My pc ecriptado by cryptorlocker , .encrypted extension

thomny · May 29, 2016

I am a victim of this evil , all my files are encrypted with the extension ( .encrypted ) . I have removed all possible sources of infection not being more vulnerable . But I want to recover my files.

is attached files requested

I have removed all possible sources of infection not being more vulnerable . But I want to recover my files

Addition.txt

FRST.txt

scan_160528-063558.txt

Kevin Zoll · May 30, 2016

Hello,

It may not be possible to decrypt the encrypted files.

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
GroupPolicyScripts: Restrição <======= ATENÇÃO
GroupPolicyScripts\User: Restrição <======= ATENÇÃO
SearchScopes: HKU\S-1-5-21-157887246-1380453022-816234722-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Sem Nome -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> Nenhum Arquivo
2016-05-26 13:12 - 2016-05-28 06:57 - 00000000 ____D C:\Users\Administrador\AppData\Local\Temp\1
2016-05-25 14:17 - 2016-05-25 14:17 - 00000000 ____D C:\Users\Administrador\AppData\Local\Temp\iss3961.tmp
2016-05-25 14:17 - 2015-07-04 22:43 - 00116880 _____ (InstallShield Software Corporation) C:\Users\Administrador\AppData\Local\Temp\set3819.tmp
2016-05-25 13:55 - 2016-05-25 13:55 - 00000000 ____D C:\Users\Administrador\AppData\Local\Temp\{b1f82be2-a679-4588-a99e-c7c5a89d3ce1}
2016-05-24 01:56 - 2016-05-26 13:38 - 26754499 _____ C:\Users\Administrador\AppData\Local\Temp\~GDBSAVE.ST2
2016-05-24 01:56 - 2016-05-26 13:38 - 26751973 _____ C:\Users\Administrador\AppData\Local\Temp\~GDBSAVE.ST1
2016-05-24 01:00 - 2016-05-26 10:42 - 00000000 ____D C:\Users\Administrador\AppData\Local\Temp\7773178
2016-05-22 19:09 - 2016-05-22 19:09 - 00000610 _____ C:\Users\Public\Downloads\desktop.ini.How_To_Decrypt.txt
2016-05-22 19:09 - 2016-05-22 19:09 - 00000610 _____ C:\Users\Public\Documents\desktop.ini.How_To_Decrypt.txt
2016-05-22 19:09 - 2016-05-22 19:09 - 00000610 _____ C:\Users\Public\Desktop\desktop.ini.How_To_Decrypt.txt
2016-05-22 19:09 - 2016-05-22 19:09 - 00000610 _____ C:\Users\Public\desktop.ini.How_To_Decrypt.txt
2016-05-22 19:09 - 2016-05-22 19:09 - 00000610 _____ C:\Users\desktop.ini.How_To_Decrypt.txt
2016-05-22 19:06 - 2016-05-22 19:06 - 00000610 _____ C:\Users\Administrador\ntuser.ini.How_To_Decrypt.txt
2016-05-22 19:06 - 2016-05-22 19:06 - 00000610 _____ C:\Users\Administrador\Documents\desktop.ini.How_To_Decrypt.txt
2016-05-22 19:06 - 2016-05-22 19:06 - 00000610 _____ C:\Users\Administrador\Documents\Default.rdp.How_To_Decrypt.txt
2016-05-22 19:06 - 2016-05-22 19:06 - 00000610 _____ C:\Users\Administrador\Desktop\desktop.ini.How_To_Decrypt.txt
2016-05-22 19:00 - 2016-05-22 19:00 - 00000610 _____ C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini.How_To_Decrypt.txt
2016-05-22 19:00 - 2016-05-22 19:00 - 00000610 _____ C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini.How_To_Decrypt.txt
2016-05-22 19:00 - 2016-05-22 19:00 - 00000610 _____ C:\Users\Administrador\AppData\Local\Temp\chrome_installer.log.How_To_Decrypt.txt
2016-05-22 19:00 - 2016-05-22 19:00 - 00000610 _____ C:\Users\Administrador\AppData\Local\Temp\B57E.tmp.How_To_Decrypt.txt
2016-05-22 19:00 - 2016-05-22 19:00 - 00000610 _____ C:\Users\Administrador\AppData\Local\Temp\AV-10772-11-0.How_To_Decrypt.txt
2016-05-22 19:00 - 2016-05-22 19:00 - 00000610 _____ C:\Users\Administrador\AppData\Local\Temp\AdobeSFX.log.How_To_Decrypt.txt
2016-05-22 19:00 - 2016-05-22 19:00 - 00000610 _____ C:\Users\Administrador\AppData\Local\Temp\A74B.tmp.How_To_Decrypt.txt
2016-05-22 18:47 - 2016-05-22 18:47 - 00000610 _____ C:\Users\Administrador\AppData\Local\Temp\24C5.tmp.How_To_Decrypt.txt
2016-05-22 18:43 - 2016-05-22 18:43 - 00000610 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini.How_To_Decrypt.txt
2016-05-22 18:42 - 2016-05-22 18:42 - 00000610 _____ C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini.How_To_Decrypt.txt
2016-05-22 18:32 - 2016-05-22 18:32 - 00000610 _____ C:\Program Files (x86)\desktop.ini.How_To_Decrypt.txt
2016-05-22 18:31 - 2016-05-22 18:31 - 00000610 _____ C:\Program Files\desktop.ini.How_To_Decrypt.txt
2016-05-17 00:07 - 2016-05-26 00:26 - 00000000 ____D C:\Users\Administrador\AppData\Local\Temp\4

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Kevin Zoll · June 2, 2016

Thread Closed

Reason: Lack of Response

PM either Kevin, Elise, or Arthur to have this thread reopened.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.

Sign In

My pc ecriptado by cryptorlocker , .encrypted extension

Recommended Posts

thomny 0

Link to post

Share on other sites

Kevin Zoll 309

Link to post

Share on other sites

Kevin Zoll 309

Link to post

Share on other sites

Recently Browsing 0 members

Products & Services

Ransomware/Malware Removal

Partners

Resources

Company

Browse

Activity