hijack this -> Quickpage

Discussion in 'adware, spyware & hijack cleaning' started by 4MOTION, Apr 16, 2004.

Thread Status:
Not open for further replies.
  1. 4MOTION

    4MOTION Guest

    Detox told me to post a hijack log since adaware and spybot can recognise it and delete it but after a reboot its back and i must say its a bit annoying
    this is the log:

    i see there are more spyware in it
    anyway thnx in advance
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,429
    Location:
    Netherlands
    Hi 4MOTION,

    Nice to see another Dutchie here. ;)

    Before you start please unzip hijackthis.exe to a folder of it´s own. The program creates backups in the folder it is in. In a Temp folder they easily disappear.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/QuickPage/Portal/portal.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/QuickPage/Portal/portal.html

    R3 - Default URLSearchHook is missing

    O4 - HKLM\..\Run: [19276064.exe] C:\WINNT\System32\19276064.exe
    O4 - HKLM\..\Run: [CIPVFMS] C:\WINNT\CIPVFMS.exe

    O4 - HKLM\..\Run: [AHNUE] C:\WINNT\AHNUE.exe
    O4 - HKLM\..\Run: [SexCams_nl] C:\Program Files\SCom\Dialers\SexCams_nl\SexCams_nl.exe /dontdial

    O4 - HKLM\..\Run: [ozuj] C:\WINNT\ozuj.exe

    O4 - HKLM\..\Run: [QuickZip] C:\WINNT\system32\ls.exe

    O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.oyunfabrikasi.com/nl/5/060190nl.exe

    O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptem...iveSecurity.cab

    O16 - DPF: {9E1089BC-1AE8-4685-8D77-6721E5C318A8} - http://217.73.66.16/comload.dll

    O16 - DPF: {C7384A94-12AB-4798-9A63-67A9B24C993D} (Vacpro.netherland_ver2) - http://www.7adpower.com/dialer/netherland_ver2.CAB

    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://216.65.38.226/crack.CAB

    Then reboot into safe mode and delete:
    C:\Program Files\QuickPage <= entire folder
    C:\WINNT\System32\19276064.exe
    C:\Program Files\SCom\Dialers\SexCams_nl <= entire folder
    C:\WINNT\ozuj.exe
    C:\WINNT\system32\ls.exe

    Please read: https://www.wilderssecurity.com/showthread.php?t=27971 to protect yourself against these dialers.

    Regards,

    Pieter
     
  3. 4MOTION

    4MOTION Guest

    Hola other Dutchie,

    Thnx for the great help..!!

    got rid of that shite
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,429
    Location:
    Netherlands
    My pleasure. :)

    Pieter
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.