HijackThis Log :/

Hi there, I was already interrupted by the trojan/worm/whatever during my first try to post here, so to make a long story short:

As far as I found out i got "Revop.C", "Bridge.A.2", "Dryfuca.AC.down" and "IstBar.U" on my computer.

I already tried out "AntiVir", "BPS Spyware Remover" and "NOD32", but nothing realy fixed the problem for a longer time.

The only effect of the trojans (?) I noticed, is that every ~60 minutes several IE windows are opened. Most of them with XXX content..

For step 1 I used "Ad-aware 6.0".

Thanks for any help and sorry for the bad English.
*newbie

Log:

Logfile of HijackThis v1.97.7
Scan saved at 19:56:08, on 24.04.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\services\wmplayer.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Progs\Security\Virus\AVGNT.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Dokumente und Einstellungen\Sebi\Anwendungsdaten\smsa.exe
D:\Progs\Security\Virus\AVGUARD.EXE
D:\Progs\Security\Virus\AVWUPSRV.EXE
D:\Progs\Security\NOD32\NOD32\nod32krn.exe
C:\WINDOWS\System32\MsPMSPSv.exe
D:\Eigene Dateien\Downloads\Progs\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - Default URLSearchHook is missing
F1 - win.ini: run=C:\WINDOWS\System32\services\wmplayer.exe
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "d:\progs\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ICQ Lite] D:\Progs\Chat\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Progs\Brennen\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVGCtrl] D:\Progs\Security\Virus\AVGNT.EXE /min
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "D:\Eigene Dateien\Downloads\Treiber\SB live.\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\System32\services\wmplayer.exe
O4 - HKLM\..\Run: [nod32kui] D:\Progs\Security\NOD32\NOD32\nod32kui.exe /WAITSERVICE
O4 - HKCU\..\Run: [xpsystem] C:\WINDOWS\System32\services\wmplayer.exe
O4 - HKCU\..\Run: [Anot] C:\Dokumente und Einstellungen\Sebi\Anwendungsdaten\smsa.exe
O4 - HKCU\..\Run: [WCPS] C:\WINDOWS\System32\wintit.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Progs\Chat\ICQLite\ICQLite.exe -trayboot

 

Sorry, forgot a part, here is the full log:

 

Hi newbie,

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R3 - Default URLSearchHook is missing
F1 - win.ini: run=C:\WINDOWS\System32\services\wmplayer.exe
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\System32\services\wmplayer.exe

O4 - HKCU\..\Run: [xpsystem] C:\WINDOWS\System32\services\wmplayer.exe
O4 - HKCU\..\Run: [Anot] C:\Dokumente und Einstellungen\Sebi\Anwendungsdaten\smsa.exe
O4 - HKCU\..\Run: [WCPS] C:\WINDOWS\System32\wintit.exe

Then reboot into safe mode and delete:
C:\WINDOWS\System32\services\wmplayer.exe
C:\Dokumente und Einstellungen\Sebi\Anwendungsdaten\smsa.exe
C:\WINDOWS\System32\wintit.exe

Regards,

Pieter

 

Thanks a lot Pieter, it worked.

 

That is good to hear.

Please read How did this happen and can I prevent it?

Regards,

Pieter