Is de hoge CPU useage nu opgelost na verwijderen van webcamXP.

Nee helaas, nog steeds hetzelfde liedje…

Staat er een Vista versie op deze computer?

Maak een nieuwe hijackthislog en post deze.

Er staat inderdaad een evaluatie-versie van vista op een andere partitie. Hier wordt overigens geen gebruik van gemaakt aangezien de evaluatie-periode afgelopen is. Deze gaat dan ook verwijderd worden.

Nogmaals een HiJackThis-log:

Logfile of HijackThis v1.99.1
Scan saved at 15:25:22, on 2-1-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\SysMetrix\SysMetrix.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\PROGRAM FILES\WINAMP\winampa.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
C:\Program Files\WebcamMax\CAMTHINS.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRAM FILES\MICROS~2\RAPIMGR.EXE
E:\Downloads\Zelf\utorrent.exe
C:\Program Files\eFax Messenger 4.2\J2GTray.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\WINDOWS\system32\RaConfig2500.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\PROGRAM FILES\ADOBE\ADOBE PHOTOSHOP CS2\PHOTOSHOP.EXE
C:\DOCUME~1\Thomas\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\Thomas\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRAM FILES\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\PROGRAM FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLL
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ATITool] "C:\Program Files\ATITool\ATITool.exe" -s
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [WinampAgent] C:\PROGRAM FILES\WINAMP\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\CAMTHINS.exe" /m
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [µTorrent] "E:\Downloads\Zelf\utorrent.exe"
O4 - Startup: Snelkoppeling naar wbload.lnk = C:\Program Files\Object Desktop\WindowBlinds\wbload.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: RaConfig2500.lnk = C:\WINDOWS\system32\RaConfig2500.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - RES://C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL/ACROIECAPTURE.HTML
O8 - Extra context menu item: Convert link target to existing PDF - RES://C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL/ACROIEAPPEND.HTML
O8 - Extra context menu item: Convert selected links to Adobe PDF - RES://C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL/ACROIECAPTURESELLINKS.HTML
O8 - Extra context menu item: Convert selected links to existing PDF - RES://C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL/ACROIEAPPENDSELLINKS.HTML
O8 - Extra context menu item: Convert selection to Adobe PDF - RES://C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL/ACROIECAPTURE.HTML
O8 - Extra context menu item: Convert selection to existing PDF - RES://C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL/ACROIEAPPEND.HTML
O8 - Extra context menu item: Convert to Adobe PDF - RES://C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL/ACROIECAPTURE.HTML
O8 - Extra context menu item: Convert to existing PDF - RES://C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL/ACROIEAPPEND.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - RES://C:\PROGRAM FILES\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - RES://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\RESOURCE.DLL/RC_ADDTOLIST.HTML
O8 - Extra context menu item: Easy-WebPrint High Speed Print - RES://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\RESOURCE.DLL/RC_HSPRINT.HTML
O8 - Extra context menu item: Easy-WebPrint Preview - RES://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\RESOURCE.DLL/RC_PREVIEW.HTML
O8 - Extra context menu item: Easy-WebPrint Print - RES://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\RESOURCE.DLL/RC_PRINT.HTML
O8 - Extra context menu item: Ontvang alles met FlashGet - C:\PROGRAM FILES\FLASHGET\JC_ALL.HTM
O8 - Extra context menu item: Ontvang met FlashGet - C:\PROGRAM FILES\FLASHGET\JC_LINK.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROS~2\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROS~2\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROS~2\INETREPL.DLL
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\PROGRAM FILES\WINHTTRACK\WINHTTRACKIEBAR.DLL
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\PROGRAM FILES\WINHTTRACK\WINHTTRACKIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://www.hyves.nl/cab/outlookaddressbook.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140888456015
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4918/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRAM FILES\OBJECT DESKTOP\WINDOWBLINDS\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\PROGRAM FILES\OBJECT DESKTOP\ICONPACKAGER\iprepair.dll
O23 - Service: Active WebCam Watchdog (ACTIVEWEBCAMWATCHDOG) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DefWatch - Unknown owner - D:\NavNT\defwatch.exe (file missing)
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - D:\Autodesk\mentalray\satellite\raysat_3dsmax8server.exe (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Unknown owner - D:\NavNT\rtvscan.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR2a\RpcSandraSrv.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

Dat verklaart in ieder geval die ADS streams die Sophos vindt.
Niks aan de hand dus.

Je logje vertoont geen sporen van malware.
Zet het opstarttype van deze service eens op uitgeschakeld: Active WebCam Watchdog

Herstart de computer.
Probleem bestaat nog steeds?

Hoi,

Mijn processor draait vrijwel constant op 100%. De taskmanager geeft aan dat het proces SERVICES.EXE de boosdoener is. Ik heb de volgende programma's al laten draaien:

-Norton AntiVirus

-AdAware

-CrapCleaner

-Spybot Search and Destroy

Tevens heb ik alle software waar ik twijfels bij had handmatig verwijderd.
Als ik de PC herstart gaat het een uurtje redelijk goed (cpu tussen 20 en 70 procent heen en weer) daarna slaat hij weer naar full load.

De PC is nauwelijks werkbaar zo.

Waar kan dit aan liggen en los ik dit op?


Gr. Thomas

Niet crossposten wil ook nog wel eens helpen.

[quote:c73ed3f354="live4life"]Hoi,

Mijn processor draait vrijwel constant op 100%. De taskmanager geeft aan dat het proces SERVICES.EXE de boosdoener is. Ik heb de volgende programma's al laten draaien:

-Norton AntiVirus

-AdAware

-CrapCleaner

-Spybot Search and Destroy

Tevens heb ik alle software waar ik twijfels bij had handmatig verwijderd.
Als ik de PC herstart gaat het een uurtje redelijk goed (cpu tussen 20 en 70 procent heen en weer) daarna slaat hij weer naar full load.

De PC is nauwelijks werkbaar zo.

Waar kan dit aan liggen en los ik dit op?


Gr. Thomas[/quote:c73ed3f354]

Thomas, kijk eens op de volgende site. misschien kun je hier verder mee.

http://www.liutilities.com/products/wintaskspro/processlibrary/services/

rijshoorn

verplaatst naar b&p

Ik gok op een actieve rootkit.

Download HijackThis.
Unzip het. Sla het bestand op in een eigen map. Niet op je bureaublad of in je Temp-files. HijackThis maakt namelijk backups in de map waar het opgestart wordt.
Run het programma. Klik op scan, save log en sla het log op als een .txt bestand.
Kopieer en plak de volledige inhoud van dit logbestand in je volgende bericht.


Download combofix.exe: http://download.bleepingcomputer.com/sUBs/combofix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een Y in om het cleaningsprocess te starten.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje.

Hieronder de gevraagde logs. Heb nog een registercleaner laten draaien, maar ondanks dat ik even dacht dat het verholpen was, vanmorgen weer hetzelfde liedje….

Alvast bedankt voor alle hulp en input.

HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 12:25:39, on 22-12-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\SysMetrix\SysMetrix.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\PROGRAM FILES\WINAMP\winampa.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\WINDOWS\tsnp2std.exe
C:\Program Files\Razer\razerofa.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
C:\Program Files\WebcamMax\CAMTHINS.exe
C:\WINDOWS\system32\scif\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
E:\Downloads\Zelf\utorrent.exe
C:\PROGRAM FILES\MICROS~2\RAPIMGR.EXE
C:\Program Files\eFax Messenger 4.2\J2GTray.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\WINDOWS\system32\RaConfig2500.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\FireFox\firefox.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F3 - REG:win.ini: run=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRAM FILES\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\PROGRAM FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLL
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ATITool] "C:\Program Files\ATITool\ATITool.exe" -s
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [WinampAgent] C:\PROGRAM FILES\WINAMP\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\CAMTHINS.exe" /m
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [µTorrent] "E:\Downloads\Zelf\utorrent.exe"
O4 - Startup: Snelkoppeling naar wbload.lnk = C:\Program Files\Object Desktop\WindowBlinds\wbload.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: RaConfig2500.lnk = C:\WINDOWS\system32\RaConfig2500.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - RES://C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL/ACROIECAPTURE.HTML
O8 - Extra context menu item: Convert link target to existing PDF - RES://C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL/ACROIEAPPEND.HTML
O8 - Extra context menu item: Convert selected links to Adobe PDF - RES://C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL/ACROIECAPTURESELLINKS.HTML
O8 - Extra context menu item: Convert selected links to existing PDF - RES://C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL/ACROIEAPPENDSELLINKS.HTML
O8 - Extra context menu item: Convert selection to Adobe PDF - RES://C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL/ACROIECAPTURE.HTML
O8 - Extra context menu item: Convert selection to existing PDF - RES://C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL/ACROIEAPPEND.HTML
O8 - Extra context menu item: Convert to Adobe PDF - RES://C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL/ACROIECAPTURE.HTML
O8 - Extra context menu item: Convert to existing PDF - RES://C:\PROGRAM FILES\ADOBE\ADOBE ACROBAT 7.0\ACROBAT\ACROIEFAVCLIENT.DLL/ACROIEAPPEND.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - RES://C:\PROGRAM FILES\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - RES://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\RESOURCE.DLL/RC_ADDTOLIST.HTML
O8 - Extra context menu item: Easy-WebPrint High Speed Print - RES://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\RESOURCE.DLL/RC_HSPRINT.HTML
O8 - Extra context menu item: Easy-WebPrint Preview - RES://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\RESOURCE.DLL/RC_PREVIEW.HTML
O8 - Extra context menu item: Easy-WebPrint Print - RES://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\RESOURCE.DLL/RC_PRINT.HTML
O8 - Extra context menu item: Ontvang alles met FlashGet - C:\PROGRAM FILES\FLASHGET\JC_ALL.HTM
O8 - Extra context menu item: Ontvang met FlashGet - C:\PROGRAM FILES\FLASHGET\JC_LINK.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROS~2\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROS~2\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROS~2\INETREPL.DLL
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\PROGRAM FILES\WINHTTRACK\WINHTTRACKIEBAR.DLL
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\PROGRAM FILES\WINHTTRACK\WINHTTRACKIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://www.hyves.nl/cab/outlookaddressbook.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140888456015
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4918/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRAM FILES\OBJECT DESKTOP\WINDOWBLINDS\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\PROGRAM FILES\OBJECT DESKTOP\ICONPACKAGER\iprepair.dll
O23 - Service: Active WebCam Watchdog (ACTIVEWEBCAMWATCHDOG) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DefWatch - Unknown owner - D:\NavNT\defwatch.exe (file missing)
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - D:\Autodesk\mentalray\satellite\raysat_3dsmax8server.exe (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Unknown owner - D:\NavNT\rtvscan.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR2a\RpcSandraSrv.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

Combofix:

Thomas - 06-12-22 12:18:07,68 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\PROGRAM FILES\FireFox"

((((((((((((((((((((((((((((((( Files Created from 2006-11-22 to 2006-12-22 ))))))))))))))))))))))))))))))))))


2006-12-20 20:03 24,576 –a—— C:\WINDOWS\system32\STKIT432.DLL
2006-12-20 20:03 <DIR> d——– C:\Program Files\Registry Mechanic
2006-12-20 19:46 <DIR> d——– C:\Program Files\True Sword 4
2006-12-20 19:46 <DIR> d——– C:\Documents and Settings\Thomas\Application Data\.TrueSwordSettings
2006-12-20 19:28 <DIR> d——– C:\Program Files\TweakNow RegCleaner Std
2006-12-20 18:44 <DIR> d——– C:\Documents and Settings\Thomas\Application Data\Uniblue
2006-12-19 22:51 <DIR> d——– C:\Documents and Settings\Thomas\Application Data\BearShare
2006-12-19 22:49 <DIR> d——– C:\Program Files\BearShare Applications
2006-12-18 21:47 <DIR> dr-h—– C:\Documents and Settings\Thomas\Onlangs geopend
2006-12-18 19:28 194 –a—— C:\WINDOWS\system32\RBDELDRV.BAT
2006-12-17 15:59 <DIR> d——– C:\Program Files\HijackThis
2006-12-17 14:34 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SecTaskMan
2006-12-17 14:03 <DIR> d——– C:\WINDOWS\McAfee.com
2006-12-12 19:36 <DIR> d——– C:\Program Files\Hyves Kwekker
2006-12-01 18:31 8,138 ——— C:\WINDOWS\system32\drivers\PenClass.sys
2006-12-01 18:31 729,088 ——— C:\WINDOWS\system32\Tablet.exe
2006-12-01 18:31 44,544 ——— C:\WINDOWS\system32\TabHook.dll
2006-12-01 18:31 15,744 ——— C:\WINDOWS\system32\Wintab.dll
2006-12-01 18:31 102,400 ——— C:\WINDOWS\system32\Wintab32.dll
2006-12-01 18:31 <DIR> d——– C:\WINDOWS\system32\WTablet
2006-12-01 18:31 <DIR> d——– C:\Program Files\Tablet
2006-11-27 19:14 <DIR> d——– C:\Program Files\TomTom HOME
2006-11-27 19:12 <DIR> d——– C:\Program Files\TomTom DesktopSuite
2006-11-27 10:18 <DIR> d——– C:\Documents and Settings\Thomas\Application Data\Symantec
2006-11-27 09:58 10,344 –a—— C:\WINDOWS\system32\drivers\symlcbrd.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-22 12:19 ——– d——– C:\Documents and Settings\Thomas\Application Data\uTorrent
2006-12-22 12:17 ——– d——– C:\Program Files\FireFox
2006-12-22 12:06 ——– d——– C:\Program Files\SysMetrix
2006-12-22 02:27 ——– d——– C:\Program Files\Common Files\Symantec Shared
2006-12-22 02:23 48776 –a—— C:\WINDOWS\system32\S32EVNT1.DLL
2006-12-22 02:23 115000 –a—— C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-12-22 02:23 ——– d——– C:\Program Files\Symantec
2006-12-21 12:21 ——– d——– C:\Program Files\MSN Messenger
2006-12-20 20:02 ——– d–h—– C:\Program Files\InstallShield Installation Information
2006-12-20 20:02 ——– d——– C:\Program Files\webcamXP
2006-12-20 19:54 ——– d——– C:\Program Files\123 Flash Menu
2006-12-20 19:46 ——– d——– C:\Program Files\Cracksearcher
2006-12-20 19:46 ——– d——– C:\Documents and Settings\Thomas\Application Data\.TrueSwordSettings
2006-12-18 19:27 ——– d——– C:\Program Files\POV-Ray for Windows v3.6
2006-12-18 19:21 ——– d——– C:\Program Files\DigiSoft
2006-12-18 19:16 ——– d——– C:\Program Files\IVT Corporation
2006-12-17 22:46 ——– d——– C:\Program Files\Spybot - Search & Destroy
2006-12-17 14:45 ——– d——– C:\Program Files\WebcamMax
2006-12-15 13:33 ——– d——– C:\Program Files\Internet Explorer
2006-12-15 13:15 ——– d——– C:\Program Files\Outlook Express
2006-12-15 13:14 ——– d——– C:\Program Files\Common Files\System
2006-12-12 21:47 ——– d——– C:\Documents and Settings\Thomas\Application Data\LimeWire
2006-12-12 21:37 ——– d——– C:\Program Files\LimeWire
2006-12-07 06:29 2374472 –a—— C:\WINDOWS\system32\wmvcore.dll
2006-11-30 22:40 ——– d——– C:\Program Files\idImager
2006-11-29 23:02 ——– d——– C:\Program Files\Microsoft ActiveSync
2006-11-29 23:02 ——– d——– C:\Program Files\Adobe
2006-11-27 18:20 ——– d——– C:\Program Files\Norton AntiVirus
2006-11-27 09:58 ——– d——– C:\Program Files\Common Files
2006-11-27 09:57 ——– d——– C:\Program Files\Total Training
2006-11-26 17:50 ——– d——– C:\Documents and Settings\Thomas\Application Data\Canon
2006-11-21 19:46 ——– d——– C:\Program Files\Canon
2006-11-21 19:45 ——– d——– C:\Program Files\Common Files\Canon
2006-11-21 11:27 33280 –a—— C:\WINDOWS\system32\snmp.exe
2006-11-18 13:52 ——– d——– C:\Program Files\WinZip
2006-11-12 23:26 252 –a—— C:\WINDOWS\Vue 5 Infinite.reg
2006-11-12 22:15 ——– d——– C:\Program Files\Poser 6
2006-11-08 06:07 679424 –a—— C:\WINDOWS\system32\inetcomm.dll
2006-11-06 20:55 ——– d——– C:\Program Files\Viewpoint
2006-11-05 17:36 ——– d——– C:\Program Files\Electronic Arts
2006-11-04 20:25 1321744 –a—— C:\WINDOWS\system32\msxml6.dll
2006-11-04 14:14 1245696 –a—— C:\WINDOWS\system32\msxml4.dll
2006-11-03 01:15 ——– d——– C:\Program Files\NukASync
2006-10-31 18:48 ——– d——– C:\Documents and Settings\Thomas\Application Data\U3
2006-10-30 21:31 ——– d——– C:\Program Files\RALINK
2006-10-30 00:24 21275 –a—— C:\WINDOWS\system32\drivers\AegisP.sys
2006-10-20 02:39 714752 –a—— C:\WINDOWS\system32\sxs.dll
2006-10-13 13:41 65536 –a—— C:\WINDOWS\system32\nwwks.dll
2006-10-13 13:41 64000 –a—— C:\WINDOWS\system32\nwapi32.dll
2006-10-13 13:41 144384 –a—— C:\WINDOWS\system32\nwprovau.dll
2006-10-12 22:32 32768 –a—— C:\ntrw.exe
2006-10-01 11:44 109568 ——— C:\WINDOWS\system32\pxinsi64.exe
2006-10-01 11:44 108544 ——— C:\WINDOWS\system32\pxcpyi64.exe
2006-09-26 20:05 39 –a—— C:\WINDOWS\buZZlic.dll
2006-09-26 19:12 6656 –a—— C:\WINDOWS\system32\haspvdd.dll
2006-09-26 19:12 383 –a—— C:\WINDOWS\system32\haspdos.sys
2006-09-17 21:34 6318 –a—— C:\Program Files\uninstal.log


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\PROGRAM FILES\\MICROSOFT ACTIVESYNC\\WCESCOMM.EXE\""
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"µTorrent"="\"E:\\Downloads\\Zelf\\utorrent.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"MsmqIntCert"="regsvr32 /s mqrt.dll"
"RaidTool"="C:\\Program Files\\VIA\\RAID\\raid_tool.exe"
"SysMetrix"="C:\\Program Files\\SysMetrix\\SysMetrix.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"ATITool"="\"C:\\Program Files\\ATITool\\ATITool.exe\" -s"
"razer"="C:\\Program Files\\Razer\\razerhid.exe"
"DPAgnt"="C:\\Program Files\\DigitalPersona\\Bin\\DPAgnt.exe"
"WinampAgent"="C:\\PROGRAM FILES\\WINAMP\\winampa.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"MBM 5"="\"C:\\Program Files\\Motherboard Monitor 5\\MBM5.EXE\""
"tsnp2std"="C:\\WINDOWS\\tsnp2std.exe"
"snp2std"="C:\\WINDOWS\\vsnp2std.exe"
"C-Media Mixer"="Mixer.exe /startup"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Elements 5.0\\apdproxy.exe\""
"eFax 4.2"="\"C:\\Program Files\\eFax Messenger 4.2\\J2GDllCmd.exe\" /R"
"WebcamMaxMoniter"="\"C:\\Program Files\\WebcamMax\\CAMTHINS.exe\" /m"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"RegistryMechanic"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Mijn huidige introductiepagina"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,05,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,c0
"OriginalStateInfo"=hex:18,00,00,00,4b,00,00,00,00,00,00,00,b5,04,00,00,e2,03,\
00,00,04,00,00,c0
"RestoredStateInfo"=hex:18,00,00,00,92,06,00,00,6e,00,00,00,1c,01,00,00,27,01,\
00,00,01,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"FriendlyName"=""
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,52,05,00,00,01,00,00,00,1c,01,00,00,27,01,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,18,00,00,00,82,00,00,00,d6,04,00,00,47,03,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,ec,e0,07,00,00,00,00,00,19,00,\
00,00,e8,dd,07,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"IconPackager Repair"="{1799460C-0BC8-4865-B9DF-4A36CD703FF0}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Thomas.job

Completion time: 06-12-22 12:20:29.60
C:\ComboFix.txt … 06-12-22 12:20

Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items:

[b:ac7ba7c38e]F3 - REG:win.ini: run=[/b:ac7ba7c38e]

Klik daarna op "Fix checked" en sluit HijackThis af.

Ga naar Configuratiescherm - Software - Programma's wijzigen of verwijderen. Deïnstalleer indien aanwezig Viewpoint Manager.

Herstart de computer.

Download Sophos-anti-rootkit: http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
Plaatst het op je bureaublad.
Dubbelklik op sarsfx.exe om de bestanden uit te pakken. (aanvaard de standaardinstallatiemap)
Open de map C:\SOPHTEMP en dubbelklik op sargui.exe om het programma te starten.
Zorg dat aangevinkt zijn:
- Running processes
- Windows Registry
- Local Hard Drives
Klik op de knop "Start Scan".

Wanneer je een melding krijgt dat de scan klaar is, klik je op de knop "OK" en sluit je het programma af.
Ga naar Start - Uitvoeren en tik in: [b:ac7ba7c38e]%temp%\sarscan.log[/b:ac7ba7c38e]
Er opent een kladblokbestandje. Post de inhoud van dit bestand.

Welke versie van WebCamXP heb je ?
Ik denk dat dat de boosdoener is… Ik heb versie 2.18.250 en staat na een half uur op 100% cpu te draaien.

De genoemde stappen uitgevoerd en ik heb WebcamXP verwijderd. Hieronder de log van de Sophos Anti-Rootkit:


Sophos Anti-Rootkit Version 1.2 (data 1.01) © 2006 Sophos Plc
Started logging on 29-12-2006 at 11:43:45
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg40
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg41
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Vax347s\Config\jdgg42
Hidden: file F:\Windows\System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan:$TXF_DATA
Hidden: file F:\Windows:$TXF_DATA
Hidden: file F:\Windows\System32:$TXF_DATA
Hidden: file F:\Windows\System32\Tasks:$TXF_DATA
Hidden: file F:\Windows\System32\Tasks\Microsoft:$TXF_DATA
Hidden: file F:\Windows\System32\Tasks\Microsoft\Windows:$TXF_DATA
Hidden: file F:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program:$TXF_DATA
Hidden: file F:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting:$TXF_DATA
Hidden: file F:\Windows\System32\Tasks\Microsoft\Windows Defender:$TXF_DATA
Hidden: file F:\Windows\inf\wsdscdrv.inf
Hidden: file F:\Windows\System32\Tasks\Microsoft\Windows\MUI:$TXF_DATA
Hidden: file F:\Windows\System32\Tasks\Microsoft\Windows\MUI\LPRemove:$TXF_DATA
Hidden: file F:\Windows\System32\Tasks\User_Feed_Synchronization-{77AE986C-FE9E-4BCE-8609-C13DBF231459}:$TXF_DATA
Hidden: file F:\Windows\System32\Tasks\{13C1147D-6DE2-4ABB-A251-7E34C49B8E7E}:$TXF_DATA
Hidden: file F:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Uploader:$TXF_DATA
Hidden: file F:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting\ManifestDownloadRunOnce:$TXF_DATA
Stopped logging on 29-12-2006 at 11:57:59