Webläsaren dör........ - PCHemma

Forum » Virusakuten » AntimalwareGuru hjälper dig! » Webläsaren dör........

Visa det senaste inlägget

Webläsaren dör........ / av ehnbjorne

Raderad Registrerad 2012-05-17 Poster: 0 Från N/A
	Rapportera #1 2010-01-24 kl 10:30
	Hej har kommit ett konstigt fel på datorn.. Webläsaren dör så fort jag ska försöka ladda ner eller öppna en länk som innehåller spyware. Har försökt att ladde ner adaware men det går inte då stänger den ner webläsaren både firefox och explore.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:33:08, on 2010-01-24Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16916)Boot mode: NormalRunning processes:C $:\$ Windows\system32\Dwm.exeC $:\$ Windows\Explo rer.EXEC $:\$ Windows\system32\taskeng.exeC $:\$ Program Files\Common Files\microsoft shared\DAO\NYDATOR-DATOR\SVCHOST.EXEC $:\$ Program Files\Java\jre6\bin\jusched.exeC $:\$ Program Files\Windows Live\Messenger\msnmsgr.exeC $:\$ Program Files\Personal\bin\Personal.exeC $:\$ Program Files\Common Files\Symantec Shared\ccSvcHst.exeC $:\$ Program Files\Mozilla Firefox\firefox.exeC $:\$ Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C $:\$ Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C $:\$ PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dllO2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C $:\$ Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dllO2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C $:\$ Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C $:\$ Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C $:\$ Program Files\Windows Live\Toolbar\wltcore.dllO3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C $:\$ Program Files\Windows Live\Toolbar\wltcore.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [ccApp] "C $:\$ Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [User Themes] C $:\$ Program Files\Common Files\microsoft shared\DAO\NYDATOR-DATOR\SVCHOST.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C $:\$ Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [QuickTime Task] "C $:\$ Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C $:\$ Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C $:\$ Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKCU\..\Run: [msnmsgr] "C $:\$ Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST&#39O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST&#39O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST&#39O4 - Global Startup: BankID säkerhetsprogram.lnk = C $:\$ Program Files\Personal\bin\Personal.exeO4 - Global Startup: Microsoft Office.lnk = C $:\$ Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xportera till Microsoft Excel - res://C $:\$ PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C $:\$ Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C $:\$ Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Betway Casino - {3063c161-2f7e-4225-ba73-08bc8f64c67e} - C $:\$ Betway\Casino\casinogame.exeO9 - Extra button: Betway.com Poker - {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - C $:\$ Betway\Poker\MPPoker.exeO9 - Extra button: Casino Classic - {02577FFA-4CA0-4C47-88C7-9CB891FE4B8E} - C $:\$ Microgaming\Casino\CasinoClassic\casinogame.exe (HKCU)O9 - Extra button: Mummys Gold Casino - {0CA711BF-6769-4A79-B876-CCADF491F69B} - C $:\$ Microgaming\Casino\MummysGoldCasino\casinogame.e xe (HKCU)O9 - Extra button: Lucky Nugget Casino - {1EB67987-0BF5-40F5-82F3-C1F72E736C3E} - C $:\$ Microgaming\Casino\LuckyNugget\casinogame.exe (HKCU)O13 - Gopher Prefix: O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/g p.cabO23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C $:\$ Windows\system32\agrsmsvc.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C $:\$ Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C $:\$ Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C $:\$ Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C $:\$ Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: LiveUpdate - Symantec Corporation - C $:\$ Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXEO23 - Service: LiveUpdate Notice - Symantec Corporation - C $:\$ Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Core LC - Unknown owner - C $:\$ PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe- -End of file - 6102 bytes

AntimalwareGuru Registrerad 2008-07-09 Poster: 595 Från N/A
	Rapportera #2 2010-01-24 kl 12:17
	Känner du till den här filen?O4 - HKLM\..\Run: [User Themes] C $:\$ Program Files\Common Files\microsoft shared\DAO\NYDATOR-DATOR\SVCHOST.exe kör filen och posta txt filen som lägger sig under C: http://support.kaspersky.com/downloads/utils/tdss killer.zip

Raderad Registrerad 2012-05-17 Poster: 0 Från N/A
	Rapportera #3 2010-01-24 kl 12:35
	Jag klickade på länken och körde progamet och sen tryckte på y. datorn startade om och problem kvarstår..

AntimalwareGuru Registrerad 2008-07-09 Poster: 595 Från N/A
	Rapportera #4 2010-01-24 kl 12:45
	du svarade inte på frågan och postade inte loggen från tdsskiller

Raderad Registrerad 2012-05-17 Poster: 0 Från N/A
	Rapportera #5 2010-01-24 kl 12:50
	jaha du mennar såå.. nej har ingen anning om den filen. 12:32:01:654 1508 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:2512:32:01:654 1508 ================================================= ===============================12:32:01:654 1508 SystemInfo:12:32:01:654 1508 OS Version: 6.0.6000 ServicePack: 0.012:32:01:654 1508 Product type: Workstation12:32:01:654 1508 ComputerName: NYDATOR-DATOR12:32:01:654 1508 UserName: NyDator12:32:01:654 1508 Windows directory: C $:\$ Windows12:32:01:654 1508 Processor architecture: Intel x8612:32:01:654 1508 Number of processors: 112:32:01:654 1508 Page size: 0x100012:32:01:722 1508 Boot type: Normal boot12:32:01:722 1508 ================================================= ===============================12:32:01:729 1508 UnloadDriverW: NtUnloadDriver error 212:32:01:729 1508 ForceUnloadDriverW: UnloadDriverW(klmd21) error 212:32:01:732 1508 MyNtCreateFileW: NtCreateFile(\??\C $:\$ Windows\system32\drivers\klmd.s ys) returned status 0000000012:32:12:959 1508 UtilityInit: KLMD drop and load success12:32:12:959 1508 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)12:32:12:959 1508 UtilityInit: KLMD open success12:32:12:959 1508 UtilityInit: Initialize success12:32:12:959 1508 12:32:12:959 1508 Scanning Services ...12:32:12:962 1508 CreateRegParser: Registry parser init started12:32:12:962 1508 CreateRegParser: DisableWow64Redirection error12:32:12:962 1508 wfopen_ex: Trying to open file C $:\$ Windows\system32\config\system12:32:12:962 1508 MyNtCreateFileW: NtCreateFile(\??\C $:\$ Windows\system32\config\system) returned status C000004312:32:12:962 1508 wfopen_ex: MyNtCreateFileW error 32 (C0000043)12:32:12:962 1508 wfopen_ex: Trying to KLMD file open12:32:12:962 1508 KLMD_CreateFileW: Trying to open file C $:\$ Windows\system32\config\system12:32:12:962 1508 wfopen_ex: File opened ok (Flags 2)12:32:12:972 1508 CreateRegParser: HIVE_ADAPTER(C $:\$ Windows\system32\config\system) init success: 130D5E812:32:12:972 1508 wfopen_ex: Trying to open file C $:\$ Windows\system32\config\software12:32:12:974 1508 MyNtCreateFileW: NtCreateFile(\??\C $:\$ Windows\system32\config\softwar e) returned status C000004312:32:12:974 1508 wfopen_ex: MyNtCreateFileW error 32 (C0000043)12:32:12:974 1508 wfopen_ex: Trying to KLMD file open12:32:12:974 1508 KLMD_CreateFileW: Trying to open file C $:\$ Windows\system32\config\software12:32:12:974 1508 wfopen_ex: File opened ok (Flags 2)12:32:12:974 1508 CreateRegParser: HIVE_ADAPTER(C $:\$ Windows\system32\config\software) init success: 130D61012:32:12:974 1508 CreateRegParser: EnableWow64Redirection error12:32:12:974 1508 CreateRegParser: RegParser init completed12:32:13:612 1508 GetAdvancedServicesInfo: Raw services enum returned 414 services12:32:13:617 1508 ScanTDL2Services: Exact detect Tdsshbecr (h: 0)12:32:13:617 1508 RegNode HKLM\SYSTEM\ControlSet001\services\Tdsshbecr infected by TDSS rootkit ... 12:32:13:619 1508 will be deleted on reboot12:32:13:619 1508 DeleteTDL2Service: SafeBoot Minimal doesn't infected12:32:13:619 1508 DeleteTDL2Service: SafeBoot Network doesn't infected12:32:13:637 1508 RegNode HKLM\SYSTEM\ControlSet003\services\Tdsshbecr infected by TDSS rootkit ... 12:32:13:639 1508 will be deleted on reboot12:32:13:657 1508 DeleteTDL2Service: SafeBoot Minimal doesn't infected12:32:13:659 1508 DeleteTDL2Service: SafeBoot Network doesn't infected12:32:13:659 1508 File C $:\$ Windows\system32\DRIVERS\shbecr.sys infected by TDSS rootkit ... 12:32:13:659 1508 will be deleted on reboot12:32:13:659 1508 ScanTDL2Services: DeleteEvilService(Tdsshbecr) success12:32:13:662 1508 fclose_ex: Trying to close file C $:\$ Windows\system32\config\system12:32:13:667 1508 fclose_ex: Trying to close file C $:\$ Windows\system32\config\software12:32:13:667 1508 12:32:13:667 1508 Scanning Kernel memory ...12:32:13:669 1508 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk12:32:13:669 1508 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 841CD14812:32:13:669 1508 DetectCureTDL3: KLMD_GetDeviceObjectList returned 1 DevObjects12:32:13:669 1508 12:32:13:669 1508 DetectCureTDL3: DEVICE_OBJECT: 841EC51012:32:13:669 1508 KLMD_GetLowerDeviceObject: Trying to get lower device object for 841EC51012:32:13:669 1508 DetectCureTDL3: DEVICE_OBJECT: 840BFBB012:32:13:669 1508 KLMD_GetLowerDeviceObject: Trying to get lower device object for 840BFBB012:32:13:669 1508 KLMD_ReadMem: Trying to ReadMemory 0x840BFBB0[0x38]12:32:13:669 1508 DetectCureTDL3: DRIVER_OBJECT: 840ADBE812:32:13:669 1508 KLMD_ReadMem: Trying to ReadMemory 0x840ADBE8[0xA8]12:32:13:669 1508 KLMD_ReadMem: Trying to ReadMemory 0x840C5040[0x1A]12:32:13:669 1508 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi12:32:13:669 1508 DetectCureTDL3: IrpHandler (0) addr: 840451F812:32:13:669 1508 DetectCureTDL3: IrpHandler (1) addr: 8181D1D912:32:13:669 1508 DetectCureTDL3: IrpHandler (2) addr: 840451F812:32:13:669 1508 DetectCureTDL3: IrpHandler (3) addr: 8181D1D912:32:13:669 1508 DetectCureTDL3: IrpHandler (4) addr: 8181D1D912:32:13:669 1508 DetectCureTDL3: IrpHandler (5) addr: 8181D1D912:32:13:669 1508 DetectCureTDL3: IrpHandler (6) addr: 8181D1D912:32:13:669 1508 DetectCureTDL3: IrpHandler (7) addr: 8181D1D912:32:13:669 1508 DetectCureTDL3: IrpHandler ( addr: 8181D1D912:32:13:669 1508 DetectCureTDL3: IrpHandler (9) addr: 8181D1D912:32:13:669 1508 DetectCureTDL3: IrpHandler (10) addr: 8181D1D912:32:13:669 1508 DetectCureTDL3: IrpHandler (11) addr: 8181D1D912:32:13:669 1508 DetectCureTDL3: IrpHandler (12) addr: 8181D1D912:32:13:669 1508 DetectCureTDL3: IrpHandler (13) addr: 8181D1D912:32:13:669 1508 DetectCureTDL3: IrpHandler (14) addr: 840451F812:32:13:669 1508 DetectCureTDL3: IrpHandler (15) addr: 840451F812:32:13:669 1508 DetectCureTDL3: IrpHandler (16) addr: 8181D1D912:32:13:669 1508 DetectCureTDL3: IrpHandler (17) addr: 8181D1D912:32:13:669 1508 DetectCureTDL3: IrpHandler (1 addr: 8181D1D912:32:13:669 1508 DetectCureTDL3: IrpHandler (19) addr: 8181D1D912:32:13:669 1508 DetectCureTDL3: IrpHandler (20) addr: 8181D1D912:32:13:669 1508 DetectCureTDL3: IrpHandler (21) addr: 8181D1D912:32:13:669 1508 DetectCureTDL3: IrpHandler (22) addr: 840451F812:32:13:669 1508 DetectCureTDL3: IrpHandler (23) addr: 840451F812:32:13:669 1508 DetectCureTDL3: IrpHandler (24) addr: 8181D1D912:32:13:669 1508 DetectCureTDL3: IrpHandler (25) addr: 8181D1D912:32:13:669 1508 DetectCureTDL3: IrpHandler (26) addr: 8181D1D912:32:13:669 1508 TDL3_FileDetect: Processing driver: atapi12:32:13:669 1508 TDL3_FileDetect: Processing driver file: C $:\$ Windows\system32\drivers\atapi.sys12:32:13:669 1508 KLMD_CreateFileW: Trying to open file C $:\$ Windows\system32\drivers\atapi.sys12:32:13:682 1508 TDL3_FileDetect: C $:\$ Windows\system32\drivers\atapi.sys - Verdict: Clean12:32:13:682 1508 UtilityBootReinit: Reboot required for cure complete..12:32:13:684 1508 MyNtCreateFileW: NtCreateFile(\??\C $:\$ Windows\system32\drivers\klmdb. sys) returned status 0000000012:32:13:697 1508 UtilityBootReinit: KLMD drop success12:32:13:697 1508 KLMD_ApplyPendList: Pending buffer(5EFB_6044, 424) dropped successfully12:32:13:697 1508 UtilityBootReinit: Cure on reboot scheduled successfully12:32:13:697 1508 12:32:13:697 1508 Completed12:32:13:699 1508 12:32:13:699 1508 Results:12:32:13:699 1508 Memory objects infected / cured / cured on reboot: 0 / 0 / 012:32:13:699 1508 Registry objects infected / cured / cured on reboot: 2 / 0 / 212:32:13:699 1508 File objects infected / cured / cured on reboot: 1 / 0 / 112:32:13:699 1508 12:32:13:712 1508 MyNtCreateFileW: NtCreateFile(\??\C $:\$ Windows\system32\drivers\klmd.s ys) returned status 0000000012:32:13:712 1508 UtilityDeinit: KLMD(ARK) unloaded successfully

AntimalwareGuru Registrerad 2008-07-09 Poster: 595 Från N/A
	Rapportera #6 2010-01-24 kl 13:28
	då rootkitet är borta borde browsern funka men skicka upp den här filen till fuskbugg.se, posta länken ditC $:\$ Program Files\Common Files\microsoft shared\DAO\NYDATOR-DATOR\SVCHOST.exe se om du kan installera detta program, gör en snabb scan. ta bort det som hittas och posta den loggen som visas då http://www.softpedia.com/progDownload/Malwarebyte s-Anti-Malware-Download-81598.html

Inte inloggad

Logga in Bli medlem

Läs mer

Senaste
Mest läst
Mest kommenterat

Programtips: Apple Safari 5.1.7 (programtips)
Programtips: Tweetdeck 1.4 (programtips)
LG:s första 4G-telefon med HD... (nyheter)
Programtips: Evernote 4.5.6 (programtips)
Programtips: Snapseed 1.1 (programtips)
HP storsatsar med 20 nya datorer (nyheter)
Stänger Microsoft ute Firefox... (nyheter)
Motorola Xoom 2 är här (artiklar)
Lenovo-datorer i miniformat (nyheter)
Dell satsar på Linux - igen (nyheter)

Kom in i diskussionen

Detta innehåll är skapat av PC Hemmas besökare

Test: HP Officejet 4500

1 kommentar

andy1n2: 695 kr är priset denna vecka i vår butik i lilla Köping

Forum

Detta innehåll är skapat av PC Hemmas medlemmar.

hittar inte andra datorer och min NAS i... (Nätverk)
Fick bra hjälp med datorproblem i Göteborg (Öppet forum)
Facebook - Hur gör man för att gå ur? (Övrigt)
Produktnyckel tll XP?? (Windows 95/98/Me/XP/Vista)
Grafikkort Sony Vaio (Grafik och ljud)
Skulle någon hjälpa mig bygga en gaming pc? (Datorer)
Irriterande!!!! Hjälp! (Datorer)
Registret (Öppet forum)
Trådlöst med Telia (Nätverk)
Datorn strular (Datorer)

Tester

Senaste
Mest läst
Mest kommenterat

Test: Intel Core i7-3770K
2012-04-24 20:54
Test: Samsung Galaxy SII LTE I9210
2012-04-23 18:47
Test: Western digital My Book Live duo
2012-04-19 09:36
Test: Compulab Fit-PC3-PRO W7
2012-04-18 13:26
Test: LaCie 5 Big Network V2
2012-04-12 14:46

Artikelkommentarer

Test: HP Officejet 4500
2012-05-11 10:15 Tester 1 kommentarer
Installera en webbkamera
2012-04-30 19:04 Guider 5 kommentarer
Pixma iP4950 - ny fotoskrivare från Canon
2012-04-25 21:03 Nyheter 2 kommentarer
Test: Asus P8Z68-V LX
2012-04-13 13:41 Tester 3 kommentarer
Sony avråder från Android 4
2012-04-07 11:23 Nyheter 9 kommentarer
Test: Apple Ipad
2012-04-06 21:32 Tester 4 kommentarer

© Egmont Tidskrifter