Spyware (fake anti-virus e.a.)

[buffalo18]

Ik heb de laatste dagen last van een fake-antivirusprogramma dat zich telkens vanzelf voor m'n ogen installeert op m'n pc, je kan het installatievenster natuurlijk niet wegklikken... Ook komt er bij het opstarten een fake security-center op m'n scherm. En om de zoveel tijd komen er links naar verschillende websites op m'n bureaublad.

Ik heb nu gezien dat ADaware een proces heeft geblokt, maar hieronder het rapport.

Ik heb al veel scans gedaan met ADaware, maar telkens opnieuw vindt hij dezelfde bestanden, ze komen steeds terug. Ik wou ook nog een hijackscan doen maar ik krijg error bij opstarten 'kan ...hijackthis.exe' niet starten...

Logfile created: 16/07/2010 19:24:03

Ad-Aware version: 8.2.6

Extended engine: 81608688

Extended engine version:

User performing scan: Name

*********************** Definitions database information ***********************

Lavasoft definition file: 149.330

Genotype definition file version: 2010/07/15 08:06:49

******************************** Scan results: *********************************

Scan profile name: Slim. scan (ID: smart)

Objects scanned: 32033

Objects detected: 31

Type Detected

==========================

Processes.......: 3

Registry entries: 3

Hostfile entries: 0

Files...........: 1

Folders.........: 8

LSPs............: 0

Cookies.........: 16

Browser hijacks.: 0

MRU objects.....: 0

Removed items:

Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0

Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0

Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0

Description: *bs.serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408902 Family ID: 0

Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0

Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0

Description: *metriweb* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408990 Family ID: 0

Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0

Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0

Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0

Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0

Description: *bs.serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408902 Family ID: 0

Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0

Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0

Description: *metriweb* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408990 Family ID: 0

Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0

Description: c:\program files (x86)\defense center Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 4105629 Family ID: 2494514

Description: c:\program files (x86)\defense center Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 4105629 Family ID: 2494514

Description: c:\program files (x86)\defense center Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 4105629 Family ID: 2494514

Description: c:\program files (x86)\defense center Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 4105629 Family ID: 2494514

Description: c:\users\name\appdata\roaming\microsoft\windows\start menu\programs\defense center Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 4105632 Family ID: 2494514

Description: c:\users\name\appdata\roaming\microsoft\windows\start menu\programs\defense center Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 4105632 Family ID: 2494514

Description: c:\users\name\appdata\roaming\microsoft\windows\start menu\programs\defense center Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 4105632 Family ID: 2494514

Description: c:\users\name

\appdata\roaming\microsoft\windows\start menu\programs\defense center Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 4105632 Family ID: 2494514

Quarantined items:

Description: c:\users\name\appdata\local\temp\msderun.exe Family Name: Win32.Trojan.FakeAV Engine: 1 Clean status: Success Item ID: 4296987 Family ID: 5429

Description: c:\users\name\appdata\local\temp\mschrt20ex.dll Family Name: Win32.Trojan.FakeAV Engine: 1 Clean status: Success Item ID: 4296981 Family ID: 5429

Description: c:\users\name\appdata\local\temp\wscsvc32.exe Family Name: Win32.Trojan.Fraudpack Engine: 1 Clean status: Success Item ID: 4296912 Family ID: 5226

Description: c:\program files (x86)\defense center\defcnt.exe Family Name: Win32.FraudTool.PaladinAntivirus/A Engine: 1 Clean status: Success Item ID: 0 Family ID: 0 MD5: 5fe9c026b40db8177ec69ddfd30620e2

Description: HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{5E2121EE-0300-11D4-8D3B-444553540000} Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 3429946 Family ID: 2494514

Description: HKLM:SOFTWARE\Defense Center: Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 4105626 Family ID: 2494514

Description: HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Defense Center: Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 4105627 Family ID: 2494514

Scan and cleaning complete: Finished correctly after 151 seconds

*********************************** Settings ***********************************

Scan profile:

ID: smart, enabled:1, value: Slim. scan

ID: folderstoscan, enabled:1, value:

ID: useantivirus, enabled:1, value: true

ID: sections, enabled:1

ID: scancriticalareas, enabled:1, value: true

ID: scanrunningapps, enabled:1, value: true

ID: scanregistry, enabled:1, value: true

ID: scanlsp, enabled:1, value: true

ID: scanads, enabled:1, value: false

ID: scanhostsfile, enabled:1, value: false

ID: scanmru, enabled:1, value: false

ID: scanbrowserhijacks, enabled:1, value: true

ID: scantrackingcookies, enabled:1, value: true

ID: closebrowsers, enabled:1, value: false

ID: filescanningoptions, enabled:1

ID: archives, enabled:1, value: false

ID: onlyexecutables, enabled:1, value: true

ID: skiplargerthan, enabled:1, value: 20480

ID: scanrootkits, enabled:1, value: true

ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict

ID: usespywareheuristics, enabled:1, value: true

Scan global:

ID: global, enabled:1

ID: addtocontextmenu, enabled:1, value: true

ID: playsoundoninfection, enabled:1, value: false

ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

Scheduled scan settings:

<Empty>

Update settings:

ID: updates, enabled:1

ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently

ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall

ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall

ID: schedules, enabled:1, value: true

ID: updatedaily1, enabled:1, value: Daily 1

ID: time, enabled:1, value: Wed Apr 28 20:37:00 2010

ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: false

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

ID: updatedaily2, enabled:1, value: Daily 2

ID: time, enabled:1, value: Wed Apr 28 02:37:00 2010

ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: false

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

ID: updatedaily3, enabled:1, value: Daily 3

ID: time, enabled:1, value: Wed Apr 28 08:37:00 2010

ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: false

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

ID: updatedaily4, enabled:1, value: Daily 4

ID: time, enabled:1, value: Wed Apr 28 14:37:00 2010

ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: false

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

ID: updateweekly1, enabled:1, value: Weekly

ID: time, enabled:1, value: Wed Apr 28 20:37:00 2010

ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: true

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: true

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:

ID: appearance, enabled:1

ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource

ID: showtrayicon, enabled:1, value: true

ID: autoentertainmentmode, enabled:1, value: false

ID: guimode, enabled:1, value: mode_advanced, domain: mode_advanced,mode_simple

ID: language, enabled:1, value: nl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:

ID: realtime, enabled:1

ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant

ID: layers, enabled:1

ID: useantivirus, enabled:1, value: false

ID: usespywareheuristics, enabled:1, value: false

ID: modules, enabled:1

ID: processprotection, enabled:1, value: true

ID: onaccessprotection, enabled:1, value: true

ID: registryprotection, enabled:1, value: true

ID: networkprotection, enabled:1, value: true

****************************** System information ******************************

Computer name: name-PC

Processor name: Intel® Core2 Quad CPU Q9000 @ 2.00GHz

Processor identifier: Intel64 Family 6 Model 23 Stepping 10

Processor speed: ~1995MHZ

Raw info: processorarchitecture 9, processortype 8664, processorlevel 6, processor revision 5898, number of processors 4, processor features: [MMX,SSE,SSE2,SSE3]

Physical memory available: 2799980544 bytes

Physical memory total: 4289650688 bytes

Virtual memory available: 1967296512 bytes

Virtual memory total: 2147352576 bytes

Memory load: 34%

Microsoft (build 7600)

Windows startup mode:

Running processes:

PID: 336 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY

PID: 532 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY

PID: 600 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT AUTHORITY

PID: 624 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY

PID: 664 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT AUTHORITY

PID: 680 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT AUTHORITY

PID: 688 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT AUTHORITY

PID: 808 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY

PID: 868 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT AUTHORITY

PID: 908 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY

PID: 968 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY

PID: 1000 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY

PID: 304 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY

PID: 824 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY

PID: 1088 name: C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1120 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY

PID: 1252 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1296 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1532 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1560 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1588 name: C:\Windows\System32\taskeng.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1604 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY

PID: 1696 name: C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1944 name: C:\Program Files\LSI SoftModem\agr64svc.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1976 name: C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2016 name: C:\Program Files (x86)\Acer\Registration\GregHSRW.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1232 name: C:\Program Files (x86)\Acer Bio Protection\BASVC.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1228 name: C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2056 name: C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2076 name: C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2128 name: C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2172 name: C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2196 name: C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2236 name: C:\Program Files (x86)\Retrospect\Retrospect 7.6\retrorun.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2256 name: C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2344 name: C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2380 name: C:\Program Files\Acer\Acer Updater\UpdaterService.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2404 name: C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2424 name: C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2616 name: C:\Windows\System32\taskhost.exe owner: name domain: name-PC

PID: 2688 name: C:\Windows\System32\taskeng.exe owner: name domain: name-PC

PID: 2720 name: C:\Windows\System32\dwm.exe owner: name domain: name-PC

PID: 2812 name: C:\Windows\explorer.exe owner: name domain: name-PC

PID: 2984 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY

PID: 3008 name: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2492 name: C:\Windows\servicing\TrustedInstaller.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2524 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY

PID: 3140 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY

PID: 3224 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT AUTHORITY

PID: 3440 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY

PID: 3712 name: C:\Users\name\AppData\Local\Temp\MSDERUN.EXE owner: name domain: name-PC

PID: 3768 name: C:\Windows\PLFSetI.exe owner: name domain: name-PC

PID: 3784 name: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe owner: name domain: name-PC

PID: 3820 name: C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe owner: name domain: name-PC

PID: 3832 name: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe owner: name domain: name-PC

PID: 3848 name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe owner: name domain: name-PC

PID: 4052 name: C:\Users\name\AppData\Local\Temp\wscsvc32.exe owner: name domain: name-PC

PID: 3272 name: C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe owner: name domain: name-PC

PID: 3584 name: C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe owner: name domain: name-PC

PID: 3576 name: C:\Program Files (x86)\Launch Manager\LManager.exe owner: name domain: name-PC

PID: 1808 name: C:\Program Files\Synaptics\SynTP\SynTPHelper.exe owner: name domain: name-PC

PID: 2768 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT AUTHORITY

PID: 3808 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: NETWORK SERVICE domain: NT AUTHORITY

PID: 4192 name: C:\Windows\System32\SearchProtocolHost.exe owner: SYSTEM domain: NT AUTHORITY

PID: 4216 name: C:\Windows\System32\SearchFilterHost.exe owner: SYSTEM domain: NT AUTHORITY

PID: 4500 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY

PID: 4672 name: C:\Program Files (x86)\Internet Explorer\iexplore.exe owner: name domain: name-PC

PID: 4724 name: C:\Program Files (x86)\Internet Explorer\iexplore.exe owner: name domain: name-PC

PID: 2092 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe owner: name domain: name-PC

PID: 4088 name: C:\Program Files (x86)\Nero\Update\NASvc.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2296 name: C:\Windows\System32\sppsvc.exe owner: NETWORK SERVICE domain: NT AUTHORITY

PID: 4488 name: C:\Windows\System32\PrintIsolationHost.exe owner: SYSTEM domain: NT AUTHORITY

Startup items:

Name: EgisTecLiveUpdate

imagepath: "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"

Name: LManager

imagepath: C:\Program Files (x86)\Launch Manager\LManager.exe

Name: WebCheck

imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

Name:

imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

Name:

imagepath: C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

Bootexecute items:

Name:

imagepath: autocheck autochk *

Name:

imagepath: lsdelete

Running services:

Name: AeLookupSvc

displayname: Application Experience

Name: AgereModemAudio

displayname: Agere Modem Call Progress Audio

Name: AudioEndpointBuilder

displayname: Windows Audio Endpoint Builder

Name: AudioSrv

displayname: Windows Audio

Name: BFE

displayname: Base Filtering Engine

Name: BITS

displayname: Background Intelligent Transfer Service

Name: Browser

displayname: Computer Browser

Name: bthserv

displayname: Bluetooth Support Service

Name: CryptSvc

displayname: Cryptographic Services

Name: DcomLaunch

displayname: DCOM Server Process Launcher

Name: Dhcp

displayname: DHCP-client

Name: Dnscache

displayname: DNS Client

Name: DPS

displayname: Diagnostic Policy Service

Name: EapHost

displayname: Extensible Authentication Protocol

Name: ePowerSvc

displayname: Acer ePower Service

Name: eventlog

displayname: Windows Event Log

Name: EventSystem

displayname: COM+ Event System

Name: fdPHost

displayname: Function Discovery Provider Host

Name: FDResPub

displayname: Function Discovery Resource Publication

Name: gpsvc

displayname: Group Policy Client

Name: Greg_Service

displayname: GRegService

Name: hidserv

displayname: Human Interface Device Access

Name: HomeGroupListener

displayname: HomeGroup Listener

Name: HomeGroupProvider

displayname: HomeGroup Provider

Name: IAANTMON

displayname: Intel® Matrix Storage Event Monitor

Name: IGBASVC

displayname: EgisTec Service

Name: IKEEXT

displayname: IKE and AuthIP IPsec Keying Modules

Name: IPBusEnum

displayname: PnP-X IP Bus Enumerator

Name: iphlpsvc

displayname: IP Helper

Name: KeyIso

displayname: CNG Key Isolation

Name: LanmanServer

displayname: Server

Name: LanmanWorkstation

displayname: Workstation

Name: Lavasoft Ad-Aware Service

displayname: Lavasoft Ad-Aware Service

Name: lmhosts

displayname: TCP/IP NetBIOS Helper

Name: LVPrcS64

displayname: Process Monitor

Name: MMCSS

displayname: Multimedia Class Scheduler

Name: MpsSvc

displayname: Windows Firewall

Name: MWLService

displayname: MyWinLocker Service

Name: NAUpdate

displayname: Nero Update

Name: Netman

displayname: Network Connections

Name: netprofm

displayname: Network List Service

Name: NlaSvc

displayname: Network Location Awareness

Name: nsi

displayname: Network Store Interface Service

Name: NTI IScheduleSvc

displayname: NTI IScheduleSvc

Name: NTISchedulerSvc

displayname: NTI Backup Now 5 Scheduler Service

Name: nTuneService

displayname: Performance Service

Name: nvsvc

displayname: NVIDIA Display Driver Service

Name: p2pimsvc

displayname: Peer Networking Identity Manager

Name: p2psvc

displayname: Peer Networking Grouping

Name: PcaSvc

displayname: Program Compatibility Assistant Service

Name: PlugPlay

displayname: Plug and Play

Name: PNRPsvc

displayname: Peer Name Resolution Protocol

Name: Power

displayname: Power

Name: ProfSvc

displayname: User Profile Service

Name: RasMan

displayname: Remote Access Connection Manager

Name: RetroLauncher

displayname: Retrospect Launcher

Name: RpcEptMapper

displayname: RPC Endpoint Mapper

Name: RpcSs

displayname: Remote Procedure Call (RPC)

Name: RS_Service

displayname: Raw Socket Service

Name: SamSs

displayname: Security Accounts Manager

Name: Schedule

displayname: Task Scheduler

Name: SENS

displayname: System Event Notification Service

Name: ShellHWDetection

displayname: Shell Hardware Detection

Name: Spooler

displayname: Print Spooler

Name: sppsvc

displayname: Software Protection

Name: SSDPSRV

displayname: SSDP Discovery

Name: SstpSvc

displayname: Secure Socket Tunneling Protocol Service

Name: SysMain

displayname: Superfetch

Name: TapiSrv

displayname: Telephony

Name: Themes

displayname: Themes

Name: TrkWks

displayname: Distributed Link Tracking Client

Name: TrustedInstaller

displayname: Windows Modules Installer

Name: UpdateCenterService

displayname: Update Center Service

Name: Updater Service

displayname: Updater Service

Name: upnphost

displayname: UPnP Device Host

Name: UxSms

displayname: Desktop Window Manager Session Manager

Name: vpnagent

displayname: Cisco AnyConnect VPN Agent

Name: WDDMService

displayname: WD SmartWare Drive Manager Service

Name: WdiServiceHost

displayname: Diagnostic Service Host

Name: WdiSystemHost

displayname: Diagnostic System Host

Name: WDSmartWareBackgroundService

displayname: WD SmartWare Background Service

Name: WinDefend

displayname: Windows Defender

Name: WinHttpAutoProxySvc

displayname: WinHTTP Web Proxy Auto-Discovery Service

Name: Winmgmt

displayname: Windows Management Instrumentation

Name: Wlansvc

displayname: WLAN AutoConfig

Name: WMPNetworkSvc

displayname: Windows Media Player Network Sharing Service

Name: wscsvc

displayname: Security Center

Name: WSearch

displayname: Windows Search

Name: wuauserv

displayname: Windows Update

Name: wudfsvc

displayname: Windows Driver Foundation - User-mode Driver Framework

[kape]

Zie je ook schermen of pop-ups met de naam van dat fake antivirusprogramma ? Paladin Antivirus, misschien ?

Doe anders even dit :

Download HiJackThis

Dubbelklik op HJTInstall.exe

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

HijackThis zal openen na het installeren.

Klik op "Scan".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

N.B. : gebruikers van Windows Vista en Windows 7 zullen eerst moeten rechtsklikken op HijackThis.exe en dan kiezen voor "Run as Administrator".