przez pilif25 25 Sie 2008, 21:18
Prosze o sprawdzenie tych logów:
- Kod: Zaznacz wszystko
ComboFix 08-08-23.03 - Admin 2008-08-25 20:58:12.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.159 [GMT 2:00]
Running from: F:\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Admin\Dane aplikacji\FNTS~1
C:\Documents and Settings\Admin\Moje dokumenty\SEMBLY~1
C:\Program Files\Common Files\mcroso~1
C:\Program Files\Common Files\mcroso~1\M?crosoft\
C:\Program Files\Common Files\mcroso~1\services.exe
C:\Program Files\Common Files\ssembl~1
C:\Program Files\Common Files\Yazzle1560OinAdmin.exe
C:\Program Files\inetget2
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\sstem3~1
C:\Program Files\sstem3~1\s?stem32\
C:\Program Files\sstem3~1\spoolsv.exe
C:\WINDOWS\17PHolmes1001186.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b152.exe
C:\WINDOWS\b999.exe
C:\WINDOWS\g32.txt
C:\WINDOWS\mrofinu.exe
C:\WINDOWS\mrofinu_upx.exe
C:\WINDOWS\s32.txt
C:\WINDOWS\sstem~1
C:\WINDOWS\sstem~1\r?gedit.exe
C:\WINDOWS\system32\aspimgr.exe
C:\WINDOWS\system32\msscntr32.exe
C:\WINDOWS\system32\vrt.dll
C:\WINDOWS\ws386.ini
C:\Documents and Settings\Admin\Moje dokumenty\SEMBLY~1\n?tdde.exe . . . . failed to delete
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASPIMGR
-------\Legacy_MSSCENTER
-------\Service_aspimgr
-------\Service_msscenter
((((((((((((((((((((((((( Files Created from 2008-07-25 to 2008-08-25 )))))))))))))))))))))))))))))))
.
2008-08-20 12:31 . 2008-08-20 09:31 111,104 --a------ C:\WINDOWS\meane.exe
2008-08-19 11:48 . 2008-08-21 10:21 111,104 --a------ C:\WINDOWS\faceback1001186.exe
2008-08-14 14:20 . 2008-08-14 14:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-12 09:51 . 2008-08-12 09:51 <DIR> d-------- C:\Program Files\Mjcore
2008-08-11 15:57 . 2008-08-11 15:57 <DIR> d-------- C:\Program Files\wpFoto
2008-08-04 15:48 . 2008-08-04 15:48 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-04 15:47 . 2008-08-04 15:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-24 10:10 --------- d-----w C:\Program Files\Yahoo!
2008-07-17 14:11 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Autodesk
2008-07-17 14:10 --------- d-----w C:\Program Files\DWG TrueView 2008
2008-07-17 14:10 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-07-17 14:10 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
2008-07-08 09:31 --------- d-----w C:\Program Files\Krajowa Izba Rozliczeniowa S.A
2008-07-08 09:29 --------- d-----w C:\Program Files\CryptoTech
2008-03-11 09:09 67,200 ----a-w C:\Documents and Settings\Admin\Dane aplikacji\GDIPFONTCACHEV1.DAT
.
------- Sigcheck -------
2004-08-04 12:00 21504 805afcf684116f9a867ebb5773786c86 C:\WINDOWS\system32\svchost.exe
2004-08-04 13:00 21504 1804da93a5b0eb352feae785e97d3413 C:\WINDOWS\system32\dllcache\svchost.exe
2007-06-13 14:23 1041920 192f1a23507c69dc256237e4d0f670f6 C:\WINDOWS\explorer.exe
2007-06-13 14:23 1041920 09de118ebb63547e10621fb01a441c04 C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 14:12 1041920 e2660d6349266990e4d2135c27d8173c C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 12:00 1040896 76cbd9932fb5a7f8187cd4b8a6c57e1c C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-04 12:00 22528 bf13c5bc46704b13d96c46dbbfc44931 C:\WINDOWS\system32\ctfmon.exe
2004-08-04 12:00 22528 8fbe0421c086d8cbba2cec23df495dc2 C:\WINDOWS\system32\dllcache\ctfmon.exe
2005-06-11 00:53 65024 a0b0e2141893f791f0614aa5063eab44 C:\WINDOWS\system32\spoolsv.exe
2005-06-11 00:53 65024 0d3583edd4e72c1e7a2e4d7d002d8855 C:\WINDOWS\system32\dllcache\spoolsv.exe
2005-06-11 01:17 65024 9d18393ea2a4946235598d9b88a2013c C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-04 12:00 65024 6aab567ad509ad564679f9ed08f8cfd6 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2004-08-04 12:00 32256 61b6d95b0c59898d72b61f435b4e3225 C:\WINDOWS\system32\userinit.exe
2004-08-04 12:00 32256 36f060ed639f2119f596e65c4f76340c C:\WINDOWS\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fiumtnnh"="C:\Documents and Settings\Admin\Moje dokumenty\??sembly\n?tdde.exe" [?]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 22528]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-07-29 15:41 1213680]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 18:08 1211176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"00THotkey"="C:\WINDOWS\system32\[u]0[/u]0THotkey.exe" [2003-05-23 14:33 262144]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2002-07-16 01:41 135168]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2002-08-09 14:08 131072]
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-01-22 18:20 57344]
"GCXX-Manager-Class"="C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe" [2005-02-01 09:10 819305]
"Opti OTB"="C:\Program Files\BoxKing\OTB\OTB.exe" [2007-07-16 15:47 1069056]
"nwiz"="nwiz.exe" [2002-04-19 15:13 372736 C:\WINDOWS\system32\nwiz.exe]
"000StTHK"="000StTHK.exe" [2001-06-23 20:28 32768 C:\WINDOWS\system32\[u]0[/u]00StTHK.exe]
"TFncKy"="TFncKy.exe" [BU]
"TFNF5"="TFNF5.exe" [2001-09-20 11:49 77824 C:\WINDOWS\system32\TFNF5.exe]
"SxgTkBar"="SxgTkBar.exe" [2001-07-11 09:29 61440 C:\WINDOWS\system32\Sxgtkbar.exe]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe [2008-02-27 19:03:57 270336]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 CCPkiWNT;CryptoCard Service;C:\WINDOWS\system32\CCPkiWNT.exe [2003-12-16 13:21]
R2 WUSB300NSvc;WUSB300NSvc;C:\Program Files\Linksys\WUSB300N\WLService.exe WUSB300N.exe []
R3 SOFTXG;YAMAHA XG WDM SoftSynthesizer;C:\WINDOWS\system32\drivers\sxgxgwdm.sys [2001-10-05 09:40]
S2 msav;Moon Secure Antivirus Core;D:\Program Files\Moon Secure Antivirus\msavcore.exe []
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
S3 FWLANUSB;AVM FRITZ!WLAN;C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2006-04-06 01:00]
S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys [2008-05-16 10:44]
S3 SEMWModem;Sony Ericsson SEMWModem;C:\WINDOWS\system32\DRIVERS\GCXX.sys [2005-01-02 23:32]
S3 SEMWWNIC;Sony Ericsson SEMWWNIC;C:\WINDOWS\system32\DRIVERS\GCXXNet.sys [2005-01-02 23:32]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76444ba0-8acd-11dc-bf6b-000039afe7ef}]
\Shell\AutoRun\command - G:\pushinst.exe
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Mohb - C:\PROGRA~1\SSTEM3~1\spoolsv.exe
HKLM-Run-Moon Secure AntivirusFrontEnd GUI - (no file)
HKU-Default-Run-Mohb - C:\PROGRA~1\COMMON~1\MCROSO~1\services.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\9fuifpzf.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.wp.pl
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-25 21:01:57
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\WINDOWS\SYSTEM32\HPZIPM12.EXE
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\PROGRAM FILES\TOSHIBA\TOSHIBA CONTROLS\TFNCKY.EXE
C:\PROGRAM FILES\APOINT2K\APNTEX.EXE
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\RAPIMGR.EXE
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-08-25 21:03:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-25 19:03:38
Pre-Run: 19,765,739,520 bajtów wolnych
Post-Run: 19,623,100,416 bajt˘w wolnych
178
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:15:08, on 2008-08-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\SxgTkBar.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\CCPkiWNT.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe
C:\Program Files\BoxKing\OTB\OTB.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\neos.exe
C:\WINDOWS\system32\alt.exe.exe
C:\WINDOWS\stfMeane1001186.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
F:\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.e-inspektorat.zus.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {059F2F6E-06DB-4B69-9B32-AF30BCBE3221} - C:\WINDOWS\system32\ftsrc.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Mjcore\Mjcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [GCXX-Manager-Class] "C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe" -startup
O4 - HKLM\..\Run: [Opti OTB] C:\Program Files\BoxKing\OTB\OTB.exe
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\system32\alt.exe.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\faceback1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [RJRASAKB] %systemroot%\RJRASAKB.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Fiumtnnh] "C:\Documents and Settings\Admin\Moje dokumenty\??sembly\n?tdde.exe"
O4 - HKUS\S-1-5-18\..\Run: [neos] C:\WINDOWS\neos.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [neos] C:\WINDOWS\neos.exe (User 'Default user')
O4 - Global Startup: D-Link AirPlus.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Utwórz łącze Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0423FB67-E33F-4033-A956-672F1F951BEF}: NameServer = 194.204.152.34,194.204.159.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{40B90B9D-6BF3-4480-9C11-5D4925CA94B4}: NameServer = 194.204.152.34,194.204.159.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0423FB67-E33F-4033-A956-672F1F951BEF}: NameServer = 194.204.152.34,194.204.159.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0423FB67-E33F-4033-A956-672F1F951BEF}: NameServer = 194.204.152.34,194.204.159.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: CryptoCard Service (CCPkiWNT) - CryptoTech - C:\WINDOWS\system32\CCPkiWNT.exe
O23 - Service: Moon Secure Antivirus Core (msav) - Unknown owner - D:\Program Files\Moon Secure Antivirus\msavcore.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
--
End of file - 6673 bytes
