SmitFraudFix v2.319

Scan done at 14:11:45.15, Sun 04/27/2008
Run from C:\Documents and Settings\CONDRA\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

换换换换换换换换换换换换 Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

换换换换换换换换换换换换 hosts


换换换换换换换换换换换换 C:\


换换换换换换换换换换换换 C:\WINDOWS


换换换换换换换换换换换换 C:\WINDOWS\system


换换换换换换换换换换换换 C:\WINDOWS\Web


换换换换换换换换换换换换 C:\WINDOWS\system32


换换换换换换换换换换换换 C:\WINDOWS\system32\LogFiles


换换换换换换换换换换换换 C:\Documents and Settings\CONDRA


换换换换换换换换换换换换 C:\Documents and Settings\CONDRA\Application Data


换换换换换换换换换换换换 Start Menu


换换换换换换换换换换换换 C:\DOCUME~1\CONDRA\FAVORI~1


换换换换换换换换换换换换 Desktop


换换换换换换换换换换换换 C:\Program Files 


换换换换换换换换换换换换 Corrupted keys


换换换换换换换换换换换换 Desktop Components
 
 

换换换换换换换换换换换换 IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


换换换换换换换换换换换换 VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


换换换换换换换换换换换换 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


换换换换换换换换换换换换 Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


换换换换换换换换换换换换 AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


换换换换换换换换换换换换 Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


换换换换换换换换换换换换 Rustock



换换换换换换换换换换换换 DNS

Description: NVIDIA nForce Networking Controller
DNS Server Search Order: 71.252.0.12
DNS Server Search Order: 71.242.0.12

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E7622DFE-0603-46C5-8228-2EDD956E24A5}: DhcpNameServer=71.252.0.12 71.242.0.12
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E7622DFE-0603-46C5-8228-2EDD956E24A5}: DhcpNameServer=71.252.0.12 71.242.0.12
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E7622DFE-0603-46C5-8228-2EDD956E24A5}: DhcpNameServer=71.252.0.12 71.242.0.12
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E7622DFE-0603-46C5-8228-2EDD956E24A5}: DhcpNameServer=71.252.0.12 71.242.0.12
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=71.252.0.12 71.242.0.12
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=71.252.0.12 71.242.0.12
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=71.252.0.12 71.242.0.12
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=71.252.0.12 71.242.0.12


换换换换换换换换换换换换 Scanning for wininet.dll infection


换换换换换换换换换换换换 End