Zašifrované soubory... Security Shield?

[vision]

Dobře, budu čekat pouze na vaše příkazy.
Tady je poslední log z ComboFixu:


ComboFix 12-04-24.02 - Admin 25.04.2012 16:46:01.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3002.2075 [GMT 2:00]
Spuštěný z: c:\users\Admin\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Admin\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-13 02:02]"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4037204527-4293416820-2358000098-1001Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4037204527-4293416820-2358000098-1001UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Alwil Software
c:\programdata\Alwil Software\Avast5\aswResp.dat
c:\programdata\Alwil Software\Avast5\avast5.ini
c:\programdata\Alwil Software\Avast5\db1ca640399533c60-c66664c9.dat
c:\programdata\Alwil Software\Avast5\db1ca64c70998a607-4df5bf04.dat
c:\programdata\Alwil Software\Avast5\HtmlData\Blocked.htm
c:\programdata\Alwil Software\Avast5\HtmlData\image001.png
c:\programdata\Alwil Software\Avast5\chest\index.xml
c:\programdata\Alwil Software\Avast5\license.avastlic
c:\programdata\Alwil Software\Avast5\Log.db
c:\programdata\Alwil Software\Avast5\log\AshWebSv.ws
c:\programdata\Alwil Software\Avast5\log\aswAr.log
c:\programdata\Alwil Software\Avast5\log\aswAr1.log
c:\programdata\Alwil Software\Avast5\log\Chest.log
c:\programdata\Alwil Software\Avast5\log\Mail.log
c:\programdata\Alwil Software\Avast5\log\nshield.log
c:\programdata\Alwil Software\Avast5\log\selfdef.log
c:\programdata\Alwil Software\Avast5\log\Setup.log
c:\programdata\Alwil Software\Avast5\log\usntr.log
c:\programdata\Alwil Software\Avast5\report\BehaviorShield.txt
c:\programdata\Alwil Software\Avast5\report\EmailShield.txt
c:\programdata\Alwil Software\Avast5\report\FileSystemShield.txt
c:\programdata\Alwil Software\Avast5\report\IMShield.txt
c:\programdata\Alwil Software\Avast5\report\NetworkShield.txt
c:\programdata\Alwil Software\Avast5\report\P2PShield.txt
c:\programdata\Alwil Software\Avast5\report\ScriptShield.txt
c:\programdata\Alwil Software\Avast5\report\WebShield.txt
c:\programdata\Alwil Software\Avast5\snx_gconfig.xml
c:\programdata\Alwil Software\Avast5\snx_lconfig.xml
c:\programdata\Alwil Software\Avast5\sounds\fw_question.wav
c:\programdata\Alwil Software\Avast5\sounds\scan_completed.wav
c:\programdata\Alwil Software\Avast5\sounds\threat_detected.wav
c:\programdata\Alwil Software\Avast5\sounds\virus_db_updated.wav
c:\programdata\Alwil Software\Avast5\URL.db
c:\programdata\Alwil Software\Avast5\WebShield.ini
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_A2INJECTIONDRIVER
-------\Legacy_A2UTIL
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-25 do 2012-04-25 )))))))))))))))))))))))))))))))
.
.
2012-04-25 14:58 . 2012-04-25 15:01 -------- d-----w- c:\users\Admin\AppData\Local\temp
2012-04-25 14:58 . 2012-04-25 14:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-25 06:53 . 2012-04-25 06:53 2 --shatr- c:\windows\winstart.bat
2012-04-24 10:08 . 2012-04-24 10:08 13824 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-04-23 10:48 . 2012-04-23 10:48 -------- d-----w- c:\programdata\PCSettings
2012-04-23 10:15 . 2012-04-23 11:58 -------- d-----w- c:\programdata\NortonInstaller
2012-04-23 10:03 . 2012-04-23 10:03 -------- d-----w- C:\rsit
2012-04-21 19:18 . 2012-04-21 19:23 -------- d-----w- c:\users\Admin\AppData\Local\Canon Easy-PhotoPrint EX
2012-04-14 18:15 . 2012-04-14 18:53 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 18:53 . 2011-06-05 12:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2009-11-30 12:26 . 2009-11-30 12:26 292560 ----a-w- c:\program files\Iso-burner.exe
2003-05-01 12:59 . 2002-09-19 12:20 1413120 ----a-w- c:\program files\DS_PlugIn.8bf
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\PCSettings ----
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-8-26 2684256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI10"=diomidi.dll
"wave10"=Digi32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt]
@="Service"
.
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/02/21 01:18];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 EraserSvc11122;Symantec Eraser Service;c:\program files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 AF9035BDA;ASUS U3100 Mini Plus BDA Devices;c:\windows\system32\Drivers\AF9035BDA.sys [2009-07-16 462952]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-05-31 79360]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-06-16 76088]
R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2009-12-15 899712]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\Drivers\Pcouffin.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-06-16 181432]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-26 1343400]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\Winamp\WinRing0.sys [2008-07-26 14416]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2008-06-05 43792]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-01 691696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [2008-05-19 57344]
S2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2009-05-03 73392]
S2 OS Selector;Acronis OS Selector activator;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-09-29 2139400]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 18:53]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-22 16:53]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-22 16:53]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4037204527-4293416820-2358000098-1001Core.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-13 02:02]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4037204527-4293416820-2358000098-1001UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-13 02:02]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = 127.0.0.1
IE: + Offline &Explorer: Download the link - file://c:\program files\Offline Explorer Enterprise\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://c:\program files\Offline Explorer Enterprise\Add_AllO.htm
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Send To &Bluetooth - c:\program files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{9D62CBA2-BBB5-4C8E-952B-74E7461921F7}: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{9D62CBA2-BBB5-4C8E-952B-74E7461921F7}\777777E286F64756C656C6567616E647E236A7: DhcpNameServer = 10.3.0.1
TCP: Interfaces\{9D62CBA2-BBB5-4C8E-952B-74E7461921F7}\96E6564786F6D656234316: DhcpNameServer = 178.77.254.254 77.48.100.254
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(2908)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2012-04-25 17:04:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-25 15:04
ComboFix2.txt 2012-04-25 14:29
ComboFix3.txt 2012-04-24 18:55
.
Před spuštěním: 3 475 513 344
Po spuštění: 3 228 413 952
.
- - End Of File - - 22C93B36B56FFFA865C39EB0CF111C06

[vyosek]

Uploadnete mi prosim nekam tohle c:\windows\winstart.bat

[vision]

Tady je to... http://leteckaposta.cz/270180189

[vyosek]

Stahnete SytemLook http://jpshortstuff.247fixes.com/SystemLook.exe a ulozte jej na plochu

• Do okna vlozte skript nize

• Kód: Vybrat vše

  :reg
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders /sub

• Kliknete na Look
• Tlacitko Look se zmeni na Scanning a zsedne
• Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
• Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte

[vision]

Zde je log.
Log vyskočil ihned po kliknutí na tlačítko Loook.

SystemLook 30.07.11 by jpshortstuff
Log created at 21:40 on 25/04/2012 by Admin
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"RPCSS"="RpcEptMapper RpcSs"
"defragsvc"="defragsvc"
"LocalSystemNetworkRestricted"="UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc IPBusEnum dot3svc hidserv irmon sysmain WPDBusEnum homegrouplistener TabletInputService PcaSvc wlansvc CscService UmRdpService"
"LocalService"="nsi WdiServiceHost w32time EventSystem RemoteRegistry WinHttpAutoProxySvc sppuinotify THREADORDER netprofm lltdsvc fdphost SstpSvc WebClient"
"netsvcs"="AeLookupSvc CertPropSvc SCPolicySvc lanmanserver gpsvc IKEEXT AudioSrv FastUserSwitchingCompatibility Ias Irmon Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess SENS Sharedaccess SRService Tapisrv Wmi WmdmPmSp TermService wuauserv BITS ShellHWDetection LogonHours PCAudit helpsvc uploadmgr iphlpsvc seclogon AppInfo msiscsi MMCSS wercplsupport EapHost ProfSvc schedule hkmsvc SessionEnv winmgmt browser Themes BDESVC AppMgmt"
"WerSvcGroup"="wersvc"
"LocalServiceNoNetwork"="DPS PLA BFE mpssvc WwanSvc"
"termsvcs"="TermService"
"swprv"="swprv"
"LocalServiceNetworkRestricted"="DHCP eventlog AudioSrv BthHFSrv LmHosts wscsvc homegroupprovider WPCSvc"
"LocalServicePeerNet"="PNRPSvc p2pimsvc p2psvc PnrpAutoReg"
"NetworkServiceAndNoImpersonation"="KtmRm"
"regsvc"="RemoteRegistry"
"LocalServiceAndNoImpersonation"="SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc"
"DcomLaunch"="Power PlugPlay DcomLaunch"
"NetworkServiceNetworkRestricted"="PolicyAgent"
"NetworkService"="CryptSvc DHCP TermService DNSCache lanmanworkstation NapAgent nlasvc WinRM WECSVC Tapisrv"
"sdrsvc"="sdrsvc"
"WbioSvcGroup"="WbioSrvc"
"imgsvc"="StiSvc"
"wcssvc"="WcsPlugInService"
"AxInstSVGroup"="AxInstSV"
"secsvcs"="WinDefend"
"bthsvcs"="bthserv"
"PeerDist"="PeerDistSvc"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\AxInstSVGroup]
"ImpersonationLevel"= 0x0000000003 (3)
"CoInitializeSecurityParam"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\defragsvc]
"CoInitializeSecurityParam"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService]
"AuthenticationCapabilities"= 0x0000002000 (8192)
"CoInitializeSecurityParam"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation]
"AuthenticationCapabilities"= 0x0000002000 (8192)
"CoInitializeSecurityParam"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted]
"CoInitializeSecurityParam"= 0x0000000001 (1)
"DefaultRpcStackSize"= 0x0000000040 (64)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork]
"CoInitializeSecurityParam"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted]
"CoInitializeSecurityParam"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs]
"AuthenticationCapabilities"= 0x0000003020 (12320)
"CoInitializeSecurityParam"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService]
"CoInitializeSecurityParam"= 0x0000000001 (1)
"DefaultRpcStackSize"= 0x000000001c (28)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent]
"CoInitializeSecurityParam"= 0x0000000001 (1)
"AuthenticationCapabilities"= 0x0000002000 (8192)
"AuthenticationLevel"= 0x0000000006 (6)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing]
"CoInitializeSecurityParam"= 0x0000000001 (1)
"AuthenticationCapabilities"= 0x0000002000 (8192)
"AuthenticationLevel"= 0x0000000006 (6)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\SDRSVC]
"CoInitializeSecurityParam"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\swprv]
"CoInitializeSecurityParam"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs]
"CoInitializeSecurityParam"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc]
"CoInitializeSecurityParam"= 0x0000000001 (1)
"CoInitializeSecurityAppID"="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wercplsupport]
"AuthenticationCapabilities"= 0x0000003020 (12320)
"CoInitializeSecurityParam"= 0x0000000001 (1)


========== dir ==========

c:\programdata\PCSettings - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

-= EOF =-

[vision]

Už jsem dost zoufalý, zašifrované soubory potřebuji ke své práci.
Našel jsem další stránku, kde se tímto problémem zabývají.
http://www.viruss.eu/cs/security/ransom ... on-script/
Nic jsem nedělal, nechám to na vás.

[vyosek]

Zabalte par tech textaku a nekam uploadnete

Zkuste aplikovat tohle http://support.kaspersky.com/downloads/ ... ryptor.exe

[vision]

Zde je pár postižených souborů. Je to v raru. Dal jsem tam soubor v pdf, txt a jpg.
http://leteckaposta.cz/720513023
Tu věc z odkazu vyzkouším a dán vědět.

[vyosek]

OK, zkuste...ja uz nasel i zavadec haveti na zahranicnim foru, takze budem zkouset...

[vision]

Ten Decryptor to asi bohužel neumí. Skenuje i postižené soubory, ale nenachází je.
Nechám to ještě běžet, ale moc tomu nevěřím.

[vyosek]

OK, jeste mam pak v zaloze dalsi dva, tak uvidime

[vision]

Tak sken se dokončil: Found: 0, Decrypted: 0.
Nic to nenašlo ani neopravilo

[vyosek]

Dik za zaskok Naughty, dw.web byla dalsi moznost z tech co jsem chtel dat...preci jen Kaspersky u me ma vetsi jmeno

[vyosek]

Jeste lepsi, thx

[vision]

Když stáhnu aplikaci z odkazu a otevřu jí, při kliknutí na "continue" vyskočí zpráva "wrong key".
Co je špatně?