Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

SERVICES.EXE laat cpu vrijwel constant 100% draaien

live4life
14 antwoorden
  • Hoi,

    Mijn processor draait vrijwel constant op 100%. De taskmanager geeft aan dat het proces SERVICES.EXE de boosdoener is. Ik heb de volgende programma's al laten draaien:

    -Norton AntiVirus

    -AdAware

    -CrapCleaner

    -Spybot Search and Destroy

    Tevens heb ik alle software waar ik twijfels bij had handmatig verwijderd.
    Als ik de PC herstart gaat het een uurtje redelijk goed (cpu tussen 20 en 70 procent heen en weer) daarna slaat hij weer naar full load.

    De PC is nauwelijks werkbaar zo.

    Waar kan dit aan liggen en los ik dit op?


    Gr. Thomas
  • Niet crossposten wil ook nog wel eens helpen.
  • [quote:c73ed3f354="live4life"]Hoi,

    Mijn processor draait vrijwel constant op 100%. De taskmanager geeft aan dat het proces SERVICES.EXE de boosdoener is. Ik heb de volgende programma's al laten draaien:

    -Norton AntiVirus

    -AdAware

    -CrapCleaner

    -Spybot Search and Destroy

    Tevens heb ik alle software waar ik twijfels bij had handmatig verwijderd.
    Als ik de PC herstart gaat het een uurtje redelijk goed (cpu tussen 20 en 70 procent heen en weer) daarna slaat hij weer naar full load.

    De PC is nauwelijks werkbaar zo.

    Waar kan dit aan liggen en los ik dit op?


    Gr. Thomas[/quote:c73ed3f354]

    Thomas, kijk eens op de volgende site. misschien kun je hier verder mee.

    http://www.liutilities.com/products/wintaskspro/processlibrary/services/

    rijshoorn
  • verplaatst naar b&p
  • Ik gok op een actieve rootkit.

    Download HijackThis.
    Unzip het. Sla het bestand op in een eigen map. Niet op je bureaublad of in je Temp-files. HijackThis maakt namelijk backups in de map waar het opgestart wordt.
    Run het programma. Klik op scan, save log en sla het log op als een .txt bestand.
    Kopieer en plak de volledige inhoud van dit logbestand in je volgende bericht.


    Download combofix.exe: http://download.bleepingcomputer.com/sUBs/combofix.exe
    Plaats het op je bureaublad.
    Dubbelklik er op om het programma te starten.
    In het scherm dat verschijnt tik je een Y in om het cleaningsprocess te starten.
    Volg de instructies op het scherm.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje.
  • Hieronder de gevraagde logs. Heb nog een registercleaner laten draaien, maar ondanks dat ik even dacht dat het verholpen was, vanmorgen weer hetzelfde liedje….

    Alvast bedankt voor alle hulp en input.

    HijackThis:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:25:39, on 22-12-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\DigitalPersona\Bin\DpHost.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\SysMetrix\SysMetrix.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Razer\razerhid.exe
    C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
    C:\PROGRAM FILES\WINAMP\winampa.exe
    C:\Program Files\Motherboard Monitor 5\MBM5.EXE
    C:\WINDOWS\tsnp2std.exe
    C:\Program Files\Razer\razerofa.exe
    C:\WINDOWS\vsnp2std.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
    C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
    C:\Program Files\WebcamMax\CAMTHINS.exe
    C:\WINDOWS\system32\scif\svchost.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    E:\Downloads\Zelf\utorrent.exe
    C:\PROGRAM FILES\MICROS~2\RAPIMGR.EXE
    C:\Program Files\eFax Messenger 4.2\J2GTray.exe
    C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
    C:\WINDOWS\system32\RaConfig2500.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\FireFox\firefox.exe
    C:\WINDOWS
    otepad.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F3 - REG:win.ini: run=
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACTIVEX\ACROIEHELPER.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRAM FILES\SPYBOT~1\SDHELPER.DLL
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\PROGRAM FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLL
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [ATITool] "C:\Program Files\ATITool\ATITool.exe" -s
    O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
    O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\PROGRAM FILES\WINAMP\winampa.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
    O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
    O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
    O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
    O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\CAMTHINS.exe" /m
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [µTorrent] "E:\Downloads\Zelf\utorrent.exe"
    O4 - Startup: Snelkoppeling naar wbload.lnk = C:\Program Files\Object Desktop\WindowBlinds\wbload.exe
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
    O4 - Global Startup: RaConfig2500.lnk = C:\WINDOWS\system32\RaConfig2500.exe
    O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - RES://C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL/ACROIECAPTURE.HTML
    O8 - Extra context menu item: Convert link target to existing PDF - RES://C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL/ACROIEAPPEND.HTML
    O8 - Extra context menu item: Convert selected links to Adobe PDF - RES://C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL/ACROIECAPTURESELLINKS.HTML
    O8 - Extra context menu item: Convert selected links to existing PDF - RES://C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL/ACROIEAPPENDSELLINKS.HTML
    O8 - Extra context menu item: Convert selection to Adobe PDF - RES://C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL/ACROIECAPTURE.HTML
    O8 - Extra context menu item: Convert selection to existing PDF - RES://C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL/ACROIEAPPEND.HTML
    O8 - Extra context menu item: Convert to Adobe PDF - RES://C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL/ACROIECAPTURE.HTML
    O8 - Extra context menu item: Convert to existing PDF - RES://C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL/ACROIEAPPEND.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - RES://C:\PROGRAM FILES\MICROS~1\OFFICE10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - RES://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\RESOURCE.DLL/RC_ADDTOLIST.HTML
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - RES://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\RESOURCE.DLL/RC_HSPRINT.HTML
    O8 - Extra context menu item: Easy-WebPrint Preview - RES://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\RESOURCE.DLL/RC_PREVIEW.HTML
    O8 - Extra context menu item: Easy-WebPrint Print - RES://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\RESOURCE.DLL/RC_PRINT.HTML
    O8 - Extra context menu item: Ontvang alles met FlashGet - C:\PROGRAM FILES\FLASHGET\JC_ALL.HTM
    O8 - Extra context menu item: Ontvang met FlashGet - C:\PROGRAM FILES\FLASHGET\JC_LINK.HTM
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin
    pjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin
    pjpi150_01.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROS~2\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROS~2\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROS~2\INETREPL.DLL
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\PROGRAM FILES\WINHTTRACK\WINHTTRACKIEBAR.DLL
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\PROGRAM FILES\WINHTTRACK\WINHTTRACKIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://www.hyves.nl/cab/outlookaddressbook.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140888456015
    O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4918/mcfscan.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
    O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
    O20 - Winlogon Notify: WBSrv - C:\PROGRAM FILES\OBJECT DESKTOP\WINDOWBLINDS\wbsrv.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\PROGRAM FILES\OBJECT DESKTOP\ICONPACKAGER\iprepair.dll
    O23 - Service: Active WebCam Watchdog (ACTIVEWEBCAMWATCHDOG) - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: DefWatch - Unknown owner - D:\NavNT\defwatch.exe (file missing)
    O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
    O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - D:\Autodesk\mentalray\satellite\raysat_3dsmax8server.exe (file missing)
    O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
    avapsvc.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Unknown owner - D:\NavNT\rtvscan.exe (file missing)
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR2a\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR2a\RpcSandraSrv.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

    Combofix:

    Thomas - 06-12-22 12:18:07,68 Service Pack 2
    ComboFix 06.11.27 - Running from: "C:\PROGRAM FILES\FireFox"

    ((((((((((((((((((((((((((((((( Files Created from 2006-11-22 to 2006-12-22 ))))))))))))))))))))))))))))))))))


    2006-12-20 20:03 24,576 –a—— C:\WINDOWS\system32\STKIT432.DLL
    2006-12-20 20:03 <DIR> d——– C:\Program Files\Registry Mechanic
    2006-12-20 19:46 <DIR> d——– C:\Program Files\True Sword 4
    2006-12-20 19:46 <DIR> d——– C:\Documents and Settings\Thomas\Application Data\.TrueSwordSettings
    2006-12-20 19:28 <DIR> d——– C:\Program Files\TweakNow RegCleaner Std
    2006-12-20 18:44 <DIR> d——– C:\Documents and Settings\Thomas\Application Data\Uniblue
    2006-12-19 22:51 <DIR> d——– C:\Documents and Settings\Thomas\Application Data\BearShare
    2006-12-19 22:49 <DIR> d——– C:\Program Files\BearShare Applications
    2006-12-18 21:47 <DIR> dr-h—– C:\Documents and Settings\Thomas\Onlangs geopend
    2006-12-18 19:28 194 –a—— C:\WINDOWS\system32\RBDELDRV.BAT
    2006-12-17 15:59 <DIR> d——– C:\Program Files\HijackThis
    2006-12-17 14:34 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SecTaskMan
    2006-12-17 14:03 <DIR> d——– C:\WINDOWS\McAfee.com
    2006-12-12 19:36 <DIR> d——– C:\Program Files\Hyves Kwekker
    2006-12-01 18:31 8,138 ——— C:\WINDOWS\system32\drivers\PenClass.sys
    2006-12-01 18:31 729,088 ——— C:\WINDOWS\system32\Tablet.exe
    2006-12-01 18:31 44,544 ——— C:\WINDOWS\system32\TabHook.dll
    2006-12-01 18:31 15,744 ——— C:\WINDOWS\system32\Wintab.dll
    2006-12-01 18:31 102,400 ——— C:\WINDOWS\system32\Wintab32.dll
    2006-12-01 18:31 <DIR> d——– C:\WINDOWS\system32\WTablet
    2006-12-01 18:31 <DIR> d——– C:\Program Files\Tablet
    2006-11-27 19:14 <DIR> d——– C:\Program Files\TomTom HOME
    2006-11-27 19:12 <DIR> d——– C:\Program Files\TomTom DesktopSuite
    2006-11-27 10:18 <DIR> d——– C:\Documents and Settings\Thomas\Application Data\Symantec
    2006-11-27 09:58 10,344 –a—— C:\WINDOWS\system32\drivers\symlcbrd.sys


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-12-22 12:19 ——– d——– C:\Documents and Settings\Thomas\Application Data\uTorrent
    2006-12-22 12:17 ——– d——– C:\Program Files\FireFox
    2006-12-22 12:06 ——– d——– C:\Program Files\SysMetrix
    2006-12-22 02:27 ——– d——– C:\Program Files\Common Files\Symantec Shared
    2006-12-22 02:23 48776 –a—— C:\WINDOWS\system32\S32EVNT1.DLL
    2006-12-22 02:23 115000 –a—— C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2006-12-22 02:23 ——– d——– C:\Program Files\Symantec
    2006-12-21 12:21 ——– d——– C:\Program Files\MSN Messenger
    2006-12-20 20:02 ——– d–h—– C:\Program Files\InstallShield Installation Information
    2006-12-20 20:02 ——– d——– C:\Program Files\webcamXP
    2006-12-20 19:54 ——– d——– C:\Program Files\123 Flash Menu
    2006-12-20 19:46 ——– d——– C:\Program Files\Cracksearcher
    2006-12-20 19:46 ——– d——– C:\Documents and Settings\Thomas\Application Data\.TrueSwordSettings
    2006-12-18 19:27 ——– d——– C:\Program Files\POV-Ray for Windows v3.6
    2006-12-18 19:21 ——– d——– C:\Program Files\DigiSoft
    2006-12-18 19:16 ——– d——– C:\Program Files\IVT Corporation
    2006-12-17 22:46 ——– d——– C:\Program Files\Spybot - Search & Destroy
    2006-12-17 14:45 ——– d——– C:\Program Files\WebcamMax
    2006-12-15 13:33 ——– d——– C:\Program Files\Internet Explorer
    2006-12-15 13:15 ——– d——– C:\Program Files\Outlook Express
    2006-12-15 13:14 ——– d——– C:\Program Files\Common Files\System
    2006-12-12 21:47 ——– d——– C:\Documents and Settings\Thomas\Application Data\LimeWire
    2006-12-12 21:37 ——– d——– C:\Program Files\LimeWire
    2006-12-07 06:29 2374472 –a—— C:\WINDOWS\system32\wmvcore.dll
    2006-11-30 22:40 ——– d——– C:\Program Files\idImager
    2006-11-29 23:02 ——– d——– C:\Program Files\Microsoft ActiveSync
    2006-11-29 23:02 ——– d——– C:\Program Files\Adobe
    2006-11-27 18:20 ——– d——– C:\Program Files\Norton AntiVirus
    2006-11-27 09:58 ——– d——– C:\Program Files\Common Files
    2006-11-27 09:57 ——– d——– C:\Program Files\Total Training
    2006-11-26 17:50 ——– d——– C:\Documents and Settings\Thomas\Application Data\Canon
    2006-11-21 19:46 ——– d——– C:\Program Files\Canon
    2006-11-21 19:45 ——– d——– C:\Program Files\Common Files\Canon
    2006-11-21 11:27 33280 –a—— C:\WINDOWS\system32\snmp.exe
    2006-11-18 13:52 ——– d——– C:\Program Files\WinZip
    2006-11-12 23:26 252 –a—— C:\WINDOWS\Vue 5 Infinite.reg
    2006-11-12 22:15 ——– d——– C:\Program Files\Poser 6
    2006-11-08 06:07 679424 –a—— C:\WINDOWS\system32\inetcomm.dll
    2006-11-06 20:55 ——– d——– C:\Program Files\Viewpoint
    2006-11-05 17:36 ——– d——– C:\Program Files\Electronic Arts
    2006-11-04 20:25 1321744 –a—— C:\WINDOWS\system32\msxml6.dll
    2006-11-04 14:14 1245696 –a—— C:\WINDOWS\system32\msxml4.dll
    2006-11-03 01:15 ——– d——– C:\Program Files\NukASync
    2006-10-31 18:48 ——– d——– C:\Documents and Settings\Thomas\Application Data\U3
    2006-10-30 21:31 ——– d——– C:\Program Files\RALINK
    2006-10-30 00:24 21275 –a—— C:\WINDOWS\system32\drivers\AegisP.sys
    2006-10-20 02:39 714752 –a—— C:\WINDOWS\system32\sxs.dll
    2006-10-13 13:41 65536 –a—— C:\WINDOWS\system32
    wwks.dll
    2006-10-13 13:41 64000 –a—— C:\WINDOWS\system32
    wapi32.dll
    2006-10-13 13:41 144384 –a—— C:\WINDOWS\system32
    wprovau.dll
    2006-10-12 22:32 32768 –a—— C:
    trw.exe
    2006-10-01 11:44 109568 ——— C:\WINDOWS\system32\pxinsi64.exe
    2006-10-01 11:44 108544 ——— C:\WINDOWS\system32\pxcpyi64.exe
    2006-09-26 20:05 39 –a—— C:\WINDOWS\buZZlic.dll
    2006-09-26 19:12 6656 –a—— C:\WINDOWS\system32\haspvdd.dll
    2006-09-26 19:12 383 –a—— C:\WINDOWS\system32\haspdos.sys
    2006-09-17 21:34 6318 –a—— C:\Program Files\uninstal.log


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "H/PC Connection Agent"="\"C:\\PROGRAM FILES\\MICROSOFT ACTIVESYNC\\WCESCOMM.EXE\""
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "µTorrent"="\"E:\\Downloads\\Zelf\\utorrent.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
    "MsmqIntCert"="regsvr32 /s mqrt.dll"
    "RaidTool"="C:\\Program Files\\VIA\\RAID\\raid_tool.exe"
    "SysMetrix"="C:\\Program Files\\SysMetrix\\SysMetrix.exe"
    "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
    "ATITool"="\"C:\\Program Files\\ATITool\\ATITool.exe\" -s"
    "razer"="C:\\Program Files\\Razer\\razerhid.exe"
    "DPAgnt"="C:\\Program Files\\DigitalPersona\\Bin\\DPAgnt.exe"
    "WinampAgent"="C:\\PROGRAM FILES\\WINAMP\\winampa.exe"
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "MBM 5"="\"C:\\Program Files\\Motherboard Monitor 5\\MBM5.EXE\""
    "tsnp2std"="C:\\WINDOWS\\tsnp2std.exe"
    "snp2std"="C:\\WINDOWS\\vsnp2std.exe"
    "C-Media Mixer"="Mixer.exe /startup"
    "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Elements 5.0\\apdproxy.exe\""
    "eFax 4.2"="\"C:\\Program Files\\eFax Messenger 4.2\\J2GDllCmd.exe\" /R"
    "WebcamMaxMoniter"="\"C:\\Program Files\\WebcamMax\\CAMTHINS.exe\" /m"
    "ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
    "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
    "RegistryMechanic"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000005

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Mijn huidige introductiepagina"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,00,05,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,c0
    "OriginalStateInfo"=hex:18,00,00,00,4b,00,00,00,00,00,00,00,b5,04,00,00,e2,03,\
    00,00,04,00,00,c0
    "RestoredStateInfo"=hex:18,00,00,00,92,06,00,00,6e,00,00,00,1c,01,00,00,27,01,\
    00,00,01,00,00,00

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
    "FriendlyName"=""
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,52,05,00,00,01,00,00,00,1c,01,00,00,27,01,00,00,ea,\
    03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:01,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,18,00,00,00,82,00,00,00,d6,04,00,00,47,03,\
    00,00,01,00,00,40
    "RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,ec,e0,07,00,00,00,00,00,19,00,\
    00,00,e8,dd,07,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    "IconPackager Repair"="{1799460C-0BC8-4865-B9DF-4A36CD703FF0}"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\DPWLN
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\MCPClient
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\WBSrv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Thomas.job

    Completion time: 06-12-22 12:20:29.60
    C:\ComboFix.txt … 06-12-22 12:20
  • Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items:

    [b:ac7ba7c38e]F3 - REG:win.ini: run=[/b:ac7ba7c38e]

    Klik daarna op "Fix checked" en sluit HijackThis af.

    Ga naar Configuratiescherm - Software - Programma's wijzigen of verwijderen. Deïnstalleer indien aanwezig Viewpoint Manager.

    Herstart de computer.

    Download Sophos-anti-rootkit: http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
    Plaatst het op je bureaublad.
    Dubbelklik op sarsfx.exe om de bestanden uit te pakken. (aanvaard de standaardinstallatiemap)
    Open de map C:\SOPHTEMP en dubbelklik op sargui.exe om het programma te starten.
    Zorg dat aangevinkt zijn:
    - Running processes
    - Windows Registry
    - Local Hard Drives
    Klik op de knop "Start Scan".

    Wanneer je een melding krijgt dat de scan klaar is, klik je op de knop "OK" en sluit je het programma af.
    Ga naar Start - Uitvoeren en tik in: [b:ac7ba7c38e]%temp%\sarscan.log[/b:ac7ba7c38e]
    Er opent een kladblokbestandje. Post de inhoud van dit bestand.
  • Welke versie van WebCamXP heb je ?
    Ik denk dat dat de boosdoener is… Ik heb versie 2.18.250 en staat na een half uur op 100% cpu te draaien.
  • De genoemde stappen uitgevoerd en ik heb WebcamXP verwijderd. Hieronder de log van de Sophos Anti-Rootkit:


    Sophos Anti-Rootkit Version 1.2 (data 1.01) © 2006 Sophos Plc
    Started logging on 29-12-2006 at 11:43:45
    Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg40
    Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg41
    Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg42
    Hidden: file F:\Windows\System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan:$TXF_DATA
    Hidden: file F:\Windows:$TXF_DATA
    Hidden: file F:\Windows\System32:$TXF_DATA
    Hidden: file F:\Windows\System32\Tasks:$TXF_DATA
    Hidden: file F:\Windows\System32\Tasks\Microsoft:$TXF_DATA
    Hidden: file F:\Windows\System32\Tasks\Microsoft\Windows:$TXF_DATA
    Hidden: file F:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program:$TXF_DATA
    Hidden: file F:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting:$TXF_DATA
    Hidden: file F:\Windows\System32\Tasks\Microsoft\Windows Defender:$TXF_DATA
    Hidden: file F:\Windows\inf\wsdscdrv.inf
    Hidden: file F:\Windows\System32\Tasks\Microsoft\Windows\MUI:$TXF_DATA
    Hidden: file F:\Windows\System32\Tasks\Microsoft\Windows\MUI\LPRemove:$TXF_DATA
    Hidden: file F:\Windows\System32\Tasks\User_Feed_Synchronization-{77AE986C-FE9E-4BCE-8609-C13DBF231459}:$TXF_DATA
    Hidden: file F:\Windows\System32\Tasks\{13C1147D-6DE2-4ABB-A251-7E34C49B8E7E}:$TXF_DATA
    Hidden: file F:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Uploader:$TXF_DATA
    Hidden: file F:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting\ManifestDownloadRunOnce:$TXF_DATA
    Stopped logging on 29-12-2006 at 11:57:59
  • Is de hoge CPU useage nu opgelost na verwijderen van webcamXP.
  • Nee helaas, nog steeds hetzelfde liedje…
  • Staat er een Vista versie op deze computer?

    Maak een nieuwe hijackthislog en post deze.
  • Er staat inderdaad een evaluatie-versie van vista op een andere partitie. Hier wordt overigens geen gebruik van gemaakt aangezien de evaluatie-periode afgelopen is. Deze gaat dan ook verwijderd worden.

    Nogmaals een HiJackThis-log:

    Logfile of HijackThis v1.99.1
    Scan saved at 15:25:22, on 2-1-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\DigitalPersona\Bin\DpHost.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus
    avapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\SysMetrix\SysMetrix.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Razer\razerhid.exe
    C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
    C:\PROGRAM FILES\WINAMP\winampa.exe
    C:\Program Files\Razer\razerofa.exe
    C:\Program Files\Motherboard Monitor 5\MBM5.EXE
    C:\WINDOWS\tsnp2std.exe
    C:\WINDOWS\vsnp2std.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
    C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
    C:\Program Files\WebcamMax\CAMTHINS.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\PROGRAM FILES\MICROS~2\RAPIMGR.EXE
    E:\Downloads\Zelf\utorrent.exe
    C:\Program Files\eFax Messenger 4.2\J2GTray.exe
    C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
    C:\WINDOWS\system32\RaConfig2500.exe
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\PROGRAM FILES\ADOBE\ADOBE PHOTOSHOP CS2\PHOTOSHOP.EXE
    C:\DOCUME~1\Thomas\LOCALS~1\Temp\Adobelm_Cleanup.0001
    C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    C:\DOCUME~1\Thomas\LOCALS~1\Temp\Adobelm_Cleanup.0001
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACTIVEX\ACROIEHELPER.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRAM FILES\SPYBOT~1\SDHELPER.DLL
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\PROGRAM FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLL
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [ATITool] "C:\Program Files\ATITool\ATITool.exe" -s
    O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
    O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\PROGRAM FILES\WINAMP\winampa.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
    O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
    O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
    O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
    O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\CAMTHINS.exe" /m
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [µTorrent] "E:\Downloads\Zelf\utorrent.exe"
    O4 - Startup: Snelkoppeling naar wbload.lnk = C:\Program Files\Object Desktop\WindowBlinds\wbload.exe
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
    O4 - Global Startup: RaConfig2500.lnk = C:\WINDOWS\system32\RaConfig2500.exe
    O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - RES://C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL/ACROIECAPTURE.HTML
    O8 - Extra context menu item: Convert link target to existing PDF - RES://C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL/ACROIEAPPEND.HTML
    O8 - Extra context menu item: Convert selected links to Adobe PDF - RES://C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL/ACROIECAPTURESELLINKS.HTML
    O8 - Extra context menu item: Convert selected links to existing PDF - RES://C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL/ACROIEAPPENDSELLINKS.HTML
    O8 - Extra context menu item: Convert selection to Adobe PDF - RES://C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL/ACROIECAPTURE.HTML
    O8 - Extra context menu item: Convert selection to existing PDF - RES://C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL/ACROIEAPPEND.HTML
    O8 - Extra context menu item: Convert to Adobe PDF - RES://C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL/ACROIECAPTURE.HTML
    O8 - Extra context menu item: Convert to existing PDF - RES://C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL/ACROIEAPPEND.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - RES://C:\PROGRAM FILES\MICROS~1\OFFICE10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - RES://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\RESOURCE.DLL/RC_ADDTOLIST.HTML
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - RES://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\RESOURCE.DLL/RC_HSPRINT.HTML
    O8 - Extra context menu item: Easy-WebPrint Preview - RES://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\RESOURCE.DLL/RC_PREVIEW.HTML
    O8 - Extra context menu item: Easy-WebPrint Print - RES://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\RESOURCE.DLL/RC_PRINT.HTML
    O8 - Extra context menu item: Ontvang alles met FlashGet - C:\PROGRAM FILES\FLASHGET\JC_ALL.HTM
    O8 - Extra context menu item: Ontvang met FlashGet - C:\PROGRAM FILES\FLASHGET\JC_LINK.HTM
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin
    pjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin
    pjpi150_01.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROS~2\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROS~2\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROS~2\INETREPL.DLL
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\PROGRAM FILES\WINHTTRACK\WINHTTRACKIEBAR.DLL
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\PROGRAM FILES\WINHTTRACK\WINHTTRACKIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://www.hyves.nl/cab/outlookaddressbook.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140888456015
    O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4918/mcfscan.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
    O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
    O20 - Winlogon Notify: WBSrv - C:\PROGRAM FILES\OBJECT DESKTOP\WINDOWBLINDS\wbsrv.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\PROGRAM FILES\OBJECT DESKTOP\ICONPACKAGER\iprepair.dll
    O23 - Service: Active WebCam Watchdog (ACTIVEWEBCAMWATCHDOG) - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: DefWatch - Unknown owner - D:\NavNT\defwatch.exe (file missing)
    O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
    O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - D:\Autodesk\mentalray\satellite\raysat_3dsmax8server.exe (file missing)
    O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
    avapsvc.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Unknown owner - D:\NavNT\rtvscan.exe (file missing)
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR2a\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR2a\RpcSandraSrv.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
  • Dat verklaart in ieder geval die ADS streams die Sophos vindt.
    Niks aan de hand dus.

    Je logje vertoont geen sporen van malware.
    Zet het opstarttype van deze service eens op uitgeschakeld: Active WebCam Watchdog

    Herstart de computer.
    Probleem bestaat nog steeds?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.