Virus? Noe står og blinker ved klokken...

strikkepinne · 15. oktober 2006

Vet ikke helt hva vi skal gjøre med dataen.

Det er en advarsel som blinker ved klokken som sier vi har "critical error" på pc'en.

Får opp forskjellige virus og spyware som pc'en sier er problemet, "cyberlog-x"

Har prøvd denne fremgangsmåten uten særlig hell. (er ikke meg som er trådstarter)

Har pmmon.exe og PMSNGR.exe i prosesslisten....

Kan noen hjelpe meg? :cry:

Brian · 15. oktober 2006

prøv å last ned et spyware program og se om det fjerner problemet. anbefaler spyware doctor.

norbat · 15. oktober 2006

Du kan legge ut en logg fra HijackThis. Last ned HijackThis

Var det også slik at du har kjør programmet SmitFraudFix?

strikkepinne · 15. oktober 2006

Her er hijackthis loggen: :hmm:

Logfile of HijackThis v1.99.1

Scan saved at 17:47:07, on 15.10.2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\HQVideoCodec\pmsngr.exe

C:\Program Files\HQVideoCodec\pmmon.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Astrid\Desktop\Nedlastet\HijackThis(2).exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - C:\Program

Files\HQVideoCodec\isaddon.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Plugin Install] C:\Program Files\QuickTime\Plugins\DeleteMe1.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [adwarealert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe"

/minimized

O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto

O4 - HKCU\..\Run: [More 01] C:\DOCUME~1\Astrid\APPLIC~1\BATLIC~1\wma axis.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"

AcRdB7_0_5 -reboot 1

O4 - HKCU\..\Run: [spyTrooper] C:\Program Files\SpyTrooper\SpyTrooper.exe

O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) -

http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) -

http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -

http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {5CF549B1-E178-4D8C-ADEF-73F226644F12} - http://designer.room328.com/app/WebVDSetUp.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A0F3DE0D-9308-4650-82A0-53F0C17D7D65} (Web2D Control) -

http://designer.room328.com/app/WebVD.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -

http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program

Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program

Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec

AntiVirus\Rtvscan.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. -

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Kjørte programmet SmitRem men skjønte ikke helt hva jeg skulle gjøre så det var litt mislykket..... :blush:

norbat · 15. oktober 2006

Last ned SAS. Installer og oppdater

Last ned CCleaner

Kjør HJT og fjern:

O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - C:\Program

Files\HQVideoCodec\isaddon.dll

Sørg for å vise alle skjulte filer og mapper (mappealternativ i kontrollpanel. Fanearket "Vis".

Slett (I bold):

C:\Program Files\HQVideoCodec\pmsngr.exe

C:\Program Files\HQVideoCodec\pmmon.exe

Kjør CCleaner og rensk

Start i Sikker modus (tapp f8 under oppstart) og kjør en full scan med SAS

Legg ut en ny HJT

(ang. Smitfraufix: i mappen er det en fil som heter Smitfraudfix.cmd som du kan dobbeltklikke på for å kjøre fixen)

(PS. Du bør vurdere å slette Kazaa)

Endret 15. oktober 2006 av norbat

strikkepinne · 15. oktober 2006

Ok jeg hopper i arbeidet og skal gjøre alt du skriver.

Ang Kazaa så lastet jeg ned "dritet" for ett år siden og har prøvd å slette det like lenge. (får det altså ikke til...)

Legger ut en ny logg så fort som mulig.

Takker og bukker

strikkepinne · 15. oktober 2006

Sørg for å vise alle skjulte filer og mapper (mappealternativ i kontrollpanel. Fanearket "Vis".

Slett (I bold):

C:\Program Files\HQVideoCodec\pmsngr.exe

C:\Program Files\HQVideoCodec\pmmon.exe

7075595[/snapback]

Disse filene går ikke ann å slette.

"Cannot delete files: Access denied

Make sure that the disk is not full or write-protected and that the file is not currently in use. "

(du mente at jeg skulle finne filene manuelt og slette de sant?) Hva gjør jeg nå?

norbat · 15. oktober 2006

Bare kjør på. Se om du får tatt dem når du er i Sikke modus.

Evt. kan du bruke Killbox

strikkepinne · 15. oktober 2006

Har nå kjørt sas i safe mode og her er en rykende fersk logg:

Logfile of HijackThis v1.99.1

Scan saved at 20:18:44, on 15.10.2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Documents and Settings\Astrid\Desktop\Nedlastet\HijackThis.exe