VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

CryptoWall

https://forum.viry.cz:443/viewtopic.php?t=139824

Stránka 1 z 1

CryptoWall

Napsal: 23 srp 2014 15:44
od fandax16
zdravím,
sestře se opět povedlo zavirovat si počítač, tentokrá důkladně CryptoWalem celý disk. záloha je (win 7 zálohování), ale na stejném disku, takže vlastně záloha není. Obnovení systému je z neznámého důvodu vypnuto (??). primárně bych potřeboval zachránit windows, není je z čeho přeinstalovat (notebook, recovery je taktéž na disku). se ztrátou dat je sestra smířena a je ochotna za záchranu windows nabídnout po dohodě odměnu (neslape.cz vzdálená pomoc?)

díky za pomoc!

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-08-2014
Ran by Merry (administrator) on SAMSUNGN210 on 23-08-2014 16:07:21
Running from C:\Users\Merry\Desktop
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
() C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
() C:\Windows\System32\Rezip.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(forum.viry.cz) C:\Users\Merry\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8092192 2009-11-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1578280 2009-10-10] (Synaptics Incorporated)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-2374497666-14665686-394458678-1000\...\Run: [BitTorrent] => C:\Users\Merry\AppData\Roaming\BitTorrent\BitTorrent.exe [1643096 2014-05-01] (BitTorrent Inc.)
HKU\S-1-5-21-2374497666-14665686-394458678-1000\...\Run: [Icsoft] => C:\Users\Merry\AppData\Local\Icsoft\tmp2069.exe [215089 2014-08-21] (Tim Kosse)
HKU\S-1-5-21-2374497666-14665686-394458678-1000\...\Run: [Unmedia] => regsvr32.exe C:\Users\Merry\AppData\Local\Unmedia\ApiDevTrace.dll <===== ATTENTION
HKU\S-1-5-21-2374497666-14665686-394458678-1000\...\Run: [sigverif] => "C:\Users\Merry\AppData\Roaming\Microsoft\Windows\IEUpdate\sigverif.exe"
HKU\S-1-5-21-2374497666-14665686-394458678-1000\...\RunOnce: [sigverif] => "C:\Users\Merry\AppData\Roaming\Microsoft\Windows\IEUpdate\sigverif.exe"
HKU\S-1-5-21-2374497666-14665686-394458678-1000\...\RunOnce: [cE17k31] => C:\Users\Merry\AppData\Roaming\cE17k31.exe [618496 2014-08-23] ()
HKU\S-1-5-21-2374497666-14665686-394458678-1000\...\Policies\Explorer: [Run] "C:\Users\Merry\AppData\Roaming\Microsoft\Windows\IEUpdate\sigverif.exe"
HKU\S-1-5-21-2374497666-14665686-394458678-1000\...\MountPoints2: {a7b7097c-12b2-11e0-9f62-506313ad1b6e} - E:\Autorun.exe
HKU\S-1-5-21-2374497666-14665686-394458678-1000\...\Winlogon: [Shell] C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe [115888 2009-12-10] (Oceanis) <==== ATTENTION
HKU\S-1-5-21-2374497666-14665686-394458678-1000\...\Command Processor: "C:\Users\Merry\AppData\Roaming\Microsoft\Windows\IEUpdate\sigverif.exe" <===== ATTENTION!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Merry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.HTML ()
Startup: C:\Users\Merry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.TXT ()
InternetURL: C:\Users\Merry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.URL -> https://kpai7ycr7jxqkilp.onion.lt/de9s
Startup: C:\Users\Merry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sigverif.lnk
ShortcutTarget: sigverif.lnk -> C:\Users\Merry\AppData\Roaming\Microsoft\Windows\IEUpdate\sigverif.exe (No File)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: 1CryptoProviderIcons -> {24808826-C2BF-4269-B3BA-89D1D5F431A4} => C:\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll ()
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/search?q={searchT ... d=ie7&rlz=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Groove GFS Browser Helper -> {4DB74D06-491C-440D-305E-012400990F3E} -> C:\Windows\system32\coomsvcs.dll ()
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows 7 Starter Helper -> {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} -> C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll (Oceanis)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Merry\AppData\Roaming\Mozilla\Firefox\Profiles\s6rn396n.default
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: http://www.google.com
FF Keyword.URL: https://www.google.com/search
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Merry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Seznam lištička - C:\Users\Merry\AppData\Roaming\Mozilla\Firefox\Profiles\s6rn396n.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2014-06-04]
FF Extension: DivX Web Player - C:\Users\Merry\AppData\Roaming\Mozilla\Firefox\Profiles\s6rn396n.default\Extensions\DivXWebPlayer@divx.com.xpi [2012-08-20]
FF Extension: Adblock Plus - C:\Users\Merry\AppData\Roaming\Mozilla\Firefox\Profiles\s6rn396n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-28]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-03-29]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-08]

Chrome:
=======
CHR HomePage: http://www.google.com
CHR StartupUrls: "www.google.com"
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (avast! Online Security) - C:\Users\Merry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-10]
CHR Extension: (Peněženka Google) - C:\Users\Merry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-07-04]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-07-04] (AVAST Software)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] ()
R2 Rezip; C:\windows\SYSTEM32\Rezip.exe [311296 2009-03-05] () [File not signed]
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 HDDSvc; E:\HDInspectorPortable\App\HDInspector\HDDSvc.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-04] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-04] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-04] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-04] ()
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218688 2011-03-16] (DT Soft Ltd)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [801896 2013-03-12] (Realtek Semiconductor Corporation )
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-23 16:07 - 2014-08-23 16:10 - 00017510 _____ () C:\Users\Merry\Desktop\FRST.txt
2014-08-23 16:06 - 2014-08-23 16:07 - 00000000 ____D () C:\FRST
2014-08-23 16:05 - 2014-08-23 16:05 - 01094656 _____ (Farbar) C:\Users\Merry\Desktop\FRST.exe
2014-08-23 16:01 - 2014-08-23 16:01 - 00112640 _____ (forum.viry.cz) C:\Users\Merry\Downloads\FRSTLauncher.exe
2014-08-23 15:58 - 2014-08-23 16:05 - 00112640 _____ (forum.viry.cz) C:\Users\Merry\Desktop\FRSTLauncher.exe
2014-08-23 13:41 - 2014-08-23 13:41 - 00008172 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.HTML
2014-08-23 13:41 - 2014-08-23 13:41 - 00008172 _____ () C:\Users\Merry\Downloads\DECRYPT_INSTRUCTION.HTML
2014-08-23 13:41 - 2014-08-23 13:41 - 00008172 _____ () C:\Users\Merry\Desktop\DECRYPT_INSTRUCTION.HTML
2014-08-23 13:41 - 2014-08-23 13:41 - 00008172 _____ () C:\Users\Merry\DECRYPT_INSTRUCTION.HTML
2014-08-23 13:41 - 2014-08-23 13:41 - 00008172 _____ () C:\Users\DECRYPT_INSTRUCTION.HTML
2014-08-23 13:41 - 2014-08-23 13:41 - 00008172 _____ () C:\DECRYPT_INSTRUCTION.HTML
2014-08-23 13:41 - 2014-08-23 13:41 - 00004130 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.TXT
2014-08-23 13:41 - 2014-08-23 13:41 - 00004130 _____ () C:\Users\Merry\Downloads\DECRYPT_INSTRUCTION.TXT
2014-08-23 13:41 - 2014-08-23 13:41 - 00004130 _____ () C:\Users\Merry\Desktop\DECRYPT_INSTRUCTION.TXT
2014-08-23 13:41 - 2014-08-23 13:41 - 00004130 _____ () C:\Users\Merry\DECRYPT_INSTRUCTION.TXT
2014-08-23 13:41 - 2014-08-23 13:41 - 00004130 _____ () C:\Users\DECRYPT_INSTRUCTION.TXT
2014-08-23 13:41 - 2014-08-23 13:41 - 00004130 _____ () C:\DECRYPT_INSTRUCTION.TXT
2014-08-23 13:41 - 2014-08-23 13:41 - 00000252 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.URL
2014-08-23 13:41 - 2014-08-23 13:41 - 00000252 _____ () C:\Users\Merry\Downloads\DECRYPT_INSTRUCTION.URL
2014-08-23 13:41 - 2014-08-23 13:41 - 00000252 _____ () C:\Users\Merry\Desktop\DECRYPT_INSTRUCTION.URL
2014-08-23 13:41 - 2014-08-23 13:41 - 00000252 _____ () C:\Users\Merry\DECRYPT_INSTRUCTION.URL
2014-08-23 13:41 - 2014-08-23 13:41 - 00000252 _____ () C:\Users\DECRYPT_INSTRUCTION.URL
2014-08-23 13:41 - 2014-08-23 13:41 - 00000252 _____ () C:\DECRYPT_INSTRUCTION.URL
2014-08-23 13:36 - 2014-08-23 13:36 - 00008172 _____ () C:\Users\Merry\Documents\DECRYPT_INSTRUCTION.HTML
2014-08-23 13:36 - 2014-08-23 13:36 - 00004130 _____ () C:\Users\Merry\Documents\DECRYPT_INSTRUCTION.TXT
2014-08-23 13:36 - 2014-08-23 13:36 - 00000252 _____ () C:\Users\Merry\Documents\DECRYPT_INSTRUCTION.URL
2014-08-23 13:03 - 2014-08-23 13:03 - 00008172 _____ () C:\Users\Merry\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-08-23 13:03 - 2014-08-23 13:03 - 00008172 _____ () C:\Users\Merry\AppData\DECRYPT_INSTRUCTION.HTML
2014-08-23 13:03 - 2014-08-23 13:03 - 00004130 _____ () C:\Users\Merry\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-08-23 13:03 - 2014-08-23 13:03 - 00004130 _____ () C:\Users\Merry\AppData\DECRYPT_INSTRUCTION.TXT
2014-08-23 13:03 - 2014-08-23 13:03 - 00000252 _____ () C:\Users\Merry\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-08-23 13:03 - 2014-08-23 13:03 - 00000252 _____ () C:\Users\Merry\AppData\DECRYPT_INSTRUCTION.URL
2014-08-23 12:56 - 2014-08-23 12:56 - 00008172 _____ () C:\Users\Merry\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-08-23 12:56 - 2014-08-23 12:56 - 00004130 _____ () C:\Users\Merry\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-08-23 12:56 - 2014-08-23 12:56 - 00000252 _____ () C:\Users\Merry\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-08-23 12:55 - 2014-08-23 12:55 - 00008172 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-08-23 12:55 - 2014-08-23 12:55 - 00004130 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-08-23 12:55 - 2014-08-23 12:55 - 00000252 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-08-23 12:54 - 2014-08-23 12:54 - 00008172 _____ () C:\Users\2\Downloads\DECRYPT_INSTRUCTION.HTML
2014-08-23 12:54 - 2014-08-23 12:54 - 00008172 _____ () C:\Users\2\DECRYPT_INSTRUCTION.HTML
2014-08-23 12:54 - 2014-08-23 12:54 - 00008172 _____ () C:\Users\2\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-08-23 12:54 - 2014-08-23 12:54 - 00008172 _____ () C:\Users\2\AppData\DECRYPT_INSTRUCTION.HTML
2014-08-23 12:54 - 2014-08-23 12:54 - 00004130 _____ () C:\Users\2\Downloads\DECRYPT_INSTRUCTION.TXT
2014-08-23 12:54 - 2014-08-23 12:54 - 00004130 _____ () C:\Users\2\DECRYPT_INSTRUCTION.TXT
2014-08-23 12:54 - 2014-08-23 12:54 - 00004130 _____ () C:\Users\2\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-08-23 12:54 - 2014-08-23 12:54 - 00004130 _____ () C:\Users\2\AppData\DECRYPT_INSTRUCTION.TXT
2014-08-23 12:54 - 2014-08-23 12:54 - 00000252 _____ () C:\Users\2\Downloads\DECRYPT_INSTRUCTION.URL
2014-08-23 12:54 - 2014-08-23 12:54 - 00000252 _____ () C:\Users\2\DECRYPT_INSTRUCTION.URL
2014-08-23 12:54 - 2014-08-23 12:54 - 00000252 _____ () C:\Users\2\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-08-23 12:54 - 2014-08-23 12:54 - 00000252 _____ () C:\Users\2\AppData\DECRYPT_INSTRUCTION.URL
2014-08-23 12:53 - 2014-08-23 12:53 - 00008172 _____ () C:\Users\2\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-08-23 12:53 - 2014-08-23 12:53 - 00004130 _____ () C:\Users\2\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-08-23 12:53 - 2014-08-23 12:53 - 00000252 _____ () C:\Users\2\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-08-23 12:53 - 2014-08-23 12:51 - 00618496 _____ () C:\Users\Merry\AppData\Roaming\cE17k31.exe
2014-08-23 12:50 - 2014-08-23 12:50 - 00000000 ____D () C:\Windows\Sun
2014-08-21 14:38 - 2014-08-21 14:38 - 00000000 ____D () C:\Users\Merry\AppData\Local\Unmedia
2014-08-21 14:38 - 2014-08-21 14:38 - 00000000 ____D () C:\Users\Merry\AppData\Local\Icsoft
2014-08-21 14:05 - 2014-08-23 13:36 - 00000000 ____D () C:\Users\Merry\Desktop\What If 2013
2014-08-21 14:03 - 2014-08-21 14:03 - 00033013 _____ () C:\Users\Merry\Downloads\What If 2013.torrent
2014-08-19 09:10 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-19 09:10 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-19 09:10 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-19 09:10 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-19 09:09 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-19 09:09 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-15 03:02 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 03:01 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 03:01 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 03:01 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 21:11 - 2014-07-24 12:52 - 01180672 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 21:11 - 2014-07-24 12:52 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 21:11 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 21:11 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 21:11 - 2014-07-24 12:51 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 21:11 - 2014-07-24 12:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 21:11 - 2014-07-24 12:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 21:11 - 2014-07-24 12:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 21:11 - 2014-07-16 04:47 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 21:11 - 2014-07-16 03:47 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 21:11 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 21:11 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 21:11 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-13 21:11 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-13 21:10 - 2014-07-24 12:52 - 01766400 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 21:10 - 2014-07-24 12:51 - 14371328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 21:10 - 2014-07-24 12:51 - 13757440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 21:10 - 2014-07-24 12:51 - 02861568 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 21:10 - 2014-07-24 12:51 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 21:10 - 2014-07-24 12:51 - 01440768 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 21:10 - 2014-07-24 12:51 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-13 21:10 - 2014-07-24 12:51 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 21:10 - 2014-07-24 12:51 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 21:10 - 2014-07-24 12:51 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 21:10 - 2014-07-24 12:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-13 21:10 - 2014-07-24 12:51 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 21:10 - 2014-07-24 12:51 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 21:10 - 2014-07-24 11:32 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-08-13 21:09 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 21:08 - 2014-08-07 03:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 21:08 - 2014-08-07 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 21:08 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 21:08 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 21:08 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 21:08 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 21:08 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 21:07 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 21:07 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 21:07 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 21:07 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 21:07 - 2014-07-09 03:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 21:07 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 11:56 - 2014-08-23 13:04 - 00000000 ____D () C:\Users\Merry\Desktop\fotky
2014-08-07 13:53 - 2014-08-07 13:53 - 00000000 __SHD () C:\found.003
2014-08-06 20:12 - 2014-08-06 20:12 - 00000000 ____D () C:\games
2014-08-06 20:11 - 2014-08-23 13:17 - 00000000 ____D () C:\Users\Merry\Desktop\Kudos 2
2014-08-06 20:10 - 2014-08-09 15:53 - 34811697 _____ () C:\Users\Merry\Desktop\Kudos 2.rar
2014-08-06 20:04 - 2014-08-06 20:05 - 32273762 _____ () C:\Users\Merry\Desktop\Kudos 2 precracked
2014-08-06 18:32 - 2014-08-06 18:32 - 00001228 _____ () C:\Users\Public\Desktop\Spore.lnk
2014-08-06 18:31 - 2014-08-06 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strogino CS Portal
2014-08-06 18:14 - 2014-08-06 18:14 - 00000000 ____D () C:\Program Files\Strogino CS Portal
2014-08-06 17:18 - 2014-08-06 18:05 - 00000000 ____D () C:\Users\Merry\Desktop\Spore
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 __SHD () C:\found.002

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-23 16:10 - 2014-08-23 16:07 - 00017510 _____ () C:\Users\Merry\Desktop\FRST.txt
2014-08-23 16:07 - 2014-08-23 16:06 - 00000000 ____D () C:\FRST
2014-08-23 16:05 - 2014-08-23 16:05 - 01094656 _____ (Farbar) C:\Users\Merry\Desktop\FRST.exe
2014-08-23 16:05 - 2014-08-23 15:58 - 00112640 _____ (forum.viry.cz) C:\Users\Merry\Desktop\FRSTLauncher.exe
2014-08-23 16:01 - 2014-08-23 16:01 - 00112640 _____ (forum.viry.cz) C:\Users\Merry\Downloads\FRSTLauncher.exe
2014-08-23 15:24 - 2014-02-04 23:01 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-23 15:22 - 2013-10-02 10:14 - 00000000 ____D () C:\Users\Merry\Desktop\VŠ
2014-08-23 13:41 - 2014-08-23 13:41 - 00008172 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.HTML
2014-08-23 13:41 - 2014-08-23 13:41 - 00008172 _____ () C:\Users\Merry\Downloads\DECRYPT_INSTRUCTION.HTML
2014-08-23 13:41 - 2014-08-23 13:41 - 00008172 _____ () C:\Users\Merry\Desktop\DECRYPT_INSTRUCTION.HTML
2014-08-23 13:41 - 2014-08-23 13:41 - 00008172 _____ () C:\Users\Merry\DECRYPT_INSTRUCTION.HTML
2014-08-23 13:41 - 2014-08-23 13:41 - 00008172 _____ () C:\Users\DECRYPT_INSTRUCTION.HTML
2014-08-23 13:41 - 2014-08-23 13:41 - 00008172 _____ () C:\DECRYPT_INSTRUCTION.HTML
2014-08-23 13:41 - 2014-08-23 13:41 - 00004130 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.TXT
2014-08-23 13:41 - 2014-08-23 13:41 - 00004130 _____ () C:\Users\Merry\Downloads\DECRYPT_INSTRUCTION.TXT
2014-08-23 13:41 - 2014-08-23 13:41 - 00004130 _____ () C:\Users\Merry\Desktop\DECRYPT_INSTRUCTION.TXT
2014-08-23 13:41 - 2014-08-23 13:41 - 00004130 _____ () C:\Users\Merry\DECRYPT_INSTRUCTION.TXT
2014-08-23 13:41 - 2014-08-23 13:41 - 00004130 _____ () C:\Users\DECRYPT_INSTRUCTION.TXT
2014-08-23 13:41 - 2014-08-23 13:41 - 00004130 _____ () C:\DECRYPT_INSTRUCTION.TXT
2014-08-23 13:41 - 2014-08-23 13:41 - 00000252 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.URL
2014-08-23 13:41 - 2014-08-23 13:41 - 00000252 _____ () C:\Users\Merry\Downloads\DECRYPT_INSTRUCTION.URL
2014-08-23 13:41 - 2014-08-23 13:41 - 00000252 _____ () C:\Users\Merry\Desktop\DECRYPT_INSTRUCTION.URL
2014-08-23 13:41 - 2014-08-23 13:41 - 00000252 _____ () C:\Users\Merry\DECRYPT_INSTRUCTION.URL
2014-08-23 13:41 - 2014-08-23 13:41 - 00000252 _____ () C:\Users\DECRYPT_INSTRUCTION.URL
2014-08-23 13:41 - 2014-08-23 13:41 - 00000252 _____ () C:\DECRYPT_INSTRUCTION.URL
2014-08-23 13:41 - 2013-07-11 15:10 - 00083736 _____ () C:\Users\Merry\Downloads\UTRLFF-380-version1-AMK.xls
2014-08-23 13:41 - 2012-12-25 15:23 - 00000000 ____D () C:\Users\Merry\Downloads\Westward III Gold Rush - New Time Management [h33t][Wendy99]
2014-08-23 13:41 - 2012-12-24 13:52 - 00000000 ____D () C:\Users\Merry\Downloads\Westward.Kingdoms.v1.000-DELiGHT
2014-08-23 13:41 - 2012-05-02 12:48 - 734036504 _____ () C:\Users\Merry\Downloads\The-Hitchhikers-Guide-To-The-Galaxy.avi
2014-08-23 13:41 - 2010-12-22 02:33 - 00000000 ____D () C:\Users\Merry
2014-08-23 13:41 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-08-23 13:40 - 2014-03-13 14:55 - 01093117 _____ () C:\Users\Merry\Downloads\Sir Arthur Conan Doyle.pptx
2014-08-23 13:40 - 2014-03-13 14:55 - 01093117 _____ () C:\Users\Merry\Downloads\Sir Arthur Conan Doyle(1).pptx
2014-08-23 13:40 - 2014-01-13 11:30 - 759138840 _____ () C:\Users\Merry\Downloads\Sherlock-S03E01-The-Empty-Hearse-(Ztracené-máry)-+-cz-titulky.avi
2014-08-23 13:40 - 2013-07-02 21:23 - 00705522 _____ () C:\Users\Merry\Downloads\program_ff13.xlsx
2014-08-23 13:40 - 2013-06-16 22:57 - 683748752 _____ () C:\Users\Merry\Downloads\rhlstp-04.mp4
2014-08-23 13:40 - 2013-03-29 12:19 - 00080664 _____ () C:\Users\Merry\Downloads\Snapshot of American Literature_Maturita exam(1).pptx
2014-08-23 13:40 - 2013-03-29 12:15 - 00080664 _____ () C:\Users\Merry\Downloads\Snapshot of American Literature_Maturita exam.pptx
2014-08-23 13:39 - 2014-06-15 22:26 - 02074136 _____ () C:\Users\Merry\Downloads\HK8-Humanismus.ppt
2014-08-23 13:39 - 2014-06-15 19:37 - 02444312 _____ () C:\Users\Merry\Downloads\HK7-Husitstvi.ppt
2014-08-23 13:39 - 2014-06-15 19:34 - 13726744 _____ () C:\Users\Merry\Downloads\HK6-Bible (1).ppt
2014-08-23 13:39 - 2014-06-15 18:44 - 13726744 _____ () C:\Users\Merry\Downloads\HK6-Bible.ppt
2014-08-23 13:39 - 2014-06-15 12:42 - 07253528 _____ () C:\Users\Merry\Downloads\HK5-14_stoleti.ppt
2014-08-23 13:39 - 2011-12-29 11:07 - 246082072 _____ () C:\Users\Merry\Downloads\I've Never Seen Star Wars - S02E01 (27th December 2011) [PDTV(XviD)]-BRiTiSHSM.avi
2014-08-23 13:38 - 2014-06-12 20:48 - 00000000 ____D () C:\Users\Merry\Downloads\drop
2014-08-23 13:38 - 2014-05-06 17:50 - 00000000 ____D () C:\Users\Merry\Downloads\Democracy 3 [WMTF]
2014-08-23 13:38 - 2013-12-21 22:19 - 1468842520 _____ () C:\Users\Merry\Downloads\FAR_FROM_HEAVEN.avi
2014-08-23 13:38 - 2013-10-30 19:28 - 03203896 _____ () C:\Users\Merry\Downloads\CHUA-Cz.wav
2014-08-23 13:38 - 2013-10-30 19:27 - 02910202 _____ () C:\Users\Merry\Downloads\CHUA-Br.wav
2014-08-23 13:38 - 2011-09-25 16:08 - 02759909 _____ () C:\Users\Merry\Downloads\Doprovodna prezentace.pptx
2014-08-23 13:37 - 2013-12-01 20:24 - 02954785 _____ () C:\Users\Merry\Downloads\ANJ-internet (1).pptx
2014-08-23 13:37 - 2013-12-01 20:14 - 02954785 _____ () C:\Users\Merry\Downloads\ANJ-internet.pptx
2014-08-23 13:37 - 2013-03-20 17:30 - 02957851 _____ () C:\Users\Merry\Downloads\American Civil War(1).pptx
2014-08-23 13:37 - 2013-03-18 00:28 - 02969284 _____ () C:\Users\Merry\Downloads\American Civil War.pptx
2014-08-23 13:37 - 2011-11-27 16:50 - 00328984 _____ () C:\Users\Merry\Downloads\ARABSKÉ JARO-JEMEN.pptx
2014-08-23 13:36 - 2014-08-23 13:36 - 00008172 _____ () C:\Users\Merry\Documents\DECRYPT_INSTRUCTION.HTML
2014-08-23 13:36 - 2014-08-23 13:36 - 00004130 _____ () C:\Users\Merry\Documents\DECRYPT_INSTRUCTION.TXT
2014-08-23 13:36 - 2014-08-23 13:36 - 00000252 _____ () C:\Users\Merry\Documents\DECRYPT_INSTRUCTION.URL
2014-08-23 13:36 - 2014-08-21 14:05 - 00000000 ____D () C:\Users\Merry\Desktop\What If 2013
2014-08-23 13:36 - 2014-03-13 16:52 - 00000280 ____H () C:\Users\Merry\Desktop\~$Sherlock-konečná2.pptx
2014-08-23 13:36 - 2011-03-16 21:36 - 00000000 ____D () C:\Users\Merry\Documents\My Games
2014-08-23 13:36 - 2011-02-18 22:26 - 00000000 ____D () C:\Users\Merry\Documents\LDW
2014-08-23 13:32 - 2014-05-01 21:26 - 00000000 ____D () C:\Users\Merry\Desktop\Sounds
2014-08-23 13:32 - 2014-03-13 16:46 - 02565431 _____ () C:\Users\Merry\Desktop\Sherlock-konečná2.pptx
2014-08-23 13:32 - 2014-03-13 15:03 - 01068056 _____ () C:\Users\Merry\Desktop\sherlock.ppt
2014-08-23 13:31 - 2014-05-06 17:48 - 00000000 ____D () C:\Users\Merry\Desktop\RAR File Open Knife - Free Opener
2014-08-23 13:31 - 2014-03-17 00:15 - 00000000 ____D () C:\Users\Merry\Desktop\Precipice_Data
2014-08-23 13:31 - 2013-04-17 07:19 - 00000792 _____ () C:\Users\Merry\Desktop\Readme.txt
2014-08-23 13:31 - 2010-12-26 18:45 - 00000000 ____D () C:\Users\Merry\Desktop\merry
2014-08-23 13:31 - 2009-11-30 08:15 - 36939288 _____ () C:\Users\Merry\Desktop\Precipice.pdb
2014-08-23 13:17 - 2014-08-06 20:11 - 00000000 ____D () C:\Users\Merry\Desktop\Kudos 2
2014-08-23 13:16 - 2014-05-06 17:34 - 00000000 ____D () C:\GOG Games
2014-08-23 13:12 - 2014-05-06 18:07 - 00000000 ____D () C:\2-click run
2014-08-23 13:04 - 2014-08-13 11:56 - 00000000 ____D () C:\Users\Merry\Desktop\fotky
2014-08-23 13:04 - 2014-05-06 18:05 - 00000000 ____D () C:\Users\Merry\Desktop\Democracy 3 v2.0.0.3 (2-click run)
2014-08-23 13:03 - 2014-08-23 13:03 - 00008172 _____ () C:\Users\Merry\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-08-23 13:03 - 2014-08-23 13:03 - 00008172 _____ () C:\Users\Merry\AppData\DECRYPT_INSTRUCTION.HTML
2014-08-23 13:03 - 2014-08-23 13:03 - 00004130 _____ () C:\Users\Merry\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-08-23 13:03 - 2014-08-23 13:03 - 00004130 _____ () C:\Users\Merry\AppData\DECRYPT_INSTRUCTION.TXT
2014-08-23 13:03 - 2014-08-23 13:03 - 00000252 _____ () C:\Users\Merry\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-08-23 13:03 - 2014-08-23 13:03 - 00000252 _____ () C:\Users\Merry\AppData\DECRYPT_INSTRUCTION.URL
2014-08-23 13:03 - 2014-03-13 13:13 - 00000000 ____D () C:\Users\Merry\Desktop\aTube Catcher 2.0
2014-08-23 13:03 - 2013-10-23 16:39 - 00000000 ____D () C:\Users\Merry\Desktop\BSPlayer
2014-08-23 13:03 - 2012-02-04 22:14 - 00000000 ____D () C:\Users\Merry\AppData\Roaming\Realore_Whiterra Roads Of Rome 2
2014-08-23 13:03 - 2011-04-13 11:30 - 00000000 ____D () C:\Users\Merry\AppData\Roaming\Skype
2014-08-23 13:03 - 2011-01-28 16:13 - 00000000 ____D () C:\Users\Merry\AppData\Roaming\Realore_Whiterra Roads Of Rome
2014-08-23 13:03 - 2011-01-23 14:26 - 00000000 ____D () C:\Users\Merry\AppData\Roaming\YoudaGames
2014-08-23 12:58 - 2014-05-06 17:48 - 00000000 ____D () C:\Users\Merry\AppData\Roaming\Philipp Winterberg
2014-08-23 12:58 - 2010-12-24 21:31 - 00000000 ____D () C:\Users\Merry\AppData\Roaming\Mozilla
2014-08-23 12:57 - 2012-11-24 14:50 - 00000000 ____D () C:\Users\Merry\AppData\Roaming\LOVE
2014-08-23 12:57 - 2012-02-14 13:37 - 00000000 ____D () C:\Users\Merry\AppData\Roaming\BSplayer
2014-08-23 12:57 - 2011-04-20 22:47 - 00000000 ____D () C:\Users\Merry\AppData\Roaming\DivoGames
2014-08-23 12:56 - 2014-08-23 12:56 - 00008172 _____ () C:\Users\Merry\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-08-23 12:56 - 2014-08-23 12:56 - 00004130 _____ () C:\Users\Merry\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-08-23 12:56 - 2014-08-23 12:56 - 00000252 _____ () C:\Users\Merry\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-08-23 12:56 - 2011-03-05 19:26 - 00000000 ____D () C:\Users\Merry\AppData\Roaming\BitTorrent
2014-08-23 12:56 - 2010-12-23 00:58 - 00000000 ____D () C:\Users\Merry\AppData\Roaming\Adobe
2014-08-23 12:55 - 2014-08-23 12:55 - 00008172 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-08-23 12:55 - 2014-08-23 12:55 - 00004130 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-08-23 12:55 - 2014-08-23 12:55 - 00000252 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-08-23 12:55 - 2012-05-27 23:15 - 00000000 ____D () C:\Users\Merry\AppData\Local\Freelang Dictionary
2014-08-23 12:55 - 2012-04-01 09:29 - 00000000 ____D () C:\Users\Merry\AppData\Local\Apple Computer
2014-08-23 12:55 - 2012-04-01 09:28 - 00000000 ____D () C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2014-08-23 12:55 - 2010-12-22 04:06 - 00000000 ____D () C:\Users\Merry\AppData\Local\Google
2014-08-23 12:55 - 2010-12-22 02:43 - 00000000 ____D () C:\Users\Merry\AppData\Local\Adobe
2014-08-23 12:55 - 2010-01-11 11:59 - 00000000 ____D () C:\ProgramData\WinClon
2014-08-23 12:54 - 2014-08-23 12:54 - 00008172 _____ () C:\Users\2\Downloads\DECRYPT_INSTRUCTION.HTML
2014-08-23 12:54 - 2014-08-23 12:54 - 00008172 _____ () C:\Users\2\DECRYPT_INSTRUCTION.HTML
2014-08-23 12:54 - 2014-08-23 12:54 - 00008172 _____ () C:\Users\2\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-08-23 12:54 - 2014-08-23 12:54 - 00008172 _____ () C:\Users\2\AppData\DECRYPT_INSTRUCTION.HTML
2014-08-23 12:54 - 2014-08-23 12:54 - 00004130 _____ () C:\Users\2\Downloads\DECRYPT_INSTRUCTION.TXT
2014-08-23 12:54 - 2014-08-23 12:54 - 00004130 _____ () C:\Users\2\DECRYPT_INSTRUCTION.TXT
2014-08-23 12:54 - 2014-08-23 12:54 - 00004130 _____ () C:\Users\2\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-08-23 12:54 - 2014-08-23 12:54 - 00004130 _____ () C:\Users\2\AppData\DECRYPT_INSTRUCTION.TXT
2014-08-23 12:54 - 2014-08-23 12:54 - 00000252 _____ () C:\Users\2\Downloads\DECRYPT_INSTRUCTION.URL
2014-08-23 12:54 - 2014-08-23 12:54 - 00000252 _____ () C:\Users\2\DECRYPT_INSTRUCTION.URL
2014-08-23 12:54 - 2014-08-23 12:54 - 00000252 _____ () C:\Users\2\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-08-23 12:54 - 2014-08-23 12:54 - 00000252 _____ () C:\Users\2\AppData\DECRYPT_INSTRUCTION.URL
2014-08-23 12:54 - 2012-10-20 09:00 - 00000000 ____D () C:\ProgramData\InstallMate
2014-08-23 12:54 - 2011-07-13 20:22 - 00000000 ____D () C:\Users\2\AppData\Roaming\Skype
2014-08-23 12:54 - 2011-05-29 16:30 - 00000000 ____D () C:\ProgramData\Easybits GO
2014-08-23 12:54 - 2011-04-13 11:31 - 00000000 ____D () C:\ProgramData\Skype Extras
2014-08-23 12:54 - 2011-04-13 11:29 - 00000000 ____D () C:\ProgramData\Skype
2014-08-23 12:54 - 2011-01-26 18:59 - 00000000 ____D () C:\Users\2
2014-08-23 12:54 - 2011-01-22 22:44 - 00000000 ____D () C:\ProgramData\Farm Fishes
2014-08-23 12:54 - 2011-01-22 14:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-23 12:54 - 2010-01-11 12:18 - 00000000 ____D () C:\ProgramData\SiteAdvisor
2014-08-23 12:53 - 2014-08-23 12:53 - 00008172 _____ () C:\Users\2\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-08-23 12:53 - 2014-08-23 12:53 - 00004130 _____ () C:\Users\2\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-08-23 12:53 - 2014-08-23 12:53 - 00000252 _____ () C:\Users\2\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-08-23 12:53 - 2013-12-25 16:34 - 00000000 ____D () C:\AdwCleaner
2014-08-23 12:53 - 2013-04-10 23:57 - 00000000 ____D () C:\2f42f04539db9e59bfe0577a233bc166
2014-08-23 12:53 - 2013-03-14 15:44 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-23 12:53 - 2012-08-20 16:16 - 00000000 ____D () C:\ProgramData\DivX
2014-08-23 12:53 - 2012-04-01 09:28 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-23 12:53 - 2011-03-05 19:14 - 00000000 ____D () C:\ProgramData\B3B8
2014-08-23 12:53 - 2011-01-27 18:30 - 00000000 ____D () C:\Users\2\AppData\Local\Google
2014-08-23 12:53 - 2011-01-27 14:14 - 00000000 ____D () C:\Users\2\AppData\Roaming\Mozilla
2014-08-23 12:53 - 2011-01-26 19:03 - 00000000 ____D () C:\Users\2\AppData\Roaming\Malwarebytes
2014-08-23 12:53 - 2010-12-28 22:50 - 00000000 ____D () C:\ProgramData\Alwil Software
2014-08-23 12:53 - 2010-01-12 04:41 - 01206951 _____ () C:\Windows\WindowsUpdate.log
2014-08-23 12:51 - 2014-08-23 12:53 - 00618496 _____ () C:\Users\Merry\AppData\Roaming\cE17k31.exe
2014-08-23 12:50 - 2014-08-23 12:50 - 00000000 ____D () C:\Windows\Sun
2014-08-21 14:38 - 2014-08-21 14:38 - 00000000 ____D () C:\Users\Merry\AppData\Local\Unmedia
2014-08-21 14:38 - 2014-08-21 14:38 - 00000000 ____D () C:\Users\Merry\AppData\Local\Icsoft
2014-08-21 14:03 - 2014-08-21 14:03 - 00033013 _____ () C:\Users\Merry\Downloads\What If 2013.torrent
2014-08-20 12:44 - 2009-07-14 06:34 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-20 12:44 - 2009-07-14 06:34 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-20 12:32 - 2011-11-25 12:29 - 00057495 _____ () C:\Windows\setupact.log
2014-08-20 12:32 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-20 12:32 - 2009-07-14 06:33 - 00501136 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-19 10:04 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-08-19 08:58 - 2011-11-25 12:28 - 00314346 _____ () C:\Windows\PFRO.log
2014-08-18 19:50 - 2009-07-26 22:06 - 01584626 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-18 12:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\SchCache
2014-08-17 16:07 - 2014-06-04 08:10 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-15 03:19 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-14 15:25 - 2014-05-07 08:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 14:06 - 2013-07-25 08:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 13:51 - 2010-12-23 01:17 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-09 15:53 - 2014-08-06 20:10 - 34811697 _____ () C:\Users\Merry\Desktop\Kudos 2.rar
2014-08-07 13:53 - 2014-08-07 13:53 - 00000000 __SHD () C:\found.003
2014-08-07 03:43 - 2014-08-13 21:08 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 03:39 - 2014-08-13 21:08 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 20:12 - 2014-08-06 20:12 - 00000000 ____D () C:\games
2014-08-06 20:05 - 2014-08-06 20:04 - 32273762 _____ () C:\Users\Merry\Desktop\Kudos 2 precracked
2014-08-06 18:32 - 2014-08-06 18:32 - 00001228 _____ () C:\Users\Public\Desktop\Spore.lnk
2014-08-06 18:31 - 2014-08-06 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strogino CS Portal
2014-08-06 18:14 - 2014-08-06 18:14 - 00000000 ____D () C:\Program Files\Strogino CS Portal
2014-08-06 18:05 - 2014-08-06 17:18 - 00000000 ____D () C:\Users\Merry\Desktop\Spore
2014-08-05 09:35 - 2014-08-05 09:35 - 00000000 __SHD () C:\found.002
2014-08-05 09:20 - 2010-12-28 22:59 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-29 22:22 - 2010-12-22 03:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 10:58 - 2010-12-28 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 12:52 - 2014-08-13 21:11 - 01180672 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-24 12:52 - 2014-08-13 21:11 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-24 12:52 - 2014-08-13 21:10 - 01766400 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-24 12:51 - 2014-08-13 21:11 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-24 12:51 - 2014-08-13 21:11 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-24 12:51 - 2014-08-13 21:11 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-24 12:51 - 2014-08-13 21:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-24 12:51 - 2014-08-13 21:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-24 12:51 - 2014-08-13 21:10 - 14371328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-24 12:51 - 2014-08-13 21:10 - 13757440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-24 12:51 - 2014-08-13 21:10 - 02861568 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-24 12:51 - 2014-08-13 21:10 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-24 12:51 - 2014-08-13 21:10 - 01440768 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-24 12:51 - 2014-08-13 21:10 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-24 12:51 - 2014-08-13 21:10 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-24 12:51 - 2014-08-13 21:10 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-24 12:51 - 2014-08-13 21:10 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-24 12:51 - 2014-08-13 21:10 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-24 12:51 - 2014-08-13 21:10 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-24 12:51 - 2014-08-13 21:10 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-24 12:29 - 2014-08-13 21:11 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-24 11:32 - 2014-08-13 21:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

Some content of TEMP:
====================
C:\Users\Merry\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Merry\AppData\Local\Temp\htmlayout.dll
C:\Users\Merry\AppData\Local\Temp\RSPUpgradeInstaller.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Merry\Desktop" je 7723 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk
C:\PROGRA~1\TP-LINK\TP-LIN~1\TWCU.exe


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000001
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: CryptoWall

Napsal: 23 srp 2014 15:50
od stell
Zdravim
Ano,pocitac je totalne zavireny.
Skus tot premenit na drobne.
je sestra smířena a je ochotna za záchranu windows nabídnout po dohodě odměnu (neslape.cz vzdálená pomoc?)
Bol si u nas na neslape.cz??

Uzivatel riesi problem u nas, na neslape.cz.
Temu zatvaram.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz