Trojan w win.exe + problem win.defender apps controll

**Posty:** 266 · przez **C-oolt** 01 Maj 2010, 00:16

Witam!!!

Mam następujący problem w systemie Windows 7. Po uruchomieniu wywyala mi błąd związany z Win.Defender Apps Controll znany na tym forum. Podaje więc LOG w załączniku:

ComboFix http://wklej.org/id/326117/
OTL: http://wklej.org/id/326121/ i http://wklej.org/id/326122/
DDS: Attach=> http://wklej.org/id/326157/ i DDS =>http://wklej.org/id/326158/

Pozdrawiam

**Posty:** 1916 · przez **lamar** 01 Maj 2010, 09:34

Zastosuj się do zasad wstawiania logów:
Daj log z Gmera
obowiazkowe-zasady-wstawiania-logow-wazne-vt117887.html

**Posty:** 266 · przez **C-oolt** 01 Maj 2010, 09:47

Logi są wstawione poprawnie:

Logi wstawiamy w tagi CODE (zaznaczamy myszką cały log i naciskamy Code). Ułatwia to sprawdzanie logów.
Forum ma jednak limit znaków i jeśli taki problem wystąpi proszę logi umieścić na http://www.wklej.org/ (żadna inna strona ponieważ inne ucinają logi i nie jesteśmy w stanie ich odczytać). W poście umieszczamy oczywiście linki do waszych logów.

Log z GMER:

Kod: Zaznacz wszystko: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-05-01 09:43:02 Windows 6.1.7600 Running: gmer.exe; Driver: C:\Users\Leszek\AppData\Local\Temp\kwwoapob.sys ---- System - GMER 1.0.15 ---- SSDT 870A7048 ZwAlertResumeThread SSDT 870A6048 ZwAlertThread SSDT 870A4270 ZwAllocateVirtualMemory SSDT 86F049B0 ZwAlpcConnectPort SSDT 870F00D0 ZwAssignProcessToJobObject SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys ZwCreateFile [0x9533399C] SSDT 870AA138 ZwCreateMutant SSDT 870F1188 ZwCreateSymbolicLinkObject SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys ZwCreateThread [0x953331A2] SSDT 870F15D8 ZwCreateThreadEx SSDT 870F0D50 ZwDebugActiveProcess SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys ZwDeleteKey [0x9533378A] SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys ZwDeleteValueKey [0x9533365C] SSDT 870A4488 ZwDuplicateObject SSDT 870A5C70 ZwFreeVirtualMemory SSDT 870AA948 ZwImpersonateAnonymousToken SSDT 870A9048 ZwImpersonateThread SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys ZwLoadDriver [0x95332FD8] SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys ZwMapViewOfSection [0x95332D7A] SSDT 870AB908 ZwOpenEvent SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys ZwOpenFile [0x95333C82] SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys ZwOpenKey [0x95333956] SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys ZwOpenProcess [0x953332C4] SSDT 87004EB0 ZwOpenProcessToken SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys ZwOpenSection [0x9533342A] SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys ZwOpenThread [0x95333374] SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys ZwProtectVirtualMemory [0x95333E18] SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys ZwQueueApcThread [0x95333252] SSDT 86FCA0E0 ZwResumeThread SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys ZwSecureConnectPort [0x95333DB0] SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys ZwSetContextThread [0x95332D0C] SSDT 870A5838 ZwSetInformationProcess SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys ZwSetSystemInformation [0x95333134] SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys ZwSetValueKey [0x95333856] SSDT 870AB248 ZwSuspendProcess SSDT 870A0210 ZwSuspendThread SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys ZwTerminateProcess [0x95333542] SSDT 870118C8 ZwTerminateThread SSDT 87011DA0 ZwUnmapViewOfSection SSDT \??\C:\Program Files\AntiLogger\AntiLog32.sys ZwWriteVirtualMemory [0x95332C3E] INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8342EAF8 INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8342E104 INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8342E3F4 INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83416634 INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83416898 INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8342E1DC INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8342E958 INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8342E6F8 INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8342EF2C INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8342F1A8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8348E599 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 834B2F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 224 834BA734 8 Bytes [48, 70, 0A, 87, 48, 60, 0A, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 23C 834BA74C 4 Bytes [70, 42, 0A, 87] .text ntkrnlpa.exe!RtlSidHashLookup + 248 834BA758 4 Bytes [B0, 49, F0, 86] .text ntkrnlpa.exe!RtlSidHashLookup + 29C 834BA7AC 4 Bytes [D0, 00, 0F, 87] .text ntkrnlpa.exe!RtlSidHashLookup + 2F8 834BA808 4 Bytes [9C, 39, 33, 95] {PUSHF ; CMP [EBX], ESI; XCHG EBP, EAX} .text ... .text peauth.sys 9933DC9D 28 Bytes [0F, D0, 81, 0B, 1D, 38, 9E, ...] .text peauth.sys 9933DCC1 28 Bytes [0F, D0, 81, 0B, 1D, 38, 9E, ...] PAGE peauth.sys 99343E20 57 Bytes [E4, 0A, 26, 6F, 7E, 1B, B2, ...] PAGE peauth.sys 99343E64 33 Bytes [A8, 92, BB, 80, A0, B2, 70, ...] PAGE peauth.sys 9934402C 102 Bytes [47, 23, 7E, A5, 4B, CB, 6A, ...] .text d:\Program Files\CyberLink\PowerDVD9\000.fcl section is writeable [0x935D0000, 0x2892, 0xE8000020] .vmp2 d:\Program Files\CyberLink\PowerDVD9\000.fcl entry point in ".vmp2" section [0x935F3050] ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\Dwm.exe[1516] ntdll.dll!NtCreateKey 773F4A50 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[1516] ntdll.dll!NtCreateKey + 4 773F4A54 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Windows\system32\Dwm.exe[1516] ntdll.dll!NtSetValueKey 773F5C50 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[1516] ntdll.dll!NtSetValueKey + 4 773F5C54 2 Bytes [0B, 5F] .text C:\Windows\system32\Dwm.exe[1516] kernel32.dll!LoadLibraryExW 75E0B6BF 6 Bytes JMP 5F070F5A .text C:\Windows\system32\Dwm.exe[1516] ADVAPI32.dll!CreateServiceW 75A7DBC1 6 Bytes JMP 5F130F5A .text C:\Windows\system32\Dwm.exe[1516] ADVAPI32.dll!CreateServiceA 75A92120 6 Bytes JMP 5F100F5A .text C:\Windows\system32\Dwm.exe[1516] ADVAPI32.dll!CreateProcessWithLogonW 75A942A1 6 Bytes JMP 5F040F5A .text C:\Windows\Explorer.EXE[1588] kernel32.dll!LoadLibraryExW 75E0B6BF 6 Bytes JMP 5F070F5A .text C:\Windows\Explorer.EXE[1588] ADVAPI32.dll!CreateProcessWithLogonW 75A942A1 6 Bytes JMP 5F040F5A .text C:\Program Files\Pasek TVN24\tvn-ustawienia.exe[2920] ntdll.dll!DbgBreakPoint 773E3540 1 Byte [90] .text C:\Program Files\Pasek TVN24\tvn-ustawienia.exe[2920] kernel32.dll!LoadLibraryExW 75E0B6BF 6 Bytes JMP 5F070F5A .text C:\Program Files\Pasek TVN24\tvn-ustawienia.exe[2920] kernel32.dll!CloseHandle 75E105D7 6 Bytes JMP 5F190F5A .text C:\Program Files\Pasek TVN24\tvn-ustawienia.exe[2920] kernel32.dll!GetFileAttributesW 75E113EE 6 Bytes JMP 5F130F5A .text C:\Program Files\Pasek TVN24\tvn-ustawienia.exe[2920] kernel32.dll!CreateFileA 75E1291C 6 Bytes JMP 5F100F5A .text C:\Program Files\Pasek TVN24\tvn-ustawienia.exe[2920] kernel32.dll!GetFileAttributesA 75E12A3F 6 Bytes JMP 5F160F5A .text C:\Program Files\Pasek TVN24\tvn-ustawienia.exe[2920] USER32.dll!SetCursor 758152EA 3 Bytes [FF, 25, 1E] .text C:\Program Files\Pasek TVN24\tvn-ustawienia.exe[2920] USER32.dll!SetCursor + 4 758152EE 2 Bytes [1D, 5F] .text C:\Program Files\Pasek TVN24\tvn-ustawienia.exe[2920] USER32.dll!MessageBeep 758344F7 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Pasek TVN24\tvn-ustawienia.exe[2920] USER32.dll!MessageBoxA 7585EA71 6 Bytes JMP 5F040F5A ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73D92494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73D75624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73D756E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73D9250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73D88573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73D84D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73D850CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73D851A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73D866D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73D882CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73D88819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73D8907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73D8E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73D84C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT D:\Program Files\ivo\Expressivo\integr\OutlookExpress\ExprOElauncher.exe[3172] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [754C5E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT D:\Program Files\ivo\Expressivo\integr\OutlookExpress\ExprOElauncher.exe[3172] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [754C5E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT D:\Program Files\ivo\Expressivo\integr\OutlookExpress\ExprOElauncher.exe[3172] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [754C5E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT D:\Program Files\ivo\Expressivo\integr\OutlookExpress\ExprOElauncher.exe[3172] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [754C5E25] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) Device \Driver\ACPI_HAL \Device\0000005e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\001167b392c7 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\001167b392c7@00210885471a 0x9A 0xB2 0xBE 0x0A ... Reg HKLM\SYSTEM\ControlSet001\services\DcomLaunch\Parameters@ServiceDll %SystemRoot%\system32\rpcss.dll Reg HKLM\SYSTEM\ControlSet001\services\RpcSs\Parameters@ServiceDll %SystemRoot%\system32\rpcss.dll Reg HKLM\SYSTEM\ControlSet001\services\TrkWks\Parameters@ServiceDll %SystemRoot%\System32\trkwks.dll Reg HKLM\SYSTEM\ControlSet001\services\TrkWks\Parameters@ServiceDllUnloadOnStop 1 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167b392c7 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167b392c7@00210885471a 0x9A 0xB2 0xBE 0x0A ... Reg HKLM\SYSTEM\CurrentControlSet\services\DcomLaunch\Parameters@ServiceDll %SystemRoot%\system32\rpcss.dll Reg HKLM\SYSTEM\CurrentControlSet\services\RpcSs\Parameters@ServiceDll %SystemRoot%\system32\rpcss.dll Reg HKLM\SYSTEM\CurrentControlSet\services\TrkWks\Parameters@ServiceDll %SystemRoot%\System32\trkwks.dll Reg HKLM\SYSTEM\CurrentControlSet\services\TrkWks\Parameters@ServiceDllUnloadOnStop 1 Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\001167b392c7 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\001167b392c7@00210885471a 0x9A 0xB2 0xBE 0x0A ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{50EF3326-3C4E-5A5E-8784-F0CEB88D34AF} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{50EF3326-3C4E-5A5E-8784-F0CEB88D34AF}@jalebbofjnelmefgcakf 0x62 0x61 0x65 0x6B ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{50EF3326-3C4E-5A5E-8784-F0CEB88D34AF}@ialdncpdifplchlofd 0x6B 0x61 0x6D 0x6B ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{50EF3326-3C4E-5A5E-8784-F0CEB88D34AF}@hapefdfkhlokohjm 0x61 0x62 0x6D 0x6D ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{50EF3326-3C4E-5A5E-8784-F0CEB88D34AF}@jaoeianjjlgbfeljlimf 0x64 0x62 0x64 0x66 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{50EF3326-3C4E-5A5E-8784-F0CEB88D34AF}@jalebbofjnelmefgcaof 0x62 0x61 0x70 0x6B ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{50EF3326-3C4E-5A5E-8784-F0CEB88D34AF}@habfdbnpdffkobpf 0x6B 0x61 0x6D 0x6B ... ---- EOF - GMER 1.0.15 ----

Dodano 01.05.2010 14:15:14:
Proszę o zamknięcie tematu. Problem rozwiązany.

Trojan w win.exe + problem win.defender apps controll

Trojan w win.exe + problem win.defender apps controll

Trojan w win.exe + problem win.defender apps controll

Trojan w win.exe + problem win.defender apps controll

Kto jest na forum