|
Spyware File Details R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens Last Detected: 1/25/2006 8:20:00 AM Found on 9 PCs. Users with this object complained of the following: "ZLT00eff.TMP" ""Your computer is infected!" bubble is constantly showing, there is some popups. The program Spyaxe is downloaded without permission" "spyware" "ttttt" PCs containing this item also contained the following spyware: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.free.fr/search/ (More Details) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.free.fr/ (More Details) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/ (More Details) R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens (More Details) O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/ (More Details) O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab (More Details) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab (More Details) O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab (More Details) O17 - HKLM\System\CCS\Services\Tcpip\..\{7F3A2385-9DB8-4456-8064-75A73A4F8091}: NameServer = 85.255.115.98,85.255.112.107 (More Details) O17 - HKLM\System\CCS\Services\Tcpip\..\{DD46F84C-8204-4796-8EB4-960F6EEAF168}: NameServer = 85.255.115.98,85.255.112.107 (More Details) O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hpCE6B.tmp (More Details) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) (More Details) O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h (More Details) O4 - HKLM\..\RunOnce: [isDeleteMe] "C:\WINDOWS\system32\cmd.exe" /c "C:\DOCUME~1\PURE\LOCALS~1\Temp\isDel.bat" (More Details) O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm (More Details) O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm (More Details) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing) (More Details) O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing) (More Details) R3 - URLSearchHook: (no name) - {4D3311A9-441D-1689-6244-93A0DCFAAE0D} - ___.dll (file missing) (More Details) O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\tbtsh.dll (More Details) O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\tbtsh.dll (More Details) O4 - HKLM\..\Run: [zxc] 321102.exe (More Details) O4 - HKLM\..\Run: [_ctcp] DCC_send.exe (More Details) O4 - HKLM\..\Run: [hgqhp.exe] C:\WINDOWS\system32\hgqhp.exe (More Details) O4 - HKCU\..\Run: [desktop] C:\WINDOWS\system32\idemlog.exe (More Details) O4 - HKCU\..\Run: [EXE32EXE] _ctcp.exe (More Details) O4 - HKCU\..\Run: [LOPTCON] keybdll.exe (More Details) O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\System32\hp3D65.tmp (More Details) O15 - Trusted Zone: http://*.billingnow.com (More Details) O15 - Trusted Zone: http://*.reliablestats.com (More Details) O15 - Trusted Zone: http://*.winantispyware.com (More Details) O15 - Trusted Zone: http://*.winantivirus.com (More Details) O15 - Trusted Zone: http://*.winantiviruspro.com (More Details) O15 - Trusted Zone: *.winfixer.com (More Details) O15 - Trusted Zone: http://*.winfixer.com (More Details) Back to Spyware List |
||||||
| About HijackRemote | Recently Slayed Spyware | Message Board | Contact Us | ||||||
| HijackRemote ©2005 (Terms of Service) | ||||||
