Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC sometimes freezes, nothing works until Reset. i Think im Infected


  • This topic is locked This topic is locked
28 replies to this topic

#1 candelaver

candelaver

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 06 November 2012 - 02:09 PM

HI,

i think my PC is infected, sometimes it freezes completly and nothing works until i reset my PC.
and my pc is since a few days very slow.

can sombody lokk over the Logs of dds, gmer ... etc.

thank you

Attached Files

  • Attached File  DDS.txt   23.74KB   6 downloads
  • Attached File  gmer.log   1.13KB   2 downloads


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:27 AM

Posted 08 November 2012 - 09:07 AM

Please run the following:

Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:27 AM

Posted 15 November 2012 - 10:00 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:27 AM

Posted 16 November 2012 - 08:57 AM

This topic has been re-opened at the request of the person who originally posted.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:27 AM

Posted 18 November 2012 - 12:21 AM

do you still need help with your machine?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 candelaver

candelaver
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 21 November 2012 - 09:44 AM

Yes, sorry for my late answer, i wasnt really fit after teh bad cold.

hera are the logs

Attached Files


Edited by candelaver, 21 November 2012 - 09:44 AM.


#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:27 AM

Posted 21 November 2012 - 06:47 PM

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

NEXT

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 candelaver

candelaver
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 27 November 2012 - 05:58 AM

ESET Online Scan is still working with a full scan since 15 Hours.

Ill report after ESET Scan is ready.

The MBAM LOG is Clear

Attached Files



#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:27 AM

Posted 27 November 2012 - 08:09 AM

yes, ESET can take a very long time sometimes

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 candelaver

candelaver
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 29 November 2012 - 06:39 AM

Here the Eset LOG
i musted start eset again, ESET takes a lot of time.

Attached Files



#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:27 AM

Posted 29 November 2012 - 07:34 AM

Note: if your E:\,F:\,G:\ and H:\ drives are external drives, make sure they are connected when you run the following script

and you need to have a good talk with your kids as to why your machine became infected and how that could have compromised your personal security.


Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Program Files (x86)\WebSite X5 v9 - Evolution\imRegister.exe	
C:\Users\Public\Downloads\WebSiteX5\wsx5_ev.exe	
E:\os_x64\bie_o10install64.exe	
E:\os_x86\bie_o10install86.exe
F:\[0000]---Schulungen---\Sprachen\TELL ME MORE [22 CDs][CN-DE-EN-FR-IT-JP-SP]\PowerISO 4.6 [Keygen].exe	
F:\[0000]---Software ---\Adobe.Creative.Suite.5.5.Master.Collection.Multilanguage-XFORCE-PLZ\X-FORCE KEYGEN\WIN\disable_activation.cmd	
F:\[0000]---Software ---\Adobe.CS5.5.Master.Collection.Multilanguage.X-FORCE.Keygen-PLZ\WIN\disable_activation.cmd	
F:\[0000]---Software ---\Adobe.Dreamweaver.CS5.5.v11.5.European.Incl.Keymaker-CORE-PLZ\Keygen\keygen.exe	
F:\[0000]---Software ---\CyberLink.YouCam.Deluxe.v4.0.0820.Multilingual.Incl.Keymaker-CORE-PLZ\keygen.exe	
F:\[0000]---Software ---\Microsoft.Office.2010.Professional.Plus.GERMAN.x86.x64.FRiENDS.ONLY-BIE\bieof10g.iso	
F:\[0000]---Software ---\WebSiteX5\wsx5_ev.exe	
F:\[0000]---Software ---\[0000]----TOOLS---\FLV Get\GetFLV.v9.0.3.3-RES-loader&.kg\GetFLV.v9.0.3.0-RES-loader.exe	a
F:\[0000]---Windows7 - Office Workstation---\[000]---Office 2010---\extract\BIE\os_x64\bie_o10install64.exe	
F:\[0000]---Windows7 - Office Workstation---\[000]---Office 2010---\extract\BIE\os_x86\bie_o10install86.exe	
G:\[000000]---DOWNLOADS---\artisteer.v3.1.0.55575.rar	
G:\[0000]---HANDY ---\Android\001\Programme\Kaspersky\KasperskyMobileSecurityv91070.apk	
G:\[0000]---XBOX360 ---\!!!!! XBOX360!!!!\!!!!! XBOX360--- Abarbeiten!!!!\r-studio6.rar	
H:\[0000]---DOWNLOADS---\11.2.00700.part1.rar	a
H:\[0000]---DOWNLOADS---\13032012_TV.rar	
H:\[0000]---DOWNLOADS---\Android_2.1.2.rar	
H:\[0000]---DOWNLOADS---\BartPE.part1.rar	
H:\[0000]---DOWNLOADS---\Corel.PDF.Fusion.v1.10.Bilingual.Incl.Keymaker-CORE.rar	
H:\[0000]---DOWNLOADS---\Corel.Website.Creator.X6.v12.50.Multilingual.Incl.Keymaker-CORE.rar	
H:\[0000]---DOWNLOADS---\die-kunst-der-list-strategeme-durchschauen-und-anwenden_downloader_165.exe	
H:\[0000]---DOWNLOADS---\Ex.Ar.v3.0.In.Ke.an.Pa-Lz0.rar	
H:\[0000]---DOWNLOADS---\Extensoft.Artisteer.v3.0.Incl.Keygen.and.Patch-Lz0.rar	
H:\[0000]---DOWNLOADS---\FritzRePass.rar	
H:\[0000]---DOWNLOADS---\hridap61pa.7z	
H:\[0000]---DOWNLOADS---\IDA_PRO_ADVANCED_EDITION.rar	
H:\[0000]---DOWNLOADS---\ixtreme_burner_max_v1.0.zip	
H:\[0000]---DOWNLOADS---\Nitro.PDF.Pro.7.0.2.8_x64.rar	
H:\[0000]---DOWNLOADS---\Nitro.PDF.Pro.7.0.2.8_x86.rar	
H:\[0000]---DOWNLOADS---\Notfall-CD-2.2 (1).zip	
H:\[0000]---DOWNLOADS---\Notfall-CD-2.2.zip	
H:\[0000]---DOWNLOADS---\password-viewer.zip	
H:\[0000]---DOWNLOADS---\SetupImgBurn_2.5.6.0.exe	
H:\[0000]---DOWNLOADS---\Sigil-0.4.2-Windows-x64-Setup.exe	
H:\[0000]---DOWNLOADS---\Teamviewer.Corporate.Edition.v7.0.12541.GERMAN.rar	
H:\[0000]---DOWNLOADS---\TMTM_2012.rar	
H:\[0000]---DOWNLOADS---\Trend_Micro_Titanium_Maximum_Security_2012.rar	
H:\[0000]---DOWNLOADS---\ubcd511(1).iso	
H:\[0000]---DOWNLOADS---\ubcd511.iso	
H:\[0000]---DOWNLOADS---\WebSiteX5.rar	
H:\[0000]---DOWNLOADS---\WeightWatchers_FlexPoints_201.zip	
H:\[0000]---DOWNLOADS---\WeightWatchers_Kursleiter_Programm-Handbuch.rar	
H:\[0000]---DOWNLOADS---\Weight_Watchers_Komplettpaket_Maerz_2010.part1.rar	
H:\[0000]---DOWNLOADS---\Windows_7_Loader_v2.1z_(x86.7 by Da	
H:\[0000]---DOWNLOADS---\!!!!\Megapack_Rare_Scripts.part1.rar	
H:\[0000]---DOWNLOADS---\XP_Home_Retail_SP3\XP_Home_Retail_SP3.iso	
H:\[0000]---DOWNLOADS---\[0000]---AUSMISTEN---\000\001\Programme\Kaspersky\KasperskyMobileSecurityv91070.apk	
H:\[0000]---DOWNLOADS---\[0000]---AUSMISTEN---\AD0B3schluesselFORwinANDmacosxBYteamXF0RC3\Adobe Creative Suite 6 Master Collection CS6 Win & Mac OS X Keygen by Team X-FORCE\xf-mccs6.zip\xfcs6.rar\Crack-Windows\disable_activation.cmd	
H:\[0000]---DOWNLOADS---\[0000]---AUSMISTEN---\Bitdefender 2012\Bit\Bit.part1.rar	
H:\[0000]---DOWNLOADS---\[0000]---AUSMISTEN---\Bitdefender 2012\Bit\bitdefender_ts_2012_64b.zip	
H:\[0000]---DOWNLOADS---\[0000]---AUSMISTEN---\C.B\Computer Bild Notfall CD 3.0 SelfRip\Computer Bild Notfall CD 3.0.iso	
H:\[0000]---DOWNLOADS---\[0000]---AUSMISTEN---\FritzRePass\FritzRePass\FritzRePass.exe	
H:\[0000]---DOWNLOADS---\[0000]---AUSMISTEN---\Microsoft\bieof10g\os_x64\bie_o10install64.exe	
H:\[0000]---DOWNLOADS---\[0000]---AUSMISTEN---\Notfall-CD-2.2\Notfall-CD-2.2.iso	
H:\[0000]---DOWNLOADS---\[0000]---AUSMISTEN---\Notfall-CD-2.2 (1)\Notfall-CD-2.2.iso	
H:\[0000]---DOWNLOADS---\[0000]---AUSMISTEN---\Office 2010 AIO\BIE\os_x64\bie_o10install64.exe	
H:\[0000]---DOWNLOADS---\[0000]---AUSMISTEN---\Office 2010 AIO\BIE\os_x86\bie_o10install86.exe	
H:\[0000]---DOWNLOADS---\[0000]---AUSMISTEN---\password-viewer\Hook.dll	
H:\[0000]---DOWNLOADS---\[0000]---AUSMISTEN---\WebSiteX5\WebSiteX5\wsx5_ev.exe
ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT



Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    DRIVES
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 candelaver

candelaver
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 02 December 2012 - 07:38 AM

Thank you CatByte,

at time, we are visiting my parents in law, we´ll be back at home on monday evening, then i´ll do run the CFscript and OTL.

Edited by candelaver, 02 December 2012 - 07:40 AM.


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:27 AM

Posted 02 December 2012 - 09:10 AM

:thumbup2:

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 candelaver

candelaver
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 06 December 2012 - 05:52 AM

Sorry CatByte,

im in stress with my Job, i must every day work longer, because there are much coworkers sick at time.
i hope that i have time at the Weekend to do the hopefully last steps to clean my pc.

thank you very much for your patience

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:27 AM

Posted 06 December 2012 - 05:11 PM

no problem, I'll keep the thread open for you

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users