Beste Jion,
Bedankt voor de snelle reactie.
Hierbij de log:
code]
HitmanPro 3.7.3.194
www.hitmanpro.com
Computer name . . . . : ALPITEC-PC
Windows . . . . . . . : 6.1.1.7601.X86/2
User name . . . . . . : NT AUTHORITY\SYSTEM
UAC . . . . . . . . . : Disabled
License . . . . . . . : Trial (30 days left)
Scan date . . . . . . : 2013-04-25 14:12:21
Scan mode . . . . . . : Normal
Scan duration . . . . : 3m 55s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : Yes
Threats . . . . . . . : 2
Traces . . . . . . . : 5
Objects scanned . . . : 1.581.034
Files scanned . . . . : 14.848
Remnants scanned . . : 325.049 files / 1.241.137 keys
Malware _____________________________________________________________________
C:\Users\Alpitec\AppData\Roaming\AltShell.dat -> Quarantined
Size . . . . . . . : 45.056 bytes
Age . . . . . . . : 0.1 days (2013-04-25 11:18:03)
Entropy . . . . . : 7.3
SHA-256 . . . . . : 4463FC32685BCAC43AD56E9AD130A9DF682DF96F2A78A197233A7BFB6AC3BE00
Parent Name . . . : C:\Windows\System32\userinit.exe
Running processes : 2188
> HitmanPro . . . . : Win32/Ransomware.Behavior
Fuzzy . . . . . . : 64.0
Substitutes Explorer.exe as the default shell. Malware tends to start this way.
This file was most recently added as automatic startup.
The file name extension of this program is not common.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Program is running but currently exposes no human-computer interface (GUI).
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
The file is in use by one or more active processes.
Startup
HKU\S-1-5-21-3062237543-739346878-37038767-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
References
C:\Users\Alpitec\AppData\Roaming\AltShell.ini
Forensic Cluster
0.0s C:\Users\Alpitec\AppData\Roaming\AltShell.dat
0.6s C:\Users\Alpitec\AppData\Roaming\AltShell.ini
3.1s C:\Users\Alpitec\AppData\Local\Temp\a-squared.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\adaware.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\arcavir.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\av_noav.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\avast.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\avg.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\avira.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\bitdefender.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\clamwin.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\comodo.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\drweb.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\error.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\ewido.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\f-prot.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\f-secure.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\gdata.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\header.jpg
3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_1.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_2.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_2_1.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_2_10.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_2_2.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_2_3.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_2_4.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_2_5.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_2_6.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_2_7.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_2_8.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_2_9.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_3_1.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_3_2.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_3_3.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_3_4.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_3_5.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_3_6.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\ic_5_1.jpg
3.1s C:\Users\Alpitec\AppData\Local\Temp\ikarus.png
3.1s C:\Users\Alpitec\AppData\Local\Temp\index.html
3.2s C:\Users\Alpitec\AppData\Local\Temp\kaspersky.png
3.2s C:\Users\Alpitec\AppData\Local\Temp\mcafee.png
3.2s C:\Users\Alpitec\AppData\Local\Temp\me_error.png
3.2s C:\Users\Alpitec\AppData\Local\Temp\me_notice.png
3.2s C:\Users\Alpitec\AppData\Local\Temp\mse.png
3.2s C:\Users\Alpitec\AppData\Local\Temp\nod32.png
3.2s C:\Users\Alpitec\AppData\Local\Temp\norton.png
3.2s C:\Users\Alpitec\AppData\Local\Temp\nosignal.jpg
3.2s C:\Users\Alpitec\AppData\Local\Temp\notice.png
3.2s C:\Users\Alpitec\AppData\Local\Temp\onecare.png
3.2s C:\Users\Alpitec\AppData\Local\Temp\outpost.png
3.2s C:\Users\Alpitec\AppData\Local\Temp\panda.png
3.2s C:\Users\Alpitec\AppData\Local\Temp\sophos.png
3.2s C:\Users\Alpitec\AppData\Local\Temp\style.css
3.2s C:\Users\Alpitec\AppData\Local\Temp\trendmicro.png
3.2s C:\Users\Alpitec\AppData\Local\Temp\vba.png
3.2s C:\Users\Alpitec\AppData\Local\Temp\vexira.png
3.2s C:\Users\Alpitec\AppData\Local\Temp\zonealarm.png
4.1s C:\Users\Alpitec\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013042520130426\
4.1s C:\Users\Alpitec\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013042520130426\index.dat
C:\Windows\system32\.exe -> Quarantined
Size . . . . . . . : 39.558 bytes
Age . . . . . . . : 606.6 days (2011-08-27 22:41:56)
Entropy . . . . . : 6.8
SHA-256 . . . . . : ECBE0AFA6BBBBF0F0E5FFF12081E9020C61571A6291605A6BD0C179288A550D5
Needs elevation . : Yes
> Emsisoft . . . . . : Malware.Win32.AMN!A2
> G Data . . . . . . : Trojan.Generic.6579245 (Engine A)
Fuzzy . . . . . . : 108.0
Is het nu volledig opgelost?
Bedankt voor de hulp!