My Norton say i'm infected with msku32.exe, but it can't delet it.
And an anoying background has poped up on my desktop; Warning! Your in danger..."
I have followed the instructions on http://www.geekstogo..._Log-t2852.html.
Spybot and Ad-Aware SE finds many things, but every time I restart they're all there again.
Hope someone can help me.
java script:emoticon(':help:')
------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 17:33:03, on 22.06.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\cpqalert.exe
C:\WINNT\Cpqdiag\Cpqdfwag.exe
C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Compaq\LCRMS\LCRMS.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$TPL\Binn\sqlservr.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
c:\dmi\win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\cpqdmi.exe
C:\WINNT\explorer.exe
C:\Program Files\Opera\Opera.exe
C:\WINNT\system32\ntax.exe
C:\WINNT\system32\crfw32.exe
C:\Documents and Settings\Fram\Desktop\Downloads\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\wefsf.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\wefsf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\wefsf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\wefsf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\wefsf.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\wefsf.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\wefsf.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.99:70
R3 - Default URLSearchHook is missing
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Class - {849D7683-C485-1C1F-89B3-70721F4992F0} - C:\WINNT\addbi32.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [ffis] C:\WINNT\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [crfw32.exe] C:\WINNT\system32\crfw32.exe
O4 - HKLM\..\RunOnce: [ntax.exe] C:\WINNT\system32\ntax.exe
O4 - HKCU\..\Run: [Intel system tool] C:\WINNT\system32\hookdump.exe
O4 - Global Startup: 3Com Launcher.lnk = C:\Program Files\3Com\Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: Add to Restricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINNT\system32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINNT\system32\webzone.dll
O9 - Extra button: Add to Trusted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINNT\system32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINNT\system32\webzone.dll
O9 - Extra button: Microsoft AntiSpyware helper - {509E16F1-B0FD-477A-B439-7A0CCDAF7E96} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {509E16F1-B0FD-477A-B439-7A0CCDAF7E96} - (no file) (HKCU)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fram.no
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fram.no
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fram.no
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: 3Com Wireless LAN Support (AllWirelessLansService) - 3Com Corp. - C:\Program Files\Common Files\3Com\AllWirelessLansService.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\WINNT\System32\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINNT\Cpqdiag\Cpqdfwag.exe
O23 - Service: CPQDMI - Compaq Computer Corporation - C:\WINNT\System32\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (CpqWebDmi) - Compaq Computer Corporation - C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: 3Com LAN Support (LanSupportService) - 3Com Corporation - C:\Program Files\Common Files\3Com\LanSupportService.exe
O23 - Service: Insight Manager LC Remote Management (LCRMS) - Compaq Computer Corporation - C:\Program Files\Compaq\LCRMS\LCRMS.EXE
O23 - Service: NMS Service (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Pml Driver - HP - C:\WINNT\System32\HPHipm09.exe
O23 - Service: Win32sl - Intel - c:\dmi\win32\bin\Win32sl.exe