antivirus.startpagina.nl

The Machiavellian Plot

  • Anonymous avatar

    Robert

    Hallo mensen,

    Sinds een tijdje krijg ik steeds vervelende pop-ups op mijn scherm genaamd The Machiavellian Plot - Niet nader omschreven fout.

    Hoe moet ik dit weghalen ???

    Alvast bedankt voor de hulp.

    Robert

    Logfile of HijackThis v1.99.1

    Scan saved at 21:03:29, on 24-10-2005

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\System32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\Program Files\Norton AntiVirus\navapsvc.exe

    C:\WINDOWS\AGRSMMSG.exe

    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe

    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\PROGRA~1\LAUNCH~1\QtZiAcer.EXE

    C:\WINDOWS\System32\wltrysvc.exe

    C:\WINDOWS\System32\bcmwltry.exe

    C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\Windows\winupdate.exe

    C:\WINDOWS\System32\ctfmon.exe

    C:\Program Files\MSN Messenger\MsnMsgr.Exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

    C:\Program Files\Sierra\Planner\Plnrnote.exe

    C:\Program Files\WinZip\WZQKPICK.EXE

    c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

    C:\WINDOWS\System32\wuauclt.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\NewsLeecher\newsLeecher.exe

    C:\Program Files\NewsLeecher\newsLeecher.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Documents and Settings\Bolo\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.chello.nl/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.chello.nl

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    R3 - Default URLSearchHook is missing

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

    O4 - HKLM\..\Run: Alaunch

    O4 - HKLM\..\Run: SOUNDMAN.EXE

    O4 - HKLM\..\Run: AGRSMMSG.exe

    O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe

    O4 - HKLM\..\Run: Ati2mdxx.exe

    O4 - HKLM\..\Run: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: C:\PROGRA~1\LAUNCH~1\QtZiAcer.EXE

    O4 - HKLM\..\Run: C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

    O4 - HKLM\..\Run: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

    O4 - HKLM\..\Run: “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

    O4 - HKLM\..\Run: “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”

    O4 - HKLM\..\Run: “C:\Program Files\QuickTime\qttask.exe” -atboottime

    O4 - HKLM\..\Run: c:\Windows\winupdate.exe

    O4 - HKLM\..\Run: C:\WINDOWS\System32\NeroCheck.exe

    O4 - HKCU\..\Run: C:\WINDOWS\System32\ctfmon.exe

    O4 - HKCU\..\Run: “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background

    O4 - HKCU\..\Run: “C:\Program Files\Messenger\msmsgs.exe” /background

    O4 - HKCU\..\Run: “C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe”

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: BTTray.lnk = ?

    O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = ?

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_09\bin\npjpi142_09.dll

    O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_09\bin\npjpi142_09.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

    O9 - Extra ‘Tools’ menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

    O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab

    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing)

    O21 - SSODL: URLREWIN - {EB9BDABE-1BD2-445B-9A13-BA9C7D2E3CA9} - c:\windows\system32\netknl.dll

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

  • Anonymous avatar

    MaRLieS

    Update je windows

  • Anonymous avatar

    pablo

    vertel ook even of je deze keylogger zelf geinstalleerd hebt

    http://castlecops.com/o21list-8.html

    paul :)

  • Anonymous avatar

    wollie

    Hallo Robert,

    Je voert straks alles uit in veilige modus, daarom raad ik je aan deze instructie te printen of op te slaan in een tekstbestandje!

    1. Omdat de bestanden die je van je PC gaat verwijderen eventueel verborgen kunnen staan moet je eerst het volgende doen:

    Ga naar Start>Configuratiescherm>Mapopties>tabblad Weergave: Zet een vinkje bij verborgen bestanden en mappen weergeven, en haal de vinkjes weg bij beveiligde systeembestanden verbergen ( aanbevolen ) en bij extensies voor bekende bestandstypen verbergen, klik op en .

    2. Ik ga er van uit dat je dit programma: Spector Pro 5.0 zelf hebt geïnstalleerd.

    3. Start je computer nu op in de veilige modus.

    4. Start Hijack This op en klik op .

    Vink alleen de volgende regels aan in Hijack This:

    R3 - Default URLSearchHook is missing

    O4 - HKLM\..\Run: c:\Windows\winupdate.exe

    O4 - Global Startup: BTTray.lnk = ?

    O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = ?

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing)

    5. Sluit nu alle toepassingen behalve Hijack This en klik op

    6. Verwijder (indien aanwezig) de volgende mappen/bestanden:

    C:\Windows\winupdate.exe <=dit bestand

    7. Plaats na herstart in normale modus een nieuwe Hijack This log en geef aan welke problemen je eventueel bent tegengekomen bij het uitvoeren van de Fix.

    Succes, Wollie :)