Mededeling

Collapse
No announcement yet.

"Hotoffers.info" hijack verpest surfplezier

Collapse
X
Collapse
  •  
  • Page of 1
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    "Hotoffers.info" hijack verpest surfplezier

    Tijdens een avondje surfen, uiteraard op een 'verkeerde' site terecht gekomen. Na deze surfervaring ook een hijack ervaring rijker, want vanaf toen opent periodiek de pagina hotoffers.info zich zelf. Heel irritant! Ook de startpagina is deze site geworden.
    Veranderen gaat niet! Ook allemogelijke spy en adware erop los gelaten maar nix helpt vooralsnog. De hijacker blijft mijn computer hijacken.

    Kunnen jullie helpen ???????? Ik hoop het......

    Hier mijn Hijack-this log:
    Logfile of HijackThis v1.99.0
    Scan saved at 23:55:47, on 4-1-05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MDM.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\VPEXRT.EXE
    C:\WINDOWS\ANVSHELL.EXE
    C:\PROGRAM FILES\HP CD-WRITER\DIRECTCD\DIRECTCD.EXE
    C:\PROGRAM FILES\HP CD-WRITER\MMENU\HPCDTRAY.EXE
    C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
    C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\INTERNET\ZONEALARM\ZLCLIENT.EXE
    C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\E-COLOR\TRUE INTERNET COLOR\TICICON.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\LOGITECH\WINGMAN SOFTWARE\LWEMON.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\HIJACK\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/a0002/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/a0002
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - Default URLSearchHook is missing
    F1 - win.ini: run=hpfsched
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk 99\register.exe
    O4 - HKLM\..\Run: [anvshell] anvshell.exe
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
    O4 - HKLM\..\Run: [PowerQuest Startup Utility] C:\Program Files\PowerQuest\PartitionMagic4 Pro\UTILITY\MMOVER32\PQINIT.EXE
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NORTON~1\VPTRAY.EXE
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\internet\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\NORTON~1\RTVSCN95.EXE
    O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\NORTON~1\DEFWATCH.EXE
    O4 - HKLM\..\RunServices: [minilog] C:\WINDOWS\SYSTEM\ZoneLabs\MINILOG.EXE -service
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\WingMan Software\Lwtest.exe" /detect /quiet /launch "C:\Program Files\Logitech\WingMan Software\LwEmon.exe /noui"
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
    O4 - HKCU\..\RunServices: [Start WingMan Profiler] "C:\Program Files\Logitech\WingMan Software\Lwtest.exe" /detect /quiet /launch "C:\Program Files\Logitech\WingMan Software\LwEmon.exe /noui"
    O4 - HKCU\..\RunServices: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
    O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
    O4 - Startup: SonnReg.lnk = C:\Program Files\E-Color\Registration\SonnReg.exe
    O4 - Startup: 3Deep.lnk = C:\Program Files\E-Color\3Deep\3Deepctl.exe
    O4 - Startup: True Internet Color Icon.lnk = C:\Program Files\E-Color\True Internet Color\TICIcon.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O12 - Plugin for .211/voorinzagekwaliteitskaart/PdfServlet?odk_id=40574: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.nl
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://asp03.photoprintit.de/microsite/8/defaults/activex/XUpload.ocx
    O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
    O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
    Labels: Geen
      • Citaat
    • #2
      Hoi Daan,

      1. Start HijackThis, en vink onderstaande regels aan:

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/a0002/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/a0002

      R3 - Default URLSearchHook is missing[/QUOTE]

      2. Sluit alle andere vensters en browsers, en klik op de knop “Fix Checked”.

      3. Start opnieuw op, maak een nieuw logje aan, en post dat hier
        • Citaat

        Comment

        • #3
          H@ans bedankt voor je hulp zover....

          Hijack hotoffers.info is hardnekkig want na het uitvoeren van je opdrachten vertoont de computer mijn inziens nog dezelfde keuren.

          Hier het log:
          Logfile of HijackThis v1.99.0
          Scan saved at 20:17:13, on 7-1-05
          Platform: Windows 98 SE (Win9x 4.10.2222A)
          MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

          Running processes:
          C:\WINDOWS\SYSTEM\KERNEL32.DLL
          C:\WINDOWS\SYSTEM\MSGSRV32.EXE
          C:\WINDOWS\SYSTEM\MPREXE.EXE
          C:\WINDOWS\SYSTEM\MDM.EXE
          C:\WINDOWS\SYSTEM\MSTASK.EXE
          C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
          C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
          C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
          C:\WINDOWS\SYSTEM\mmtask.tsk
          C:\WINDOWS\EXPLORER.EXE
          C:\WINDOWS\TASKMON.EXE
          C:\WINDOWS\SYSTEM\SYSTRAY.EXE
          C:\PROGRAM FILES\NORTON ANTIVIRUS\VPEXRT.EXE
          C:\WINDOWS\ANVSHELL.EXE
          C:\PROGRAM FILES\HP CD-WRITER\DIRECTCD\DIRECTCD.EXE
          C:\PROGRAM FILES\HP CD-WRITER\MMENU\HPCDTRAY.EXE
          C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
          C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
          C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
          C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
          C:\WINDOWS\LOADQM.EXE
          C:\WINDOWS\SYSTEM\QTTASK.EXE
          C:\WINDOWS\SYSTEM\STIMON.EXE
          C:\INTERNET\ZONEALARM\ZLCLIENT.EXE
          C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
          C:\WINDOWS\SYSTEM\DDHELP.EXE
          C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
          C:\PROGRAM FILES\E-COLOR\TRUE INTERNET COLOR\TICICON.EXE
          C:\WINDOWS\SYSTEM\WMIEXE.EXE
          C:\PROGRAM FILES\LOGITECH\WINGMAN SOFTWARE\LWEMON.EXE
          C:\WINDOWS\SYSTEM\PSTORES.EXE
          C:\HIJACK\HIJACKTHIS.EXE

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/a0002/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.nl
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/a0002
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          F1 - win.ini: run=hpfsched
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
          O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
          O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
          O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
          O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk 99\register.exe
          O4 - HKLM\..\Run: [anvshell] anvshell.exe
          O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.EXE
          O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
          O4 - HKLM\..\Run: [PowerQuest Startup Utility] C:\Program Files\PowerQuest\PartitionMagic4 Pro\UTILITY\MMOVER32\PQINIT.EXE
          O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
          O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
          O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NORTON~1\VPTRAY.EXE
          O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
          O4 - HKLM\..\Run: [LoadQM] loadqm.exe
          O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
          O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
          O4 - HKLM\..\Run: [Zone Labs Client] "C:\internet\ZoneAlarm\zlclient.exe"
          O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
          O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
          O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
          O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\NORTON~1\RTVSCN95.EXE
          O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\NORTON~1\DEFWATCH.EXE
          O4 - HKLM\..\RunServices: [minilog] C:\WINDOWS\SYSTEM\ZoneLabs\MINILOG.EXE -service
          O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
          O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\WingMan Software\Lwtest.exe" /detect /quiet /launch "C:\Program Files\Logitech\WingMan Software\LwEmon.exe /noui"
          O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
          O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
          O4 - Startup: SonnReg.lnk = C:\Program Files\E-Color\Registration\SonnReg.exe
          O4 - Startup: 3Deep.lnk = C:\Program Files\E-Color\3Deep\3Deepctl.exe
          O4 - Startup: True Internet Color Icon.lnk = C:\Program Files\E-Color\True Internet Color\TICIcon.exe
          O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
          O12 - Plugin for .211/voorinzagekwaliteitskaart/PdfServlet?odk_id=40574: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
          O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.nl
          O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://asp03.photoprintit.de/microsite/8/defaults/activex/XUpload.ocx
          O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
          O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
          O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab

          Ik blijf hopen op jullie expertise. Succes ik wacht rustig af........
            • Citaat

            Comment

            • #4
              Fix deze twee regels terwijl je in veilige modus zit:

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/a0002/
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/a0002
              Start opnieuw op in normale modus, en laat me weten of ze verdwenen zijn of niet
                • Citaat

                Comment

                • #5
                  H@ns,

                  Helaas ze zijn niet verdwenen. Hier mijn log......

                  Ik hoop dat het je gaat lukken.

                  Gr. Daan

                  Logfile of HijackThis v1.99.0
                  Scan saved at 19:10:08, on 9-1-05
                  Platform: Windows 98 SE (Win9x 4.10.2222A)
                  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                  Running processes:
                  C:\WINDOWS\SYSTEM\KERNEL32.DLL
                  C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                  C:\WINDOWS\SYSTEM\MPREXE.EXE
                  C:\WINDOWS\SYSTEM\MDM.EXE
                  C:\WINDOWS\SYSTEM\MSTASK.EXE
                  C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
                  C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
                  C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
                  C:\WINDOWS\SYSTEM\mmtask.tsk
                  C:\WINDOWS\EXPLORER.EXE
                  C:\WINDOWS\TASKMON.EXE
                  C:\PROGRAM FILES\NORTON ANTIVIRUS\VPEXRT.EXE
                  C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                  C:\WINDOWS\ANVSHELL.EXE
                  C:\PROGRAM FILES\HP CD-WRITER\DIRECTCD\DIRECTCD.EXE
                  C:\PROGRAM FILES\HP CD-WRITER\MMENU\HPCDTRAY.EXE
                  C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
                  C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
                  C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
                  C:\WINDOWS\LOADQM.EXE
                  C:\WINDOWS\SYSTEM\QTTASK.EXE
                  C:\WINDOWS\SYSTEM\STIMON.EXE
                  C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
                  C:\INTERNET\ZONEALARM\ZLCLIENT.EXE
                  C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
                  C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
                  C:\WINDOWS\SYSTEM\DDHELP.EXE
                  C:\PROGRAM FILES\E-COLOR\TRUE INTERNET COLOR\TICICON.EXE
                  C:\WINDOWS\SYSTEM\WMIEXE.EXE
                  C:\PROGRAM FILES\LOGITECH\WINGMAN SOFTWARE\LWEMON.EXE
                  C:\WINDOWS\SYSTEM\PSTORES.EXE
                  C:\HIJACK\HIJACKTHIS.EXE

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/a0002/
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.nl
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/a0002
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  F1 - win.ini: run=hpfsched
                  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
                  O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
                  O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
                  O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                  O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk 99\register.exe
                  O4 - HKLM\..\Run: [anvshell] anvshell.exe
                  O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.EXE
                  O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
                  O4 - HKLM\..\Run: [PowerQuest Startup Utility] C:\Program Files\PowerQuest\PartitionMagic4 Pro\UTILITY\MMOVER32\PQINIT.EXE
                  O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
                  O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
                  O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NORTON~1\VPTRAY.EXE
                  O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
                  O4 - HKLM\..\Run: [LoadQM] loadqm.exe
                  O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
                  O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
                  O4 - HKLM\..\Run: [Zone Labs Client] "C:\internet\ZoneAlarm\zlclient.exe"
                  O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
                  O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
                  O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
                  O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\NORTON~1\RTVSCN95.EXE
                  O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\NORTON~1\DEFWATCH.EXE
                  O4 - HKLM\..\RunServices: [minilog] C:\WINDOWS\SYSTEM\ZoneLabs\MINILOG.EXE -service
                  O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
                  O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\WingMan Software\Lwtest.exe" /detect /quiet /launch "C:\Program Files\Logitech\WingMan Software\LwEmon.exe /noui"
                  O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
                  O4 - HKCU\..\RunServices: [Start WingMan Profiler] "C:\Program Files\Logitech\WingMan Software\Lwtest.exe" /detect /quiet /launch "C:\Program Files\Logitech\WingMan Software\LwEmon.exe /noui"
                  O4 - HKCU\..\RunServices: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
                  O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
                  O4 - Startup: SonnReg.lnk = C:\Program Files\E-Color\Registration\SonnReg.exe
                  O4 - Startup: 3Deep.lnk = C:\Program Files\E-Color\3Deep\3Deepctl.exe
                  O4 - Startup: True Internet Color Icon.lnk = C:\Program Files\E-Color\True Internet Color\TICIcon.exe
                  O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
                  O12 - Plugin for .211/voorinzagekwaliteitskaart/PdfServlet?odk_id=40574: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
                  O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.nl
                  O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://asp03.photoprintit.de/microsite/8/defaults/activex/XUpload.ocx
                  O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
                  O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
                  O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
                    • Citaat

                    Comment

                    • #6
                      [Mod edit]bericht verwijderd zie hier onder.[/Mod edit]
                      Last edited by Crash; 27-01-05, 11:29. Reden: Niet bevoegd hier te antwoorden.
                        • Citaat

                        Comment

                        • #7
                          @pedorie,

                          Welkom op ASO.

                          Ik heb je bericht verwijderd.
                          Reden;
                          Je mag hier alleen antwoorden als je daar bevoegd voor bent.
                          Lees deze topic door:
                          Mensen die logs willen oplossen --> lees dit <--klik.
                          Dan snap je waarom dit verwijderd is.
                          Grtz Lex.

                          Kijk ook even naar ==> de huisregels <==, dit kan zeer verhelderend werken.
                          Moederbord / Processor; Gigabyte GA-X58 Extreme / Core i7 920 2,66GHz @3,67GHz.
                          Koeler; Thermal right 120 Ultra Extreme met Sharkoon 120x120x25mm fan.
                          Geheugen / Harddisks; Dominator GT 6GB 1600MHz in Triple-channel / OCZ Agility 2 60GB (SSD), OCZ Agility 2 120GB (SSD).
                          Videokaarten / Monitoren; 2x Club3d GTX460 Overclocked Edition in SLI / 2x Samsung 2253BW (22 inch).
                          Branders; Plextor 820SA.
                          Speakers; Logitech z5500.
                          Toetsenbord / Muis; Logitech G15 / G5.
                            • Citaat

                            Comment

                            • #8
                              Hotoffer.info 'zelf' opgelost

                              Ik ben zelf ook verder op onderzoek gegaan hoe het vervelende hotoffer.info te verwijderen. Ik heb het volgende gevonden en uitgevoerd EN het is gelukt. Het hotoffer.info is uitgeschakeld. Mogelijk doen andere ook hier hun voordeel mee.

                              DJDaan.

                              Re-boot & press F8 when machine starts. Then select "Safe mode with command prompt"

                              Now time to kill the demon. It is called 'systr.dll'

                              Look in C:\windows\system32... do you see a file named systr.dll there?

                              If so, rename it to systr.old.

                              Scan with HijackThis and tick the following:

                              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/a0002/
                              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\about.htm

                              O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
                              O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

                              O16 - DPF: {11010101-1001-1111-1000-110112345678} -
                              O16 - DPF: {11120607-1001-1111-1000-110199901123} -

                              Close all other windows and click "fix".

                              Reboot and give it a test drive... did the hijack return??
                              To keep you protected in the future, clear out your Temporary internet files and other temp files.
                              Go to Start > Settings > Control Panel >Internet Options.
                              Under the General tab click the Delete temporary internet files,
                              delete all Offline content as well. Clear out Cookies.

                              Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.

                              Empty/delete the entire contents of the C:\Windows\temp folder and C:\temp folder, if you have one. (Contents but not the folder itself.)

                              This one too if Win2K or XP.
                              C:\Documents and Settings\username\Local Settings\Temp\

                              Empty the Recycle Bin.

                              Succes
                                • Citaat

                                Comment

                                • #9
                                  Fijn dat het probleem opgelost is!
                                    • Citaat

                                    Comment

                                    Vorige template Volgende
                                    Sorry, you are not authorized to view this page
                                    Working...
                                    X
                                    😀
                                    🥰
                                    🤢
                                    😎
                                    😡
                                    👍
                                    👎