Problém s Trojskými koni a možná i víc

Zpráva

#31 Příspěvek od **vyosek** » 01 dub 2013 17:36

Pustte tam AVPTool http://forum.viry.cz/viewtopic.php?f=29&t=58179

papperwing · #32 Příspěvek od **papperwing** » 01 dub 2013 21:32

Log z AVP:

Status: Deleted (events: 13)
1.4.2013 20:42:56 Deleted Trojan program Trojan-Dropper.Win32.VB.cebr C:\Documents and Settings\test\Local Settings\Temp\0214754829.exe High
1.4.2013 20:44:45 Deleted Trojan program Trojan-Dropper.Win32.VB.cebr C:\Documents and Settings\test\Local Settings\Temp\1419732245.exe High
1.4.2013 20:44:47 Deleted Trojan program Trojan-Dropper.Win32.VB.cebr C:\Documents and Settings\test\Local Settings\Temp\5834404544.exe High
1.4.2013 20:44:49 Deleted Trojan program Trojan-Dropper.Win32.VB.cebr C:\Documents and Settings\test\Local Settings\Temp\7220409021.exe High
1.4.2013 20:44:51 Deleted Trojan program Trojan-Dropper.Win32.VB.cebr C:\Documents and Settings\test\Local Settings\Temp\7359765161.exe High
1.4.2013 20:45:27 Deleted Trojan program Trojan-Dropper.Win32.VB.cebr C:\Documents and Settings\test\Local Settings\Temp\9974117628.exe High
1.4.2013 22:03:56 Deleted Trojan program Backdoor.Win32.ZAccess.ydp C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-21-1292428093-308236825-725345543-1003\$20ed6d1e14fabd6946c31be6b77366b4\n.vir High
1.4.2013 22:04:02 Deleted Trojan program Backdoor.Win32.ZAccess.ydp C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-18\$20ed6d1e14fabd6946c31be6b77366b4\n.vir High
1.4.2013 22:16:35 Deleted Trojan program Backdoor.Win32.ZAccess.ydb C:\System Volume Information\_restore{CADE3D4E-432B-44BA-880B-BB2023748451}\RP1552\A0263393.ini High
1.4.2013 22:16:37 Deleted Trojan program Trojan-Dropper.Win32.VB.cebr C:\System Volume Information\_restore{CADE3D4E-432B-44BA-880B-BB2023748451}\RP1552\A0263386.scr High
1.4.2013 22:16:41 Deleted Trojan program Backdoor.Win32.ZAccess.ydb C:\System Volume Information\_restore{CADE3D4E-432B-44BA-880B-BB2023748451}\RP1552\A0264389.ini High
1.4.2013 22:16:49 Deleted Trojan program Backdoor.Win32.ZAccess.ydb C:\System Volume Information\_restore{CADE3D4E-432B-44BA-880B-BB2023748451}\RP1552\A0264405.ini High
1.4.2013 22:17:06 Deleted Trojan program Backdoor.Win32.ZAccess.ydb C:\System Volume Information\_restore{CADE3D4E-432B-44BA-880B-BB2023748451}\RP1552\A0271405.ini High
Status: Quarantined (events: 1)
1.4.2013 20:47:21 Quarantined unknown threat UDS:DangerousObject.Multi.Generic C:\Documents and Settings\test\Local Settings\Temp\4855909197.exe High

#33 Příspěvek od **vyosek** » 01 dub 2013 23:51

Stahnete aswMBR http://public.avast.com/%7Egmerek/aswMBR.exe a ulozte jej na plochu.

Utilitu spustte a prikazte ji, at skenuje - klik na Scan
Kliknutim na Save log ulozte log aswMBR na plochu
Obsah logu aswMBR mi sem vlozte

papperwing · #34 Příspěvek od **papperwing** » 02 dub 2013 06:30

aws log:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-02 07:10:45
-----------------------------
07:10:45.046 OS Version: Windows 5.1.2600 Service Pack 3
07:10:45.046 Number of processors: 2 586 0xF0B
07:10:45.046 ComputerName: TEST-45256F6D53 UserName: test
07:10:46.343 Initialize success
07:17:07.906 AVAST engine defs: 13040101
07:19:40.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7
07:19:40.437 Disk 0 Vendor: STM3500418AS CC38 Size: 476940MB BusType: 3
07:19:40.531 Disk 0 MBR read successfully
07:19:40.546 Disk 0 MBR scan
07:19:40.593 Disk 0 Windows XP default MBR code
07:19:40.609 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476939 MB offset 63
07:19:40.625 Disk 0 scanning sectors +976773168
07:19:40.656 Disk 0 scanning C:\WINDOWS\system32\drivers
07:19:48.546 Service scanning
07:20:05.140 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
07:20:09.171 Modules scanning
07:20:13.140 Disk 0 trace - called modules:
07:20:13.187 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spfx.sys >>UNKNOWN [0x89bc0938]<<
07:20:13.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89b64ab8]
07:20:13.296 3 CLASSPNP.SYS[f7667fd7] -> nt!IofCallDriver -> \Device\0000007b[0x89b6b948]
07:20:13.406 5 ACPI.sys[f74a3620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-7[0x89b4c940]
07:20:35.406 AVAST engine scan C:\WINDOWS
07:20:50.187 AVAST engine scan C:\WINDOWS\system32
07:23:56.937 AVAST engine scan C:\WINDOWS\system32\drivers
07:24:17.828 AVAST engine scan C:\Documents and Settings\test
07:29:48.046 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\test\Plocha\MBR.dat"
07:29:48.156 The log file has been saved successfully to "C:\Documents and Settings\test\Plocha\aswMBR.txt"

papperwing · #35 Příspěvek od **papperwing** » 02 dub 2013 06:35

Já odjíždím na týden pryč, takže dodělat by to měl bráška, jakmile se vrátí ze školy. Bude tu až ve tři hodiny. Bude odpovídat pod tímto profilem.

Děkuji moc za váš čas a za vaši pomoc.

papperwing · #36 Příspěvek od **papperwing** » 02 dub 2013 15:06

Můžu poprosit o nějakou radu co dál? Děkuji

#37 Příspěvek od **vyosek** » 02 dub 2013 15:50

Ano, muzete, ale trochu trpelivosti, ja tu nemuzu byt porad - to same jsem tu jiz jednou zminil

Pouzijte ZeroAccess od Symantecu http://www.symantec.com/content/en/us/g ... Access.exe

papperwing · #38 Příspěvek od **papperwing** » 02 dub 2013 16:01

výpis z FixZeroAccess:

04/02/13 16:55:24 No infections were found a dva čtverečky

#39 Příspěvek od **vyosek** » 02 dub 2013 16:07

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Kliknete na volbu Change parametrs
V okne Additional Option zakliknete vsechny moznosti
Kliknete na OK
Utilite prikazte, at skenuje - klik na Start Scan
Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
Pokud mate vsude Skip, kliknete na Continue
Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

papperwing · #40 Příspěvek od **papperwing** » 02 dub 2013 16:16

TDSSKiller log:

17:11:02.0468 4056 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:11:02.0921 4056 ============================================================
17:11:02.0921 4056 Current date / time: 2013/04/02 17:11:02.0921
17:11:02.0937 4056 SystemInfo:
17:11:02.0937 4056
17:11:02.0937 4056 OS Version: 5.1.2600 ServicePack: 3.0
17:11:02.0937 4056 Product type: Workstation
17:11:02.0937 4056 ComputerName: TEST-45256F6D53
17:11:02.0953 4056 UserName: test
17:11:02.0953 4056 Windows directory: C:\WINDOWS
17:11:02.0953 4056 System windows directory: C:\WINDOWS
17:11:02.0953 4056 Processor architecture: Intel x86
17:11:02.0953 4056 Number of processors: 2
17:11:02.0953 4056 Page size: 0x1000
17:11:02.0953 4056 Boot type: Normal boot
17:11:02.0953 4056 ============================================================
17:11:04.0890 4056 BG loaded
17:11:06.0343 4056 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:11:06.0406 4056 ============================================================
17:11:06.0406 4056 \Device\Harddisk0\DR0:
17:11:06.0406 4056 MBR partitions:
17:11:06.0406 4056 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A385FF1
17:11:06.0406 4056 ============================================================
17:11:11.0640 4056 C: <-> \Device\Harddisk0\DR0\Partition1
17:11:11.0953 4056 ============================================================
17:11:11.0953 4056 Initialize success
17:11:11.0953 4056 ============================================================
17:12:41.0500 2780 ============================================================
17:12:41.0500 2780 Scan started
17:12:41.0500 2780 Mode: Manual; SigCheck; TDLFS;
17:12:41.0500 2780 ============================================================
17:12:41.0781 2780 ================ Scan system memory ========================
17:12:41.0781 2780 System memory - ok
17:12:41.0781 2780 ================ Scan services =============================
17:12:41.0859 2780 [ 2CCFA74242741CA22A4267CCE9B586F4 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
17:12:42.0046 2780 Aavmker4 - ok
17:12:42.0046 2780 Abiosdsk - ok
17:12:42.0046 2780 abp480n5 - ok
17:12:42.0093 2780 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:12:43.0875 2780 ACPI - ok
17:12:43.0906 2780 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:12:44.0015 2780 ACPIEC - ok
17:12:44.0093 2780 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:12:44.0125 2780 AdobeFlashPlayerUpdateSvc - ok
17:12:44.0125 2780 adpu160m - ok
17:12:44.0156 2780 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:12:44.0234 2780 aec - ok
17:12:44.0281 2780 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:12:44.0312 2780 AFD - ok
17:12:44.0328 2780 Aha154x - ok
17:12:44.0328 2780 aic78u2 - ok
17:12:44.0328 2780 aic78xx - ok
17:12:44.0359 2780 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:12:44.0437 2780 Alerter - ok
17:12:44.0468 2780 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
17:12:44.0546 2780 ALG - ok
17:12:44.0546 2780 AliIde - ok
17:12:44.0593 2780 [ AD8FA28D8ED0D0A689A0559085CE0F18 ] AmdLLD C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
17:12:44.0640 2780 AmdLLD - ok
17:12:44.0640 2780 amsint - ok
17:12:44.0671 2780 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:12:44.0765 2780 AppMgmt - ok
17:12:44.0812 2780 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:12:44.0906 2780 Arp1394 - ok
17:12:44.0906 2780 asc - ok
17:12:44.0906 2780 asc3350p - ok
17:12:44.0906 2780 asc3550 - ok
17:12:45.0046 2780 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:12:45.0093 2780 aspnet_state - ok
17:12:45.0140 2780 [ B4079A98F294A3E262872CB76F4849F0 ] aswFsBlk C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
17:12:45.0140 2780 aswFsBlk - ok
17:12:45.0156 2780 [ DBEE7B5ECB50FC2CF9323F52CBF41141 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
17:12:45.0156 2780 aswMon2 - ok
17:12:45.0187 2780 [ 8080D683489C99CBACE813F6FA4069CC ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
17:12:45.0203 2780 aswRdr - ok
17:12:45.0203 2780 [ 2E5A2AD5004B55DF39B7606130A88142 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
17:12:45.0218 2780 aswSP - ok
17:12:45.0218 2780 [ D4C83A37EFADFA2C398362E0776E3773 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
17:12:45.0234 2780 aswTdi - ok
17:12:45.0328 2780 [ 5DEBC3519D489411073FA7E56FFB4A93 ] aswUpdSv C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
17:12:45.0343 2780 aswUpdSv - ok
17:12:45.0359 2780 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:12:45.0437 2780 AsyncMac - ok
17:12:45.0468 2780 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:12:45.0562 2780 atapi - ok
17:12:45.0609 2780 [ 19F277BC4CE5689F20F347A6B8AA8C42 ] AtcL001 C:\WINDOWS\system32\DRIVERS\atl01_xp.sys
17:12:45.0656 2780 AtcL001 - ok
17:12:45.0656 2780 Atdisk - ok
17:12:45.0703 2780 [ 5B80E84AF6B02ECAB72DAE9AFEE06309 ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
17:12:45.0703 2780 atksgt ( UnsignedFile.Multi.Generic ) - warning
17:12:45.0703 2780 atksgt - detected UnsignedFile.Multi.Generic (1)
17:12:45.0718 2780 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:12:45.0796 2780 Atmarpc - ok
17:12:45.0843 2780 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:12:45.0921 2780 AudioSrv - ok
17:12:45.0984 2780 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:12:46.0062 2780 audstub - ok
17:12:46.0093 2780 [ 0AAF6B848185899CF76AE04E62EAB3D2 ] avast! Antivirus C:\Program Files\Alwil Software\Avast4\ashServ.exe
17:12:46.0109 2780 avast! Antivirus - ok
17:12:46.0125 2780 [ B2F564DC59B67763C73269E1A9DA7F18 ] avast! Mail Scanner C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
17:12:46.0125 2780 avast! Mail Scanner - ok
17:12:46.0140 2780 [ D86010C96ABADDA75356834D6113D37D ] avast! Web Scanner C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
17:12:46.0156 2780 avast! Web Scanner - ok
17:12:46.0250 2780 [ 6F8638EA0A55D65B03E24F6D1153D8F7 ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
17:12:46.0265 2780 BBSvc - ok
17:12:46.0281 2780 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE
17:12:46.0296 2780 BBUpdate - ok
17:12:46.0375 2780 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:12:46.0468 2780 Beep - ok
17:12:46.0515 2780 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
17:12:46.0718 2780 BITS - ok
17:12:46.0765 2780 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
17:12:46.0843 2780 Browser - ok
17:12:47.0000 2780 catchme - ok
17:12:47.0078 2780 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:12:47.0203 2780 cbidf2k - ok
17:12:47.0234 2780 [ FDC06E2ADA8C468EBB161624E03976CF ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:12:47.0312 2780 CCDECODE - ok
17:12:47.0312 2780 cd20xrnt - ok
17:12:47.0328 2780 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:12:47.0406 2780 Cdaudio - ok
17:12:47.0468 2780 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:12:47.0546 2780 Cdfs - ok
17:12:47.0546 2780 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:12:47.0625 2780 Cdrom - ok
17:12:47.0625 2780 Changer - ok
17:12:47.0656 2780 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:12:47.0734 2780 CiSvc - ok
17:12:47.0750 2780 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:12:47.0828 2780 ClipSrv - ok
17:12:47.0906 2780 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:12:47.0953 2780 clr_optimization_v2.0.50727_32 - ok
17:12:48.0031 2780 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:12:48.0078 2780 clr_optimization_v4.0.30319_32 - ok
17:12:48.0078 2780 CmdIde - ok
17:12:48.0078 2780 COMSysApp - ok
17:12:48.0078 2780 Cpqarray - ok
17:12:48.0109 2780 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:12:48.0187 2780 CryptSvc - ok
17:12:48.0187 2780 dac2w2k - ok
17:12:48.0187 2780 dac960nt - ok
17:12:48.0234 2780 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:12:48.0281 2780 DcomLaunch - ok
17:12:48.0296 2780 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:12:48.0375 2780 Dhcp - ok
17:12:48.0421 2780 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:12:48.0515 2780 Disk - ok
17:12:48.0531 2780 dmadmin - ok
17:12:48.0562 2780 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:12:48.0656 2780 dmboot - ok
17:12:48.0671 2780 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:12:48.0765 2780 dmio - ok
17:12:48.0781 2780 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:12:48.0875 2780 dmload - ok
17:12:48.0890 2780 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:12:48.0984 2780 dmserver - ok
17:12:49.0000 2780 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:12:49.0078 2780 DMusic - ok
17:12:49.0125 2780 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:12:49.0218 2780 Dnscache - ok
17:12:49.0250 2780 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:12:49.0343 2780 Dot3svc - ok
17:12:49.0343 2780 dpti2o - ok
17:12:49.0343 2780 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:12:49.0421 2780 drmkaud - ok
17:12:49.0421 2780 EagleXNt - ok
17:12:49.0468 2780 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:12:49.0546 2780 EapHost - ok
17:12:49.0562 2780 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:12:49.0640 2780 ERSvc - ok
17:12:49.0687 2780 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
17:12:49.0703 2780 Eventlog - ok
17:12:49.0750 2780 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
17:12:49.0781 2780 EventSystem - ok
17:12:49.0828 2780 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:12:49.0921 2780 Fastfat - ok
17:12:49.0968 2780 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:12:50.0015 2780 FastUserSwitchingCompatibility - ok
17:12:50.0031 2780 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:12:50.0125 2780 Fdc - ok
17:12:50.0140 2780 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:12:50.0218 2780 Fips - ok
17:12:50.0234 2780 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:12:50.0312 2780 Flpydisk - ok
17:12:50.0359 2780 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:12:50.0453 2780 FltMgr - ok
17:12:50.0515 2780 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:12:50.0531 2780 FontCache3.0.0.0 - ok
17:12:50.0531 2780 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:12:50.0625 2780 Fs_Rec - ok
17:12:50.0640 2780 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:12:50.0734 2780 Ftdisk - ok
17:12:50.0890 2780 GarenaPEngine - ok
17:12:50.0953 2780 GGSAFERDriver - ok
17:12:51.0062 2780 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:12:51.0156 2780 Gpc - ok
17:12:51.0187 2780 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:12:51.0203 2780 gupdate - ok
17:12:51.0203 2780 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:12:51.0218 2780 gupdatem - ok
17:12:51.0265 2780 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:12:51.0281 2780 gusvc - ok
17:12:51.0312 2780 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
17:12:51.0312 2780 hamachi - ok
17:12:51.0375 2780 [ 616399E27A55C97AE859230EB13984D8 ] Hamachi2Svc C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
17:12:51.0406 2780 Hamachi2Svc - ok
17:12:51.0453 2780 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:12:51.0546 2780 HDAudBus - ok
17:12:51.0625 2780 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:12:51.0734 2780 helpsvc - ok
17:12:51.0765 2780 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
17:12:51.0859 2780 HidServ - ok
17:12:51.0859 2780 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:12:51.0937 2780 hidusb - ok
17:12:51.0968 2780 [ 1256F6834307B38594CEB034BAF52568 ] HiPatchService C:\Program Files\Hi-Rez Studios\HiPatchService.exe
17:12:51.0984 2780 HiPatchService ( UnsignedFile.Multi.Generic ) - warning
17:12:51.0984 2780 HiPatchService - detected UnsignedFile.Multi.Generic (1)
17:12:52.0015 2780 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:12:52.0125 2780 hkmsvc - ok
17:12:52.0125 2780 hpn - ok
17:12:52.0156 2780 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:12:52.0187 2780 HTTP - ok
17:12:52.0203 2780 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:12:52.0281 2780 HTTPFilter - ok
17:12:52.0281 2780 i2omgmt - ok
17:12:52.0296 2780 i2omp - ok
17:12:52.0296 2780 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:12:52.0390 2780 i8042prt - ok
17:12:52.0468 2780 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:12:52.0468 2780 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:12:52.0468 2780 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:12:52.0578 2780 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:12:52.0625 2780 idsvc - ok
17:12:52.0656 2780 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:12:52.0734 2780 Imapi - ok
17:12:52.0765 2780 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:12:52.0843 2780 ImapiService - ok
17:12:52.0843 2780 ini910u - ok
17:12:52.0968 2780 [ CBDDAB14249B2F05407FC09AB8FFFB88 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:12:53.0125 2780 IntcAzAudAddService - ok
17:12:53.0125 2780 IntelIde - ok
17:12:53.0171 2780 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:12:53.0250 2780 intelppm - ok
17:12:53.0296 2780 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:12:53.0406 2780 Ip6Fw - ok
17:12:53.0437 2780 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:12:53.0546 2780 IpFilterDriver - ok
17:12:53.0562 2780 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:12:53.0656 2780 IpInIp - ok
17:12:53.0687 2780 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:12:53.0765 2780 IpNat - ok
17:12:53.0781 2780 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:12:53.0875 2780 IPSec - ok
17:12:53.0875 2780 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:12:53.0953 2780 IRENUM - ok
17:12:53.0984 2780 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:12:54.0062 2780 isapnp - ok
17:12:54.0187 2780 [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
17:12:54.0203 2780 JavaQuickStarterService - ok
17:12:54.0218 2780 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:12:54.0312 2780 Kbdclass - ok
17:12:54.0328 2780 [ 86C8F23616C6C6E5B2776901C17B945B ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:12:54.0406 2780 kbdhid - ok
17:12:54.0437 2780 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:12:54.0531 2780 kmixer - ok
17:12:54.0578 2780 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:12:54.0625 2780 KSecDD - ok
17:12:54.0671 2780 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:12:54.0703 2780 lanmanserver - ok
17:12:54.0750 2780 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:12:54.0781 2780 lanmanworkstation - ok
17:12:54.0781 2780 lbrtfdc - ok
17:12:54.0796 2780 [ 975B6CF65F44E95883F3855BAE8CECAF ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
17:12:54.0828 2780 lirsgt ( UnsignedFile.Multi.Generic ) - warning
17:12:54.0828 2780 lirsgt - detected UnsignedFile.Multi.Generic (1)
17:12:54.0890 2780 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:12:54.0968 2780 LmHosts - ok
17:12:55.0046 2780 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
17:12:55.0046 2780 MDM - ok
17:12:55.0093 2780 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:12:55.0187 2780 Messenger - ok
17:12:55.0234 2780 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:12:55.0312 2780 mnmdd - ok
17:12:55.0343 2780 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:12:55.0421 2780 mnmsrvc - ok
17:12:55.0437 2780 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:12:55.0515 2780 Modem - ok
17:12:55.0546 2780 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:12:55.0625 2780 Mouclass - ok
17:12:55.0671 2780 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:12:55.0750 2780 mouhid - ok
17:12:55.0765 2780 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:12:55.0843 2780 MountMgr - ok
17:12:55.0843 2780 mraid35x - ok
17:12:55.0859 2780 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:12:55.0937 2780 MRxDAV - ok
17:12:55.0968 2780 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:12:56.0000 2780 MRxSmb - ok
17:12:56.0031 2780 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:12:56.0140 2780 MSDTC - ok
17:12:56.0140 2780 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:12:56.0218 2780 Msfs - ok
17:12:56.0218 2780 MSIServer - ok
17:12:56.0250 2780 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:12:56.0328 2780 MSKSSRV - ok
17:12:56.0328 2780 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:12:56.0406 2780 MSPCLOCK - ok
17:12:56.0421 2780 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:12:56.0515 2780 MSPQM - ok
17:12:56.0531 2780 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:12:56.0625 2780 mssmbios - ok
17:12:56.0671 2780 MSSQL$SQLEXPRESS - ok
17:12:56.0718 2780 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
17:12:56.0718 2780 MSSQLServerADHelper100 - ok
17:12:56.0734 2780 [ D5059366B361F0E1124753447AF08AA2 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
17:12:56.0796 2780 MSTEE - ok
17:12:56.0843 2780 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
17:12:56.0875 2780 MTsensor - ok
17:12:56.0906 2780 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:12:56.0921 2780 Mup - ok
17:12:56.0968 2780 [ AC31B352CE5E92704056D409834BEB74 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:12:56.0984 2780 NABTSFEC - ok
17:12:57.0046 2780 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:12:57.0125 2780 napagent - ok
17:12:57.0203 2780 [ 87A00FAEDD703D8D2BDCB29CE5EEEA6B ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
17:12:57.0234 2780 NBService ( UnsignedFile.Multi.Generic ) - warning
17:12:57.0234 2780 NBService - detected UnsignedFile.Multi.Generic (1)
17:12:57.0250 2780 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:12:57.0343 2780 NDIS - ok
17:12:57.0343 2780 [ ABD7629CF2796250F315C1DD0B6CF7A0 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:12:57.0390 2780 NdisIP - ok
17:12:57.0437 2780 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:12:57.0515 2780 NdisTapi - ok
17:12:57.0562 2780 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:12:57.0640 2780 Ndisuio - ok
17:12:57.0656 2780 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:12:57.0734 2780 NdisWan - ok
17:12:57.0765 2780 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:12:57.0828 2780 NDProxy - ok
17:12:57.0828 2780 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:12:57.0906 2780 NetBIOS - ok
17:12:57.0921 2780 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:12:58.0000 2780 NetBT - ok
17:12:58.0031 2780 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
17:12:58.0109 2780 NetDDE - ok
17:12:58.0109 2780 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:12:58.0187 2780 NetDDEdsdm - ok
17:12:58.0218 2780 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:12:58.0312 2780 Netlogon - ok
17:12:58.0328 2780 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
17:12:58.0406 2780 Netman - ok
17:12:58.0484 2780 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:12:58.0515 2780 NetTcpPortSharing - ok
17:12:58.0562 2780 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:12:58.0640 2780 NIC1394 - ok
17:12:58.0687 2780 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
17:12:58.0703 2780 Nla - ok
17:12:58.0750 2780 [ B9730495E0CF674680121E34BD95A73B ] npf C:\WINDOWS\system32\drivers\npf.sys
17:12:58.0765 2780 npf - ok
17:12:58.0781 2780 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:12:58.0859 2780 Npfs - ok
17:12:58.0921 2780 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:12:59.0015 2780 Ntfs - ok
17:12:59.0031 2780 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:12:59.0109 2780 NtLmSsp - ok
17:12:59.0140 2780 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:12:59.0250 2780 NtmsSvc - ok
17:12:59.0296 2780 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:12:59.0375 2780 Null - ok
17:12:59.0609 2780 [ A05D99CBF55EB493C9E82B4BCA848EF5 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:12:59.0828 2780 nv - ok
17:12:59.0843 2780 [ A86A2F2B2BF5D5EED075B6417DE5CF1C ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
17:12:59.0859 2780 nvsvc - ok
17:12:59.0890 2780 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:12:59.0984 2780 NwlnkFlt - ok
17:12:59.0984 2780 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:13:00.0093 2780 NwlnkFwd - ok
17:13:00.0109 2780 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:13:00.0187 2780 ohci1394 - ok
17:13:00.0218 2780 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:13:00.0234 2780 ose - ok
17:13:00.0281 2780 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\drivers\Parport.sys
17:13:00.0375 2780 Parport - ok
17:13:00.0375 2780 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:13:00.0453 2780 PartMgr - ok
17:13:00.0484 2780 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:13:00.0562 2780 ParVdm - ok
17:13:00.0562 2780 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:13:00.0640 2780 PCI - ok
17:13:00.0656 2780 PCIDump - ok
17:13:00.0671 2780 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:13:00.0750 2780 PCIIde - ok
17:13:00.0765 2780 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:13:00.0843 2780 Pcmcia - ok
17:13:00.0843 2780 PDCOMP - ok
17:13:00.0843 2780 PDFRAME - ok
17:13:00.0843 2780 PDRELI - ok
17:13:00.0843 2780 PDRFRAME - ok
17:13:00.0859 2780 perc2 - ok
17:13:00.0859 2780 perc2hib - ok
17:13:00.0890 2780 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
17:13:00.0906 2780 PlugPlay - ok
17:13:00.0953 2780 [ A1DD33D16F277CE34124EE52AB2C0F14 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
17:13:00.0968 2780 PnkBstrA - ok
17:13:01.0015 2780 [ 7C01817ADF3207FB65A4B56E6D5AD833 ] PnkBstrB C:\WINDOWS\system32\PnkBstrB.exe
17:13:01.0015 2780 PnkBstrB - ok
17:13:01.0046 2780 [ F4BA8E3E515A3DD9DD29A031D6F94E02 ] PnkBstrK C:\WINDOWS\system32\drivers\PnkBstrK.sys
17:13:01.0062 2780 PnkBstrK - ok
17:13:01.0062 2780 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:13:01.0140 2780 PolicyAgent - ok
17:13:01.0171 2780 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:13:01.0250 2780 PptpMiniport - ok
17:13:01.0265 2780 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:13:01.0328 2780 ProtectedStorage - ok
17:13:01.0343 2780 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:13:01.0421 2780 PSched - ok
17:13:01.0453 2780 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:13:01.0531 2780 Ptilink - ok
17:13:01.0531 2780 ql1080 - ok
17:13:01.0531 2780 Ql10wnt - ok
17:13:01.0546 2780 ql12160 - ok
17:13:01.0546 2780 ql1240 - ok
17:13:01.0546 2780 ql1280 - ok
17:13:01.0562 2780 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:13:01.0656 2780 RasAcd - ok
17:13:01.0703 2780 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:13:01.0781 2780 RasAuto - ok
17:13:01.0796 2780 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:13:01.0875 2780 Rasl2tp - ok
17:13:01.0937 2780 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:13:02.0015 2780 RasMan - ok
17:13:02.0015 2780 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:13:02.0093 2780 RasPppoe - ok
17:13:02.0093 2780 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:13:02.0203 2780 Raspti - ok
17:13:02.0203 2780 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:13:02.0296 2780 Rdbss - ok
17:13:02.0296 2780 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:13:02.0375 2780 RDPCDD - ok
17:13:02.0390 2780 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:13:02.0468 2780 rdpdr - ok
17:13:02.0515 2780 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:13:02.0562 2780 RDPWD - ok
17:13:02.0578 2780 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:13:02.0687 2780 RDSessMgr - ok
17:13:02.0687 2780 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:13:02.0765 2780 redbook - ok
17:13:02.0796 2780 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:13:02.0890 2780 RemoteAccess - ok
17:13:02.0906 2780 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:13:02.0984 2780 RemoteRegistry - ok
17:13:02.0984 2780 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
17:13:03.0062 2780 RpcLocator - ok
17:13:03.0093 2780 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:13:03.0125 2780 RpcSs - ok
17:13:03.0171 2780 [ FEDD2710B75BE3ECF078ADACE790C423 ] RsFx0102 C:\WINDOWS\system32\DRIVERS\RsFx0102.sys
17:13:03.0171 2780 RsFx0102 - ok
17:13:03.0203 2780 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:13:03.0296 2780 RSVP - ok
17:13:03.0312 2780 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
17:13:03.0390 2780 SamSs - ok
17:13:03.0390 2780 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:13:03.0468 2780 SCardSvr - ok
17:13:03.0484 2780 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:13:03.0562 2780 Schedule - ok
17:13:03.0578 2780 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:13:03.0656 2780 Secdrv - ok
17:13:03.0671 2780 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:13:03.0750 2780 seclogon - ok
17:13:03.0765 2780 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
17:13:03.0843 2780 SENS - ok
17:13:03.0843 2780 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:13:03.0921 2780 serenum - ok
17:13:03.0937 2780 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:13:04.0015 2780 Serial - ok
17:13:04.0046 2780 [ 0B179A959FF6B6CA5927D4F255AB9F90 ] sfdrv01 C:\WINDOWS\system32\drivers\sfdrv01.sys
17:13:04.0046 2780 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
17:13:04.0046 2780 sfdrv01 - detected UnsignedFile.Multi.Generic (1)
17:13:04.0046 2780 [ 15BE2B5E4DC5B8623CF167720682ABC9 ] sfhlp02 C:\WINDOWS\system32\drivers\sfhlp02.sys
17:13:04.0062 2780 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning
17:13:04.0062 2780 sfhlp02 - detected UnsignedFile.Multi.Generic (1)
17:13:04.0062 2780 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:13:04.0140 2780 Sfloppy - ok
17:13:04.0140 2780 [ A62EFE6AA55C6A599DDBB6BD00E8FB9C ] sfsync02 C:\WINDOWS\system32\drivers\sfsync02.sys
17:13:04.0156 2780 sfsync02 ( UnsignedFile.Multi.Generic ) - warning
17:13:04.0156 2780 sfsync02 - detected UnsignedFile.Multi.Generic (1)
17:13:04.0171 2780 [ D7AE22C19B19916C011DD82DB343539F ] sfvfs02 C:\WINDOWS\system32\drivers\sfvfs02.sys
17:13:04.0171 2780 sfvfs02 ( UnsignedFile.Multi.Generic ) - warning
17:13:04.0171 2780 sfvfs02 - detected UnsignedFile.Multi.Generic (1)
17:13:04.0234 2780 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:13:04.0234 2780 ShellHWDetection - ok
17:13:04.0234 2780 Simbad - ok
17:13:04.0437 2780 [ 23E3C83DFF7B09A97B01A85ED8A44478 ] Skype C2C Service C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
17:13:04.0515 2780 Skype C2C Service - ok
17:13:04.0562 2780 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
17:13:04.0562 2780 SkypeUpdate - ok
17:13:04.0609 2780 [ 1FFC44D6787EC1EA9A2B1440A90FA5C1 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:13:04.0625 2780 SLIP - ok
17:13:04.0625 2780 Sparrow - ok
17:13:04.0640 2780 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:13:04.0718 2780 splitter - ok
17:13:04.0765 2780 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:13:04.0796 2780 Spooler - ok
17:13:04.0843 2780 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
17:13:04.0843 2780 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
17:13:04.0859 2780 sptd ( LockedFile.Multi.Generic ) - warning
17:13:04.0859 2780 sptd - detected LockedFile.Multi.Generic (1)
17:13:04.0890 2780 [ EB2FD937449B7ACEB39372F875EB8E78 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
17:13:04.0921 2780 SQLAgent$SQLEXPRESS - ok
17:13:04.0984 2780 [ 99DE6ACFA5CA83FAD6A765C81C6F129F ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:13:05.0000 2780 SQLBrowser - ok
17:13:05.0015 2780 [ 637A0F23F9012358E92E6F99835494D1 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:13:05.0031 2780 SQLWriter - ok
17:13:05.0046 2780 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:13:05.0156 2780 sr - ok
17:13:05.0156 2780 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
17:13:05.0250 2780 srservice - ok
17:13:05.0296 2780 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:13:05.0343 2780 Srv - ok
17:13:05.0343 2780 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:13:05.0421 2780 SSDPSRV - ok
17:13:05.0437 2780 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:13:05.0531 2780 stisvc - ok
17:13:05.0562 2780 [ A9F9FD0212E572B84EDB9EB661F6BC04 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:13:05.0578 2780 streamip - ok
17:13:05.0593 2780 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:13:05.0671 2780 swenum - ok
17:13:05.0687 2780 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:13:05.0781 2780 swmidi - ok
17:13:05.0796 2780 SwPrv - ok
17:13:05.0796 2780 symc810 - ok
17:13:05.0796 2780 symc8xx - ok
17:13:05.0796 2780 sym_hi - ok
17:13:05.0796 2780 sym_u3 - ok
17:13:05.0796 2780 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:13:05.0890 2780 sysaudio - ok
17:13:05.0906 2780 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:13:06.0000 2780 SysmonLog - ok
17:13:06.0031 2780 [ B7AEE68D2E867CBF69B649B18FCEDBBB ] tap0901t C:\WINDOWS\system32\DRIVERS\tap0901t.sys
17:13:06.0031 2780 tap0901t ( UnsignedFile.Multi.Generic ) - warning
17:13:06.0031 2780 tap0901t - detected UnsignedFile.Multi.Generic (1)
17:13:06.0078 2780 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:13:06.0156 2780 TapiSrv - ok
17:13:06.0187 2780 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:13:06.0218 2780 Tcpip - ok
17:13:06.0265 2780 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:13:06.0343 2780 TDPIPE - ok
17:13:06.0375 2780 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:13:06.0453 2780 TDTCP - ok
17:13:06.0453 2780 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:13:06.0562 2780 TermDD - ok
17:13:06.0609 2780 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
17:13:06.0687 2780 TermService - ok
17:13:06.0703 2780 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
17:13:06.0718 2780 Themes - ok
17:13:06.0765 2780 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
17:13:06.0859 2780 TlntSvr - ok
17:13:06.0859 2780 TosIde - ok
17:13:06.0906 2780 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:13:06.0984 2780 TrkWks - ok
17:13:07.0046 2780 [ 3ADBC52F03E9DA362D334943D6FCFD28 ] TunngleService C:\Program Files\Tunngle\TnglCtrl.exe
17:13:07.0078 2780 TunngleService ( UnsignedFile.Multi.Generic ) - warning
17:13:07.0078 2780 TunngleService - detected UnsignedFile.Multi.Generic (1)
17:13:07.0093 2780 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:13:07.0187 2780 Udfs - ok
17:13:07.0187 2780 ultra - ok
17:13:07.0218 2780 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:13:07.0296 2780 Update - ok
17:13:07.0312 2780 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
17:13:07.0406 2780 upnphost - ok
17:13:07.0421 2780 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
17:13:07.0500 2780 UPS - ok
17:13:07.0531 2780 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:13:07.0593 2780 usbccgp - ok
17:13:07.0625 2780 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:13:07.0703 2780 usbehci - ok
17:13:07.0703 2780 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:13:07.0796 2780 usbhub - ok
17:13:07.0812 2780 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:13:07.0890 2780 usbprint - ok
17:13:07.0921 2780 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:13:08.0000 2780 usbscan - ok
17:13:08.0000 2780 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:13:08.0093 2780 USBSTOR - ok
17:13:08.0109 2780 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:13:08.0187 2780 usbuhci - ok
17:13:08.0187 2780 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
17:13:08.0265 2780 usbvideo - ok
17:13:08.0281 2780 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:13:08.0343 2780 VgaSave - ok
17:13:08.0359 2780 ViaIde - ok
17:13:08.0359 2780 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:13:08.0437 2780 VolSnap - ok
17:13:08.0468 2780 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
17:13:08.0546 2780 VSS - ok
17:13:08.0578 2780 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
17:13:08.0656 2780 W32Time - ok
17:13:08.0656 2780 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:13:08.0734 2780 Wanarp - ok
17:13:08.0734 2780 WDICA - ok
17:13:08.0750 2780 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:13:08.0828 2780 wdmaud - ok
17:13:08.0843 2780 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:13:08.0906 2780 WebClient - ok
17:13:09.0000 2780 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:13:09.0078 2780 winmgmt - ok
17:13:09.0140 2780 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:13:09.0187 2780 wlidsvc - ok
17:13:09.0218 2780 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:13:09.0250 2780 WmdmPmSN - ok
17:13:09.0265 2780 [ 0171CFF34BBA8C5977F18C48D8AEF8C6 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:13:09.0312 2780 Wmi - ok
17:13:09.0312 2780 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:13:09.0390 2780 WmiApSrv - ok
17:13:09.0468 2780 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
17:13:09.0531 2780 WMPNetworkSvc - ok
17:13:09.0640 2780 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:13:09.0671 2780 WPFFontCache_v0400 - ok
17:13:09.0734 2780 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:13:09.0828 2780 WS2IFSL - ok
17:13:09.0859 2780 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:13:09.0953 2780 wscsvc - ok
17:13:09.0968 2780 [ 233CDD1C06942115802EB7CE6669E099 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:13:10.0000 2780 WSTCODEC - ok
17:13:10.0031 2780 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:13:10.0109 2780 wuauserv - ok
17:13:10.0140 2780 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:13:10.0171 2780 WudfPf - ok
17:13:10.0203 2780 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:13:10.0218 2780 WudfRd - ok
17:13:10.0234 2780 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:13:10.0250 2780 WudfSvc - ok
17:13:10.0296 2780 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:13:10.0375 2780 WZCSVC - ok
17:13:10.0421 2780 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:13:10.0531 2780 xmlprov - ok
17:13:10.0531 2780 ================ Scan global ===============================
17:13:10.0562 2780 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
17:13:10.0609 2780 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
17:13:10.0625 2780 [ F3FA14A297BC687D0B51289D034033C9 ] C:\WINDOWS\system32\winsrv.dll
17:13:10.0640 2780 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
17:13:10.0640 2780 [Global] - ok
17:13:10.0640 2780 ================ Scan MBR ==================================
17:13:10.0671 2780 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
17:13:10.0859 2780 \Device\Harddisk0\DR0 - ok
17:13:10.0859 2780 ================ Scan VBR ==================================
17:13:10.0859 2780 [ 447041B57D7FFB60208BD6E32E4EDFE3 ] \Device\Harddisk0\DR0\Partition1
17:13:10.0859 2780 \Device\Harddisk0\DR0\Partition1 - ok
17:13:10.0859 2780 ============================================================
17:13:10.0859 2780 Scan finished
17:13:10.0859 2780 ============================================================
17:13:10.0968 3448 Detected object count: 12
17:13:10.0968 3448 Actual detected object count: 12
17:13:22.0421 3448 atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
17:13:22.0421 3448 atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:13:22.0421 3448 HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
17:13:22.0421 3448 HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:13:22.0421 3448 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:13:22.0421 3448 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:13:22.0421 3448 lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
17:13:22.0421 3448 lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:13:22.0421 3448 NBService ( UnsignedFile.Multi.Generic ) - skipped by user
17:13:22.0421 3448 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:13:22.0421 3448 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
17:13:22.0421 3448 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:13:22.0421 3448 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
17:13:22.0421 3448 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:13:22.0421 3448 sfsync02 ( UnsignedFile.Multi.Generic ) - skipped by user
17:13:22.0421 3448 sfsync02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:13:22.0421 3448 sfvfs02 ( UnsignedFile.Multi.Generic ) - skipped by user
17:13:22.0421 3448 sfvfs02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:13:22.0421 3448 sptd ( LockedFile.Multi.Generic ) - skipped by user
17:13:22.0421 3448 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
17:13:22.0437 3448 tap0901t ( UnsignedFile.Multi.Generic ) - skipped by user
17:13:22.0437 3448 tap0901t ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:13:22.0437 3448 TunngleService ( UnsignedFile.Multi.Generic ) - skipped by user
17:13:22.0437 3448 TunngleService ( UnsignedFile.Multi.Generic ) - User select action: Skip

#41 Příspěvek od **vyosek** » 02 dub 2013 16:26

Zkuste nyni spustit ComboFix

papperwing · #42 Příspěvek od **papperwing** » 02 dub 2013 16:54

ComboFix se opět sekl.Co mám dělat dál?

#43 Příspěvek od **vyosek** » 02 dub 2013 17:14

Prejmenujte jej na NoMBR a spustte

papperwing · #44 Příspěvek od **papperwing** » 02 dub 2013 17:34

ComboFix log:

ComboFix 13-04-02.01 - test 02.04.2013 18:19:03.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1497 [GMT 2:00]
Spuštěný z: c:\documents and settings\test\Plocha\NoMBR.exe
AV: avast! antivirus 4.8.1368 [VPS 100630-1] *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\test\WINDOWS
c:\recycler\S-1-5-18\$20ed6d1e14fabd6946c31be6b77366b4\@
c:\recycler\S-1-5-18\$20ed6d1e14fabd6946c31be6b77366b4\n
c:\recycler\S-1-5-21-1292428093-308236825-725345543-1003\$20ed6d1e14fabd6946c31be6b77366b4\n
c:\windows\system32\SETD8.tmp
c:\windows\system32\SETDC.tmp
c:\windows\system32\SETE4.tmp
c:\windows\system32\SETED.tmp
c:\windows\system32\SETEE.tmp
c:\windows\system32\SETEF.tmp
c:\windows\system32\SETF2.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-03-02 do 2013-04-02 )))))))))))))))))))))))))))))))
.
.
2013-04-02 14:52 . 2013-04-02 14:52 -------- d-----w- c:\documents and settings\test\Data aplikací\FixZeroAccess
2013-04-01 17:19 . 2013-04-01 17:19 -------- d--h--w- c:\windows\PIF
2013-04-01 16:56 . 2013-04-01 16:56 -------- d-----w- c:\program files\CCleaner
2013-04-01 10:41 . 2013-04-01 10:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-03-31 15:48 . 2013-03-31 15:49 -------- d-----w- C:\rsit
2013-03-31 15:48 . 2013-03-31 15:48 -------- d-----w- c:\program files\trend micro
2013-03-31 14:36 . 2013-04-01 11:28 -------- d-sh--r- c:\documents and settings\test\S-100-4902-8593-5693
2013-03-22 18:45 . 2013-03-22 18:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2013-03-20 15:39 . 2013-03-20 15:39 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-17 14:54 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-17 14:54 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-20 15:39 . 2011-04-08 19:54 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-20 15:39 . 2012-08-29 09:52 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-20 15:39 . 2011-04-08 19:54 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-13 07:53 . 2012-06-10 16:10 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 07:53 . 2011-08-22 10:06 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 00:32 . 2009-12-29 13:56 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-18 04:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:15 . 2004-08-18 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:15 . 2004-08-18 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:15 . 2004-08-18 04:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2004-08-18 04:00 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2004-08-18 04:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 07:26 . 2004-08-18 04:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 07:26 . 2004-08-17 15:45 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 10:10 . 2004-08-18 04:00 1867264 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-16 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SmartSoft PDF Printer Agent"="c:\program files\Smart PDF Creator\SmartSoft PDF Printer Agent.exe" [2010-10-14 62848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"4StoryPrePatch"="c:\program files\Gameforge4D\4Story_CZ\PrePatch.exe" [2011-11-21 327680]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\test\Nabídka Start\Programy\Po spuštění\
_uninst_.lnk - c:\documents and settings\test\Local Settings\Temp\_uninst_.bat [N/A]
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.4.2010 8:59 691696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [29.12.2009 15:30 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.12.2009 15:30 20560]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13.10.2011 17:21 249648]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [10.12.2012 18:29 1435568]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\Hi-Rez Studios\HiPatchService.exe [14.7.2012 9:22 8704]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 18:33 50704]
R2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [4.3.2011 19:38 685816]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [29.12.2009 15:19 38656]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [4.3.2011 19:38 27136]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [9.11.2011 14:16 196376]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [31.1.2013 11:38 3289208]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [8.1.2013 13:55 161536]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\test\LOCALS~1\Temp\WWD21.tmp --> c:\docume~1\test\LOCALS~1\Temp\WWD21.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Classic\safedrv.sys --> c:\program files\Garena Classic\safedrv.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 2:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 2:28 369688]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 07:53]
.
2013-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-16 11:55]
.
2013-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-16 11:55]
.
2013-04-02 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-04-27 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: soe.com
Trusted Zone: sony.com
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
BHO-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
BHO-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-nwiz - nwiz.exe
HKLM-Run-PartitionManager - d:\programs\HDM6-CD\WinHDM\WinHDM.exe
SafeBoot-97279938.sys
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-eBay Icon - c:\documents and settings\test\Data aplikací\Desktopicon\uninst.exe
AddRemove-Picasa 3 - c:\program files\Google\Picasa3\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-02 18:30
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\test\LOCALS~1\Temp\WWD21.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2013-04-02 18:32:04
ComboFix-quarantined-files.txt 2013-04-02 16:31
.
Před spuštěním: Volných bajtů: 249 645 510 656
Po spuštění: Volných bajtů: 258 344 226 816
.
- - End Of File - - 6945A0CCFA055535959FE9FF7021D9D1

#45 Příspěvek od **vyosek** » 02 dub 2013 18:03

Odinstalujte Spybot - Search & Destroy

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Folder::
c:\documents and settings\test\S-100-4902-8593-5693

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=-
"Skype"=-
"swg"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"SmartSoft PDF Printer Agent"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"4StoryPrePatch"=-
"LogMeIn Hamachi Ui"=-
"SunJavaUpdateSched"=-

DDS::
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

NoMBR::

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

VIRY.CZ

Problém s Trojskými koni a možná i víc

Re: Problém s Trojskými koni a možná i víc

Re: Problém s Trojskými koni a možná i víc

Re: Problém s Trojskými koni a možná i víc

Re: Problém s Trojskými koni a možná i víc

Re: Problém s Trojskými koni a možná i víc

Re: Problém s Trojskými koni a možná i víc

Re: Problém s Trojskými koni a možná i víc

Re: Problém s Trojskými koni a možná i víc

Re: Problém s Trojskými koni a možná i víc

Re: Problém s Trojskými koni a možná i víc

Re: Problém s Trojskými koni a možná i víc

Re: Problém s Trojskými koni a možná i víc

Re: Problém s Trojskými koni a možná i víc

Re: Problém s Trojskými koni a možná i víc

Re: Problém s Trojskými koni a možná i víc