hijack this -> Quickpage

Discussion in 'adware, spyware & hijack cleaning' started by 4MOTION, Apr 16, 2004.

Thread Status:
Not open for further replies.
  1. 4MOTION

    4MOTION Guest

    Detox told me to post a hijack log since adaware and spybot can recognise it and delete it but after a reboot its back and i must say its a bit annoying
    this is the log:

    i see there are more spyware in it
    anyway thnx in advance
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi 4MOTION,

    Nice to see another Dutchie here. ;)

    Before you start please unzip hijackthis.exe to a folder of it´s own. The program creates backups in the folder it is in. In a Temp folder they easily disappear.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/QuickPage/Portal/portal.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/QuickPage/Portal/portal.html

    R3 - Default URLSearchHook is missing

    O4 - HKLM\..\Run: [19276064.exe] C:\WINNT\System32\19276064.exe
    O4 - HKLM\..\Run: [CIPVFMS] C:\WINNT\CIPVFMS.exe

    O4 - HKLM\..\Run: [AHNUE] C:\WINNT\AHNUE.exe
    O4 - HKLM\..\Run: [SexCams_nl] C:\Program Files\SCom\Dialers\SexCams_nl\SexCams_nl.exe /dontdial

    O4 - HKLM\..\Run: [ozuj] C:\WINNT\ozuj.exe

    O4 - HKLM\..\Run: [QuickZip] C:\WINNT\system32\ls.exe

    O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.oyunfabrikasi.com/nl/5/060190nl.exe

    O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptem...iveSecurity.cab

    O16 - DPF: {9E1089BC-1AE8-4685-8D77-6721E5C318A8} - http://217.73.66.16/comload.dll

    O16 - DPF: {C7384A94-12AB-4798-9A63-67A9B24C993D} (Vacpro.netherland_ver2) - http://www.7adpower.com/dialer/netherland_ver2.CAB

    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://216.65.38.226/crack.CAB

    Then reboot into safe mode and delete:
    C:\Program Files\QuickPage <= entire folder
    C:\WINNT\System32\19276064.exe
    C:\Program Files\SCom\Dialers\SexCams_nl <= entire folder
    C:\WINNT\ozuj.exe
    C:\WINNT\system32\ls.exe

    Please read: https://www.wilderssecurity.com/showthread.php?t=27971 to protect yourself against these dialers.

    Regards,

    Pieter
     
  3. 4MOTION

    4MOTION Guest

    Hola other Dutchie,

    Thnx for the great help..!!

    got rid of that shite
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    My pleasure. :)

    Pieter
     
Thread Status:
Not open for further replies.