NOD32 Scan Log
2011/11/1 下午 06:03:10 Real-time file system protection file C:\WINDOWS\SYSTEM32\RunFolders.exe Win32/Packed.FlyStudio.O.Gen potentially unwanted application KYTANG\KYTANG Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.
2011/11/1 下午 05:00:39 Startup scanner file Operating memory a variant of Win32/Spy.Zbot.ZR trojan unable to clean KYTANG\KYTANG
2011/11/1 下午 04:57:06 Startup scanner file C:\Documents and Settings\KYTANG\Application Data\Idomfi\evnaabi.exe a variant of Win32/Kryptik.UPQ trojan cleaned by deleting - quarantined KYTANG\KYTANG
2011/11/1 下午 04:54:18 Real-time file system protection file C:\Documents and Settings\KYTANG\Application Data\Ovzeaw\afeto.exe Win32/Spy.Zbot.YW trojan cleaned by deleting - quarantined KYTANG\KYTANG Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
DDR Scan Logs as follow
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by KYTANG at 13:19:56 on 2011-11-02
Microsoft Windows XP Professional 5.1.2600.3.950.886.1028.18.255.46 [GMT 8:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Green Software\工作列管理大師-Visual Tooltip v2.2 繁體綠化版\VisualToolTip.exe
C:\Program Files\Green Software\讓XP擁有比Vista更炫的3D視窗特效-WinFlip v0.50 繁體綠色版\WinFlip.exe
C:\Program Files\Drive Space Indicator\DrvSpace.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Green Software\記憶體優化軟體-FreeRAM XP Pro v1.40 中文免安裝版\FreeRAM XP Pro.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\conime.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://hk.yahoo.com/
mWinlogon: SFCDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\green software\讓檔案總管變的更漂剋-styler v1.401 繁體綠色版\tb\StylerTB.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [FreeRAM XP] "c:\program files\green software\邕憶體優化軟體-freeram xp pro v1.40 中文吻安裝版\FreeRAM XP Pro.exe" -win
uRun: [{DFEFB883-ED91-7502-F445-755269A46367}] "c:\documents and settings\kytang\application data\idomfi\evnaabi.exe"
mRun: [Visual Tooltip] c:\program files\green software\工作圭管理大師-visual tooltip v2.2 繁體綠化版\VisualToolTip.exe
mRun: [WinFlip] c:\program files\green software\讓xp擁有比vista更炫的3d視窗盎效-winflip v0.50 繁體綠色版\WinFlip.exe
mRun: [DriveSpace] c:\program files\drive space indicator\DrvSpace.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Ulead AutoDetector v2] c:\program files\common files\ulead systems\autodetector\monitor.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [msdrm] msdrm.exe
IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\netlimiter\nl_lsp.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 0120334984
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{D3B04869-4614-4514-963B-B82D4FF63BC1} : NameServer = 203.198.23.208,218.102.32.208
Notify: WBSrv - c:\program files\green software\windowblinds\WBSrv.dll
AppInit_DLLs: wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {D58F39FF-953E-4F45-898F-59F243B9A523} - RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
============= SERVICES / DRIVERS ===============
.
R0 amdagp8p;AMD NB AGP Bus Filter;c:\windows\system32\drivers\amdagp8p.sys [2008-8-31 27648]
R0 dontgo;Promise Removable Disk Control Driver;c:\windows\system32\drivers\dontgo.sys [2008-8-31 7680]
R0 tmagp;Transmeta TM 8000 AGP Filter Driver;c:\windows\system32\drivers\TMAGP.SYS [2008-8-31 27648]
R0 ULiAGP;ULi AGP Controller Bus Filter Driver;c:\windows\system32\drivers\ULiAGP.SYS [2008-8-31 33408]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [2008-8-31 45056]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2008-8-31 17920]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-1 22216]
S0 hptpro;hptpro;c:\windows\system32\drivers\hptpro.sys [2008-8-31 9809]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2011-1-21 166720]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [2008-8-6 63536]
.
=============== Created Last 30 ================
.
2011-11-01 09:44:12 -------- d-----w- c:\documents and settings\kytang\application data\Malwarebytes
2011-11-01 09:43:53 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-11-01 09:43:47 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-01 09:43:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-28 01:55:39 -------- d-----w- c:\documents and settings\kytang\application data\Omig
2011-10-28 01:55:39 -------- d-----w- c:\documents and settings\kytang\application data\Muuto
2011-10-27 09:03:03 -------- d-----w- c:\documents and settings\kytang\application data\Naly
2011-10-27 09:03:03 -------- d-----w- c:\documents and settings\kytang\application data\Enz
2011-10-27 02:23:21 -------- d-----w- c:\documents and settings\kytang\application data\Mure
2011-10-27 02:23:21 -------- d-----w- c:\documents and settings\kytang\application data\Dageku
2011-10-26 09:33:20 -------- d-----w- c:\documents and settings\kytang\application data\Okabomp
2011-10-26 09:33:20 -------- d-----w- c:\documents and settings\kytang\application data\Bie
2011-10-26 01:39:31 -------- d-----w- c:\documents and settings\kytang\application data\Idomfi
2011-10-26 01:39:31 -------- d-----w- c:\documents and settings\kytang\application data\Cie
.
==================== Find3M ====================
.
.
============= FINISH: 13:21:22.81 ===============
Thanks for your help.