Ik heb al gescand met Mbam en geen malware gevonden.
Het begon na het instaleren van een software die ik intussen alweer ervan af heb gehaald. Als ik internet van mijn pc weg haal, loopt mijn pc normaal, zonder vast te lopen maar zodra ik de kabel weer aansluit hoef ik niet lang te wachten en het begint weer.
[hjt]
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:20:40, on 6-1-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
c:\program files (x86)\netgear\wn111v2\wn111v2.exe
c:\program files (x86)\internetbeveiliging\common\fsm32.exe
c:\program files (x86)\trend micro\hijackthis\hijackthis.exe
r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=56626&homepage=http://nl.woofi.info/[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,local page = c:\windows\syswow64\blank.htm
o2 - bho: contributebho class - {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files (x86)\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
o2 - bho: groove gfs browser helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\micros~1\office14\grooveex.dll
o2 - bho: urlredirectionbho - {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\micros~1\office14\urlredir.dll
o2 - bho: litmusbho - {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files (x86)\internetbeveiliging\nrs\iescript\baselitmus.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
o3 - toolbar: contribute toolbar - {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files (x86)\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
o3 - toolbar: browsing protection toolbar - {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files (x86)\internetbeveiliging\nrs\iescript\baselitmus.dll
o4 - hklm\..\run: [f-secure tnb] c:\program files (x86)\internetbeveiliging\fsgui\tnbutil.exe /checkall /waitforsw
o4 - hklm\..\run: [f-secure manager] c:\program files (x86)\internetbeveiliging\common\fsm32.exe /splash
o4 - hkcu\..\run: [utorrent] c:\users\gerrit\desktop\utorrent.exe /minimized
o4 - global startup: netgear wn111v2 smart wizard.lnk = c:\program files (x86)\netgear\wn111v2\wn111v2.exe
o9 - extra button: verzenden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\program files (x86)\microsoft office\office14\onbttnie.dll
o9 - extra 'tools' menuitem: &verzenden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\program files (x86)\microsoft office\office14\onbttnie.dll
o9 - extra button: &gekoppelde notities van onenote - {789fe86f-6fc4-46a1-9849-ede0db0c95ca} - c:\program files (x86)\microsoft office\office14\onbttnielinkednotes.dll
o9 - extra 'tools' menuitem: &gekoppelde notities van onenote - {789fe86f-6fc4-46a1-9849-ede0db0c95ca} - c:\program files (x86)\microsoft office\office14\onbttnielinkednotes.dll
o11 - options group: [accelerated_graphics] accelerated graphics
o16 - dpf: {d27cdb6e-ae6d-11cf-96b8-444553540000} (shockwave flash object) - [noparse]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/noparse]
o18 - filter hijack: text/xml - {807573e5-5146-11d5-a672-00b0d022e945} - c:\program files (x86)\common files\microsoft shared\office14\msoxmlmf.dll
o23 - service: adobe flash player update service (adobeflashplayerupdatesvc) - adobe systems incorporated - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
o23 - service: @%systemroot%\system32\alg.exe,-112 (alg) - unknown owner - c:\windows\system32\alg.exe (file missing)
o23 - service: amd external events utility - unknown owner - c:\windows\system32\atiesrxx.exe (file missing)
o23 - service: @%systemroot%\system32\efssvc.dll,-100 (efs) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: fsgkhs (f-secure gatekeeper handler starter) - unknown owner - c:\program files (x86)\internetbeveiliging\anti-virus\fsgk32st.exe
o23 - service: fabs - helping agent for magix media database (fabs) - magix ag - c:\program files (x86)\common files\magix services\database\bin\fabs.exe
o23 - service: firebird server - magix instance (firebirdservermagixinstance) - magix - c:\program files (x86)\common files\magix services\database\bin\fbserver.exe
o23 - service: f-secure anti-virus firewall daemon (fsdfwd) - f-secure corporation - c:\program files (x86)\internetbeveiliging\fwes\program\fsdfwd.exe
o23 - service: f-secure management agent (fsma) - f-secure corporation - c:\program files (x86)\internetbeveiliging\common\fsma32.exe
o23 - service: f-secure orsp client (fsorspclient) - f-secure corporation - c:\program files (x86)\internetbeveiliging\orsp client\fsorsp.exe
o23 - service: jumpstart wifi protected setup (jswpsapi) - atheros communications, inc. - c:\program files (x86)\netgear\wn111v2\jswpsapi.exe
o23 - service: @keyiso.dll,-100 (keyiso) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @comres.dll,-2797 (msdtc) - unknown owner - c:\windows\system32\msdtc.exe (file missing)
o23 - service: @c:\program files (x86)\nero\update\nasvc.exe,-200 (naupdate) - nero ag - c:\program files (x86)\nero\update\nasvc.exe
o23 - service: @%systemroot%\system32\netlogon.dll,-102 (netlogon) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: nitropdfdrivercreatorreadspool (nitrodriverreadspool) - nitro pdf software - c:\program files\common files\nitro pdf\professional\6.0\nitropdfdriverservicex64.exe
o23 - service: nls service (nlsx86cc) - nalpeiron ltd. - c:\windows\syswow64\nlssrv32.exe
o23 - service: pc tools startup and shutdown monitor service (pctoolsssdmonitorsvc) - unknown owner - c:\program files (x86)\common files\pc tools\smonitor\startmansvc.exe
o23 - service: @%systemroot%\system32\psbase.dll,-300 (protectedstorage) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\locator.exe,-2 (rpclocator) - unknown owner - c:\windows\system32\locator.exe (file missing)
o23 - service: @%systemroot%\system32\samsrv.dll,-1 (samss) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\snmptrap.exe,-3 (snmptrap) - unknown owner - c:\windows\system32\snmptrap.exe (file missing)
o23 - service: @%systemroot%\system32\spoolsv.exe,-1 (spooler) - unknown owner - c:\windows\system32\spoolsv.exe (file missing)
o23 - service: @%systemroot%\system32\sppsvc.exe,-101 (sppsvc) - unknown owner - c:\windows\system32\sppsvc.exe (file missing)
o23 - service: switchboard - adobe systems incorporated - c:\program files (x86)\common files\adobe\switchboard\switchboard.exe
o23 - service: @%systemroot%\system32\ui0detect.exe,-101 (ui0detect) - unknown owner - c:\windows\system32\ui0detect.exe (file missing)
o23 - service: upnpservice - magix ag - c:\program files (x86)\common files\magix shared\upnpservice\upnpservice.exe
o23 - service: @%systemroot%\system32\vaultsvc.dll,-1003 (vaultsvc) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\vds.exe,-100 (vds) - unknown owner - c:\windows\system32\vds.exe (file missing)
o23 - service: @%systemroot%\system32\vssvc.exe,-102 (vss) - unknown owner - c:\windows\system32\vssvc.exe (file missing)
o23 - service: @%systemroot%\system32\wat\watux.exe,-601 (watadminsvc) - unknown owner - c:\windows\system32\wat\watadminsvc.exe (file missing)
o23 - service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - unknown owner - c:\windows\system32\wbengine.exe (file missing)
o23 - service: @%systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiapsrv) - unknown owner - c:\windows\system32\wbem\wmiapsrv.exe (file missing)
o23 - service: windows media player network sharing service (wmpnetworksvc) - unknown owner - c:\program files (x86)\windows media player\wmpnetwk.exe (file missing)
--
end of file - 8161 bytes
[/hjt]
Het begon na het instaleren van een software die ik intussen alweer ervan af heb gehaald. Als ik internet van mijn pc weg haal, loopt mijn pc normaal, zonder vast te lopen maar zodra ik de kabel weer aansluit hoef ik niet lang te wachten en het begint weer.
[hjt]
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:20:40, on 6-1-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
c:\program files (x86)\netgear\wn111v2\wn111v2.exe
c:\program files (x86)\internetbeveiliging\common\fsm32.exe
c:\program files (x86)\trend micro\hijackthis\hijackthis.exe
r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=56626&homepage=http://nl.woofi.info/[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,local page = c:\windows\syswow64\blank.htm
o2 - bho: contributebho class - {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files (x86)\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
o2 - bho: groove gfs browser helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\micros~1\office14\grooveex.dll
o2 - bho: urlredirectionbho - {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\micros~1\office14\urlredir.dll
o2 - bho: litmusbho - {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files (x86)\internetbeveiliging\nrs\iescript\baselitmus.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
o3 - toolbar: contribute toolbar - {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files (x86)\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
o3 - toolbar: browsing protection toolbar - {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files (x86)\internetbeveiliging\nrs\iescript\baselitmus.dll
o4 - hklm\..\run: [f-secure tnb] c:\program files (x86)\internetbeveiliging\fsgui\tnbutil.exe /checkall /waitforsw
o4 - hklm\..\run: [f-secure manager] c:\program files (x86)\internetbeveiliging\common\fsm32.exe /splash
o4 - hkcu\..\run: [utorrent] c:\users\gerrit\desktop\utorrent.exe /minimized
o4 - global startup: netgear wn111v2 smart wizard.lnk = c:\program files (x86)\netgear\wn111v2\wn111v2.exe
o9 - extra button: verzenden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\program files (x86)\microsoft office\office14\onbttnie.dll
o9 - extra 'tools' menuitem: &verzenden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\program files (x86)\microsoft office\office14\onbttnie.dll
o9 - extra button: &gekoppelde notities van onenote - {789fe86f-6fc4-46a1-9849-ede0db0c95ca} - c:\program files (x86)\microsoft office\office14\onbttnielinkednotes.dll
o9 - extra 'tools' menuitem: &gekoppelde notities van onenote - {789fe86f-6fc4-46a1-9849-ede0db0c95ca} - c:\program files (x86)\microsoft office\office14\onbttnielinkednotes.dll
o11 - options group: [accelerated_graphics] accelerated graphics
o16 - dpf: {d27cdb6e-ae6d-11cf-96b8-444553540000} (shockwave flash object) - [noparse]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/noparse]
o18 - filter hijack: text/xml - {807573e5-5146-11d5-a672-00b0d022e945} - c:\program files (x86)\common files\microsoft shared\office14\msoxmlmf.dll
o23 - service: adobe flash player update service (adobeflashplayerupdatesvc) - adobe systems incorporated - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
o23 - service: @%systemroot%\system32\alg.exe,-112 (alg) - unknown owner - c:\windows\system32\alg.exe (file missing)
o23 - service: amd external events utility - unknown owner - c:\windows\system32\atiesrxx.exe (file missing)
o23 - service: @%systemroot%\system32\efssvc.dll,-100 (efs) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: fsgkhs (f-secure gatekeeper handler starter) - unknown owner - c:\program files (x86)\internetbeveiliging\anti-virus\fsgk32st.exe
o23 - service: fabs - helping agent for magix media database (fabs) - magix ag - c:\program files (x86)\common files\magix services\database\bin\fabs.exe
o23 - service: firebird server - magix instance (firebirdservermagixinstance) - magix - c:\program files (x86)\common files\magix services\database\bin\fbserver.exe
o23 - service: f-secure anti-virus firewall daemon (fsdfwd) - f-secure corporation - c:\program files (x86)\internetbeveiliging\fwes\program\fsdfwd.exe
o23 - service: f-secure management agent (fsma) - f-secure corporation - c:\program files (x86)\internetbeveiliging\common\fsma32.exe
o23 - service: f-secure orsp client (fsorspclient) - f-secure corporation - c:\program files (x86)\internetbeveiliging\orsp client\fsorsp.exe
o23 - service: jumpstart wifi protected setup (jswpsapi) - atheros communications, inc. - c:\program files (x86)\netgear\wn111v2\jswpsapi.exe
o23 - service: @keyiso.dll,-100 (keyiso) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @comres.dll,-2797 (msdtc) - unknown owner - c:\windows\system32\msdtc.exe (file missing)
o23 - service: @c:\program files (x86)\nero\update\nasvc.exe,-200 (naupdate) - nero ag - c:\program files (x86)\nero\update\nasvc.exe
o23 - service: @%systemroot%\system32\netlogon.dll,-102 (netlogon) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: nitropdfdrivercreatorreadspool (nitrodriverreadspool) - nitro pdf software - c:\program files\common files\nitro pdf\professional\6.0\nitropdfdriverservicex64.exe
o23 - service: nls service (nlsx86cc) - nalpeiron ltd. - c:\windows\syswow64\nlssrv32.exe
o23 - service: pc tools startup and shutdown monitor service (pctoolsssdmonitorsvc) - unknown owner - c:\program files (x86)\common files\pc tools\smonitor\startmansvc.exe
o23 - service: @%systemroot%\system32\psbase.dll,-300 (protectedstorage) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\locator.exe,-2 (rpclocator) - unknown owner - c:\windows\system32\locator.exe (file missing)
o23 - service: @%systemroot%\system32\samsrv.dll,-1 (samss) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\snmptrap.exe,-3 (snmptrap) - unknown owner - c:\windows\system32\snmptrap.exe (file missing)
o23 - service: @%systemroot%\system32\spoolsv.exe,-1 (spooler) - unknown owner - c:\windows\system32\spoolsv.exe (file missing)
o23 - service: @%systemroot%\system32\sppsvc.exe,-101 (sppsvc) - unknown owner - c:\windows\system32\sppsvc.exe (file missing)
o23 - service: switchboard - adobe systems incorporated - c:\program files (x86)\common files\adobe\switchboard\switchboard.exe
o23 - service: @%systemroot%\system32\ui0detect.exe,-101 (ui0detect) - unknown owner - c:\windows\system32\ui0detect.exe (file missing)
o23 - service: upnpservice - magix ag - c:\program files (x86)\common files\magix shared\upnpservice\upnpservice.exe
o23 - service: @%systemroot%\system32\vaultsvc.dll,-1003 (vaultsvc) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\vds.exe,-100 (vds) - unknown owner - c:\windows\system32\vds.exe (file missing)
o23 - service: @%systemroot%\system32\vssvc.exe,-102 (vss) - unknown owner - c:\windows\system32\vssvc.exe (file missing)
o23 - service: @%systemroot%\system32\wat\watux.exe,-601 (watadminsvc) - unknown owner - c:\windows\system32\wat\watadminsvc.exe (file missing)
o23 - service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - unknown owner - c:\windows\system32\wbengine.exe (file missing)
o23 - service: @%systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiapsrv) - unknown owner - c:\windows\system32\wbem\wmiapsrv.exe (file missing)
o23 - service: windows media player network sharing service (wmpnetworksvc) - unknown owner - c:\program files (x86)\windows media player\wmpnetwk.exe (file missing)
--
end of file - 8161 bytes
[/hjt]