superseg dator!

[Cistar]

Hejsan!

Har fått hjälp här innan och hoppas det ska gå lika bra igen. Min arbetskamrat gav mig sin dator för att fixa internet problem, vilket jag lyckats åtgärda. Problemet nu är att datorn är nog bla det segaste jag varit med om. Försökte scanna igenom med Norton men av ngn anledning så stannade scanningen av.

Hoppas ngn här kan ha lite ideer o tips.

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:40:22, on 2008-11-22

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program\Analog Devices\SoundMAX\Smax4.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\Program\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program\Delade filer\GtFlashSwitch\GtFlashSwitch.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\Program\Windows Live\Messenger\usnsvc.exe

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225119004835

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227354780718

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre/6u10-b92-b/jinstall-6u10-windows-i586-jc.cab?e=1227364722764&h=a7dc95fd2d00af3ebb15931f84ec5e99/&filename=jinstall-6u10-windows-i586-jc.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Norton Internet Security\comHost.exe

O23 - Service: GtFlashSwitch - OptionNV - C:\Program\Delade filer\GtFlashSwitch\GtFlashSwitch.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program\Delade filer\Symantec Shared\Support Controls\ssrc.exe

 

--

End of file - 8970 bytes

[/log]

 

[Cecilia]

Jag ser inget skadligt i loggen, men allt syns inte i en HijackThis-logg, så kör en online-skanning och ett antispionprogram också, se http://ceblstockholm.googlepages.com/home för länkar.

 

Här finns lite tips till en seg dator:

http://www.castlecops.com/t175258-Slow_Computer_Check_here_first_it_may_not_be_malware.html

 

 

[euacarp]

 

Har ni kollat minnet i datorn?

Om det är för lite minne så kan datorn bli seg

 

 

[Cistar]

Verkar ha fått datorn i någorlunda form nu iallafall, har följt råden i länkarna. Det verkar som om det stora problemet ändå var ram-minnet i datorn som endast är 256... Men efter en del strul med byte av virusprogram från norton (som verkar äta hur mkt kraft som helst) blev jag tvungen att göra en systemåterställning o då funkade det ännu bättre. Hur som helst så hittade Avast 31 träffar när jag scannade igenom win32:Trojan gen hette de flesta, så nu har jag återigen gjort onlinescans o dyl. Postar för säkerhetsskull en ny hijacklog bara för att vara på den säkrare sidan. Om allt fortfarande verkar ok där så får jag tacka för hjälpen ännu en gång!

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:11:19, on 2008-11-24

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Alwil Software\Avast4\aswUpdSv.exe

C:\Program\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program\Analog Devices\SoundMAX\Smax4.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\Program\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\GtFlashSwitch\GtFlashSwitch.exe

C:\Program\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Alwil Software\Avast4\ashMaiSv.exe

C:\Program\Alwil Software\Avast4\ashWebSv.exe

C:\Program\Windows Live\Messenger\usnsvc.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225119004835

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: GtFlashSwitch - OptionNV - C:\Program\Delade filer\GtFlashSwitch\GtFlashSwitch.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 5467 bytes

[/log]

 

[Cecilia]

Ja, köra XP med bara 256 MB RAM är väl inget att rekommendera precis.

 

Kör Nortons städprogram för att få bort lite rester:

http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

 

Jag såg inget skadligt i den förra loggen, men allt syns inte i en HijackThis-logg. Kan du kolla i någon logg eller karantän i Avast vad för filer den hittade som var infekterade och i vilka mappar de låg?

 

 

[Cistar]

japp här kommer den.

[log]11/24/2008 09:11

Scan of all local drives

 

File C:\Documents and Settings\Data\Lokala inställningar\Temp\cymudip.exe is infected by Win32:Trojan-gen {Other}, Deleted

File C:\Documents and Settings\Data\Lokala inställningar\Temp\gmyfa.exe is infected by Win32:Trojan-gen {Other}, Deleted

File C:\Documents and Settings\Data\Lokala inställningar\Temp\vilsf.exe is infected by Win32:Trojan-gen {Other}, Deleted

File C:\Documents and Settings\Data\Lokala inställningar\Temp\vlkol.exe is infected by Win32:Trojan-gen {Other}, Deleted

File C:\Documents and Settings\Data\Lokala inställningar\Temp\_A00F31D7C.exe is infected by Win32:Trojan-gen {Other}, Deleted

File C:\Documents and Settings\Data\Lokala inställningar\Temp\_A00F395AFB.exe is infected by Win32:Trojan-gen {Other}, Deleted

File C:\Documents and Settings\Data\Lokala inställningar\Temp\_A00F3C6DB.exe is infected by Win32:Trojan-gen {Other}, Deleted

File C:\Documents and Settings\Data\Lokala inställningar\Temp\_A00F406F1.exe is infected by Win32:Trojan-gen {Other}, Deleted

File C:\Documents and Settings\Data\Lokala inställningar\Temporary Internet Files\Content.IE5\JFYM0CSJ\spi[1].exe is infected by Win32:Trojan-gen {Other}, Deleted

File C:\System Volume Information\_restore{9F7A0282-D6EF-4AFF-812C-20BF8CA78031}\RP201\A0014292.exe is infected by Win32:Trojan-gen {Other}, Deleted

File C:\System Volume Information\_restore{9F7A0282-D6EF-4AFF-812C-20BF8CA78031}\RP202\A0014325.exe is infected by Win32:Trojan-gen {Other}, Deleted

File C:\System Volume Information\_restore{9F7A0282-D6EF-4AFF-812C-20BF8CA78031}\RP206\A0014433.exe is infected by Win32:Trojan-gen {Other}, Deleted

File C:\System Volume Information\_restore{CB4DD3BD-6DD6-472C-9A58-36F9DE80778A}\RP35\A0005467.exe is infected by Win32:Trojan-gen {Other}, Deleted

File C:\System Volume Information\_restore{CB4DD3BD-6DD6-472C-9A58-36F9DE80778A}\RP35\A0005468.exe is infected by Win32:Trojan-gen {Other}, Deleted

File C:\System Volume Information\_restore{CB4DD3BD-6DD6-472C-9A58-36F9DE80778A}\RP35\A0005469.exe is infected by Win32:Trojan-gen {Other}, Deleted

File C:\System Volume Information\_restore{CB4DD3BD-6DD6-472C-9A58-36F9DE80778A}\RP35\A0005470.exe is infected by Win32:Trojan-gen {Other}, Deleted

File C:\System Volume Information\_restore{CB4DD3BD-6DD6-472C-9A58-36F9DE80778A}\RP35\A0005471.exe is infected by Win32:Trojan-gen {Other}, Deleted

File C:\System Volume Information\_restore{CB4DD3BD-6DD6-472C-9A58-36F9DE80778A}\RP36\A0005651.exe is infected by Win32:Trojan-gen {Other}, Deleted

File C:\System Volume Information\_restore{CB4DD3BD-6DD6-472C-9A58-36F9DE80778A}\RP36\A0005652.exe is infected by Win32:Trojan-gen {Other}, Deleted

File C:\System Volume Information\_restore{CB4DD3BD-6DD6-472C-9A58-36F9DE80778A}\RP36\A0005653.exe is infected by Win32:Trojan-gen {Other}, Deleted

File C:\System Volume Information\_restore{CB4DD3BD-6DD6-472C-9A58-36F9DE80778A}\RP36\A0005654.exe is infected by Win32:Trojan-gen {Other}, Deleted

File C:\System Volume Information\_restore{CB4DD3BD-6DD6-472C-9A58-36F9DE80778A}\RP42\A0016549.exe is infected by Win32:Trojan-gen {Other}, Deleted

File C:\System Volume Information\_restore{CB4DD3BD-6DD6-472C-9A58-36F9DE80778A}\RP42\A0016550.exe is infected by Win32:Trojan-gen {Other}, Deleted

File C:\System Volume Information\_restore{CB4DD3BD-6DD6-472C-9A58-36F9DE80778A}\RP42\A0016551.exe is infected by Win32:Trojan-gen {Other}, Deleted

File C:\System Volume Information\_restore{CB4DD3BD-6DD6-472C-9A58-36F9DE80778A}\RP42\A0016552.exe is infected by Win32:Trojan-gen {Other}, Deleted

File C:\System Volume Information\_restore{CB4DD3BD-6DD6-472C-9A58-36F9DE80778A}\RP42\A0016553.exe is infected by Win32:Trojan-gen {Other}, Deleted

File C:\System Volume Information\_restore{CB4DD3BD-6DD6-472C-9A58-36F9DE80778A}\RP42\A0016554.exe is infected by Win32:Trojan-gen {Other}, Deleted

File C:\System Volume Information\_restore{CB4DD3BD-6DD6-472C-9A58-36F9DE80778A}\RP42\A0016555.exe is infected by Win32:Trojan-gen {Other}, Deleted

File C:\System Volume Information\_restore{CB4DD3BD-6DD6-472C-9A58-36F9DE80778A}\RP42\A0016556.exe is infected by Win32:Trojan-gen {Other}, Deleted

File C:\System Volume Information\_restore{CB4DD3BD-6DD6-472C-9A58-36F9DE80778A}\RP42\A0016557.exe is infected by Win32:Trojan-gen {Other}, Deleted

File C:\System Volume Information\_restore{CB4DD3BD-6DD6-472C-9A58-36F9DE80778A}\RP7\A0000896.exe is infected by Win32:DCom-F [Expl], Deleted

Number of searched folders: 5417

Number of tested files: 211183

Number of infected files: 31[/log]

 

[Cecilia]

File C:\Documents and Settings\Data\Lokala inställningar\Temporary Internet Files\Content.IE5\JFYM0CSJ\spi[1].exe is infected by Win32:Trojan-gen {Other}, Deleted

Du får vara försiktigare med vart du surfar.

 

Töm mappen C:\Documents and Settings\Data\Lokala inställningar\Temp så gott det går.

 

Ta bort tillfälliga internet-filer:

Kontrollpanelen - Internet-alternativ - Allmänt - Ta bort - Ta bort filer - OK

 

Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://projects.securitywonks.net/projects/details.php?file=158

Dubbelklicka på mbam-setup för att installera programmet.

 

[log]Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar .[/log]

 

[Cistar]

Den hittade inget mer.

[log]Malwarebytes' Anti-Malware 1.30

Databasversion: 1419

Windows 5.1.2600 Service Pack 3

 

2008-11-24 18:07:19

mbam-log-2008-11-24 (18-07-19).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 54974

Förfluten tid: 5 minute(s), 50 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

[/log]

 

[Cecilia]

Det verkar ju bra. Verkar datorn vara mer normal nu, med hänsyn till att det är väl lite RAM-minne.

 

MSN Messenger startar automatiskt, om MSN inte används jämnt så kan man stänga av autostarten i MSNs inställningar.

 

[Cistar]

Ja absolut det är stor skillnad! Nu börjar man inte "gråta" så fort man klickat på ngt. Ska lämna datorn till henne idag så få vi se vad hon säger, känns som om jag gjort vad jag kan göra. Tack för hjälpen =)