Re: Please! analyze my Log
34 views
Skip to first unread message
Roger Karlsson
Apr 17, 2013, 4:28:31 AM4/17/13
to freefix...@googlegroups.com
Hello,
I see you got some potentially unwanted software there. Although I'm not
100% they were installed by the "Moshe Karaso" installer, I think the
following items should be deleted:
AppInit_DLLs
--> c:\archiv~1\browse~1\sprote~1.dll
--> c:\archiv~1\websea~1\sprote~1.dll
Browser Helper Objects (3 whitelisted)
--> {AD17171C-F80C-8590-7A92-40BDABB5B7BC}, Browusue2suave, C:\Documents
and Settings\All Users\Datos de programa\Browusue2suave\51685fe901747.dll
--> {CF16ED36-A6ED-D4B2-086B-6D288FE4A257}, Searochh-NuewaTaab,
C:\Documents and Settings\All Users\Datos de
programa\Searochh-NuewaTaab\5168604050ff7.dll
Basic Internet Explorer settings
--> HKCU\..\Main, Start Page =
http://websearch.pu-results.info/?pid=724&r=2013/04/12&hid=200187137&lg=EN&cc=CL
--> HKLM\..\Main, Start Page =
http://websearch.pu-results.info/?pid=724&r=2013/04/12&hid=200187137&lg=EN&cc=CL
Recently created/modified files (10 whitelisted)
--> c:\Documents and Settings\All Users\Datos de
programa\Searochh-NuewaTaab\5168604050ff7.dll
--> c:\Documents and Settings\All Users\Datos de
programa\Browusue2suave\51685fe901747.dll
--> c:\Documents and Settings\All Users\Datos de
programa\Searochh-NuewaTaab\uninstall.exe
--> c:\Documents and Settings\Administrador\Configuración local\Archivos
temporales de
Internet\Content.IE5\APJ3AGC5\search_defender_alternate_166[1].exe
--> c:\Documents and Settings\Administrador\Configuración local\Archivos
temporales de Internet\Content.IE5\SS64VCKW\search_defender_166[1].exe
--> c:\Documents and Settings\All Users\Datos de
programa\Browusue2suave\uninstall.exe
Please delete these items with FreeFixer and restart your machine.
Please post a new log and I'll have a look at it to see if anything
unwanted remains.
/Roger
On 2013-04-14 00:02, mmatemat...@gmail.com wrote:
> I have recent downloaded some "Moshe Karaso" Viruses from a torrent
> (http://secure-the-internet.org/?p=48#comment-96) <--( more info) ,
> and i installed the Installer and now i want to remove it but i dont
> know how to analyze my log please tell me if there is something wrong
> i am from southamerica , i have some issues tipying it , but i
> understand it 100%
>
> FreeFixer v1.04 log
> http://www.freefixer.com/
> Operating system: Windows XP Service Pack 3
> Log dated 2013-04-13 17:58
>
>
> Winlogon Notify (10 whitelisted)
> WgaLogon, WgaLogon.dll (file is missing)
>
> AppInit_DLLs
> c:\archiv~1\browse~1\sprote~1.dll
> c:\archiv~1\websea~1\sprote~1.dll
>
> Browser Helper Objects (3 whitelisted)
> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}, Java(tm) Plug-In SSV Helper,
> C:\Archivos de programa\Java\jre7\bin\ssv.dll
> {AD17171C-F80C-8590-7A92-40BDABB5B7BC}, Browusue2suave, C:\Documents
> and Settings\All Users\Datos de programa\Browusue2suave\51685fe901747.dll
> {CF16ED36-A6ED-D4B2-086B-6D288FE4A257}, Searochh-NuewaTaab,
> C:\Documents and Settings\All Users\Datos de
> programa\Searochh-NuewaTaab\5168604050ff7.dll
> {DBC80044-A445-435b-BC74-9C25C1C588A9}, Java(tm) Plug-In 2 SSV Helper,
> C:\Archivos de programa\Java\jre7\bin\jp2ssv.dll
>
> Internet Explorer extensions
> HKLM\..\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> HKLM\..\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49} - Enviar a
> OneNote
> HKLM\..\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - Research
> HKLM\..\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} -
>
> Basic Internet Explorer settings
> HKCU\..\Main, Start Page =
> http://websearch.pu-results.info/?pid=724&r=2013/04/12&hid=200187137&lg=EN&cc=CL
> HKLM\..\Main, Start Page =
> http://websearch.pu-results.info/?pid=724&r=2013/04/12&hid=200187137&lg=EN&cc=CL
> HKCU\..\Desktop\General, Wallpaper = C:\Documents and
> Settings\Administrador\Configuración local\Datos de
> programa\Microsoft\Wallpaper1.bmp
>
> Registry Startups (5 whitelisted)
> HKLM\..\Run, SunJavaUpdateSched = "C:\Archivos de programa\Archivos
> comunes\Java\Java Update\jusched.exe"
> HKLM\..\Run, B2C_AGENT = C:\Documents and Settings\All Users\Datos de
> programa\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
> HKLM\..\RunOnceEx, TITLE = Finalizando La Instalacion (file is missing)
> HKCU\..\Run, Facebook Update = "C:\Documents and
> Settings\Administrador\Configuración local\Datos de
> programa\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
>
> Processes (23 whitelisted)
> C:\Archivos de programa\Java\jre7\bin\jqs.exe
> C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
> C:\Documents and Settings\All Users\Datos de
> programa\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
> C:\Archivos de programa\FreeFixer\freefixer.exe
>
> Services (35 whitelisted)
> JavaQuickStarterService, Java Quick Starter, c:\archivos de
> programa\java\jre7\bin\jqs.exe
>
> Explorer.exe Modules (113 whitelisted)
> C:\WINDOWS\system32\MSVCR71.dll
> C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
>
> Recently created/modified files (10 whitelisted)
> 51 minutes, c:\WINDOWS\Temp\~nsu.tmp\Au_.exe
> 21 hours, c:\Documents and Settings\Administrador\Mis
> documentos\Descargas\freefixersetup.exe
> 22 hours, c:\WINDOWS\Temp\ohaAhQVE.exe.part
> 1 day, c:\Documents and Settings\All Users\Datos de
> programa\Searochh-NuewaTaab\5168604050ff7.dll
> 1 day, c:\Documents and Settings\All Users\Datos de
> programa\Browusue2suave\51685fe901747.dll
> 1 day, c:\Documents and Settings\All Users\Datos de
> programa\Searochh-NuewaTaab\uninstall.exe
> 1 day,
> c:\WINDOWS\Temp\{858C2A49-2BD3-40EE-A205-63F15E6F08BF}\x64\regsvr32.exe
> 1 day,
> c:\WINDOWS\Temp\{858C2A49-2BD3-40EE-A205-63F15E6F08BF}\x86\regsvr32.exe
> 1 day, c:\Documents and Settings\All Users\Datos de
> programa\InstallMate\{858C2A49-2BD3-40EE-A205-63F15E6F08BF}\TsuDll.dll
> 1 day, c:\Documents and Settings\All Users\Datos de
> programa\InstallMate\{858C2A49-2BD3-40EE-A205-63F15E6F08BF}\Setup.exe
> 1 day, c:\Documents and Settings\All Users\Datos de
> programa\InstallMate\{858C2A49-2BD3-40EE-A205-63F15E6F08BF}\Custom.dll
> 1 day, c:\Documents and Settings\All Users\Datos de
> programa\InstallMate\{858C2A49-2BD3-40EE-A205-63F15E6F08BF}\_Setup.dll
> 1 day, c:\Documents and Settings\Administrador\Configuración
> local\Archivos temporales de
> Internet\Content.IE5\RYOWAJMJ\5168604069f6c[1].exe
> 1 day, c:\Documents and Settings\Administrador\Configuración
> local\Archivos temporales de
> Internet\Content.IE5\APJ3AGC5\search_defender_alternate_166[1].exe
> 1 day, c:\Documents and Settings\Administrador\Configuración
> local\Archivos temporales de
> Internet\Content.IE5\SS64VCKW\search_defender_166[1].exe
> 1 day, c:\Documents and Settings\All Users\Datos de
> programa\Browusue2suave\uninstall.exe
> 1 day, c:\Documents and Settings\Administrador\Configuración
> local\Archivos temporales de
> Internet\Content.IE5\RYOWAJMJ\51685fe91ad72[1].exe
> 1 day, c:\RECYCLER\S-1-5-21-1993962763-839522115-1343024091-500\Dc2.exe
> 1 day, c:\WINDOWS\Temp\M0C2nX6F.exe.part
> 1 day, c:\RECYCLER\S-1-5-21-1993962763-839522115-1343024091-500\Dc1.exe
>
> Csrss.exe virtual memory files (31 whitelisted)
> C:\Documents and Settings\All Users\Datos de
> programa\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
> C:\Archivos de programa\FreeFixer\freefixer.exe
>
> History
> -HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser,
> ITBar7Position
> -HKLM\SOFTWARE\Microsoft\Internet
> Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
>
> The following errors occurred during the scan:
> An unexpected exception occurred in the Driver plugin:
> Failed to duplicate handle using 'DuplicateHandle' while unlocking
> file. Unlocking file: 'C:\WINDOWS\system32\drivers\sptd.sys'. Handle:
> 00000598. Process id: 2484. Process full path:
> C:\ARCHIV~1\ALWILS~1\Avast5\avastUI.exe. System error message: Acceso
> denegado. Error code: 5.
> Problems opening folder
> 'd:\RECYCLER\S-1-5-21-1993962763-839522115-1343024091-500\Dd77' to
> enumerate files. FindFirstFile failed. System error message: Acceso
> denegado. Error code: 5.
> Problems opening folder
> 'd:\RECYCLER\S-1-5-21-1993962763-839522115-1343024091-500\Dd78' to
> enumerate files. FindFirstFile failed. System error message: Acceso
> denegado. Error code: 5.
> Problems opening folder
> 'd:\RECYCLER\S-1-5-21-329068152-1383384898-854245398-500\xxxx' to
> enumerate files. FindFirstFile failed. System error message: Acceso
> denegado. Error code: 5.
>
> End of FreeFixer log
>
> --
> You received this message because you are subscribed to the Google
> Groups "FreeFixer User Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to freefixer-for...@googlegroups.com.
> To post to this group, send email to freefix...@googlegroups.com.
> Visit this group at http://groups.google.com/group/freefixer-forum?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
I see you got some potentially unwanted software there. Although I'm not
100% they were installed by the "Moshe Karaso" installer, I think the
following items should be deleted:
AppInit_DLLs
--> c:\archiv~1\browse~1\sprote~1.dll
--> c:\archiv~1\websea~1\sprote~1.dll
Browser Helper Objects (3 whitelisted)
--> {AD17171C-F80C-8590-7A92-40BDABB5B7BC}, Browusue2suave, C:\Documents
and Settings\All Users\Datos de programa\Browusue2suave\51685fe901747.dll
--> {CF16ED36-A6ED-D4B2-086B-6D288FE4A257}, Searochh-NuewaTaab,
C:\Documents and Settings\All Users\Datos de
programa\Searochh-NuewaTaab\5168604050ff7.dll
Basic Internet Explorer settings
--> HKCU\..\Main, Start Page =
http://websearch.pu-results.info/?pid=724&r=2013/04/12&hid=200187137&lg=EN&cc=CL
--> HKLM\..\Main, Start Page =
http://websearch.pu-results.info/?pid=724&r=2013/04/12&hid=200187137&lg=EN&cc=CL
Recently created/modified files (10 whitelisted)
--> c:\Documents and Settings\All Users\Datos de
programa\Searochh-NuewaTaab\5168604050ff7.dll
--> c:\Documents and Settings\All Users\Datos de
programa\Browusue2suave\51685fe901747.dll
--> c:\Documents and Settings\All Users\Datos de
programa\Searochh-NuewaTaab\uninstall.exe
--> c:\Documents and Settings\Administrador\Configuración local\Archivos
temporales de
Internet\Content.IE5\APJ3AGC5\search_defender_alternate_166[1].exe
--> c:\Documents and Settings\Administrador\Configuración local\Archivos
temporales de Internet\Content.IE5\SS64VCKW\search_defender_166[1].exe
--> c:\Documents and Settings\All Users\Datos de
programa\Browusue2suave\uninstall.exe
Please delete these items with FreeFixer and restart your machine.
Please post a new log and I'll have a look at it to see if anything
unwanted remains.
/Roger
On 2013-04-14 00:02, mmatemat...@gmail.com wrote:
> I have recent downloaded some "Moshe Karaso" Viruses from a torrent
> (http://secure-the-internet.org/?p=48#comment-96) <--( more info) ,
> and i installed the Installer and now i want to remove it but i dont
> know how to analyze my log please tell me if there is something wrong
> i am from southamerica , i have some issues tipying it , but i
> understand it 100%
>
> FreeFixer v1.04 log
> http://www.freefixer.com/
> Operating system: Windows XP Service Pack 3
> Log dated 2013-04-13 17:58
>
>
> Winlogon Notify (10 whitelisted)
> WgaLogon, WgaLogon.dll (file is missing)
>
> AppInit_DLLs
> c:\archiv~1\browse~1\sprote~1.dll
> c:\archiv~1\websea~1\sprote~1.dll
>
> Browser Helper Objects (3 whitelisted)
> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}, Java(tm) Plug-In SSV Helper,
> C:\Archivos de programa\Java\jre7\bin\ssv.dll
> {AD17171C-F80C-8590-7A92-40BDABB5B7BC}, Browusue2suave, C:\Documents
> and Settings\All Users\Datos de programa\Browusue2suave\51685fe901747.dll
> {CF16ED36-A6ED-D4B2-086B-6D288FE4A257}, Searochh-NuewaTaab,
> C:\Documents and Settings\All Users\Datos de
> programa\Searochh-NuewaTaab\5168604050ff7.dll
> {DBC80044-A445-435b-BC74-9C25C1C588A9}, Java(tm) Plug-In 2 SSV Helper,
> C:\Archivos de programa\Java\jre7\bin\jp2ssv.dll
>
> Internet Explorer extensions
> HKLM\..\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> HKLM\..\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49} - Enviar a
> OneNote
> HKLM\..\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - Research
> HKLM\..\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} -
>
> Basic Internet Explorer settings
> HKCU\..\Main, Start Page =
> http://websearch.pu-results.info/?pid=724&r=2013/04/12&hid=200187137&lg=EN&cc=CL
> HKLM\..\Main, Start Page =
> http://websearch.pu-results.info/?pid=724&r=2013/04/12&hid=200187137&lg=EN&cc=CL
> HKCU\..\Desktop\General, Wallpaper = C:\Documents and
> Settings\Administrador\Configuración local\Datos de
> programa\Microsoft\Wallpaper1.bmp
>
> Registry Startups (5 whitelisted)
> HKLM\..\Run, SunJavaUpdateSched = "C:\Archivos de programa\Archivos
> comunes\Java\Java Update\jusched.exe"
> HKLM\..\Run, B2C_AGENT = C:\Documents and Settings\All Users\Datos de
> programa\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
> HKLM\..\RunOnceEx, TITLE = Finalizando La Instalacion (file is missing)
> HKCU\..\Run, Facebook Update = "C:\Documents and
> Settings\Administrador\Configuración local\Datos de
> programa\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
>
> Processes (23 whitelisted)
> C:\Archivos de programa\Java\jre7\bin\jqs.exe
> C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
> C:\Documents and Settings\All Users\Datos de
> programa\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
> C:\Archivos de programa\FreeFixer\freefixer.exe
>
> Services (35 whitelisted)
> JavaQuickStarterService, Java Quick Starter, c:\archivos de
> programa\java\jre7\bin\jqs.exe
>
> Explorer.exe Modules (113 whitelisted)
> C:\WINDOWS\system32\MSVCR71.dll
> C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
>
> Recently created/modified files (10 whitelisted)
> 51 minutes, c:\WINDOWS\Temp\~nsu.tmp\Au_.exe
> 21 hours, c:\Documents and Settings\Administrador\Mis
> documentos\Descargas\freefixersetup.exe
> 22 hours, c:\WINDOWS\Temp\ohaAhQVE.exe.part
> 1 day, c:\Documents and Settings\All Users\Datos de
> programa\Searochh-NuewaTaab\5168604050ff7.dll
> 1 day, c:\Documents and Settings\All Users\Datos de
> programa\Browusue2suave\51685fe901747.dll
> 1 day, c:\Documents and Settings\All Users\Datos de
> programa\Searochh-NuewaTaab\uninstall.exe
> 1 day,
> c:\WINDOWS\Temp\{858C2A49-2BD3-40EE-A205-63F15E6F08BF}\x64\regsvr32.exe
> 1 day,
> c:\WINDOWS\Temp\{858C2A49-2BD3-40EE-A205-63F15E6F08BF}\x86\regsvr32.exe
> 1 day, c:\Documents and Settings\All Users\Datos de
> programa\InstallMate\{858C2A49-2BD3-40EE-A205-63F15E6F08BF}\TsuDll.dll
> 1 day, c:\Documents and Settings\All Users\Datos de
> programa\InstallMate\{858C2A49-2BD3-40EE-A205-63F15E6F08BF}\Setup.exe
> 1 day, c:\Documents and Settings\All Users\Datos de
> programa\InstallMate\{858C2A49-2BD3-40EE-A205-63F15E6F08BF}\Custom.dll
> 1 day, c:\Documents and Settings\All Users\Datos de
> programa\InstallMate\{858C2A49-2BD3-40EE-A205-63F15E6F08BF}\_Setup.dll
> 1 day, c:\Documents and Settings\Administrador\Configuración
> local\Archivos temporales de
> Internet\Content.IE5\RYOWAJMJ\5168604069f6c[1].exe
> 1 day, c:\Documents and Settings\Administrador\Configuración
> local\Archivos temporales de
> Internet\Content.IE5\APJ3AGC5\search_defender_alternate_166[1].exe
> 1 day, c:\Documents and Settings\Administrador\Configuración
> local\Archivos temporales de
> Internet\Content.IE5\SS64VCKW\search_defender_166[1].exe
> 1 day, c:\Documents and Settings\All Users\Datos de
> programa\Browusue2suave\uninstall.exe
> 1 day, c:\Documents and Settings\Administrador\Configuración
> local\Archivos temporales de
> Internet\Content.IE5\RYOWAJMJ\51685fe91ad72[1].exe
> 1 day, c:\RECYCLER\S-1-5-21-1993962763-839522115-1343024091-500\Dc2.exe
> 1 day, c:\WINDOWS\Temp\M0C2nX6F.exe.part
> 1 day, c:\RECYCLER\S-1-5-21-1993962763-839522115-1343024091-500\Dc1.exe
>
> Csrss.exe virtual memory files (31 whitelisted)
> C:\Documents and Settings\All Users\Datos de
> programa\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
> C:\Archivos de programa\FreeFixer\freefixer.exe
>
> History
> -HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser,
> ITBar7Position
> -HKLM\SOFTWARE\Microsoft\Internet
> Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
>
> The following errors occurred during the scan:
> An unexpected exception occurred in the Driver plugin:
> Failed to duplicate handle using 'DuplicateHandle' while unlocking
> file. Unlocking file: 'C:\WINDOWS\system32\drivers\sptd.sys'. Handle:
> 00000598. Process id: 2484. Process full path:
> C:\ARCHIV~1\ALWILS~1\Avast5\avastUI.exe. System error message: Acceso
> denegado. Error code: 5.
> Problems opening folder
> 'd:\RECYCLER\S-1-5-21-1993962763-839522115-1343024091-500\Dd77' to
> enumerate files. FindFirstFile failed. System error message: Acceso
> denegado. Error code: 5.
> Problems opening folder
> 'd:\RECYCLER\S-1-5-21-1993962763-839522115-1343024091-500\Dd78' to
> enumerate files. FindFirstFile failed. System error message: Acceso
> denegado. Error code: 5.
> Problems opening folder
> 'd:\RECYCLER\S-1-5-21-329068152-1383384898-854245398-500\xxxx' to
> enumerate files. FindFirstFile failed. System error message: Acceso
> denegado. Error code: 5.
>
> End of FreeFixer log
>
> --
> You received this message because you are subscribed to the Google
> Groups "FreeFixer User Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to freefixer-for...@googlegroups.com.
> To post to this group, send email to freefix...@googlegroups.com.
> Visit this group at http://groups.google.com/group/freefixer-forum?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
Reply all
Reply to author
Forward
0 new messages