SmitFraudFix v2.424

Scan done at 23:51:25.88, Sun 08/15/2010
Run from C:\Users\Jasmin\Downloads\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

换换换换换换换换换换换换 Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Jasmin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jasmin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jasmin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jasmin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jasmin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\cmd.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe

换换换换换换换换换换换换 hosts


换换换换换换换换换换换换 C:\


换换换换换换换换换换换换 C:\Windows


换换换换换换换换换换换换 C:\Windows\system


换换换换换换换换换换换换 C:\Windows\Web


换换换换换换换换换换换换 C:\Windows\system32


换换换换换换换换换换换换 C:\Windows\system32\LogFiles


换换换换换换换换换换换换 C:\Users\Jasmin


换换换换换换换换换换换换 C:\Users\Jasmin\AppData\Local\Temp


换换换换换换换换换换换换 C:\Users\Jasmin\Application Data


换换换换换换换换换换换换 Start Menu


换换换换换换换换换换换换 C:\Users\Jasmin\FAVORI~1


换换换换换换换换换换换换 Desktop


换换换换换换换换换换换换 C:\Program Files 


换换换换换换换换换换换换 Corrupted keys


换换换换换换换换换换换换 Desktop Components
 
 

换换换换换换换换换换换换 o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



换换换换换换换换换换换换 IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



换换换换换换换换换换换换 Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


换换换换换换换换换换换换 VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


换换换换换换换换换换换换 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


换换换换换换换换换换换换 Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


换换换换换换换换换换换换 AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000


换换换换换换换换换换换换 Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"

换换换换换换换换换换换换 RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]




换换换换换换换换换换换换 DNS

Description: Dell Wireless 1397 WLAN Mini-Card
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7F375D73-6F4A-4EF2-8636-83C556A31F18}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B145788F-AE54-4893-8F2E-2870C3DA0D1A}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7F375D73-6F4A-4EF2-8636-83C556A31F18}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B145788F-AE54-4893-8F2E-2870C3DA0D1A}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


换换换换换换换换换换换换 Scanning for wininet.dll infection


换换换换换换换换换换换换 End