Olimpo Informatico

[livonet]

Anche io sono stato infettato , ed ho i file excell criptati
c'e' una soluzione grazie
nelle cartelle ho 4
HELP_DECRYPT

[livonet]

OTL.Txt

[livonet]

Extras.Txt

[R16]

Ciao e benvenuto.
Il log di OTL è vuoto.

Disinstalla SpyHunter 4 da "programmi e funzionalità". (non serve a niente)
Dopo la disinstallazione fai una pulizia con CCleaner. (registro compreso)

Poi:
Segui le indicazioni di questa guida:
http://forum.zeusnews.com/viewtopic.php?t=65236
Posta i log richiesti nelle modalità indicate a fine link.

Per ultimo esegui anche una scansione con FRST:

Scarica FRST sul desktop: (è obligatorio)

Installa la versione adatta al tuo Sistema Operativo (32 bit oppure 64 bit )

link

Avvialo e clicca Esegui.

Sulla finestra che ti compare clicca SI.

Clicca Scan.

Aspetta pazientemente la fine della scansione.

Posta i 2 log log che rilascia sul desktop (FRST.txt e Addition.txt)

[livonet]

log malware.txt

[livonet]

.txt]AdwCleaner[C1].txt

[livonet]

JRT.txt

[livonet]

OTL.Txt

[livonet]

Extras.Txt

[livonet]

FRST.txt

[livonet]

Addition.txt

Pensi che posso decriptare i file? e se si come ?

[livonet]

Addition.txt

[R16]

Ciao.
I log che hai postato (a parte Malwarebytes) sono vuoti.
Prova aprirli, e vedrai.
Senza vedere i log di OTL oppure FRST, non posso continuare.

[ciocca956]

Ciao r16.
In questo articolo si conferma sostanzialmente che difficilmente i File sono decriptabili.
Interessante secondo me il fatto che viene spiegato come vedere quanti e quali file sono effettivamente criptati e quali eventualmente no.
http://www.micheleangeletti.it/articoli/150316-come-funziona-cryptolocker.html

[R16]

[livonet]

Desktop.rar

provo a mandarteli cosi

[R16]

Ok, così vanno bene.

Disinstalla AVG da "Installazione Applicazioni".
Serve 1 antivirus solo, per cui puoi tenere Panda Security.

Poi:
scarica questo file sul desktop: (dove si trova FRST)

link

Avvia FRST e clicca su FIX .

Attendi la fine della scansione.
Posta il file fixlog.txt.

Rifai una nuova scansione con OTL.
Posta il log.

Log da postare:
fixlog.txt
OTL.

[livonet]

frst-otl.rar

Ecco i log
grazie

[R16]

Avvia OTL.

Sotto "Custom Scans\Fixes" nel box bianco, copia-incolla questo codice: (NON copiare la parola Codice )

[livonet]

All processes killed
========== OTL ==========
127.0.0.1 http://www.driver-soft.com removed from HOSTS file successfully
127.0.0.1 www.driver-soft.com removed from HOSTS file successfully
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\Documents and Settings\All Users\Dati deleted successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery folder moved successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Logs folder moved successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Excludes folder moved successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Backups folder moved successfully.
C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy folder moved successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET10F2.tmp deleted successfully.
C:\WINDOWS\System32\SET10F6.tmp deleted successfully.
C:\WINDOWS\System32\SET10FE.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\Documents and Settings\stefano\Documenti\HELP_DECRYPT.PNG moved successfully.
C:\Documents and Settings\All Users\Documenti\HELP_DECRYPT.PNG moved successfully.
C:\Documents and Settings\All Users\Dati applicazioni\HELP_DECRYPT.PNG moved successfully.
C:\Documents and Settings\stefano\HELP_DECRYPT.PNG moved successfully.
File C:\Documents and Settings\stefano\Documenti\HELP_DECRYPT.PNG not found.
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\HELP_DECRYPT.PNG moved successfully.
File C:\Documents and Settings\All Users\Documenti\HELP_DECRYPT.PNG not found.
File C:\Documents and Settings\All Users\Dati applicazioni\HELP_DECRYPT.PNG not found.
========== FILES ==========
< ipconfig /flushdns /c >
Configurazione IP di Windows
Svuotata la cache del resolver DNS.
C:\Documents and Settings\stefano\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\stefano\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 66097 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: stefano
->Temp folder emptied: 15499 bytes
->Temporary Internet Files folder emptied: 542106 bytes
->Google Chrome cache emptied: 100150729 bytes
->Flash cache emptied: 0 bytes

User: stefano.LIVONET-773F5A3
->Temp folder emptied: 322362198 bytes
->Temporary Internet Files folder emptied: 156689767 bytes
->Flash cache emptied: 1012 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5510 bytes
RecycleBin emptied: 477196128 bytes

Total Files Cleaned = 1.008,00 mb


[EMPTYJAVA]

User: All Users

User: Default User

User: Default User.WINDOWS

User: LocalService

User: LocalService.NT AUTHORITY

User: NetworkService

User: NetworkService.NT AUTHORITY

User: stefano

User: stefano.LIVONET-773F5A3

Total Java Files Cleaned = 0,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default User

User: Default User.WINDOWS

User: LocalService

User: LocalService.NT AUTHORITY

User: NetworkService

User: NetworkService.NT AUTHORITY

User: stefano
->Flash cache emptied: 0 bytes

User: stefano.LIVONET-773F5A3
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Error: Unable to interpret <[Reboot] - See more at: http://forum.zeusnews.com/viewtopic.php?p=651691#651691> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 10102015_134335

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...