SmitFraudFix v2.309

Scan done at 18:46:21.04, 29/03/2008
Run from C:\GeekScans\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

换换换换换换换换换换换换 Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\CSCRIPT.EXE

换换换换换换换换换换换换 hosts


换换换换换换换换换换换换 C:\


换换换换换换换换换换换换 C:\WINDOWS


换换换换换换换换换换换换 C:\WINDOWS\system


换换换换换换换换换换换换 C:\WINDOWS\Web


换换换换换换换换换换换换 C:\WINDOWS\system32


换换换换换换换换换换换换 C:\WINDOWS\system32\LogFiles


换换换换换换换换换换换换 C:\Documents and Settings\Andy


换换换换换换换换换换换换 C:\Documents and Settings\Andy\Application Data


换换换换换换换换换换换换 Start Menu


换换换换换换换换换换换换 C:\DOCUME~1\Andy\FAVORI~1

C:\DOCUME~1\Andy\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\Andy\FAVORI~1\Privacy Protector.url FOUND !
C:\DOCUME~1\Andy\FAVORI~1\Spyware?Malware Protection.url FOUND !

换换换换换换换换换换换换 Desktop

C:\DOCUME~1\Andy\Desktop\Error Cleaner.url FOUND !
C:\DOCUME~1\Andy\Desktop\Privacy Protector.url FOUND !
C:\DOCUME~1\Andy\Desktop\Spyware?Malware Protection.url FOUND !

换换换换换换换换换换换换 C:\Program Files 


换换换换换换换换换换换换 Corrupted keys


换换换换换换换换换换换换 Desktop Components
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
 

换换换换换换换换换换换换 IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


换换换换换换换换换换换换 VACFix
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


换换换换换换换换换换换换 Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


换换换换换换换换换换换换 Rustock



换换换换换换换换换换换换 DNS



换换换换换换换换换换换换 Scanning for wininet.dll infection


换换换换换换换换换换换换 End