Jump to content

CaptainCamper

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

 Content Type 

Posts posted by CaptainCamper

    Highjack.Regedit - Can

    in General Windows PC Help

    Posted

    HIJACKTHIS Log

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 15:48:39, on 04.01.2009

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\IoctlSvc.exe

    C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\WINDOWS\stsystra.exe

    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

    C:\WINDOWS\system32\RunDLL32.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

    C:\Program Files\Miranda IM\miranda32.exe

    C:\Program Files\Java\jre1.6.0_07\launch4j-tmp\JDownloader.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\Winamp\winamp.exe

    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll

    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

    O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

    O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O8 - Extra context menu item: An vorhandene PDF-Datei anf

    Highjack.Regedit - Can

    in General Windows PC Help

    Posted

    PANDA LOG:

    ;*******************************************************************************

    ********************************************************************************

    *

    *******************

    ANALYSIS: 2009-01-04 17:21:00

    PROTECTIONS: 1

    MALWARE: 1

    SUSPECTS: 0

    ;*******************************************************************************

    ********************************************************************************

    *

    *******************

    PROTECTIONS

    Description Version Active Updated

    ;===============================================================================

    ================================================================================

    =

    ===================

    Zone Alarm Security Suite 7.0.462.000 No No

    ;===============================================================================

    ================================================================================

    =

    ===================

    MALWARE

    Id Description Type Active Severity Disinfectable Disinfected Location

    ;===============================================================================

    ================================================================================

    =

    ===================

    03074964 Trj/CI.A Virus/Trojan No 0 No No C:\Program Files\jdownloader\tools\reconnect\phael curl reconnect\progs.cab[printip.exe]

    ;===============================================================================

    ================================================================================

    =

    ===================

    SUSPECTS

    Sent Location

    ;===============================================================================

    ================================================================================

    =

    ===================

    ;===============================================================================

    ================================================================================

    =

    ===================

    VULNERABILITIES

    Id Severity Description

    ;===============================================================================

    ================================================================================

    =

    ===================

    184380 MEDIUM MS08-002

    184379 MEDIUM MS08-001

    182048 HIGH MS07-069

    182046 HIGH MS07-067

    182043 HIGH MS07-064

    179553 HIGH MS07-061

    176382 HIGH MS07-057

    176383 HIGH MS07-058

    170911 HIGH MS07-050

    170907 HIGH MS07-046

    170906 HIGH MS07-045

    170904 HIGH MS07-043

    164915 HIGH MS07-035

    164913 HIGH MS07-033

    164911 HIGH MS07-031

    160623 HIGH MS07-027

    157262 HIGH MS07-022

    157261 HIGH MS07-021

    157260 HIGH MS07-020

    157259 HIGH MS07-019

    156477 HIGH MS07-017

    150253 HIGH MS07-016

    150249 HIGH MS07-013

    150248 HIGH MS07-012

    150247 HIGH MS07-011

    150243 HIGH MS07-008

    150242 HIGH MS07-007

    150241 MEDIUM MS07-006

    141034 HIGH MS06-076

    141033 MEDIUM MS06-075

    141030 HIGH MS06-072

    137571 HIGH MS06-070

    137568 HIGH MS06-067

    133387 MEDIUM MS06-065

    133386 MEDIUM MS06-064

    133385 MEDIUM MS06-063

    133379 HIGH MS06-057

    131654 HIGH MS06-055

    129977 MEDIUM MS06-053

    129976 MEDIUM MS06-052

    126093 HIGH MS06-051

    126092 MEDIUM MS06-050

    126087 HIGH MS06-046

    126086 MEDIUM MS06-045

    126083 HIGH MS06-042

    126082 HIGH MS06-041

    126081 HIGH MS06-040

    123421 HIGH MS06-036

    123420 HIGH MS06-035

    120825 MEDIUM MS06-032

    120823 MEDIUM MS06-030

    120818 HIGH MS06-025

    120815 HIGH MS06-022

    120814 HIGH MS06-021

    117384 MEDIUM MS06-018

    114666 HIGH MS06-015

    108744 MEDIUM MS06-008

    108743 MEDIUM MS06-007

    108742 MEDIUM MS06-006

    104567 HIGH MS06-002

    104237 HIGH MS06-001

    96574 HIGH MS05-053

    93395 HIGH MS05-051

    93394 HIGH MS05-050

    93454 MEDIUM MS05-049

    ;===============================================================================

    ================================================================================

    =

    ===================

    Highjack.Regedit - Can

    in General Windows PC Help

    Posted

    I think I got a serious Problem with some thing named "Highjack.Regedit" since 02.01.2009. Malwarebytes free edition finds it and tries to delete it, but after the reboot the damn thing is coming back. Access to my regedit is disabled by myself, but this "Highjack.Regedit" is always resetting this option and adds the following entry to my registry:

    "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools"

    after Malwarebytes scan this message is in the log:

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    But after the reboot it`s back again, so how can I get rid of it?

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.