HijackThis Log :/

Discussion in 'adware, spyware & hijack cleaning' started by newbie, Apr 24, 2004.

Thread Status:
Not open for further replies.
  1. newbie

    newbie Guest

    Hi there, I was already interrupted by the trojan/worm/whatever during my first try to post here, so to make a long story short:

    As far as I found out i got "Revop.C", "Bridge.A.2", "Dryfuca.AC.down" and "IstBar.U" on my computer.

    I already tried out "AntiVir", "BPS Spyware Remover" and "NOD32", but nothing realy fixed the problem for a longer time.

    The only effect of the trojans (?) I noticed, is that every ~60 minutes several IE windows are opened. Most of them with XXX content..

    For step 1 I used "Ad-aware 6.0".

    Thanks for any help and sorry for the bad English. :)
    *newbie

    Log:

    Logfile of HijackThis v1.97.7
    Scan saved at 19:56:08, on 24.04.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\services\wmplayer.exe
    C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
    D:\Progs\Security\Virus\AVGNT.EXE
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\Dokumente und Einstellungen\Sebi\Anwendungsdaten\smsa.exe
    D:\Progs\Security\Virus\AVGUARD.EXE
    D:\Progs\Security\Virus\AVWUPSRV.EXE
    D:\Progs\Security\NOD32\NOD32\nod32krn.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    D:\Eigene Dateien\Downloads\Progs\hijackthis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R3 - Default URLSearchHook is missing
    F1 - win.ini: run=C:\WINDOWS\System32\services\wmplayer.exe
    O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [QuickTime Task] "d:\progs\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ICQ Lite] D:\Progs\Chat\ICQLite\ICQLite.exe -minimize
    O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Progs\Brennen\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [AVGCtrl] D:\Progs\Security\Virus\AVGNT.EXE /min
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "D:\Eigene Dateien\Downloads\Treiber\SB live.\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\System32\services\wmplayer.exe
    O4 - HKLM\..\Run: [nod32kui] D:\Progs\Security\NOD32\NOD32\nod32kui.exe /WAITSERVICE
    O4 - HKCU\..\Run: [xpsystem] C:\WINDOWS\System32\services\wmplayer.exe
    O4 - HKCU\..\Run: [Anot] C:\Dokumente und Einstellungen\Sebi\Anwendungsdaten\smsa.exe
    O4 - HKCU\..\Run: [WCPS] C:\WINDOWS\System32\wintit.exe
    O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Progs\Chat\ICQLite\ICQLite.exe -trayboot
     
  2. newbie

    newbie Guest

    Sorry, forgot a part, here is the full log:

     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
    Hi newbie,

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R3 - Default URLSearchHook is missing
    F1 - win.ini: run=C:\WINDOWS\System32\services\wmplayer.exe
    O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)

    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

    O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\System32\services\wmplayer.exe

    O4 - HKCU\..\Run: [xpsystem] C:\WINDOWS\System32\services\wmplayer.exe
    O4 - HKCU\..\Run: [Anot] C:\Dokumente und Einstellungen\Sebi\Anwendungsdaten\smsa.exe
    O4 - HKCU\..\Run: [WCPS] C:\WINDOWS\System32\wintit.exe

    Then reboot into safe mode and delete:
    C:\WINDOWS\System32\services\wmplayer.exe
    C:\Dokumente und Einstellungen\Sebi\Anwendungsdaten\smsa.exe
    C:\WINDOWS\System32\wintit.exe

    Regards,

    Pieter
     
  4. newbie

    newbie Guest

    Thanks a lot Pieter, it worked. :)
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.