[CLOSED] Teslacrypt Virus has encrypted my files and added the .ccc extension to them

[miloudaki]

On Nov 12th my PC was invaded by the Teslacrypt virus and as a result all my photos and documents are now encrypted and the .ccc extension has been added to them.
There was no master key included in any application or windows folder (I searched the entire PC), however I did find some suspicious registry keys which as it turned out also contained the bitcoin address (you can find those below in hex format for your reference).
I have tried several decryption programs but nothing has worked so far. Unfortunately I did not have a backup of those files so it is impossible for me to recover them somehow differently.

Is there anyone who could help me with this? Has anyone managed to decrypt the files after this new version of the Teslacrypt virus has appeared?

Thank you in advance for your support!

Bitcoin address: 1LEbRF44xR7HvEx9PAFQwkWFYiGVZAQ8Xe


Key Name: HKEY_CURRENT_USER\Software\26B9F8022E296F (same value was also found for key HKEY_USERS\S-1-5-21-3329602511-4222242022-1132340100-1001\Software\26B9F8022E296F)
Class Name: <NO CLASS>
Last Write Time: 12/11/2015 - 5:10 πμ
Value 0
Name: data
Type: REG_BINARY
Data:
00000000 31 4c 45 62 52 46 34 34 - 78 52 37 48 76 45 78 39 1LEbRF44xR7HvEx9
00000010 50 41 46 51 77 6b 57 46 - 59 69 47 56 5a 41 51 38 PAFQwkWFYiGVZAQ8
00000020 58 65 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 Xe..............
00000030 04 e9 2d a1 5c 3b 06 d0 - 11 d9 79 77 d8 3f 19 f3 .é-¡\;.Ð.ÙywØ?.ó
00000040 0a 9b 3d dc 18 76 1e 86 - 3b 7e 97 dd a2 4b c6 dd ..=Ü.v..;~.Ý¢KÆÝ
00000050 97 d7 96 c5 d0 a7 dc 0a - 32 e1 8d d7 be be 3d 72 .×.ÅЧÜ.2á.×¾¾=r
00000060 ce 6b 4f ac 3a ff 0e 43 - bc 28 08 74 46 3b 22 84 ÎkO¬:ÿ.C¼(.tF;".
00000070 7a 00 00 30 32 33 41 34 - 37 33 37 32 35 44 30 34 z..023A473725D04
00000080 37 31 46 45 33 38 31 35 - 30 39 43 33 32 33 38 37 71FE381509C32387
00000090 43 37 35 39 44 33 45 30 - 37 34 45 30 35 37 37 34 C759D3E074E05774
000000a0 33 34 30 32 32 46 38 36 - 37 34 46 36 45 45 41 36 34022F8674F6EEA6
000000b0 44 36 37 35 34 43 35 30 - 33 30 36 44 35 39 43 30 D6754C50306D59C0
000000c0 46 32 43 31 44 37 37 32 - 46 35 39 35 36 32 38 43 F2C1D772F595628C
000000d0 35 45 43 35 32 44 34 30 - 37 30 46 36 37 43 37 34 5EC52D4070F67C74
000000e0 39 30 41 38 42 31 38 31 - 31 36 30 37 33 30 31 43 90A8B1811607301C
000000f0 46 39 34 00 00 00 00 04 - 90 46 f4 26 1e 6a 34 f4 F94......Fô&.j4ô
00000100 08 e0 61 db 5f 35 ec d8 - 7c eb ea 93 6a 48 b2 e0 .àaÛ_5ìØ|ëê.jH²à
00000110 bf a6 f6 d1 4a 7b 21 45 - 5e bb e1 aa 23 fb 1f 7b ¿¦öÑJ{!E^»áª#û.{
00000120 e3 2d cc 21 98 03 b6 70 - fb 42 aa b8 33 51 33 76 ã-Ì!..¶pûBª¸3Q3v
00000130 9a 94 d8 cd fc 7f 13 c5 - 00 00 00 00 00 00 00 00 ..ØÍü..Å........
00000140 3b 03 44 56 00 00 00 00 - ;.DV....

[VirusBuster]

We are sorry for the inconveniences caused by the infection, Panda has a great virus detection capability, in fact we detect more than 200.000 new different threats every day. But sometimes there is a little time window, since the delinquent launches his attack until this threat can be neutralized, during which a minimal percentage of users become infected. We are working to minimize this window exposure for our users as much as possible.

Assuring your online security and your machine’s protection is our principal mission. But it is also very important that you follow a series of basic advises that will avoid your machine becomes infected:

• Keep your software updated (so as to avoid someone uses known security holes to infect your machine).
• Do not execute files from unknown sources.
• Backup your most valuable information. Having a backup your files protects you from these attacks and even from other kind of problems (hardware failures, etc).

You can find more information and basic protection advises in the following web help http://www.pandasecurity.com/homeusers/ ... rd?id=1679

[hyperion]

Have you verified if the ransomware has deleted the shadowcopies?

[chu_bun]

Have you seen this article?
https://en.wikipedia.org/wiki/TeslaCrypt

Decrypt is available for earlier version. Otherwise, you will unfortunately have to pay the ransom.