Jump to content

Highjack.Regedit - Can


Recommended Posts

I think I got a serious Problem with some thing named "Highjack.Regedit" since 02.01.2009. Malwarebytes free edition finds it and tries to delete it, but after the reboot the damn thing is coming back. Access to my regedit is disabled by myself, but this "Highjack.Regedit" is always resetting this option and adds the following entry to my registry:

"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools"

after Malwarebytes scan this message is in the log:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

But after the reboot it`s back again, so how can I get rid of it?

Link to post
Share on other sites

PANDA LOG:

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2009-01-04 17:21:00

PROTECTIONS: 1

MALWARE: 1

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

Zone Alarm Security Suite 7.0.462.000 No No

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

03074964 Trj/CI.A Virus/Trojan No 0 No No C:\Program Files\jdownloader\tools\reconnect\phael curl reconnect\progs.cab[printip.exe]

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description

;===============================================================================

================================================================================

=

===================

184380 MEDIUM MS08-002

184379 MEDIUM MS08-001

182048 HIGH MS07-069

182046 HIGH MS07-067

182043 HIGH MS07-064

179553 HIGH MS07-061

176382 HIGH MS07-057

176383 HIGH MS07-058

170911 HIGH MS07-050

170907 HIGH MS07-046

170906 HIGH MS07-045

170904 HIGH MS07-043

164915 HIGH MS07-035

164913 HIGH MS07-033

164911 HIGH MS07-031

160623 HIGH MS07-027

157262 HIGH MS07-022

157261 HIGH MS07-021

157260 HIGH MS07-020

157259 HIGH MS07-019

156477 HIGH MS07-017

150253 HIGH MS07-016

150249 HIGH MS07-013

150248 HIGH MS07-012

150247 HIGH MS07-011

150243 HIGH MS07-008

150242 HIGH MS07-007

150241 MEDIUM MS07-006

141034 HIGH MS06-076

141033 MEDIUM MS06-075

141030 HIGH MS06-072

137571 HIGH MS06-070

137568 HIGH MS06-067

133387 MEDIUM MS06-065

133386 MEDIUM MS06-064

133385 MEDIUM MS06-063

133379 HIGH MS06-057

131654 HIGH MS06-055

129977 MEDIUM MS06-053

129976 MEDIUM MS06-052

126093 HIGH MS06-051

126092 MEDIUM MS06-050

126087 HIGH MS06-046

126086 MEDIUM MS06-045

126083 HIGH MS06-042

126082 HIGH MS06-041

126081 HIGH MS06-040

123421 HIGH MS06-036

123420 HIGH MS06-035

120825 MEDIUM MS06-032

120823 MEDIUM MS06-030

120818 HIGH MS06-025

120815 HIGH MS06-022

120814 HIGH MS06-021

117384 MEDIUM MS06-018

114666 HIGH MS06-015

108744 MEDIUM MS06-008

108743 MEDIUM MS06-007

108742 MEDIUM MS06-006

104567 HIGH MS06-002

104237 HIGH MS06-001

96574 HIGH MS05-053

93395 HIGH MS05-051

93394 HIGH MS05-050

93454 MEDIUM MS05-049

;===============================================================================

================================================================================

=

===================

Link to post
Share on other sites

HIJACKTHIS Log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:48:39, on 04.01.2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\Program Files\Miranda IM\miranda32.exe

C:\Program Files\Java\jre1.6.0_07\launch4j-tmp\JDownloader.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: An vorhandene PDF-Datei anf

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.