AVG har "måske" fundet virus

... der skal nok være mere end det...

Rul proceduren her:
http://www.eksperten.dk/artikler/954

(Ikke nødvendigvis mig der følger op...)

Hey!
Her er lige Dr.web:
Jeg smutter hjemad nu, og skal flytte i weekenden, så resten bliver først lavet mandag morgen...

Scan statistics

Objects scanned: 105809
Infected objects found: 1
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 3
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 1
Objects renamed: 0
Objects moved: 0
Objects ignored: 1
Scan speed: 266 Kb/s
Scan time: 00:59:12


C:\System Volume Information\_restore{6F07178B-FB11-4671-86FB-BEB1C6059632}\RP153\A0082522.#ll - deleted
C:\System Volume Information\_restore{6F07178B-FB11-4671-86FB-BEB1C6059632}\RP153\A0082529.#ll - deleted
C:\System Volume Information\_restore{6F07178B-FB11-4671-86FB-BEB1C6059632}\RP153\A0082530.#ll - deleted


Total session statistics

Objects scanned: 106335
Infected objects found: 1
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 3
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 4
Objects renamed: 0
Objects moved: 0
Objects ignored: 1
Scan speed: 284 Kb/s
Scan time: 00:59:42

SUPERAntiSpyware Scan Log
Generated 06/19/2006 at 09:03 AM

Core Rules Database Version : 2983
Trace Rules Database Version: 1075

Memory threats detected  : 0
Registry threats detected : 0
File threats detected    : 17

Adware.Tracking Cookie
    C:\Documents and Settings\Lasse Meik Nielsen\Cookies\lasse meik nielsen@netstats[2].txt
    C:\Documents and Settings\Lasse Meik Nielsen\Cookies\lasse meik nielsen@track.adform[1].txt
    C:\Documents and Settings\Lasse Meik Nielsen\Cookies\lasse meik nielsen@ad1.emediate[1].txt
    C:\Documents and Settings\Lasse Meik Nielsen\Cookies\lasse meik nielsen@stat.postdanmark[1].txt
    C:\Documents and Settings\Lasse Meik Nielsen\Cookies\lasse meik nielsen@ads.arto[1].txt
    C:\Documents and Settings\Lasse Meik Nielsen\Cookies\lasse meik nielsen@adserver.banneradministration[2].txt
    C:\Documents and Settings\Lasse Meik Nielsen\Cookies\lasse meik nielsen@m1.webstats4u[1].txt
    C:\Documents and Settings\Lasse Meik Nielsen\Cookies\lasse meik nielsen@ad.yieldmanager[1].txt
    C:\Documents and Settings\Lasse Meik Nielsen\Cookies\lasse meik nielsen@adfair[1].txt
    C:\Documents and Settings\Lasse Meik Nielsen\Cookies\lasse meik nielsen@stats.adbrite[1].txt
    C:\Documents and Settings\Lasse Meik Nielsen\Cookies\lasse meik nielsen@ad.adtoma[1].txt
    C:\Documents and Settings\Lasse Meik Nielsen\Cookies\lasse meik nielsen@86118602[1].txt
    C:\Documents and Settings\Lasse Meik Nielsen\Cookies\lasse meik nielsen@revsci[2].txt
    C:\Documents and Settings\Lasse Meik Nielsen\Cookies\lasse meik nielsen@server.iad.liveperson[1].txt
    C:\Documents and Settings\Lasse Meik Nielsen\Cookies\lasse meik nielsen@e2.emediate[1].txt
    C:\Documents and Settings\Lasse Meik Nielsen\Cookies\lasse meik nielsen@www.dotbanner[2].txt
    C:\Documents and Settings\Lasse Meik Nielsen\Cookies\lasse meik nielsen@adserv.muchosucko[2].txt





Logfile of HijackThis v1.99.1
Scan saved at 09:34:25, on 19-06-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Sygate\SPF\smc.exe
C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\pctspk.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Microsoft ActiveSync\wcescomm.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Microsoft Office\Office\WINWORD.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.business.aau.dk/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Opret Foretrukken på mobil enhed - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på mobil enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav Indstillinger - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/support/plugins/ebraryRdr.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (Adobe Form Control) - http://www.kps.dk/Codebase/FormCtl.cab
O16 - DPF: {1469FF24-47F6-11D2-8805-006008C537E3} (Adobe Mail Control) - http://www.kps.dk/codebase/ffmail.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129109943423
O16 - DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} (Adobe Signature Object) - http://www.kps.dk/codebase/jfsignature.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1459E5C-7F68-4676-9865-1986BD5AF740} (DigiCom Control) - http://www.edocdigisign.dk/install/digicom.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {AD90E8D1-3B47-11D2-A696-00A0C996A6DD} (jfCryptoSignature Class) - http://www.kps.dk/codebase/jfcrypto.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} (Adobe Script Object) - http://www.kps.dk/codebase/scriptobject.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} (Adobe Soft Font Installer) - http://www.kps.dk/codebase/fontinstaller.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by110fd.bay110.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SABWinLogon - C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Programmer\iPod\bin\iPodService.exe (file missing)
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Programmer\VeriSign\NAVI\naviagent.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Programmer\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmer\Sygate\SPF\smc.exe

Har du stadig problemer med "..."Downloader.Tibs" og ligger i c:\\windows\sc.exe
..." ???

Jeps. AVG bliver ved med at komme op med en popup om at der er virus i den...

Så må du manuelt 'æde'/slette denne windows\sc.exe med
http://www.it-knowlegde.dk/kan_ikke_slette_fil.html

Okay, men det er ikke en fil der bliver brugt af windows? Så ville det jo være lidt træls at slette den... ;-)

Anyone? Nogle der kender den fil der hedder windows\sc.exe?
Er det en windows fil der er inficeret eller blot en virus der har lagt sig i windows?

Den kan både være god og dårlig. Prøv at uploade den til scanning her http://virusscan.jotti.org/ Er det skidt, så prøv at slette den i fejlsikret tilstand

Hmm... den siger at den fil jeg prøver at uploade fylder 0 kb., så nu har jeg prøvet at slette den. Hvad skal jeg så gøre nu? Scanne med AVG igen?

Det vil da være en god ide. Du kan også lige tjekke efter med denne scanner:

Hent denne scanner, men vent med at scanne.

http://www.spywareinfo.dk/download/mwav.exe

Sæt flueben i følgende:
Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende:
All local drives og Scan all files.

Tip: du skal ikke klikke på Add to Startup folders så scannes din maskine hver gang du starter Windows op.

Så trykker du på Scan Clean. Den skanner nu, og det kan godt vare ret længe.


Når den er færdig, så klikker du i vinduet "Virus log information". Tryk så Ctrl+A, så er det markeret. Tryk så Ctrl+C, så er det kopieret til udklipsholder. Sæt det ind i et stykke notesblok,og kopier det her ind bagefter.

Okay dokay, det prøver jeg lige

Jeg mangler vist at lægge et svar her.
Det virkede at fjerne den manuelt, og der er ikke kommet noget nyt siden da. Så tak for hjælpen!

Læg et svar, så kommer points'ne flyvende!

Velbekomme

Jeg afventer lige dr1's svar, så får i begge points.

Ping...

(Det var et [svar]...)