AntiSpyKit, VirusRanger, NetProject, VirusHeat, System tray popups, sysvol32.dll, MalwareCore

startseite Gastbuch Kontakt
AntiSpyKit
AntiSpyKit, VirusRanger

AntiSpyKit, VirusRanger, NetProject, VirusHeat, System tray popups, sysvol32.dll, MalwareCore

VirusRanger/AntiSpyKit Removal:

AntiSpyKit - VirusRanger - NetProject - SpyWorm.win32 - Warnung - System tray popups

rogue spyware removal program







HijackThis

O2 - BHO: Sysem Player - {861EA552-6309-490A-AC97-1F574E730CF1} - C:\WINDOWS\sysvol32.dll
O2 - BHO: Sysem Player - {2AE4C401-AAC4-4F41-9665-1EC88C3BDD7D} - C:\WINDOWS\sysvol32.dll


Combofix

C:\Programme\VirusHeat 4.3
2008-02-22 21:00 . 2008-02-23 01:10 DIR d-------- C:\Programme\VirusRanger
2008-02-22 18:30 . 2008-02-22 19:22 DIR d-------- C:\Programme\AntiSpyKit 5.3
2008-02-21 23:27 . 2008-02-21 23:27 DIR d-------- C:\Programme\NetProject
2008-02-26 10:04 . 2008-02-26 10:14 DIR d-------- C:\Programme\MalwareCore 7.4
2008-02-26 10:24 . 2008-02-26 10:53 DIR d-------- C:\Programme\Free Spyware Scanner

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirusRanger"="C:\Programme\VirusRanger\VirusRanger.exe" [ ] 



KILLALL::

Registry:: 
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\VirusRanger]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VirusRanger]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirusRanger"=-

File::
C:\Dokumente und Einstellungen\%Username%\Favoriten\Online Security Test.url
C:\WINXP\sysvol32.dll
C:\WINDOWS\sysvol32.dll 
C:\WINDOWS\wininit.ini

Folder::
C:\Dokumente und Einstellungen\%Username%\Startmenü\Programme\VirusRanger
C:\Programme\NetProject
C:\Programme\VirusRanger
C:\Programme\AntiSpyKit 5.3
C:\Programme\VirusHeat 4.3 
C:\Programme\MalwareCore 7.4




C:\WINXP\wininit.ini

[rename]
c:\tempjunk5664.tmp=C:\Dokumente und Einstellungen\D\Startmenü\Programme\VirusRanger\VirusRanger v3.6.0 Un-Installer.lnk
nul=c:\tempjunk7343.tmp
c:\tempjunk4937.tmp=C:\Dokumente und Einstellungen\D\Startmenü\Programme\VirusRanger\VirusRanger v3.6.0 Website.lnk
c:\tempjunk3242.tmp=C:\Dokumente und Einstellungen\D\Startmenü\Programme\VirusRanger\VirusRanger v3.6.0.lnk
c:\tempjunk7343.tmp=C:\Programme\VirusRanger\Languages\english.ini









Valid HTML 4.01 Ranking-Hits