reva

Beste Jion, Bedankt voor de snelle reactie. Hierbij de log: code] HitmanPro 3.7.3.194 www.hitmanpro.com Computer name . . . . : ALPITEC-PC Windows . . . . . . . : 6.1.1.7601.X86/2 User name . . . . . . : NT AUTHORITY\SYSTEM UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2013-04-25 14:12:21 Scan mode . . . . . . : Normal Scan duration . . . . : 3m 55s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : Yes Threats . . . . . . . : 2 Traces . . . . . . . : 5 Objects scanned . . . : 1.581.034 Files scanned . . . . : 14.848 Remnants scanned . . : 325.049 files / 1.241.137 keys Malware _____________________________________________________________________ C:\Users\Alpitec\AppData\Roaming\AltShell.dat -> Quarantined Size . . . . . . . : 45.056 bytes Age . . . . . . . : 0.1 days (2013-04-25 11:18:03) Entropy . . . . . : 7.3 SHA-256 . . . . . : 4463FC32685BCAC43AD56E9AD130A9DF682DF96F2A78A197233A7BFB6AC3BE00 Parent Name . . . : C:\Windows\System32\userinit.exe Running processes : 2188 > HitmanPro . . . . : Win32/Ransomware.Behavior Fuzzy . . . . . . : 64.0 Substitutes Explorer.exe as the default shell. Malware tends to start this way. This file was most recently added as automatic startup. The file name extension of this program is not common. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. Time indicates that the file appeared recently on this computer. The file is in use by one or more active processes. Startup HKU\S-1-5-21-3062237543-739346878-37038767-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell References C:\Users\Alpitec\AppData\Roaming\AltShell.ini Forensic Cluster 0.0s C:\Users\Alpitec\AppData\Roaming\AltShell.dat 0.6s C:\Users\Alpitec\AppData\Roaming\AltShell.ini 3.1s C:\Users\Alpitec\AppData\Local\Temp\a-squared.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\adaware.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\arcavir.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\av_noav.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\avast.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\avg.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\avira.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\bitdefender.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\clamwin.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\comodo.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\drweb.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\error.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\ewido.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\f-prot.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\f-secure.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\gdata.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\header.jpg 3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_1.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_2.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_2_1.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_2_10.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_2_2.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_2_3.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_2_4.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_2_5.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_2_6.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_2_7.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_2_8.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_2_9.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_3_1.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_3_2.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_3_3.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_3_4.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_3_5.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_3_6.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_5_1.jpg 3.1s C:\Users\Alpitec\AppData\Local\Temp\ikarus.png 3.1s C:\Users\Alpitec\AppData\Local\Temp\index.html 3.2s C:\Users\Alpitec\AppData\Local\Temp\kaspersky.png 3.2s C:\Users\Alpitec\AppData\Local\Temp\mcafee.png 3.2s C:\Users\Alpitec\AppData\Local\Temp\me_error.png 3.2s C:\Users\Alpitec\AppData\Local\Temp\me_notice.png 3.2s C:\Users\Alpitec\AppData\Local\Temp\mse.png 3.2s C:\Users\Alpitec\AppData\Local\Temp\nod32.png 3.2s C:\Users\Alpitec\AppData\Local\Temp\norton.png 3.2s C:\Users\Alpitec\AppData\Local\Temp\nosignal.jpg 3.2s C:\Users\Alpitec\AppData\Local\Temp\notice.png 3.2s C:\Users\Alpitec\AppData\Local\Temp\onecare.png 3.2s C:\Users\Alpitec\AppData\Local\Temp\outpost.png 3.2s C:\Users\Alpitec\AppData\Local\Temp\panda.png 3.2s C:\Users\Alpitec\AppData\Local\Temp\sophos.png 3.2s C:\Users\Alpitec\AppData\Local\Temp\style.css 3.2s C:\Users\Alpitec\AppData\Local\Temp\trendmicro.png 3.2s C:\Users\Alpitec\AppData\Local\Temp\vba.png 3.2s C:\Users\Alpitec\AppData\Local\Temp\vexira.png 3.2s C:\Users\Alpitec\AppData\Local\Temp\zonealarm.png 4.1s C:\Users\Alpitec\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013042520130426\ 4.1s C:\Users\Alpitec\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013042520130426\index.dat C:\Windows\system32\.exe -> Quarantined Size . . . . . . . : 39.558 bytes Age . . . . . . . : 606.6 days (2011-08-27 22:41:56) Entropy . . . . . : 6.8 SHA-256 . . . . . : ECBE0AFA6BBBBF0F0E5FFF12081E9020C61571A6291605A6BD0C179288A550D5 Needs elevation . : Yes > Emsisoft . . . . . : Malware.Win32.AMN!A2 > G Data . . . . . . : Trojan.Generic.6579245 (Engine A) Fuzzy . . . . . . : 108.0 Is het nu volledig opgelost? Bedankt voor de hulp!

Beste, Mijn comupter is geblokkeerd door een politievirus/ransomeware. Heb al enkele dingen gelezen over gelijkaardige voorvallen maar er zijn blijkbaar toch wat verschillen. Kan er iemand me helpen? Computer staat af (geforceerd) maar heb hem nog niet in veilige modus herstart. Alvast bedankt