|
Spyware File Details O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe Last Detected: 4/20/2007 8:38:00 AM Found on 29 PCs. Users with this object complained of the following: "Poppups all over the place, can't see where they're coming from. PC is slow." "popups" "popups, strange icons on my desktop" "maleware and spy ware" "lot of viruses" PCs containing this item also contained the following spyware: F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\kernels64.exe (More Details) F3 - REG:win.ini: run=C:\WINDOWS\inet20001\winlogon.exe (More Details) O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20001\3.00.13.dll (More Details) O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\system32\zolker011.dll (More Details) O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\system32\ztoolb011.dll (More Details) O3 - Toolbar: ZToolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\system32\ztoolb011.dll (More Details) O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels64.exe (More Details) O4 - HKLM\..\Run: [SystemLoader] C:\WINDOWS\sysldr32.exe (More Details) O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20001\winlogon.exe (More Details) O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\priva.exe internat.dll,LoadMouseCarpetProfile (More Details) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\MIEKIE~1\LOCALS~1\Temp\se.dll/space.html (More Details) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank (More Details) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank (More Details) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\lbfmh.dll/sp.html#10001%resultposition.net (More Details) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\MIEKIE~1\LOCALS~1\Temp\se.dll/space.html (More Details) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank (More Details) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank (More Details) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank (More Details) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank (More Details) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank (More Details) R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen (More Details) O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\System32\intell32.exe (More Details) O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe (More Details) O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe (More Details) O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll (file missing) (More Details) O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll (More Details) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com (More Details) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = (More Details) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = (More Details) R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost (More Details) O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hpE1B5.tmp (More Details) O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file) (More Details) O3 - Toolbar: CM Band - {159C2E51-9823-11D2-8DDC-D84A1B4ACD4D} - C:\Program Files\Crystalys media\cm.dll (More Details) O4 - HKLM\..\Run: [abu] abu.exe (More Details) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html (More Details) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html (More Details) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html (More Details) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html (More Details) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html (More Details) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html (More Details) F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe" (More Details) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx (More Details) O4 - HKLM\..\Run: [RealPlayer Ath Check] rnathchk.exe (More Details) O4 - HKLM\..\Run: [WINTASK] taskgmr.exe (More Details) Back to Spyware List |
||||||
| About HijackRemote | Recently Slayed Spyware | Message Board | Contact Us | ||||||
| HijackRemote ©2005 (Terms of Service) Privacy Policy | ||||||
