Combofix:
ComboFix 08-06-20.4 - Arek 2008-06-25 14:32:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2572 [GMT 2:00]
Running from: C:\Documents and Settings\Arek\Pulpit\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Antivirus2008
C:\Program Files\Antivirus2008\Antvrs.exe
C:\WINDOWS\adaway.lic
C:\WINDOWS\system32\Dvbpws.dll
C:\WINDOWS\system32\kdzao.exe
.
((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 )))))))))))))))))))))))))))))))
.
2008-06-03 13:18 . 2004-08-04 00:44 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-06-03 13:18 . 2004-08-04 00:38 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-06-03 13:18 . 2004-08-04 00:38 14,848 --a–c— C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-05-28 15:01 . 2008-05-28 15:01
2008-05-28 15:01 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-05-25 21:00 . 2008-05-25 21:00
2008-05-25 20:56 . 2008-06-05 23:07
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 12:24 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-25 07:07 --------- d-----w C:\Program Files\SkanerOnline
2008-06-24 20:38 --------- d-----w C:\Documents and Settings\Arek\Dane aplikacji\uTorrent
2008-06-22 22:24 --------- d-----w C:\Documents and Settings\Arek\Dane aplikacji\skypePM
2008-06-22 22:24 --------- d-----w C:\Documents and Settings\Arek\Dane aplikacji\Skype
2008-06-02 12:01 --------- d-----w C:\Documents and Settings\Arek\Dane aplikacji\BitTorrent
2008-05-25 14:52 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-05-22 09:55 --------- d-----w C:\Documents and Settings\Arek\Dane aplikacji\MyPhoneExplorer
2008-05-16 22:48 --------- d-----w C:\Documents and Settings\Arek\Dane aplikacji\Hamachi
2008-05-11 20:03 --------- d-----w C:\Program Files\EA SPORTS
2008-05-08 22:33 --------- d-----w C:\Program Files\Pinnacle
2008-05-08 22:24 --------- d-----w C:\Program Files\IrfanView
2008-05-08 21:53 --------- d-----w C:\Program Files\DC++
2008-05-08 21:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-08 21:45 --------- d-----w C:\Program Files\ArcSoft
2008-05-08 21:44 --------- d-----w C:\Program Files\Common Files\element5 Shared
2007-12-31 21:35 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
2007-12-09 20:36 8 --sh–r C:\WINDOWS\system32\71A717C793.sys
2007-12-09 20:57 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 22:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= “C:\Program Files\Winamp Toolbar\winamptb.dll” [2007-10-04 22:06 1135968]
[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
“{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 22:06 1135968]
[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“AQQ”=“C:\PROGRA~1\WapSter\AQQ\AQQ.exe” []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-10-04 18:14 8491008]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-10-04 18:14 81920]
“nwiz”=“nwiz.exe” [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe]
“nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2008-01-30 23:38 949376]
“JMB36X Configure”=“C:\WINDOWS\system32\JMRaidTool.exe” [2006-06-02 10:45 385024]
“WinFast Schedule”=“C:\Program Files\WinFast\WFTVFM\WFWIZ.exe” [2007-02-12 16:22 397312]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.ACDV”= ACDV.dll
“VIDC.YV12”= yv12vfw.dll
“msacm.dvacm”= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
“msacm.mpegacm”= mpegacm.acm
“msacm.ulmp3acm”= ulmp3acm.acm
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM~\startupfolder\C:^Documents and Settings^Arek^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
path=C:\Documents and Settings\Arek\Menu Start\Programy\Autostart\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM~\startupfolder\C:^Documents and Settings^Arek^Menu Start^Programy^Autostart^hamachi.lnk]
path=C:\Documents and Settings\Arek\Menu Start\Programy\Autostart\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
–a------ 2006-07-29 03:48 9887744 D:\Program Files\BearShare\BearShare.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
–a------ 2007-09-20 16:35 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
D:\Program Files\BitComet\BitComet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
–a------ 2008-04-01 12:11 288576 C:\Program Files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
–a------ 2006-11-12 12:48 157592 D:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
–a------ 2008-03-20 12:04 2127296 D:\Program Files\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
–a------ 2007-09-20 10:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
–a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
–a------ 2007-10-04 18:14 8491008 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
–a------ 2007-10-04 18:14 81920 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
–a------ 2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
–a------ 2007-11-15 00:43 286720 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-12-12 16:23 21686568 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
–a------ 2006-04-10 10:19 729088 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
-ra------ 2006-05-01 12:07 843776 C:\Program Files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
–a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Watcher]
--------- 2007-08-23 13:36 1006592 C:\Program Files\TV Watcher\TV Watcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
–a------ 2007-10-10 07:28 36352 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001
“UpdatesDisableNotify”=dword:00000001
“AntiVirusOverride”=dword:00000001
“FirewallOverride”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“D:\Program Files\Gadu-Gadu\gg.exe”=
“C:\Program Files\Bonjour\mDNSResponder.exe”=
“D:\Program Files\BearShare\BearShare.exe”=
“D:\Program Files\totalcmd\TOTALCMD.EXE”=
“C:\Program Files\uTorrent\uTorrent.exe”=
“C:\Program Files\DNA\btdna.exe”=
“C:\Program Files\BitTorrent\bittorrent.exe”=
“C:\Program Files\Hamachi\hamachi.exe”=
“D:\Program Files\EA Sports\FIFA 08\FIFA08.exe”=
“C:\Program Files\TVUPlayer\TVUPlayer.exe”=
“C:\Program Files\DC++\DCPlusPlus.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“17018:TCP”= 17018:TCP:BitComet 17018 TCP
“17018:UDP”= 17018:UDP:BitComet 17018 UDP
“1492:TCP”= 1492:TCP:BitComet 1492 TCP
“1492:UDP”= 1492:UDP:BitComet 1492 UDP
“8514:TCP”= 8514:TCP:BitComet 8514 TCP
“8514:UDP”= 8514:UDP:BitComet 8514 UDP
R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 16:55]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{279a7c47-9742-11dc-bad1-806d6172696f}]
\Shell\AutoRun\command - F:\ASUSACPI.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{eebafb5c-cdde-11dc-96bd-00173185abfc}]
\Shell\AutoRun\command - I:\setupSNK.exe
.
Contents of the ‘Scheduled Tasks’ folder
“2008-06-20 10:40:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job”
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-25 14:36:22
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
- C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
.
**************************************************************************
.
Completion time: 2008-06-25 14:38:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-25 12:38:26
Pre-Run: 21,742,911,488 bajtów wolnych
Post-Run: 21,892,935,680 bajt˘w wolnych
202
HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 14:28:33, on 2008-06-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Gadu-Gadu\gg.exe
C:\DOCUME~1\Arek\USTAWI~1\Temp\Katalog tymczasowy 2 dla hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE
O4 - HKLM…\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM…\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU…\Run: [AQQ] C:\PROGRA~1\WapSter\AQQ\AQQ.exe
O4 - HKCU…\Run: [Antivirus] C:\Program Files\Antivirus2008\Antvrs.exe
O8 - Extra context menu item: Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O15 - Trusted Zone: http://www.mks.com.pl
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip…{5C49EA34-820A-4F84-86A5-755FAFFBB4BA}: NameServer = 85.255.116.162,85.255.112.110
O17 - HKLM\System\CCS\Services\Tcpip…{9DCEDCA8-8144-404D-9071-6A41A7ED8E3A}: NameServer = 85.255.116.162,85.255.112.110
O17 - HKLM\System\CCS\Services\Tcpip…{B8B53BEC-E3DE-4141-AC8E-527EC6A58E61}: NameServer = 85.255.116.162,85.255.112.110
O17 - HKLM\System\CCS\Services\Tcpip…{C5F78C5C-A691-4B1D-9A74-CB0FE071CA8A}: NameServer = 85.255.116.162,85.255.112.110
O17 - HKLM\System\CCS\Services\Tcpip…{F92B95E7-1645-4547-BB99-FED2934B9A30}: NameServer = 85.255.116.162,85.255.112.110
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.162 85.255.112.110
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.162 85.255.112.110
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.162 85.255.112.110
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe