4A60 c:\windows\system32\zshp1020.exe [7268] 0xFDAA2DA0 c:\windows\system32\zshp1020.exe [7284] 0xFDAA17A0 c:\windows\system32\zshp1020.exe [7316] 0xFDAD8480 c:\windows\system32\zshp1020.exe [7364] 0xFDAAB640 c:\windows\system32\zshp1020.exe [7380] 0xFDAB1898 c:\windows\system32\zshp1020.exe [7400] 0xFDA95DA0 c:\windows\system32\zshp1020.exe [7464] 0xFDA92638 c:\windows\system32\zshp1020.exe [7480] 0xFDA91B28 c:\windows\system32\zshp1020.exe [7496] 0xFDA90DA0 c:\windows\system32\zshp1020.exe [7560] 0xFDA8E638 c:\windows\system32\zshp1020.exe [7576] 0xFDA8D650 c:\windows\system32\zshp1020.exe [7592] 0xFDA8B730 c:\windows\system32\zshp1020.exe [7676] 0xFDA8E020 c:\windows\system32\zshp1020.exe [7692] 0xFDB1A020 c:\windows\system32\zshp1020.exe [7708] 0xFDA86DA0 c:\windows\system32\zshp1020.exe [7772] 0xFDA7A388 c:\windows\system32\zshp1020.exe [7788] 0xFDA776A8 c:\windows\system32\zshp1020.exe [7804] 0xFDA76400 c:\windows\system32\zshp1020.exe [7888] 0xFDA95888 c:\windows\system32\zshp1020.exe [7904] 0xFDA8F620 c:\windows\system32\zshp1020.exe [7920] 0xFDA6FB28 c:\windows\system32\zshp1020.exe [7984] 0xFDA696A8 c:\windows\system32\zshp1020.exe [8032] 0xFDA7AB08 c:\windows\system32\zshp1020.exe [8044] 0xFDA76698 c:\windows\system32\zshp1020.exe [8116] 0xFDA66600 c:\windows\system32\zshp1020.exe [8132] 0xFDA6F888 c:\windows\system32\zshp1020.exe [8148] 0xFDC52898 c:\windows\system32\zshp1020.exe [4644] 0xFDA5BB28 c:\windows\system32\zshp1020.exe [4640] 0xFDA5A920 c:\windows\system32\zshp1020.exe [4764] 0xFDA59DA0 c:\windows\system32\zshp1020.exe [5076] 0xFDA55020 c:\windows\system32\zshp1020.exe [5940] 0xFDA5DDA0 c:\windows\system32\zshp1020.exe [3992] 0xFDA4AB28 c:\windows\system32\zshp1020.exe [4284] 0xFDA48DA0 c:\windows\system32\zshp1020.exe [6068] 0xFDA47470 c:\windows\system32\zshp1020.exe [5780] 0xFDA55BF0 c:\windows\system32\zshp1020.exe [5648] 0xFDA6BDA0 c:\windows\system32\zshp1020.exe [4908] 0xFDA55640 c:\windows\system32\zshp1020.exe [6284] 0xFDA54020 c:\windows\system32\zshp1020.exe [6300] 0xFDA46678 c:\windows\system32\zshp1020.exe [6332] 0xFDA37DA0 c:\windows\system32\zshp1020.exe [6372] 0xFDA34B28 c:\windows\system32\zshp1020.exe [6388] 0xFDA33B28 c:\windows\system32\zshp1020.exe [6480] 0xFDA2F6E8 c:\windows\system32\zshp1020.exe [6496] 0xFDA2D6E8 c:\windows\system32\zshp1020.exe [6604] 0xFDA2B0A0 c:\windows\system32\zshp1020.exe [6680] 0xFDA21B98 c:\windows\system32\zshp1020.exe [6652] 0xFDA20DA0 c:\windows\system32\zshp1020.exe [6852] 0xFDA18898 c:\windows\system32\zshp1020.exe [7040] 0xFDF5C020 c:\windows\system32\zshp1020.exe [7204] 0xFDA1C900 c:\windows\system32\zshp1020.exe [7128] 0xFDA05880 c:\windows\system32\zshp1020.exe [7392] 0xFDA04930 c:\windows\system32\zshp1020.exe [7300] 0xFDA03DA0 c:\windows\system32\zshp1020.exe [7440] 0xFDA25020 c:\windows\system32\zshp1020.exe [7428] 0xFDA05020 c:\windows\system32\zshp1020.exe [7656] 0xFD9F08B0 c:\windows\system32\zshp1020.exe [7688] 0xFD9EF8B0 c:\windows\system32\zshp1020.exe [7664] 0xFD9EE020 c:\windows\system32\zshp1020.exe [7760] 0xFD9EC428 c:\windows\system32\zshp1020.exe [7816] 0xFD9EA020 c:\windows\system32\zshp1020.exe [7860] 0xFD9EA718 c:\windows\system32\zshp1020.exe [7936] 0xFDA71020 c:\windows\system32\zshp1020.exe [7956] 0xFDAA34C8 c:\windows\system32\zshp1020.exe [8004] 0xFDA16020 c:\windows\system32\zshp1020.exe [8048] 0xFD9D7DA0 c:\windows\system32\zshp1020.exe [8104] 0xFD9D6660 c:\windows\system32\zshp1020.exe [8092] 0xFD9D48D8 c:\windows\system32\zshp1020.exe [8168] 0xFD9CEB98 c:\windows\system32\zshp1020.exe [8180] 0xFD9CD718 c:\windows\system32\zshp1020.exe [8176] 0xFD9CC3E8 c:\windows\system32\zshp1020.exe [2140] 0xFD9C53D8 c:\windows\system32\zshp1020.exe [2116] 0xFD9C26F0 c:\windows\system32\zshp1020.exe [4936] 0xFD9C1DA0 c:\windows\system32\zshp1020.exe [5660] 0xFD9BBDA0 c:\windows\system32\zshp1020.exe [4220] 0xFDA18020 c:\windows\system32\zshp1020.exe [6004] 0xFDA01BA8 c:\windows\system32\zshp1020.exe [5460] 0xFD9C84E8 c:\windows\system32\zshp1020.exe [3540] 0xFDA126A8 c:\windows\system32\zshp1020.exe [6232] 0x82544470 c:\windows\system32\zshp1020.exe [6228] 0xFD9B8020 c:\windows\system32\zshp1020.exe [6280] 0xFD9D1DA0 c:\windows\system32\zshp1020.exe [6344] 0xFD9B0B28 c:\windows\system32\zshp1020.exe [6396] 0xFD9AF8B0 c:\windows\system32\zshp1020.exe [6492] 0xFD9AEDA0 c:\windows\system32\zshp1020.exe [6476] 0xFD9AD8B0 c:\windows\system32\zshp1020.exe [6620] 0xFD9AC8B0 c:\windows\system32\zshp1020.exe [6596] 0xFD9AB8B0 c:\windows\system32\zshp1020.exe [6580] 0xFD9AAB28 c:\windows\system32\zshp1020.exe [6576] 0xFD9A9B28 c:\windows\system32\zshp1020.exe [6696] 0xFD9C3020 c:\windows\system32\zshp1020.exe [6764] 0xFD9A65B8 c:\windows\system32\zshp1020.exe [6804] 0xFD9A3DA0 c:\windows\system32\zshp1020.exe [6872] 0xFD9A26F0 c:\windows\system32\zshp1020.exe [6856] 0xFD9A0400 c:\windows\system32\zshp1020.exe [6876] 0xFD99E3D0 c:\windows\system32\zshp1020.exe [6960] 0xFD99BB98 c:\windows\system32\zshp1020.exe [6916] 0xFD99A188 c:\windows\system32\zshp1020.exe [7108] 0xFD9977A0 c:\windows\system32\zshp1020.exe [7116] 0xFD995DA0 c:\windows\system32\zshp1020.exe [7144] 0xFD991020 c:\windows\system32\zshp1020.exe [7240] 0xFD98E020 c:\windows\system32\zshp1020.exe [7228] 0xFD98BDA0 c:\windows\system32\zshp1020.exe [7124] 0xFD9A79D8 c:\windows\system32\zshp1020.exe [7512] 0xFD987020 c:\windows\system32\zshp1020.exe [7448] 0xFD984020 c:\windows\system32\zshp1020.exe [7620] 0xFD981020 c:\windows\system32\zshp1020.exe [7744] 0xFD97C378 c:\windows\system32\zshp1020.exe [7536] 0xFD974780 c:\windows\system32\zshp1020.exe [7628] 0xFD971528 c:\windows\system32\zshp1020.exe [7752] 0xFD96E6E0 c:\windows\system32\zshp1020.exe [7848] 0xFD96B020 c:\windows\system32\zshp1020.exe [7360] 0xFD967920 c:\windows\system32\zshp1020.exe [7588] 0xFD964938 c:\windows\system32\zshp1020.exe [8212] 0xFD961718 c:\windows\system32\zshp1020.exe [8568] 0xFD931560 c:\windows\system32\zshp1020.exe [8704] 0xFD995020 c:\windows\system32\zshp1020.exe [8752] 0xFD9CA020 c:\windows\system32\zshp1020.exe [8764] 0xFD9ED688 c:\windows\system32\zshp1020.exe [8776] 0xFD9AB020 c:\windows\system32\zshp1020.exe [8824] 0xFDA459F0 c:\windows\system32\zshp1020.exe [8836] 0xFD94C850 c:\windows\system32\zshp1020.exe [8848] 0xFD997020 c:\windows\system32\zshp1020.exe [8896] 0xFD94E308 c:\windows\system32\zshp1020.exe [8908] 0xFD95E688 c:\windows\system32\zshp1020.exe [8920] 0xFD9A4BF0 c:\windows\system32\zshp1020.exe [8968] 0xFD9383C0 c:\windows\system32\zshp1020.exe [8980] 0xFD995720 c:\windows\system32\zshp1020.exe [8992] 0xFD946C60 c:\windows\system32\zshp1020.exe [9040] 0xFD953DA0 c:\windows\system32\zshp1020.exe [9052] 0xFD9A7758 c:\windows\system32\zshp1020.exe [9064] 0xFD9CFB28 c:\windows\system32\zshp1020.exe [9112] 0xFD8ED588 c:\windows\system32\zshp1020.exe [9124] 0xFD8ECDA0 c:\windows\system32\zshp1020.exe [9136] 0xFD8EC608 c:\windows\system32\zshp1020.exe [9184] 0xFD8EA390 c:\windows\system32\zshp1020.exe [9208] 0xFD8FB898 c:\windows\system32\zshp1020.exe [9256] 0xFD8F6020 c:\windows\system32\zshp1020.exe [9268] 0xFD8E8920 c:\windows\system32\zshp1020.exe [9280] 0xFD8F9898 c:\windows\system32\zshp1020.exe [9328] 0xFD8E8020 c:\windows\system32\zshp1020.exe [9340] 0xFD8E7620 c:\windows\system32\zshp1020.exe [9352] 0xFD8F1020 c:\windows\system32\zshp1020.exe [9404] 0xFD8E3638 c:\windows\system32\zshp1020.exe [9416] 0xFD8E2020 c:\windows\system32\zshp1020.exe [9428] 0xFD8E2390 c:\windows\system32\zshp1020.exe [9476] 0xFD8DF020 c:\windows\system32\zshp1020.exe [9488] 0xFD8DFB28 c:\windows\system32\zshp1020.exe [9548] 0xFD943DA0 c:\windows\system32\zshp1020.exe [9560] 0xFD943608 c:\windows\system32\zshp1020.exe [9572] 0xFD8DCB28 c:\windows\system32\zshp1020.exe [9620] 0xFD8DA020 c:\windows\system32\zshp1020.exe [9632] 0xFD8DA390 c:\windows\system32\zshp1020.exe [9644] 0xFD8D9020 c:\windows\system32\zshp1020.exe [9692] 0xFD8D7B28 c:\windows\system32\zshp1020.exe [9704] 0xFD8D78A8 c:\windows\system32\zshp1020.exe [9716] 0xFD8D6020 c:\windows\system32\zshp1020.exe [9768] 0xFD8D2AF8 c:\windows\system32\zshp1020.exe [9780] 0xFD8D1020 c:\windows\system32\zshp1020.exe [9840] 0xFD8C9DA0 c:\windows\system32\zshp1020.exe [9852] 0xFD8C8DA0 c:\windows\system32\zshp1020.exe [9864] 0xFD8C7880 c:\windows\system32\zshp1020.exe [9912] 0xFD8C2888 c:\windows\system32\zshp1020.exe [9924] 0xFD8C0D70 c:\windows\system32\zshp1020.exe [9936] 0xFD8BF760 c:\windows\system32\zshp1020.exe [9984] 0xFD8B9A90 c:\windows\system32\zshp1020.exe [9996] 0xFD8B8DA0 c:\windows\system32\zshp1020.exe [10008] 0xFD8B6DA0 c:\windows\system32\zshp1020.exe [10056] 0xFD8B2920 c:\windows\system32\zshp1020.exe [10080] 0xFD8AEDA0 c:\windows\system32\zshp1020.exe [10128] 0xFD8AA348 c:\windows\system32\zshp1020.exe [10140] 0xFD8A7B98 c:\windows\system32\zshp1020.exe [10152] 0xFD8A6678 c:\windows\system32\zshp1020.exe [10208] 0xFD8A0DA0 c:\windows\system32\zshp1020.exe [10220] 0xFD8B0B00 c:\windows\system32\zshp1020.exe [5772] 0xFD8E6880 c:\windows\system32\zshp1020.exe [8292] 0x826C9020 c:\windows\system32\zshp1020.exe [8232] 0xFD849628 c:\windows\system32\zshp1020.exe [6772] 0xFD8411B0 c:\windows\system32\zshp1020.exe [4648] 0xFD83CDA0 c:\windows\system32\zshp1020.exe [6888] 0xFD83A638 c:\windows\system32\zshp1020.exe [7544] 0xFD837B28 c:\windows\system32\zshp1020.exe [8332] 0xFD834020 c:\windows\system32\zshp1020.exe [7168] 0xFD831020 c:\windows\system32\zshp1020.exe [8424] 0xFD82DB98 c:\windows\system32\zshp1020.exe [6884] 0xFD82A290 c:\windows\system32\zshp1020.exe [9364] 0xFD8264C8 c:\windows\system32\zshp1020.exe [7864] 0xFD822B98 c:\windows\system32\zshp1020.exe [5356] 0xFD81D020 c:\windows\system32\zshp1020.exe [10252] 0xFD82F020 c:\windows\system32\zshp1020.exe [10280] 0xFD812638 c:\windows\system32\zshp1020.exe [10312] 0xFD80F020 c:\windows\system32\zshp1020.exe [10344] 0xFD80C810 c:\windows\system32\zshp1020.exe [10376] 0xFD8081D8 c:\windows\system32\zshp1020.exe [10416] 0xFD8048C8 c:\windows\system32\zshp1020.exe [10448] 0xFD8136A8 c:\windows\system32\zshp1020.exe [10480] 0xFD800B00 c:\windows\system32\zshp1020.exe [10512] 0xFD7F72D8 c:\windows\system32\zshp1020.exe [10544] 0xFD7F3020 c:\windows\system32\zshp1020.exe [10576] 0xFD7EF020 c:\windows\system32\zshp1020.exe [10640] 0xFD7E7020 c:\windows\system32\zshp1020.exe [10672] 0xFD7E3020 c:\windows\system32\zshp1020.exe [10712] 0xFD802020 c:\windows\system32\zshp1020.exe [10736] 0xFD7DDB00 c:\windows\system32\zshp1020.exe [10760] 0xFD7DC020 c:\windows\system32\zshp1020.exe [10784] 0xFD7D97C8 c:\windows\system32\zshp1020.exe [10808] 0xFD7D5020 c:\windows\system32\zshp1020.exe [10832] 0xFD7D6270 c:\windows\system32\zshp1020.exe [10856] 0xFD7CDDA0 c:\windows\system32\zshp1020.exe [10880] 0xFD7C9020 c:\windows\system32\zshp1020.exe [10904] 0xFD7C7DA0 c:\windows\system32\zshp1020.exe [10928] 0xFD7C2020 c:\windows\system32\zshp1020.exe [10952] 0xFD7C0DA0 c:\windows\system32\zshp1020.exe [10976] 0xFD7BD020 c:\windows\system32\zshp1020.exe [11000] 0xFD7BA818 c:\windows\system32\zshp1020.exe [11024] 0xFD7B79D0 c:\windows\system32\zshp1020.exe [11048] 0xFD7B4020 c:\windows\system32\zshp1020.exe [11072] 0xFD7B0608 c:\windows\system32\zshp1020.exe [11096] 0xFD7AEBB0 c:\windows\system32\zshp1020.exe [11120] 0xFD7AB020 c:\windows\system32\zshp1020.exe [11144] 0xFD7A8280 c:\windows\system32\zshp1020.exe [11168] 0xFD7A5428 c:\windows\system32\zshp1020.exe [11192] 0xFD7A1020 c:\windows\system32\zshp1020.exe [11216] 0xFD79F658 c:\windows\system32\zshp1020.exe [11240] 0xFD79B020 c:\windows\system32\zshp1020.exe [11264] 0xFD798020 c:\windows\system32\zshp1020.exe [11288] 0xFD796500 c:\windows\system32\zshp1020.exe [11312] 0xFD792B28 c:\windows\system32\zshp1020.exe [11336] 0xFD790680 c:\windows\system32\zshp1020.exe [11360] 0xFD78CDA0 c:\windows\system32\zshp1020.exe [11384] 0xFD78ACD8 c:\windows\system32\zshp1020.exe [11408] 0xFD786020 c:\windows\system32\zshp1020.exe [11432] 0xFD783020 c:\windows\system32\zshp1020.exe [11456] 0xFD780A90 c:\windows\system32\zshp1020.exe [11480] 0xFD77DCB8 c:\windows\system32\zshp1020.exe [11504] 0xFD77A020 c:\windows\system32\zshp1020.exe [11808] 0xFD7529D0 c:\windows\system32\zshp1020.exe [11832] 0xFD74F020 c:\windows\system32\zshp1020.exe [11856] 0xFD74C880 c:\windows\system32\zshp1020.exe [11880] 0xFD74A3A8 c:\windows\system32\zshp1020.exe [11904] 0xFD748378 c:\windows\system32\zshp1020.exe [11928] 0xFD73F778 c:\windows\system32\zshp1020.exe [12028] 0xFD73D8B0 c:\windows\system32\zshp1020.exe [12052] 0xFD734920 c:\windows\system32\zshp1020.exe [12076] 0xFD732920 c:\windows\system32\zshp1020.exe [12100] 0xFD7308D8 c:\windows\system32\zshp1020.exe [12124] 0xFD72EB98 c:\windows\system32\zshp1020.exe [12148] 0xFD72BB98 c:\windows\system32\zshp1020.exe [12172] 0xFD72AB98 c:\windows\system32\zshp1020.exe [12196] 0xFD728B98 c:\windows\system32\zshp1020.exe [12220] 0xFD726B28 c:\windows\system32\zshp1020.exe [12244] 0xFD724B98 c:\windows\system32\zshp1020.exe [12268] 0xFD722B98 c:\windows\system32\zshp1020.exe [6264] 0xFD7203B8 c:\windows\system32\zshp1020.exe [8428] 0xFD71E3E8 c:\windows\system32\zshp1020.exe [7460] 0xFD71B020 c:\windows\system32\zshp1020.exe [8448] 0xFD719DA0 c:\windows\system32\zshp1020.exe [7064] 0xFD7174C8 c:\windows\system32\zshp1020.exe [8440] 0xFD7155C0 c:\windows\system32\zshp1020.exe [7396] 0xFD712020 c:\windows\system32\zshp1020.exe [5360] 0xFD710DA0 c:\windows\system32\zshp1020.exe [6732] 0xFD70EDA0 c:\windows\system32\zshp1020.exe [1316] 0xFD70CDA0 c:\windows\system32\zshp1020.exe [12308] 0xFD70ADA0 c:\windows\system32\zshp1020.exe [12332] 0xFD708AE0 c:\windows\system32\zshp1020.exe [12356] 0xFD707990 c:\windows\system32\zshp1020.exe [12380] 0xFD7048D8 c:\windows\system32\zshp1020.exe [12404] 0xFD7018D8 c:\windows\system32\zshp1020.exe [12428] 0xFD7006D0 c:\windows\system32\zshp1020.exe [12452] 0xFD6FE6D0 c:\windows\system32\zshp1020.exe [12476] 0xFD6FC458 c:\windows\system32\zshp1020.exe [12504] 0xFD6F98D8 c:\windows\system32\zshp1020.exe [12528] 0xFD6F67A8 c:\windows\system32\zshp1020.exe [12552] 0xFD6F2020 c:\windows\system32\zshp1020.exe [12576] 0xFD6EF020 c:\windows\system32\zshp1020.exe [12600] 0xFD6EC020 c:\windows\system32\zshp1020.exe [12624] 0xFD6EA4E8 c:\windows\system32\zshp1020.exe [12648] 0xFD6E6020 c:\windows\system32\zshp1020.exe [12672] 0xFD6E2DA0 c:\windows\system32\zshp1020.exe [12696] 0xFD6DE020 c:\windows\system32\zshp1020.exe [12720] 0xFD6DB8E8 c:\windows\system32\zshp1020.exe [12744] 0xFD6D8A28 c:\windows\system32\zshp1020.exe [12768] 0xFD6D4DA0 c:\windows\system32\zshp1020.exe [12792] 0xFD6D1B98 c:\windows\system32\zshp1020.exe [12816] 0xFD729498 c:\windows\system32\zshp1020.exe [12840] 0xFD6DE8B0 c:\windows\system32\zshp1020.exe [12864] 0xFD6C3DA0 c:\windows\system32\zshp1020.exe [12888] 0xFD70D8A8 c:\windows\system32\zshp1020.exe [12912] 0xFD7236A0 c:\windows\system32\zshp1020.exe [12936] 0xFD6B9778 c:\windows\system32\zshp1020.exe [12960] 0xFD6B5778 c:\windows\system32\zshp1020.exe [12984] 0xFD6AF778 c:\windows\system32\zshp1020.exe [13008] 0xFD6A9778 c:\windows\system32\zshp1020.exe [13032] 0xFD6C7300 c:\windows\system32\zshp1020.exe [13056] 0xFD7096A0 c:\windows\system32\zshp1020.exe [13080] 0xFD6CEDA0 c:\windows\system32\zshp1020.exe [13104] 0xFD72B6A0 c:\windows\system32\zshp1020.exe [13128] 0xFD6FFDA0 c:\windows\system32\zshp1020.exe [13152] 0xFD6D0850 c:\windows\system32\zshp1020.exe [13176] 0xFD6C1748 c:\windows\system32\zshp1020.exe [13200] 0xFD6A4020 c:\windows\system32\zshp1020.exe [13224] 0xFD6A3020 c:\windows\system32\zshp1020.exe [13248] 0xFD6A2DA0 c:\windows\system32\zshp1020.exe [13272] 0xFD6A0DA0 c:\windows\system32\zshp1020.exe [13296] 0xFD6A1020 c:\windows\system32\zshp1020.exe [13320] 0xFD69F020 c:\windows\system32\zshp1020.exe [13344] 0xFD69E020 c:\windows\system32\zshp1020.exe [13368] 0xFD69D020 c:\windows\system32\zshp1020.exe [13392] 0xFD69CDA0 c:\windows\system32\zshp1020.exe [13416] 0xFD69B020 c:\windows\system32\zshp1020.exe [13440] 0xFD69A020 c:\windows\system32\zshp1020.exe [13464] 0xFD699020 c:\windows\system32\zshp1020.exe [13488] 0xFD698DA0 c:\windows\system32\zshp1020.exe [13512] 0xFD691870 c:\windows\system32\zshp1020.exe [13536] 0xFD6595D8 c:\windows\system32\zshp1020.exe [13560] 0xFD679BB0 c:\windows\system32\zshp1020.exe [13584] 0xFD65C020 c:\windows\system32\zshp1020.exe [13608] 0xFD64B778 c:\windows\system32\zshp1020.exe [13632] 0xFD641778 c:\windows\system32\zshp1020.exe [13656] 0xFD63A778 c:\windows\system32\zshp1020.exe [13680] 0xFD686A78 c:\windows\system32\zshp1020.exe [13704] 0xFD666020 c:\windows\system32\zshp1020.exe [13728] 0xFD655558 c:\windows\system32\zshp1020.exe [13752] 0xFD675DA0 c:\windows\system32\zshp1020.exe [13776] 0xFD652DA0 c:\windows\system32\zshp1020.exe [13800] 0xFD653450 c:\windows\system32\zshp1020.exe [13824] 0xFD639920 c:\windows\system32\zshp1020.exe [13848] 0xFD637B28 c:\windows\system32\zshp1020.exe [13872] 0xFD62F368 c:\windows\system32\zshp1020.exe [13896] 0xFD634778 c:\windows\system32\zshp1020.exe [13920] 0xFD632778 c:\windows\system32\zshp1020.exe [13944] 0xFD663020 c:\windows\system32\zshp1020.exe [13968] 0xFD686DA0 c:\windows\system32\zshp1020.exe [13992] 0xFD627778 c:\windows\system32\zshp1020.exe [14016] 0xFD61F778 c:\windows\system32\zshp1020.exe [14040] 0xFD684DA0 c:\windows\system32\zshp1020.exe [14064] 0xFD662548 c:\windows\system32\zshp1020.exe [14088] 0xFD618DA0 c:\windows\system32\zshp1020.exe [14112] 0xFD616DA0 c:\windows\system32\zshp1020.exe [14936] 0xFD949020 c:\windows\system32\zshp1020.exe [14964] 0xFD9D08E0 c:\windows\system32\zshp1020.exe [14988] 0xFDA2BBA8 c:\windows\system32\zshp1020.exe [15012] 0xFD950020 c:\windows\system32\zshp1020.exe [15036] 0xFDE11348 c:\windows\system32\zshp1020.exe [15060] 0xFDDC7890 c:\windows\system32\zshp1020.exe [15084] 0xFD5AA670 c:\windows\system32\zshp1020.exe [15108] 0xFD5A5B98 c:\windows\system32\zshp1020.exe [15132] 0xFD5A3D50 c:\windows\system32\zshp1020.exe [15160] 0xFD59BDA0 c:\windows\system32\zshp1020.exe [15256] 0xFD590250 c:\windows\system32\zshp1020.exe [15288] 0xFD593B28 c:\windows\system32\zshp1020.exe [15312] 0xFD588020 c:\windows\system32\zshp1020.exe [15336] 0xFD586AB8 c:\windows\system32\zshp1020.exe [15360] 0xFD5808F0 c:\windows\system32\zshp1020.exe [15384] 0xFD583858 c:\windows\system32\zshp1020.exe [15452] 0xFD574020 c:\windows\system32\zshp1020.exe [15488] 0xFD56FA60 c:\windows\system32\zshp1020.exe [15516] 0xFD56CB28 c:\windows\system32\zshp1020.exe [15548] 0xFD572020 c:\windows\system32\zshp1020.exe [15580] 0xFD5665A0 c:\windows\system32\zshp1020.exe [15612] 0xFD5635B0 c:\windows\system32\zshp1020.exe [15644] 0xFD55C588 c:\windows\system32\zshp1020.exe [15676] 0xFD558520 c:\windows\system32\zshp1020.exe [15708] 0xFD5542C8 c:\windows\system32\zshp1020.exe [15740] 0xFD550280 c:\windows\system32\zshp1020.exe [15776] 0xFD5A9B98 c:\windows\system32\zshp1020.exe [15800] 0xFD54BDA0 c:\windows\system32\zshp1020.exe [15824] 0xFD546570 c:\windows\system32\zshp1020.exe [15848] 0xFD542658 c:\windows\system32\zshp1020.exe [15908] 0xFD53BDA0 c:\windows\system32\zshp1020.exe [15940] 0xFD535020 c:\windows\system32\zshp1020.exe [15972] 0xFD5333F8 c:\windows\system32\zshp1020.exe [16040] 0xFD529DA0 c:\windows\system32\zshp1020.exe [16068] 0xFD526668 c:\windows\system32\zshp1020.exe [16132] 0xFD51DB98 c:\windows\system32\zshp1020.exe [16164] 0xFD519540 c:\windows\system32\zshp1020.exe [16196] 0xFD515020 c:\windows\system32\zshp1020.exe [16224] 0xFD512678 c:\windows\system32\zshp1020.exe [16256] 0xFD50DDA0 c:\windows\system32\zshp1020.exe [16288] 0xFD509B08 c:\windows\system32\zshp1020.exe [16316] 0xFD506DA0 c:\windows\system32\zshp1020.exe [16348] 0xFD502910 c:\windows\system32\zshp1020.exe [16376] 0xFD4FEAA0 c:\windows\system32\zshp1020.exe [16412] 0xFD4FADA0 c:\windows\system32\zshp1020.exe [16448] 0xFD4F5A90 c:\windows\system32\zshp1020.exe [16480] 0xFD4EE020 c:\windows\system32\zshp1020.exe [16516] 0xFD4EA020 c:\windows\system32\zshp1020.exe [16548] 0xFD4E6DA0 c:\windows\system32\zshp1020.exe [17268] 0xFD769020 c:\windows\system32\zshp1020.exe [5564] 0xFD8DB610 c:\windows\system32\zshp1020.exe [3240] 0xFD8B9020 c:\windows\system32\zshp1020.exe [15768] 0xFD89D020 c:\windows\system32\zshp1020.exe [14568] 0xFD879020 c:\windows\system32\zshp1020.exe [14468] 0xFD8BB890 c:\windows\system32\zshp1020.exe [14564] 0xFD7E0D00 c:\windows\system32\zshp1020.exe [12932] 0xFD57A020 c:\windows\system32\zshp1020.exe [13916] 0xFD53D020 c:\windows\system32\zshp1020.exe [15352] 0xFD82D020 c:\windows\system32\zshp1020.exe [12828] 0xFD79F020 c:\windows\system32\zshp1020.exe [13044] 0xFD5D5020 c:\windows\system32\zshp1020.exe [14612] 0xFD6A0020 c:\windows\system32\zshp1020.exe [13476] 0xFD5E1B38 c:\windows\system32\zshp1020.exe [13524] 0xFDA068A0 c:\windows\system32\zshp1020.exe [15328] 0xFD759DA0 c:\windows\system32\zshp1020.exe [15440] 0xFD84A020 c:\windows\system32\zshp1020.exe [13720] 0xFD56C020 c:\windows\system32\zshp1020.exe [14732] 0xFD6A2020 c:\windows\system32\zshp1020.exe [14736] 0xFD5E6D40 c:\windows\system32\zshp1020.exe [12908] 0xFD983020 c:\windows\system32\zshp1020.exe [11300] 0xFD53E020 c:\windows\system32\zshp1020.exe [11744] 0xFD810B08 c:\windows\system32\zshp1020.exe [11648] 0xFD5A9020 c:\windows\system32\zshp1020.exe [11976] 0xFD592020 c:\windows\system32\zshp1020.exe [14176] 0xFD843920 c:\windows\system32\zshp1020.exe [16392] 0xFD8471F8 c:\windows\system32\zshp1020.exe [16216] 0xFD67E890 c:\windows\system32\zshp1020.exe [11084] 0xFD6F0020 c:\windows\system32\zshp1020.exe [14160] 0xFD954020 c:\windows\system32\zshp1020.exe [10636] 0xFD883020 c:\windows\system32\zshp1020.exe [10624] 0xFD9A6840 c:\windows\system32\zshp1020.exe [7980] 0xFD60B3A8 c:\windows\system32\zshp1020.exe [5128] 0xFD94B020 c:\windows\system32\zshp1020.exe [8512] 0xFD70E020 c:\windows\system32\zshp1020.exe [14184] 0xFD846020 c:\windows\system32\zshp1020.exe [11604] 0xFD735020 c:\windows\system32\zshp1020.exe [16072] 0xFD9905D8 c:\windows\system32\zshp1020.exe [10564] 0xFD53DA70 c:\windows\system32\zshp1020.exe [14848] 0xFD4EB6A8 c:\windows\system32\zshp1020.exe [14236] 0xFDDD9510 c:\windows\system32\zshp1020.exe [16452] 0xFD822020 c:\windows\system32\zshp1020.exe [14332] 0xFD815DA0 c:\windows\system32\zshp1020.exe [16096] 0xFD69B8B0 c:\windows\system32\zshp1020.exe [16128] 0xFD8E9020 c:\windows\system32\zshp1020.exe [12280] 0xFD6F1660 c:\windows\system32\zshp1020.exe [16100] 0xFD840DA0 c:\windows\system32\zshp1020.exe [10964] 0xFDDE0020 c:\windows\system32\zshp1020.exe [16020] 0xFD604020 c:\windows\system32\zshp1020.exe [11420] 0x825392A8 c:\windows\system32\zshp1020.exe [11276] 0xFD933C68 c:\windows\system32\zshp1020.exe [13600] 0xFD814BC0 c:\windows\system32\zshp1020.exe [12548] 0xFD99C020 c:\windows\system32\zshp1020.exe [13596] 0xFD75A7F0 c:\windows\system32\zshp1020.exe [12256] 0xFD677A70 c:\windows\system32\zshp1020.exe [12756] 0xFD5736A0 c:\windows\system32\zshp1020.exe [12852] 0xFD6F7020 c:\windows\system32\zshp1020.exe [12612] 0xFD688730 c:\windows\system32\zshp1020.exe [12636] 0xFDA26730 c:\windows\system32\zshp1020.exe [8536] 0xFD4EBDA0 c:\windows\system32\zshp1020.exe [10028] 0xFD5639B8 c:\windows\system32\zshp1020.exe [9764] 0xFD8A3DA0 c:\windows\system32\zshp1020.exe [10504] 0xFD6E0360 c:\windows\system32\zshp1020.exe [10560] 0xFD892020 c:\windows\system32\zshp1020.exe [9756] 0xFD5CD4F0 c:\windows\system32\zshp1020.exe [10528] 0xFDD57020 c:\windows\system32\zshp1020.exe [4384] 0xFD992B10 c:\windows\system32\zshp1020.exe [9224] 0xFD8DC8A8 c:\windows\system32\zshp1020.exe [14464] 0xFD76CAC8 c:\windows\system32\zshp1020.exe [14516] 0xFE15B648 c:\windows\system32\zshp1020.exe [16536] 0xFD825020 c:\windows\system32\zshp1020.exe [6644] 0xFD8C9020 c:\windows\system32\zshp1020.exe [14244] 0xFD87E6B0 c:\windows\system32\zshp1020.exe [11516] 0xFD782020 c:\windows\system32\zshp1020.exe [12004] 0xFD815970 c:\windows\system32\zshp1020.exe [12572] 0xFD787738 c:\windows\system32\zshp1020.exe [13820] 0xFD7F25F8 c:\windows\system32\zshp1020.exe [16544] 0xFD782778 c:\windows\system32\zshp1020.exe [13172] 0xFD826020 c:\windows\system32\zshp1020.exe [12716] 0xFD532748 c:\windows\system32\zshp1020.exe [13244] 0xFD8716C0 c:\windows\system32\zshp1020.exe [15564] 0xFD8BA020 c:\windows\system32\zshp1020.exe [13812] 0xFD990A78 c:\windows\system32\zshp1020.exe [13648] 0xFD5AE020 c:\windows\system32\zshp1020.exe [12440] 0xFD84DC00 c:\windows\system32\zshp1020.exe [12804] 0xFD5E2D60 c:\windows\system32\zshp1020.exe [12520] 0xFD8BE350 c:\windows\system32\zshp1020.exe [13192] 0xFD6EF6A8 c:\windows\system32\zshp1020.exe [8500] 0xFD805C28 c:\windows\system32\zshp1020.exe [15508] 0xFD72A020 c:\windows\system32\zshp1020.exe [13240] 0xFD78E180 c:\windows\system32\zshp1020.exe [8892] 0xFD824710 c:\windows\system32\zshp1020.exe [15600] 0xFD861020 c:\windows\system32\zshp1020.exe [14572] 0xFD6F23B8 c:\windows\system32\zshp1020.exe [7552] 0xFD555020 c:\windows\system32\zshp1020.exe [14648] 0xFD8D2020 c:\windows\system32\zshp1020.exe [8204] 0xFD9331D8 c:\windows\system32\zshp1020.exe [5264] 0xFD9354B0 c:\windows\system32\zshp1020.exe [5004] 0xFD558020 c:\windows\system32\zshp1020.exe [6220] 0xFD8054F8 c:\windows\system32\zshp1020.exe [11696] 0xFD594778 c:\windows\system32\zshp1020.exe [14432] 0xFD7FBDA0 c:\windows\system32\zshp1020.exe [14932] 0xFD84E328 c:\windows\system32\zshp1020.exe [1916] 0xFD608918 c:\windows\system32\zshp1020.exe [7212] 0xFD9A2DA0 c:\windows\system32\zshp1020.exe [4224] 0xFD5F9288 c:\windows\system32\zshp1020.exe [14956] 0xFD572B70 c:\windows\system32\zshp1020.exe [15692] 0xFD609020 c:\windows\system32\zshp1020.exe [15728] 0xFD563DA0 c:\windows\system32\zshp1020.exe [14760] 0xFD96B938 c:\windows\system32\zshp1020.exe [11684] 0xFD4ECB28 c:\windows\system32\zshp1020.exe [10316] 0xFD7C86D8 c:\windows\system32\zshp1020.exe [8472] 0xFD7C78F8 c:\windows\system32\zshp1020.exe [11732] 0xFD7C54C8 c:\windows\system32\zshp1020.exe [3888] 0xFD8EF6A8 c:\windows\system32\zshp1020.exe [7824] 0xFD89C7A0 c:\windows\system32\zshp1020.exe [7528] 0xFD72B020 c:\windows\system32\zshp1020.exe [6820] 0xFD811768 c:\windows\system32\zshp1020.exe [11752] 0xFD83A020 c:\windows\system32\zshp1020.exe [9740] 0xFD809920 c:\windows\system32\zshp1020.exe [11180] 0xFD538B68 c:\windows\system32\zshp1020.exe [13380] 0xFD5B17B0 c:\windows\system32\zshp1020.exe [15128] 0xFD8D0500 c:\windows\system32\zshp1020.exe [10308] 0xFD882020 c:\windows\system32\zshp1020.exe [3472] 0xFD8D4500 c:\windows\system32\zshp1020.exe [8564] 0xFD6F8B28 c:\windows\system32\zshp1020.exe [10104] 0xFD6FA4A8 c:\windows\system32\zshp1020.exe [10772] 0xFD562BB0 c:\windows\system32\zshp1020.exe [15072] 0xFD5AF350 c:\windows\system32\zshp1020.exe [4436] 0xFD569DA0 c:\windows\system32\zshp1020.exe [8460] 0xFD7BC360 c:\windows\system32\zshp1020.exe [7348] 0xFD5C7A78 c:\windows\system32\zshp1020.exe [10704] 0xFD5F9968 c:\windows\system32\zshp1020.exe [10800] 0xFD5D4258 c:\windows\system32\zshp1020.exe [11444] 0xFD60CC28 c:\windows\system32\zshp1020.exe [10068] 0xFD8F8620 c:\windows\system32\zshp1020.exe [9292] 0xFD61A778 c:\windows\system32\zshp1020.exe [9656] 0xFD52C4A0 c:\windows\system32\zshp1020.exe [9300] 0xFD8426F0 c:\windows\system32\zshp1020.exe [9664] 0xFD7CB408 c:\windows\system32\zshp1020.exe [7968] 0xFD7CD7B8 c:\windows\system32\zshp1020.exe [8488] 0xFD4CF3C0 c:\windows\system32\zshp1020.exe [15196] 0xFD86C880 c:\windows\system32\zshp1020.exe [8324] 0xFD8C5970 c:\windows\system32\zshp1020.exe [15244] 0xFD82C570 c:\windows\system32\zshp1020.exe [14452] 0xFD8A9BE8 c:\windows\system32\zshp1020.exe [4536] 0xFD4E5DA0 c:\windows\system32\zshp1020.exe [8020] 0xFD8104B0 c:\windows\system32\zshp1020.exe [8300] 0xFD6DD5E8 c:\windows\system32\zshp1020.exe [11720] 0xFD4F1478 c:\windows\system32\zshp1020.exe [15232] 0xFD98D770 c:\windows\system32\zshp1020.exe [13964] 0xFD4D6B50 c:\windows\system32\zshp1020.exe [9168] 0xFD7C8020 c:\windows\system32\zshp1020.exe [8720] 0xFD5484B0 c:\windows\system32\zshp1020.exe [8804] 0xFD78E988 c:\windows\system32\zshp1020.exe [9092] 0xFD7EB020 c:\windows\system32\zshp1020.exe [11112] 0xFD674DA0 c:\windows\system32\zshp1020.exe [10728] 0xFD527670 c:\windows\system32\zshp1020.exe [10192] 0xFD7B4DA0 c:\windows\system32\zshp1020.exe [9200] 0xFD78A838 c:\windows\system32\zshp1020.exe [15816] 0xFD848970 c:\windows\system32\zshp1020.exe [13960] 0xFD7FCA20 c:\windows\system32\zshp1020.exe [8820] 0xFD81EA38 c:\windows\system32\zshp1020.exe [9500] 0xFD852228 c:\windows\system32\zshp1020.exe [9948] 0xFD4EEDA0 c:\windows\system32\zshp1020.exe [9304] 0xFD5A44B8 c:\windows\system32\zshp1020.exe [9312] 0xFD937858 c:\windows\system32\zshp1020.exe [9956] 0xFD9ABDA0 c:\windows\system32\zshp1020.exe [9608] 0xFD558A88 c:\windows\system32\zshp1020.exe [13212] 0xFD5BADA0 c:\windows\system32\zshp1020.exe [17336] 0xFD5B46C0 c:\windows\system32\zshp1020.exe [13796] 0xFD6F5610 c:\windows\system32\zshp1020.exe [15472] 0xFD5A39A8 c:\windows\system32\zshp1020.exe [13412] 0xFD808BA0 c:\windows\system32\zshp1020.exe [14712] 0xFD5E3DA0 c:\windows\system32\zshp1020.exe [13744] 0xFD86C2F8 c:\windows\system32\zshp1020.exe [15308] 0xFD875318 c:\windows\system32\zshp1020.exe [3192] 0xFD878020 c:\windows\system32\zshp1020.exe [13696] 0xFD651BA0 c:\windows\system32\zshp1020.exe [15428] 0xFD885BC0 c:\windows\system32\zshp1020.exe [1132] 0xFD813DA0 c:\windows\system32\zshp1020.exe [12928] 0xFD60F8B0 c:\windows\system32\zshp1020.exe [13860] 0xFD836880 c:\windows\system32\zshp1020.exe [14792] 0xFD968CA0 c:\windows\system32\zshp1020.exe [11588] 0xFD934AD0 c:\windows\system32\zshp1020.exe [11308] 0xFD840880 c:\windows\system32\zshp1020.exe [11560] 0xFD70DDA0 c:\windows\system32\zshp1020.exe [11520] 0xFD5B3BD8 c:\windows\system32\zshp1020.exe [11916] 0xFD8B56F8 c:\windows\system32\zshp1020.exe [11204] 0xFD69F638 c:\windows\system32\zshp1020.exe [10676] 0xFD5A6910 c:\windows\system32\zshp1020.exe [15896] 0xFD5C9D10 c:\windows\system32\zshp1020.exe [8404] 0xFD951DA0 c:\windows\system32\zshp1020.exe [4928] 0xFD5CDDA0 c:\windows\system32\zshp1020.exe [7996] 0xFD614B28 c:\windows\system32\zshp1020.exe [16104] 0xFD76A4A0 c:\windows\system32\zshp1020.exe [14192] 0xFD706870 c:\windows\system32\zshp1020.exe [11428] 0xFD4EA5C0 c:\windows\system32\zshp1020.exe [16252] 0xFD8B5478 c:\windows\system32\zshp1020.exe [16280] 0xFD7EC8C0 c:\windows\system32\zshp1020.exe [16060] 0xFD78BB28 c:\windows\system32\zshp1020.exe [16188] 0xFD709928 c:\windows\system32\zshp1020.exe [11944] 0xFD55EA00 c:\windows\system32\zshp1020.exe [11468] 0xFD884DA0 c:\windows\system32\zshp1020.exe [10400] 0xFD7A39F0 c:\windows\system32\zshp1020.exe [12300] 0xFD82BDA0 c:\windows\system32\zshp1020.exe [12736] 0xFD5B0210 c:\windows\system32\zshp1020.exe [11892] 0xFD72C938 c:\windows\system32\zshp1020.exe [13936] 0xFD832DA0 c:\windows\system32\zshp1020.exe [9516] 0xFD561DA0 c:\windows\system32\zshp1020.exe [9588] 0xFD4CCB28 c:\windows\system32\zshp1020.exe [10600] 0xFD5379C8 c:\windows\system32\zshp1020.exe [9688] 0xFD81FDA0 c:\win

Profil

jelenkoo Poslao: 07 Jan 2009 22:05 Idi na vrh
offline jelenkoo Novi MyCity građanin Pridružio: 07 Jan 2009 Poruke: 11	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! nastavak: c:\windows\system32\zshp1020.exe [10476] 0xFD5AEDA0 c:\windows\system32\zshp1020.exe [8956] 0xFD8DB020 c:\windows\system32\zshp1020.exe [14488] 0xFD5AFA00 c:\windows\system32\zshp1020.exe [14844] 0xFD8AAA60 c:\windows\system32\zshp1020.exe [14408] 0xFD7058E0 c:\windows\system32\zshp1020.exe [14344] 0xFD605020 c:\windows\system32\zshp1020.exe [14424] 0xFD8A39F0 c:\windows\system32\zshp1020.exe [15576] 0xFD5AABF0 c:\windows\system32\zshp1020.exe [13124] 0xFD871020 c:\windows\system32\zshp1020.exe [15476] 0xFD4E1760 c:\windows\system32\zshp1020.exe [12568] 0xFD601578 c:\windows\system32\zshp1020.exe [16540] 0xFD654600 c:\windows\system32\zshp1020.exe [13116] 0xFD5ADAE8 c:\windows\system32\zshp1020.exe [12320] 0xFD555500 c:\windows\system32\zshp1020.exe [9908] 0xFD5933D8 c:\windows\system32\zshp1020.exe [10440] 0xFD875928 c:\windows\system32\zshp1020.exe [14744] 0xFD75FD00 c:\windows\system32\zshp1020.exe [14584] 0xFD8BC700 c:\windows\system32\zshp1020.exe [10204] 0xFD761790 c:\windows\system32\zshp1020.exe [15912] 0xFD766AF0 c:\windows\system32\zshp1020.exe [11712] 0xFD5A8DA0 c:\windows\system32\zshp1020.exe [6992] 0xFD8DBDA0 c:\windows\system32\zshp1020.exe [7356] 0xFD5BBB00 c:\windows\system32\zshp1020.exe [11652] 0xFD6DC8A0 c:\windows\system32\zshp1020.exe [11676] 0xFD731938 c:\windows\system32\zshp1020.exe [11156] 0xFD541D80 c:\windows\system32\zshp1020.exe [14400] 0xFD5B8888 c:\windows\system32\zshp1020.exe [2332] 0xFD5D6890 c:\windows\system32\zshp1020.exe [17180] 0xFD605B28 c:\windows\system32\zshp1020.exe [11760] 0xFD4D9020 c:\windows\system32\zshp1020.exe [15960] 0xFD4E19E8 c:\windows\system32\zshp1020.exe [15864] 0xFD4D5798 c:\windows\system32\zshp1020.exe [15660] 0xFD4FC020 c:\windows\system32\zshp1020.exe [8364] 0xFD4DA020 c:\windows\system32\zshp1020.exe [8736] 0xFD512020 c:\windows\system32\zshp1020.exe [6924] 0xFD575908 c:\windows\system32\zshp1020.exe [15124] 0xFD79C920 c:\windows\system32\zshp1020.exe [13456] 0xFD586630 c:\windows\system32\zshp1020.exe [8320] 0xFD753668 c:\windows\system32\zshp1020.exe [10700] 0xFD7E8920 c:\windows\system32\zshp1020.exe [8948] 0xFD4E14E0 c:\windows\system32\zshp1020.exe [9600] 0xFD5B5508 c:\windows\system32\zshp1020.exe [11788] 0xFD754B28 c:\windows\system32\zshp1020.exe [15788] 0xFD763020 c:\windows\system32\zshp1020.exe [14640] 0xFD4D8020 c:\windows\system32\zshp1020.exe [11796] 0xFD5133E8 c:\windows\system32\zshp1020.exe [14672] 0xFD7F8020 c:\windows\system32\zshp1020.exe [7020] 0xFD698348 c:\windows\system32\zshp1020.exe [6188] 0xFD7F06F8 c:\windows\system32\zshp1020.exe [8864] 0xFD6D9020 c:\windows\system32\zshp1020.exe [6792] 0xFD753148 c:\windows\system32\zshp1020.exe [6676] 0xFD60C020 c:\windows\system32\zshp1020.exe [15056] 0xFD74A020 c:\windows\system32\zshp1020.exe [4204] 0xFD7EF718 c:\windows\system32\zshp1020.exe [9728] 0xFD5CA020 c:\windows\system32\zshp1020.exe [10096] 0xFD6FC020 c:\windows\system32\zshp1020.exe [10180] 0xFD531CC8 c:\windows\system32\zshp1020.exe [12880] 0xFD74B8E0 c:\windows\system32\zshp1020.exe [9832] 0xFD794020 c:\windows\system32\zshp1020.exe [9524] 0xFD4BA020 c:\windows\system32\zshp1020.exe [10184] 0xFD5072E8 c:\windows\system32\zshp1020.exe [8668] 0xFD667AD8 c:\windows\system32\zshp1020.exe [9160] 0xFD813020 c:\windows\system32\zshp1020.exe [15324] 0xFD4F6BB8 c:\windows\system32\zshp1020.exe [14628] 0xFD711498 c:\windows\system32\zshp1020.exe [12996] 0xFD72E020 c:\windows\system32\zshp1020.exe [15356] 0xFD5E0020 c:\windows\system32\zshp1020.exe [13548] 0xFD746BA0 c:\windows\system32\zshp1020.exe [14008] 0xFD4CD020 c:\windows\system32\zshp1020.exe [12924] 0xFD4D0020 c:\windows\system32\zshp1020.exe [16000] 0xFD5C7020 c:\windows\system32\zshp1020.exe [16380] 0xFD8A4020 c:\windows\system32\zshp1020.exe [832] 0xFD756020 c:\windows\system32\zshp1020.exe [10668] 0xFD7028F0 c:\windows\system32\zshp1020.exe [16168] 0xFD4D2B28 c:\windows\system32\zshp1020.exe [6488] 0xFD58A880 c:\windows\system32\zshp1020.exe [14172] 0xFD5CC5B8 c:\windows\system32\zshp1020.exe [11964] 0xFD4D2020 c:\windows\system32\zshp1020.exe [14376] 0xFD4BADA0 c:\windows\system32\zshp1020.exe [10484] 0xFD6124C8 c:\windows\system32\zshp1020.exe [16112] 0xFD5B36E0 c:\windows\system32\zshp1020.exe [12284] 0xFD4BBB28 c:\windows\system32\zshp1020.exe [11476] 0xFD87D020 c:\windows\system32\zshp1020.exe [11820] 0xFD87D378 c:\windows\system32\zshp1020.exe [16332] 0xFD67B5C0 c:\windows\system32\zshp1020.exe [12860] 0xFD4D9B28 c:\windows\system32\zshp1020.exe [14056] 0xFD5D5990 c:\windows\system32\zshp1020.exe [14520] 0xFD4DC020 c:\windows\system32\zshp1020.exe [9028] 0xFD4DBDA0 c:\windows\system32\zshp1020.exe [9440] 0xFD4DBB20 c:\windows\system32\zshp1020.exe [14108] 0xFD4D5DA0 c:\windows\system32\zshp1020.exe [9448] 0xFD882B20 c:\windows\system32\zshp1020.exe [16476] 0xFD721BA0 c:\windows\system32\zshp1020.exe [16484] 0xFD5BCB28 c:\windows\system32\zshp1020.exe [14660] 0xFD8D3B28 c:\windows\system32\zshp1020.exe [12448] 0xFD4DEB28 c:\windows\system32\zshp1020.exe [14036] 0xFD8EAB28 c:\windows\system32\zshp1020.exe [12072] 0xFD591DA0 c:\windows\system32\zshp1020.exe [12780] 0xFD4D3440 c:\windows\system32\zshp1020.exe [16464] 0xFD6072C0 c:\windows\system32\zshp1020.exe [15680] 0xFD8E4630 c:\windows\system32\zshp1020.exe [12164] 0xFD83EB20 c:\windows\system32\zshp1020.exe [3380] 0xFD4BE390 c:\windows\system32\zshp1020.exe [10876] 0xFD5CA8A8 c:\windows\system32\zshp1020.exe [15252] 0xFD89E8B0 c:\windows\system32\zshp1020.exe [15640] 0xFD89E630 c:\windows\system32\zshp1020.exe [15872] 0xFD4CD630 c:\windows\system32\zshp1020.exe [10368] 0xFD4BDB20 c:\windows\system32\zshp1020.exe [8508] 0xFD4BD628 c:\windows\system32\zshp1020.exe [11636] 0xFD8E4DA0 c:\windows\system32\zshp1020.exe [11524] 0xFD83FDA0 c:\windows\system32\zshp1020.exe [904] 0xFD6FE020 c:\windows\system32\zshp1020.exe [16772] 0xFD6118B0 c:\windows\system32\zshp1020.exe [16572] 0xFD83E8A0 c:\windows\system32\zshp1020.exe [17252] 0xFD83F8A8 c:\windows\system32\zshp1020.exe [16632] 0xFD4CDB28 c:\windows\system32\zshp1020.exe [16904] 0xFD8DD8B0 c:\windows\system32\zshp1020.exe [17112] 0xFD87ADA0 c:\windows\system32\zshp1020.exe [16852] 0xFD8D8608 c:\windows\system32\zshp1020.exe [17036] 0xFD768DA0 c:\windows\system32\zshp1020.exe [17436] 0xFD4B98B0 c:\windows\system32\zshp1020.exe [16568] 0xFD86DB28 c:\windows\system32\zshp1020.exe [17340] 0xFD60AB28 c:\windows\system32\zshp1020.exe [16668] 0xFD763638 c:\windows\system32\zshp1020.exe [17312] 0xFD883B28 c:\windows\system32\zshp1020.exe [17160] 0xFD883630 c:\windows\system32\zshp1020.exe [17308] 0xFD874B28 c:\windows\system32\zshp1020.exe [17316] 0xFD87C8B0 c:\windows\system32\zshp1020.exe [17868] 0xFD764DA0 c:\windows\system32\zshp1020.exe [17856] 0xFD86D370 c:\windows\system32\zshp1020.exe [17816] 0xFD592418 c:\windows\system32\zshp1020.exe [17620] 0xFD764388 c:\windows\system32\zshp1020.exe [17852] 0xFD4BF020 c:\windows\system32\zshp1020.exe [17532] 0xFD4BF8B0 c:\windows\system32\zshp1020.exe [6092] 0xFD47B390 c:\windows\system32\zshp1020.exe [748] 0xFD47ADA0 c:\windows\system32\zshp1020.exe [15976] 0xFD47A388 c:\windows\system32\zshp1020.exe [11680] 0xFD479B28 c:\windows\system32\zshp1020.exe [15204] 0xFD478B28 c:\windows\system32\zshp1020.exe [15880] 0xFD477B28 c:\windows\system32\zshp1020.exe [15892] 0xFD476B28 c:\windows\system32\zshp1020.exe [9452] 0xFD475B28 c:\windows\system32\zshp1020.exe [11380] 0xFD474B28 c:\windows\system32\zshp1020.exe [14976] 0xFD473B28 c:\windows\system32\zshp1020.exe [14904] 0xFD472888 c:\windows\system32\zshp1020.exe [10940] 0xFD4718A8 c:\windows\system32\zshp1020.exe [15764] 0xFD4708B0 c:\windows\system32\zshp1020.exe [11452] 0xFD46F8B0 c:\windows\system32\zshp1020.exe [14748] 0xFD46EB28 c:\windows\system32\zshp1020.exe [6568] 0xFD465DA0 c:\windows\system32\zshp1020.exe [16928] 0xFD7E4430 c:\windows\system32\zshp1020.exe [18160] 0xFD47B618 c:\windows\system32\zshp1020.exe [18152] 0xFD467020 c:\windows\system32\zshp1020.exe [17744] 0xFD475020 c:\windows\system32\zshp1020.exe [17748] 0xFD46C020 c:\windows\system32\zshp1020.exe [17700] 0xFD46A630 c:\windows\system32\zshp1020.exe [17828] 0xFD764610 c:\windows\system32\zshp1020.exe [17140] 0xFD46A020 c:\windows\system32\zshp1020.exe [15884] 0xFD46B020 c:\windows\system32\zshp1020.exe [7728] 0xFD47B020 c:\windows\system32\zshp1020.exe [6564] 0xFD470020 c:\windows\system32\zshp1020.exe [9676] 0xFD46F020 c:\windows\system32\zshp1020.exe [9004] 0xFD767610 c:\windows\system32\zshp1020.exe [9368] 0xFD8DD610 c:\windows\system32\zshp1020.exe [10176] 0xFD46AB28 c:\windows\system32\zshp1020.exe [13668] 0xFD467DA0 c:\windows\system32\zshp1020.exe [13428] 0xFD468DA0 c:\windows\system32\zshp1020.exe [9024] 0xFD87C020 c:\windows\system32\zshp1020.exe [13216] 0xFD468608 c:\windows\system32\zshp1020.exe [14928] 0xFD901608 c:\windows\system32\zshp1020.exe [14752] 0xFD879B28 c:\windows\system32\zshp1020.exe [14800] 0xFD464638 c:\windows\system32\zshp1020.exe [17384] 0xFD4638B0 c:\windows\system32\zshp1020.exe [1944] 0xFD462390 c:\windows\system32\zshp1020.exe [13504] 0xFD4613B8 c:\windows\system32\zshp1020.exe [11756] 0xFD472340 c:\windows\system32\zshp1020.exe [13140] 0xFD461020 c:\windows\system32\zshp1020.exe [12188] 0xFD879618 c:\windows\system32\zshp1020.exe [16344] 0xFD46BB28 c:\windows\system32\zshp1020.exe [14256] 0xFD879398 c:\windows\system32\zshp1020.exe [14156] 0xFD46CDA0 c:\windows\system32\zshp1020.exe [11980] 0xFD877678 c:\windows\system32\zshp1020.exe [16240] 0xFD45F390 c:\windows\system32\zshp1020.exe [16304] 0xFD45FDA0 c:\windows\system32\zshp1020.exe [12740] 0xFD45DB28 c:\windows\system32\zshp1020.exe [12644] 0xFD45C390 c:\windows\system32\zshp1020.exe [12544] 0xFD77E020 c:\windows\system32\zshp1020.exe [12396] 0xFD771708 c:\windows\system32\zshp1020.exe [12212] 0xFD5D3B38 c:\windows\system32\zshp1020.exe [14368] 0xFD8D0020 c:\windows\system32\zshp1020.exe [14104] 0xFD70D4C0 c:\windows\system32\zshp1020.exe [9220] 0xFD460020 c:\windows\system32\zshp1020.exe [4420] 0xFD45C618 c:\windows\system32\zshp1020.exe [15552] 0xFD463DA0 c:\windows\system32\zshp1020.exe [12000] 0xFD466638 c:\windows\system32\zshp1020.exe [12088] 0xFD58BBA0 c:\windows\system32\zshp1020.exe [15532] 0xFD45B390 c:\windows\system32\zshp1020.exe [12496] 0xFD7EA900 c:\windows\system32\zshp1020.exe [15712] 0xFD44EB28 c:\windows\system32\zshp1020.exe [5392] 0xFD4DF440 c:\windows\system32\zshp1020.exe [15152] 0xFD460B08 c:\windows\system32\zshp1020.exe [7036] 0xFD7EA680 c:\windows\system32\zshp1020.exe [5560] 0xFD724020 c:\windows\system32\zshp1020.exe [16860] 0xFD4E0620 c:\windows\system32\zshp1020.exe [17236] 0xFD4CFAE0 c:\windows\system32\zshp1020.exe [16576] 0xFD451DA0 c:\windows\system32\zshp1020.exe [16864] 0xFD444B28 c:\windows\system32\zshp1020.exe [16780] 0xFD442AE0 c:\windows\system32\zshp1020.exe [16816] 0xFD441B28 c:\windows\system32\zshp1020.exe [17136] 0xFD448630 c:\windows\system32\zshp1020.exe [17220] 0xFD447B28 c:\windows\system32\zshp1020.exe [17048] 0xFD43BAE0 c:\windows\system32\zshp1020.exe [10272] 0xFD43A630 c:\windows\system32\zshp1020.exe [6896] 0xFD439B28 c:\windows\system32\zshp1020.exe [17912] 0xFD437AE0 c:\windows\system32\zshp1020.exe [17840] 0xFD436630 c:\windows\system32\zshp1020.exe [15172] 0xFD435DA0 c:\windows\system32\zshp1020.exe [15840] 0xFD434DA0 c:\windows\system32\zshp1020.exe [9536] 0xFD4328A8 c:\windows\system32\zshp1020.exe [17148] 0xFD431DA0 c:\windows\system32\zshp1020.exe [15964] 0xFD430DA0 c:\windows\system32\zshp1020.exe [16768] 0xFD6DA020 c:\windows\system32\zshp1020.exe [17716] 0xFD465020 c:\windows\system32\zshp1020.exe [17580] 0xFD4B5648 c:\windows\system32\zshp1020.exe [18060] 0xFD4DC648 c:\windows\system32\zshp1020.exe [17676] 0xFD443020 c:\windows\system32\zshp1020.exe [17196] 0xFD6E7020 c:\windows\system32\zshp1020.exe [17164] 0xFD6BE020 c:\windows\system32\zshp1020.exe [8724] 0xFD87F020 c:\windows\system32\zshp1020.exe [9972] 0xFD755020 c:\windows\system32\zshp1020.exe [12876] 0xFD44E020 c:\windows\system32\zshp1020.exe [8640] 0xFD587020 c:\windows\system32\zshp1020.exe [17176] 0xFD445020 c:\windows\system32\zshp1020.exe [13404] 0xFD4DF020 c:\windows\system32\zshp1020.exe [15772] 0xFD434388 c:\windows\system32\zshp1020.exe [17072] 0xFD435880 c:\windows\system32\zshp1020.exe [14152] 0xFD74CB08 c:\windows\system32\zshp1020.exe [12236] 0xFD522570 c:\windows\system32\zshp1020.exe [16596] 0xFD4BA648 c:\windows\system32\zshp1020.exe [16916] 0xFD4C2020 c:\windows\system32\zshp1020.exe [16776] 0xFD43A020 c:\windows\system32\zshp1020.exe [16900] 0xFD4B93D8 c:\windows\system32\zshp1020.exe [18204] 0xFD4FD020 c:\windows\system32\zshp1020.exe [18296] 0xFD7F59D8 c:\windows\system32\zshp1020.exe [10604] 0xFD86BB38 c:\windows\system32\zshp1020.exe [1340] 0xFD5E3020 c:\windows\system32\zshp1020.exe [13164] 0xFD77D020 c:\windows\system32\zshp1020.exe [14312] 0xFD8187E8 c:\windows\system32\zshp1020.exe [13844] 0xFD765DA0 c:\windows\system32\zshp1020.exe [10420] 0xFD45B880 c:\windows\system32\zshp1020.exe [11776] 0xFD4D0B38 c:\windows\system32\zshp1020.exe [17284] 0xFD444888 c:\windows\system32\zshp1020.exe [16732] 0xFD432608 c:\windows\system32\zshp1020.exe [17680] 0xFD433AF8 c:\windows\system32\zshp1020.exe [8264] 0xFD43CAE0 c:\windows\system32\zshp1020.exe [6700] 0xFD42FAE0 c:\windows\system32\zshp1020.exe [17280] 0xFD4D0648 c:\windows\system32\zshp1020.exe [16660] 0xFFA18270 c:\windows\system32\zshp1020.exe [14420] 0xFD678698 c:\windows\system32\zshp1020.exe [17388] 0xFD443DA0 c:\windows\system32\zshp1020.exe [16688] 0xFD4C0648 c:\windows\system32\zshp1020.exe [11500] 0xFD3F9DA0 c:\windows\system32\zshp1020.exe [14772] 0xFD3F8B28 c:\windows\system32\zshp1020.exe [16700] 0xFDDEC490 c:\windows\system32\zshp1020.exe [11580] 0xFD443878 c:\windows\system32\zshp1020.exe [11448] 0xFD3E6608 c:\windows\system32\zshp1020.exe [17004] 0xFD3FA020 c:\windows\system32\zshp1020.exe [15928] 0xFD3E43A8 c:\windows\system32\zshp1020.exe [5188] 0xFD43ADA0 c:\windows\system32\zshp1020.exe [10100] 0xFD3FA5B0 c:\windows\system32\zshp1020.exe [14684] 0xFD3FD020 c:\windows\system32\zshp1020.exe [10168] 0xFD6F4D20 c:\windows\system32\zshp1020.exe [8644] 0xFD3E2B28 c:\windows\system32\zshp1020.exe [12192] 0xFD3F9630 c:\windows\system32\zshp1020.exe [11212] 0xFD3DD8B0 c:\windows\system32\zshp1020.exe [12952] 0xFD3FE5F0 c:\windows\system32\zshp1020.exe [18012] 0xFD3E1020 c:\windows\system32\zshp1020.exe [11040] 0xFD451020 c:\windows\system32\zshp1020.exe [17900] 0xFD432020 c:\windows\system32\zshp1020.exe [5404] 0xFD3E15F0 c:\windows\system32\zshp1020.exe [18308] 0xFD3DFDA0 c:\windows\system32\zshp1020.exe [18120] 0xFD3DB020 c:\windows\system32\zshp1020.exe [12304] 0xFD3E4B28 c:\windows\system32\zshp1020.exe [16308] 0xFD3DE638 c:\windows\system32\zshp1020.exe [6724] 0xFD4DB020 c:\windows\system32\zshp1020.exe [16940] 0xFD3D8378 c:\windows\system32\zshp1020.exe [16628] 0xFD3DF020 c:\windows\system32\zshp1020.exe [14460] 0xFD3D75E8 c:\windows\system32\zshp1020.exe [1768] 0xFD3D98B0 c:\windows\system32\zshp1020.exe [6128] 0xFD3D6390 c:\windows\system32\zshp1020.exe [17508] 0xFD3D3020 c:\windows\system32\zshp1020.exe [8600] 0xFD3D38B0 c:\windows\system32\zshp1020.exe [8272] 0xFD3DF888 c:\windows\system32\zshp1020.exe [13264] 0xFD3D6618 c:\windows\system32\zshp1020.exe [17248] 0xFD3E4020 c:\windows\system32\zshp1020.exe [17832] 0xFD3CE608 c:\windows\system32\zshp1020.exe [17092] 0xFD3CCAE0 c:\windows\system32\zshp1020.exe [7000] 0xFD3D2638 c:\windows\system32\zshp1020.exe [15968] 0xFD3D48C0 c:\windows\system32\zshp1020.exe [18144] 0xFD3DA370 c:\windows\system32\zshp1020.exe [13460] 0xFD3CC020 c:\windows\system32\zshp1020.exe [17032] 0xFD3CADA0 c:\windows\system32\zshp1020.exe [15888] 0xFD3DA020 c:\windows\system32\zshp1020.exe [15956] 0xFD3C8B28 c:\windows\system32\zshp1020.exe [17948] 0xFD3C44A0 c:\windows\system32\zshp1020.exe [10092] 0xFD3C2A90 c:\windows\system32\zshp1020.exe [18244] 0xFD3C1DA0 c:\windows\system32\zshp1020.exe [16664] 0xFD3C03C0 c:\windows\system32\zshp1020.exe [17860] 0xFD3BFB28 c:\windows\system32\zshp1020.exe [17696] 0xFD3C18E8 c:\windows\system32\zshp1020.exe [18028] 0xFD3BC3B8 c:\windows\system32\zshp1020.exe [18260] 0xFD3C2020 c:\windows\system32\zshp1020.exe [18232] 0xFD3B8B00 c:\windows\system32\zshp1020.exe [12184] 0xFD3C1668 c:\windows\system32\zshp1020.exe [15284] 0xFD3B7020 c:\windows\system32\zshp1020.exe [10972] 0xFD3B6B28 c:\windows\system32\zshp1020.exe [11324] 0xFD3BF020 c:\windows\system32\zshp1020.exe [17120] 0xFD3CD020 c:\windows\system32\zshp1020.exe [18416] 0xFD3BE3C8 c:\windows\system32\zshp1020.exe [17456] 0xFD3B4638 c:\windows\system32\zshp1020.exe [18224] 0xFD3B6450 c:\windows\system32\zshp1020.exe [17848] 0xFD3B4DA0 c:\windows\system32\zshp1020.exe [13020] 0xFD3A9020 c:\windows\system32\zshp1020.exe [14604] 0xFD3A89B8 c:\windows\system32\zshp1020.exe [11780] 0xFD3B5410 c:\windows\system32\zshp1020.exe [9508] 0xFD3B5938 c:\windows\system32\zshp1020.exe [17752] 0xFD3A68B0 c:\windows\system32\zshp1020.exe [17972] 0xFD3B0648 c:\windows\system32\zshp1020.exe [16896] 0xFD3B13F8 c:\windows\system32\zshp1020.exe [16728] 0xFD3A28D8 c:\windows\system32\zshp1020.exe [1564] 0xFD3A1020 c:\windows\system32\zshp1020.exe [8356] 0xFD3A5020 c:\windows\system32\zshp1020.exe [11736] 0xFD3AF858 c:\windows\system32\zshp1020.exe [14888] 0xFD39FD60 c:\windows\system32\zshp1020.exe [9232] 0xFD39CC40 c:\windows\system32\zshp1020.exe [9884] 0xFD39BDA0 c:\windows\system32\zshp1020.exe [16676] 0xFD39EBA8 c:\windows\system32\zshp1020.exe [13672] 0xFD3B0020 c:\windows\system32\zshp1020.exe [776] 0xFD3FD8C8 c:\windows\system32\zshp1020.exe [18400] 0xFD3A18B0 c:\windows\system32\zshp1020.exe [11960] 0xFD378020 c:\windows\system32\zshp1020.exe [18036] 0xFD371B28 c:\windows\system32\zshp1020.exe [18356] 0xFD36FAD0 c:\windows\system32\zshp1020.exe [18240] 0xFD381440 c:\windows\system32\zshp1020.exe [13816] 0xFD36CDA0 c:\windows\system32\zshp1020.exe [18360] 0xFD38E8D0 c:\windows\system32\zshp1020.exe [17240] 0xFD397458 c:\windows\system32\zshp1020.exe [12044] 0xFD395688 c:\windows\system32\zshp1020.exe [17404] 0xFD3B23C8 c:\windows\system32\zshp1020.exe [11068] 0xFD396A98 c:\windows\system32\zshp1020.exe [9980] 0xFD38E020 c:\windows\system32\zshp1020.exe [14228] 0xFD3A08D0 c:\windows\system32\zshp1020.exe [10988] 0xFD364020 c:\windows\system32\zshp1020.exe [18248] 0xFD397020 c:\windows\system32\zshp1020.exe [18380] 0xFD388020 c:\windows\system32\zshp1020.exe [18368] 0xFD36E658 c:\windows\system32\zshp1020.exe [16148] 0xFD375020 c:\windows\system32\zshp1020.exe [11544] 0xFD374AF8 c:\windows\system32\zshp1020.exe [18392] 0xFD365020 c:\windows\system32\zshp1020.exe [18116] 0xFD3888D0 c:\windows\system32\zshp1020.exe [17484] 0xFD362020 c:\windows\system32\zshp1020.exe [3296] 0xFD35EB28 c:\windows\system32\zshp1020.exe [12708] 0xFD36C8B8 c:\windows\system32\zshp1020.exe [10072] 0xFD35D8B0 c:\windows\system32\zshp1020.exe [10300] 0xFD35BDA0 c:\windows\system32\zshp1020.exe [7508] 0xFD360020 c:\windows\system32\zshp1020.exe [17896] 0xFD369020 c:\windows\system32\zshp1020.exe [17540] 0xFD35D408 c:\windows\system32\zshp1020.exe [18020] 0xFD35C3A8 c:\windows\system32\zshp1020.exe [18472] 0xFD353020 c:\windows\system32\zshp1020.exe [18504] 0xFD352580 c:\windows\system32\zshp1020.exe [18592] 0xFD359020 c:\windows\system32\zshp1020.exe [18664] 0xFD34CB28 c:\windows\system32\zshp1020.exe [18708] 0xFD348DA0 c:\windows\system32\zshp1020.exe [18724] 0xFD35DB38 c:\windows\system32\zshp1020.exe [18740] 0xFD348670 c:\windows\system32\zshp1020.exe [18768] 0xFD348B20 c:\windows\system32\zshp1020.exe [18788] 0xFD3554A8 c:\windows\system32\zshp1020.exe [18904] 0xFD34C020 c:\windows\system32\zshp1020.exe [18936] 0xFD34EDA0 c:\windows\system32\zshp1020.exe [18996] 0xFD34F8D0 c:\windows\system32\zshp1020.exe [19024] 0xFD352B38 c:\windows\system32\zshp1020.exe [19052] 0xFD3A0020 c:\windows\system32\zshp1020.exe [19064] 0xFD35A880 c:\windows\system32\zshp1020.exe [19096] 0xFD346608 c:\windows\system32\zshp1020.exe [19152] 0xFD345020 c:\windows\system32\zshp1020.exe [19212] 0xFD335928 c:\windows\system32\zshp1020.exe [19232] 0xFD32AD70 c:\windows\system32\zshp1020.exe [19324] 0xFD3183E0 c:\windows\system32\zshp1020.exe [19344] 0xFD317DA0 c:\windows\system32\zshp1020.exe [19356] 0xFD315660 c:\windows\system32\zshp1020.exe [19456] 0xFD317020 c:\windows\system32\zshp1020.exe [19492] 0xFD316020 c:\windows\system32\zshp1020.exe [19552] 0xFD3406C0 c:\windows\system32\zshp1020.exe [19648] 0xFD344440 c:\windows\system32\zshp1020.exe [19688] 0xFD3188F8 c:\windows\system32\zshp1020.exe [19756] 0xFD30E8A8 c:\windows\system32\zshp1020.exe [19792] 0xFD31A6C8 c:\windows\system32\zshp1020.exe [19820] 0xFD357020 c:\windows\system32\zshp1020.exe [19912] 0xFD312020 c:\windows\system32\zshp1020.exe [19948] 0xFD374390 c:\windows\system32\zshp1020.exe [20004] 0xFD341AF0 c:\windows\system32\zshp1020.exe [20072] 0xFD30F020 c:\windows\system32\zshp1020.exe [20152] 0xFD30A020 c:\windows\system32\zshp1020.exe [20164] 0xFD319020 c:\windows\system32\zshp1020.exe [20228] 0xFD2FE0C8 c:\windows\system32\zshp1020.exe [20252] 0xFD2FDDA0 c:\windows\system32\zshp1020.exe [20312] 0xFD314B38 c:\windows\system32\zshp1020.exe [20340] 0xFD2FF020 c:\windows\system32\zshp1020.exe [20392] 0xFD2F23C0 c:\windows\system32\zshp1020.exe [20408] 0x82514978 c:\windows\system32\zshp1020.exe [18108] 0xFD2F1B28 c:\windows\system32\zshp1020.exe [14356] 0xFD2F0AE0 c:\windows\system32\zshp1020.exe [14912] 0xFD2F3930 c:\windows\system32\zshp1020.exe [17380] 0xFD305020 c:\windows\system32\zshp1020.exe [4288] 0xFD306728 c:\windows\system32\zshp1020.exe [16956] 0xFD2F2020 c:\windows\system32\zshp1020.exe [14880] 0xFD2EC020 c:\windows\system32\zshp1020.exe [17976] 0xFD305B08 c:\windows\system32\zshp1020.exe [17648] 0xFD7EC020 c:\windows\system32\zshp1020.exe [18440] 0xFD2FC020 c:\windows\system32\zshp1020.exe [18540] 0xFD2E6470 c:\windows\system32\zshp1020.exe [18656] 0xFD2EB880 c:\windows\system32\zshp1020.exe [18780] 0xFD2EDB28 c:\windows\system32\zshp1020.exe [18784] 0xFD2EF6C8 c:\windows\system32\zshp1020.exe [18900] 0xFD2C6020 c:\windows\system32\zshp1020.exe [18948] 0xFD2C68B0 c:\windows\system32\zshp1020.exe [18928] 0xFD2C5BB8 c:\windows\system32\zshp1020.exe [18988] 0xFD2C9928 c:\windows\system32\zshp1020.exe [19128] 0xFD2DF938 c:\windows\system32\zshp1020.exe [19040] 0xFD2E1020 c:\windows\system32\zshp1020.exe [19224] 0xFD2E02B0 c:\windows\system32\zshp1020.exe [19256] 0xFD2DE6B0 c:\windows\system32\zshp1020.exe [19384] 0xFD2C3948 c:\windows\system32\zshp1020.exe [19624] 0xFD2C1B28 c:\windows\system32\zshp1020.exe [19660] 0xFD2DE020 c:\windows\system32\zshp1020.exe [19784] 0xFD3008C0 c:\windows\explorer.exe [19644] 0xFD6797F8 scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rufmtrsbb] "ServiceDll"="c:\windows\system32\nlpkuomc.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-842925246-616249376-682003330-1003\Software\Microsoft\SystemCertificates\AddressBookNULL] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(944) c:\program files\SUPERAntiSpyware\SASWINLO.dll - - - - - - - > 'lsass.exe'(1000) c:\windows\system32\imon.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\COMODO\Firewall\cmdagent.exe c:\program files\ESET\nod32krn.exe c:\windows\system32\wdfmgr.exe . ************************************************************************** . Completion time: 2009-01-07 21:39:08 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-07 20:38:41 Pre-Run: 27,021,148,160 bytes free Post-Run: 26,907,566,080 bytes free 1633

Profil

helen1 Poslao: 07 Jan 2009 23:39 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8652 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ipak se sad javljam.... Ponovo iskljuci Antivirus i uradi sledece: Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\2fiji.com c:\windows\system32\Autorun.exe c:\windows\system32\nlpkuomc.dll NetSvc:: rufmtrsbb Driver:: rufmtrsbb Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{252273d8-7430-11dd-9310-001cbf2df2f5}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e192f282-e2d5-11dc-917c-001cbf2df2f5}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa2d7260-d330-11dd-93a0-001cbf2df2f5}] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

jelenkoo Poslao: 08 Jan 2009 15:14 Idi na vrh
offline jelenkoo Novi MyCity građanin Pridružio: 07 Jan 2009 Poruke: 11	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-01-07.01 - Biscom 2009-01-08 14:55:08.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.503.158 [GMT 1:00] Running from: c:\documents and settings\Biscom\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Biscom\Desktop\CFScript.txt AV: ESET NOD32 antivirus system 2.70 On-access scanning disabled (Outdated) FW: COMODO Firewall Pro enabled * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\2fiji.com c:\windows\system32\Autorun.exe c:\windows\system32\nlpkuomc.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\2fiji.com c:\windows\system32\Autorun.exe c:\windows\system32\nlpkuomc.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_RUFMTRSBB -------\Service_rufmtrsbb ((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 ))))))))))))))))))))))))))))))) . 2009-01-08 14:27 . 2009-01-08 14:27 <DIR> d-------- C:\spoolerlogs 2009-01-07 19:20 . 2009-01-07 19:20 <DIR> d-------- c:\program files\CCleaner 2009-01-07 14:22 . 2009-01-07 14:22 <DIR> d-------- c:\program files\SUPERAntiSpyware 2009-01-07 14:22 . 2009-01-07 14:22 <DIR> d-------- c:\documents and settings\Biscom\Application Data\SUPERAntiSpyware.com 2009-01-07 14:22 . 2009-01-07 14:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-01-06 21:25 . 2009-01-06 21:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\comodo 2009-01-06 21:25 . 2009-01-06 21:25 249,592 --a------ c:\windows\system32\cssdll32.dll 2009-01-06 21:25 . 2009-01-06 21:25 143,104 --a------ c:\windows\system32\guard32.dll 2009-01-06 21:25 . 2009-01-06 21:25 87,056 --a------ c:\windows\system32\drivers\cmdguard.sys 2009-01-06 21:25 . 2009-01-06 21:25 24,208 --a------ c:\windows\system32\drivers\cmdhlp.sys 2009-01-04 17:01 . 2009-01-06 00:18 <DIR> d-------- c:\program files\uTorrent 2008-12-28 17:13 . 2004-08-04 00:56 159,232 --a------ c:\windows\system32\ptpusd.dll 2008-12-28 17:13 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2008-12-28 17:13 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys 2008-12-28 17:13 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll 2008-12-24 12:33 . 2008-12-24 12:33 <DIR> d-------- c:\documents and settings\Biscom\Application Data\OpenOffice.org2 2008-12-24 12:32 . 2008-12-24 12:39 <DIR> d-------- c:\program files\OpenOffice.org 2.0 2008-12-24 10:46 . 2008-12-24 10:46 265,728 --a------ c:\windows\system32\MSCOMCTL.oca 2008-12-24 10:46 . 2008-12-24 10:46 64,000 --a------ c:\windows\system32\RICHTX32.oca 2008-12-24 10:46 . 2008-12-24 10:46 35,840 --a------ c:\windows\system32\comdlg32.oca 2008-12-24 10:23 . 2008-12-24 10:23 69,632 --a------ c:\windows\system32\MSDATLST.oca 2008-12-24 10:23 . 2008-12-24 10:23 65,536 --a------ c:\windows\system32\MSDATGRD.oca 2008-12-24 10:23 . 2008-12-24 10:23 44,032 --a------ c:\windows\system32\MSDATREP.oca 2008-12-24 10:23 . 2008-12-24 10:23 35,840 --a------ c:\windows\system32\MSADODC.oca 2008-12-13 01:07 . 2008-12-15 10:51 <DIR> d-------- c:\program files\Oddswiz 2008-12-11 22:04 . 1998-06-24 00:00 67,376 --a------ c:\windows\system32\SYSINFO.OCX 2008-12-11 19:55 . 2008-12-11 19:55 389 --a------ c:\windows\StockNeuroMaster.INI 2008-12-11 19:27 . 2008-12-29 15:33 <DIR> d-------- c:\program files\PC Soccer 2008-12-10 11:36 . 2009-01-03 21:01 <DIR> d-------- c:\program files\Soccer Stats Tracker 2008-12-10 11:22 . 2008-12-10 14:30 <DIR> d-------- C:\BetPredictor 2008-12-10 11:15 . 2008-12-10 18:40 <DIR> d-------- c:\program files\Bet For Win . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-08 13:46 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 4 2009-01-08 13:27 --------- d-----w c:\program files\Hewlett-Packard 2009-01-07 13:22 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-01-06 20:25 --------- d-----w c:\program files\COMODO 2009-01-06 20:25 --------- d-----w c:\documents and settings\Biscom\Application Data\Comodo 2009-01-06 18:28 --------- d-----w c:\program files\AIMP2 2009-01-05 23:18 --------- d-----w c:\documents and settings\Biscom\Application Data\uTorrent 2009-01-04 21:32 --------- d-----w c:\program files\LeaguePad 2009-01-04 13:11 --------- d-----w c:\program files\GoWin Deluxe45 2008-12-16 12:53 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-12-11 20:26 720,896 ----a-w c:\windows\iun6002.exe 2008-12-11 19:02 74,752 ----a-w c:\windows\ST6UNST.EXE 2008-12-11 19:02 253,952 ------w c:\windows\Setup1.exe 2008-12-11 10:28 --------- d-----w c:\program files\Mobile Master 2008-12-09 11:29 --------- d-----w c:\program files\Betting Genius 3.04 Trial Version 2008-12-03 12:39 --------- d-----w c:\documents and settings\All Users\Application Data\Firefly Studios 2008-12-03 12:38 98,304 ----a-w c:\windows\system32\CmdLineExt.dll 2008-12-03 12:33 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-03 12:33 --------- d-----w c:\program files\Firefly Studios 2008-11-29 19:47 --------- d-----w c:\program files\GameSpy Arcade 2008-11-27 23:38 --------- d-----w c:\program files\Mv2Player 2008-11-20 10:38 --------- d-----w c:\program files\THQ 2008-11-20 10:38 --------- d-----w c:\program files\Desktop Currency Converter 2008-11-18 18:30 --------- d-----w c:\documents and settings\Biscom\Application Data\Free Download Manager 2008-11-13 14:24 --------- d-----w c:\program files\LingvoSoft 2006-07-30 22:20 959 --sha-r c:\windows\system32\autorun.bin . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . - 2009-01-07 18:49:28 69,750 ----a-w c:\windows\system32\perfc009.dat + 2009-01-08 13:46:21 69,750 ----a-w c:\windows\system32\perfc009.dat - 2009-01-07 18:49:28 414,216 ----a-w c:\windows\system32\perfh009.dat + 2009-01-08 13:46:21 414,216 ----a-w c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-02-20 950664] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096] "COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2009-01-06 278264] "COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-01-06 1655552] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "msacm.divxa32"= divxa32.acm "VIDC.ACDV"= ACDV.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] --a------ 2004-12-14 01:12 483328 c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro] --a------ 2009-01-06 21:24 1655552 c:\program files\COMODO\Firewall\cfp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-03 23:56 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "MDM"=2 (0x2) "hpqwmiex"=2 (0x2) "AdobeActiveFileMonitor6.0"=2 (0x2) "RichVideo"=3 (0x3) "CiSvc"=3 (0x3) "Adobe LM Service"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "cmdAgent"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" "Free Uploader Oe Integration"=c:\program files\Free Download Manager\FUM\fumoei.exe "ctfmon.exe"=c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions "Persistence"=c:\windows\system32\igfxpers.exe "IgfxTray"=c:\windows\system32\igfxtray.exe "HotKeysCmds"=c:\windows\system32\hkcmd.exe "Cpqset"=c:\program files\Hewlett-Packard\Default Settings\cpqset.exe "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-01-06 87056] R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-01-06 24208] R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2008-03-06 3026] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-02-20 15424] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-11-17 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-11-17 55024] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408] R4 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2007-09-19 21:37:48 41456] S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 124832] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2009-01-08 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 13:24] 2009-01-08 c:\windows\Tasks\Winamp.job - c:\progra~1\Winamp\winamp.exe [2007-12-20 16:17] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Download video with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\program files\Free Download Manager\dlfvideo.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Preuzmi odabrano Free Download Manager-om - [Link mogu videti samo ulogovani korisnici]\program files\Free Download Manager\dlselected.htm IE: Preuzmi sa Free Download Managerom - [Link mogu videti samo ulogovani korisnici]\program files\Free Download Manager\dllink.htm IE: Preuzmi sve sa Free Download Manager-om - [Link mogu videti samo ulogovani korisnici]\program files\Free Download Manager\dlall.htm IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\program files\Free Download Manager\FUM\fumiebtn.dll LSP: c:\windows\system32\imon.dll FF - ProfilePath - c:\documents and settings\Biscom\Application Data\Mozilla\Firefox\Profiles\ui0jx5at.default\ FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: browser.search.selectedEngine - Web Search FF - prefs.js: browser.startup.homepage - about:blank FF - component: c:\documents and settings\Biscom\Application Data\Mozilla\Firefox\Profiles\ui0jx5at.default\extensions\{b23920f4-4c2f-412b-9450-1d7028d5454e}\components\FFAlert.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 2 FF - user.js: content.max.tokenizing.time - 1500000 FF - user.js: content.notify.interval - 750000 FF - user.js: content.switch.threshold - 750000 FF - user.js: nglayout.initialpaint.delay - 100 FF - user.js: network.http.max-connections-per-server - 4 c:\program files\Mozilla Firefox 3 Beta 4\greprefs\all.js - pref("security.fileuri.origin_policy", 2); c:\program files\Mozilla Firefox 3 Beta 4\defaults\pref\firefox.js - pref("browser.places.importBookmarksHTML", true); c:\program files\Mozilla Firefox 3 Beta 4\defaults\pref\firefox.js - pref("browser.places.createdSmartBookmarks", false); . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-01-08 15:00:12 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-842925246-616249376-682003330-1003\Software\Microsoft\SystemCertificates\AddressBookNULL] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(944) c:\program files\SUPERAntiSpyware\SASWINLO.dll - - - - - - - > 'lsass.exe'(1000) c:\windows\system32\imon.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\COMODO\Firewall\cmdagent.exe c:\program files\ESET\nod32krn.exe c:\windows\system32\wdfmgr.exe . ************************************************************************** . Completion time: 2009-01-08 15:03:52 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-08 14:03:47 ComboFix2.txt 2009-01-07 20:39:13 Pre-Run: 26,861,813,760 bytes free Post-Run: 26,847,145,984 bytes free 247

Profil

helen1 Poslao: 09 Jan 2009 11:31 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8652 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sad stanje?

Profil

jelenkoo Poslao: 09 Jan 2009 17:27 Idi na vrh
offline jelenkoo Novi MyCity građanin Pridružio: 07 Jan 2009 Poruke: 11	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sad je u redu, izuzev fajla 2fiji.com na particiji D:\.On nije izbrisan.

Profil

helen1 Poslao: 09 Jan 2009 19:52 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8652 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Obrisi onda fajl: D:\2fiji.com rucno.

Profil

jelenkoo Poslao: 10 Jan 2009 00:14 Idi na vrh
offline jelenkoo Novi MyCity građanin Pridružio: 07 Jan 2009 Poruke: 11	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Probao sam obrisati ali ne ide.Pojavi se upozorenje:"Access is denied"

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Trebam pomoc, unapred hvala

Ko je trenutno na forumu

Ukupno su 1216 korisnika na forumu :: 80 registrovanih, 7 sakrivenih i 1129 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 15694 - dana 01 Feb 2026 12:23

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 100jan, 9k38, _stipa_, advokat84, airliners, Alooo, Apok, arsa, avijacija, babaroga, bigvlada, Bo96, Bojke549, Bokiboks, Bombona, bpop, Dimitrije Paunovic, dolinalima, Dorcolac, draganl, dushan, dzoni19, esx66, Gitzherai, Imperator_Aleksandr_lll, ivan979, ivanhoe31, janbo, Jaxupa, Jezekijel, jodzula, Kubovac, kunktator, kuntalo, Langdorf, Ljusa, loon123, mercedesamg, Miki01, Miletić Zoran, Mitch22, mitja2512, Mitogna, mm1811, moldway, Mzee, nelezele, nemkea71, nightwish, nikoladim, niksa517, nobutado, peradetlić, Pilipenda, proka89, raketaš, raso76, raster12, RileHerc, Rothmans, S94, salce61, saputnik plavetnila, sspp, tehnika, Tila Painen, travisrise, Tribal, trinitrotoluen, Veless, Velibor Radoja, Velizar Laro, vladaa012, Volkhov-M, W123, wulfy, zdrebac, ZlatniRez, zubri, 1453

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by