potreban je samo alat zvani google
to je Vundo , a MBAM ima definicije za njega
http://www.xdelbox.com/tag/winupgroexe/

PS: nema potrebe za PerfectOptimizer
PS2: koji AV imas?

napravio sa mbam , kada sam napravio restart opet isto .
Imao sam nortona ali je zblokao pa sam deinstalirao. Sada mi ne da instalirati niti jedan AV . Kaže da već imam AV i da ga moram deinstalirati.
Probao sa sa combofix , ali ga ne da pokrenuti.
EVO hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:33, on 10.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WIN\System32\smss.exe
C:\WIN\system32\winlogon.exe
C:\WIN\system32\services.exe
C:\WIN\system32\lsass.exe
C:\WIN\system32\svchost.exe
C:\WIN\System32\svchost.exe
C:\WIN\system32\spoolsv.exe
C:\WIN\Explorer.EXE
C:\WIN\System\logman.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WIN\atiptaxx.exe
C:\WIN\system32\G-VGA.exe
C:\WIN\system32\ctfmon.exe
C:\Program Files\Relja\MAXadsl - Provjera prometa\MAXadslPP.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\jo\Desktop\GT3\GT3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
F3 - REG:win.ini: load=C:\DOCUME~1\jo\APPLIC~1\MICROS~1\comrepl.exe
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program

Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -

{3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {3d708b11-b57c-4aba-98f2-141dcf6c6ff8} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} -

C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program

Files\AskBarDis\bar\bin\askBar.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} -

C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\WIN\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WIN\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VGAUtil] C:\WIN\system32\G-VGA.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WIN\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common

Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MAXadsl - Provjera prometa] C:\Program Files\Relja\MAXadsl - Provjera

prometa\MAXadslPP.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKLM\..\Policies\Explorer\Run: [Logman] C:\WIN\System\logman.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Esent Utl] C:\DOCUME~1\jo\APPLIC~1\MICROS~1\esentutl.exe

/waitservice
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WIN\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Cisvc] C:\WIN\cisvc.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WIN\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Cisvc] C:\WIN\cisvc.exe /waitservice (User 'Default

user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WIN\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WIN\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://www.update.microsoft.co...ent/wuweb_site.cab?12184897190

00
O17 - HKLM\System\CCS\Services\Tcpip\..\{58888CAB-936C-42EA-B676-5F607B22B514}: NameServer =

192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program

Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WIN\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program

Files\Java\jre6\bin\jqs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. -

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6336 bytes

Postavi ponovo HJT log kako treba, kako ovako da ga analiziramo.

Privremeno iskljuci svoj AntiVirus program

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

note: Ako vec imas ComboFix u kompjuteru,obrisi tu i skini noviju verziju sa datih linkova radi update-a


Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu.

Kada zavrsi,pojavice se log (C:\ComboFix.txt)

*postavi ComboFix logfile
*postavi svez HijackThis log

Combofix.exe is not valid Win32 application
Ovo mi kaže kad ga pokrenem

Skini ga odavde http://rapidshare.com/files/181897589/E-S.exe.zip.html promenio sam mu ime zato sto ti virus ne dozvoljava da ga skines, odnosno skines praznu aplikaciju.
Raspakuj ga na desktop, nemoj da ga stavljas u folder.

Opet isto combofix is a not valid in Win32 application

Sada sam uspio pokrenuti combofix, (nisam mu dao upgrade), ali javlja da imam AV.Deinstalirao sam AV(Norton) ali u security centar kaže da mije Antivirus protection ON. Kako to isključiti.

Nisi ga dobro deinstalirao, instaliraj ga ponovo a zatim uradi sledece:

* Klikni desnim tasterom na Norton Antivirus ikonicu pored sata izaberi Disable Auto Protect.
* Izaberi željeno trajanje (npr. 6 sati) i klikni OK.

Nemogu ga instalirati. Probao sam nekoliko puta i ništa. Javlja stalno neku grešku i onda ide na remove.Kad pokrenem cobofix , ako idem na update, onda izbaci da comofix is a not valid Win32 application.Ako ga pokrenem bez update kaže da je norton antivirus aktivan i da ga isključim, ali kako ? Idem na serch i ne postoji niti jedan file norton . Šta da na napravim. Postoji li neki antispyware da ubijem taj winupgro.exe i još taj srosa.
Primjetio sam da kad pokrenem komp winupgro.exe zauzme 99% proces i kad ga ubijem miruje, ali kad idem otvoriti windows explorer onda se ponovo pokrene.

Jedino da probas da ga rucno obrises, ja cu ti pomoci utoliko sto mogu da ti postavim putanje gde se nalazi malware, a ti ces iz Safe Mode obrisati rucno.
Evo kod tebe putanje, znaci brises fajl waitservice !!

C:\WIN\cisvc.exe /waitservice
C:\WIN\System\logman.exe /waitservice
C:\DOCUME~1\jo\APPLIC~1\MICROS~1\esentutl.exe/waitservice

Evo putanje u registry-u

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
Spool = %sysdir%\drivers\spoolsv.exe /waitservice
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
Spool = %sysdir%\drivers\spoolsv.exe /waitservice
[HKEY_CURRENT_USER\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
MstInit = C\Documents and Settings\%user%\Local Settings\Application Data\mstinit.exe /waitservice
[HKEY_LOCAL_MACHINE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
rsvp = %sysdir%\drivers\rsvp.exe /waitservice

Nemogu ući u SAFE MODE .Kada ga pokrenem u SAFE MODE restarta se i podigne se u Normal Windows

Klikni Start\ run\ regedit \ klikni ctrl+F upisi Norton AntiVirus
Kad nadje stavku obrisi
klikni F3 kad nadje stavku obrisi i sve tako dok ne obrises sve vezano za Norton
Restartuj pa pokreni Combofix
Nadam se da ces uspeti.

Simptomi Winupgro:

-nestanak antivirus programa
-nestanak anti spy programa
-znatno usporenje (30-50%)
-nemogucnost dizanja sistema u Safe mod
-nemogucnost startovanja Regedit-a
-nemogucnost downloada bilo kakvih programa za ciscenje
-nemogucnost instalacije programa za ciscenje
-nestanak zvuka
-nestanak Internet konekcija (nekad)

Nacin ciscenja:

Process Explorer programom se vidi da se Winupgro smesta u C:\Documents and Settings\Dragan\Application Data\drivers. Ako se ubije proces, moze da se obrise odavde, ali ce se restartovanjem sistema opet vratiti. To znaci da jos negde postoji kopija Winapgro programa. Najlakse se sve kopije nadju preko checksuma. Koristio sam http://md5deep.sourceforge.net/ Napraviti ovakav batch file:

@echo off
if exist c:\out.txt del c:\out.txt
for /r c:\ %%a in (*) do (md5deep %%~sa >>out.txt)

Pre startovanja nemojte ubijati winupgro proces niti ga brisati iz maticnog foldera. Generalno, obrisite Temporary Internet files, Cookises, kantu za djubre...

Ovo ce napraviti checksum za sve fajlove na c: disku. Potrazite u out.txt string Winupgro. Pogledajte njegov checksum i postavite ga kao string za pretragu. Dobicete sve lokacije gde se winupgro nalazi pod drugim imenom.

Sada ubijte WInupgro proces, i obrisite sva njegova pojavljivanja na C: disku. Zatim svako od imena potrazite u registry bazi i uklonite ga odatle.

Restartujte sistem. Winupgro vise ne postoji.

Uspio !
Sve sam u registru vezano za norton izbrisao, ali je combofix opet detektirao Norton Antivirus.
Onda sam nastavio sa combofix iako kaže na vlastitu odgovornost, on nešto našao i tražio restart.
Poslije toga winupgro je nestao i sve radi OK !
Hvala Kristi1.

Ovo od lalajka nisam ni probao.

Nebi bilo lose da zakacis CF log i svezi HJT log da proverimo stanje, Aki ako mislis da je sve u redu onda odradi jos ovo

Deinstalacija ComboFixa

# Klikni START a zatim RUN
# U liniju za unos teksta ukucaj "Combofix /u" i klikni OK
# Sacekaj da se proces deinstalacije završi

Probao sam sa combofix ali na pola kaže da win/sistem32 is not recognized....pa sam morao restart .Probao još safe mode , krene pa se restarta.
pri normalnom podizanju windowsa sve ok jedino što sam primjetio da je securiti centar disable , pa ga moram u servisu aktivirati.
evo hj log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:35:16, on 14.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WIN\System32\smss.exe
C:\WIN\system32\winlogon.exe
C:\WIN\system32\services.exe
C:\WIN\system32\lsass.exe
C:\WIN\system32\svchost.exe
C:\WIN\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WIN\Explorer.EXE
C:\WIN\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WIN\atiptaxx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WIN\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WIN\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\jo\Desktop\GT3\GT3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\WIN\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WIN\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VGAUtil] C:\WIN\system32\G-VGA.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WIN\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WIN\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WIN\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WIN\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WIN\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.co...t/wuweb_site.cab?1218489719000
O17 - HKLM\System\CCS\Services\Tcpip\..\{58888CAB-936C-42EA-B676-5F607B22B514}: NameServer = 192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: ATI Smart - Unknown owner - C:\WIN\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 6724 bytes