Popuper.exe - Hijack Log

#1 Hi, habe mich heute mit diesem wirklichen sehr penetranten Trojaner infiziert und hab Probleme den zu entfernen - hab Windows voll geupdatet, mit Kaspersky (neues Update) gescant, adaware laufen lassen und spybot drübergeschickt hat nichts geholfen.
Finde den Eintrag für die exe aber auch nicht in der registry, hoffe das ihr mir helfen könnt.

Hab keine Erfahrung mit Hijack, deswegen poste ich einfachmal das Logfile.
Danke im vorraus
mfg markus

Logfile of HijackThis v1.99.1
Scan saved at 21:14:11, on 28.04.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
H:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\popuper.exe
C:\WINDOWS\PowerS.exe
C:\WINDOWS\system32\sstray.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\intmonp.exe
H:\Programme\ICQLite\ICQLite.exe
C:\Programme\ASUS\ASUS Remote Master\Remote Master.exe
H:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe
H:\Programme\cFos\cFosDNT.exe
C:\PROGRA~1\PHILIP~1\VProperty.exe
H:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
H:\Programme\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\AOL 9.0\aoltray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Markus\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qfind.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qfind.net/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qfind.net/bar/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qfind.net/bar/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qfind.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.qfind.net/search.php?qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Programme\ICQToolbar\toolbaru.dll
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - h:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - h:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5F096425-BA87-7C77-41A6-64458DBA7323} - C:\DOKUME~1\Markus\ANWEND~1\HOLDWE~1\liesdraw.exe (file missing)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: Virtual Maid - {77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C} - C:\PROGRA~1\VIRTUA~1\VIRTUA~1.DLL (file missing)
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ICQ Lite] h:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [remotecontrol] C:\Programme\ASUS\ASUS Remote Master\Remote Master.exe
O4 - HKLM\..\Run: [KAV50] "H:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0
O4 - HKLM\..\Run: [cFosDNT] H:\Programme\cFos\cFosDNT.exe
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKLM\..\Run: [LWBMOUSE] h:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\system32\msmsgs.exe
O4 - HKLM\..\Run: [WinampAgent] h:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [dashmp3lovempeg] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nameopendashmp3\bias mp3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [vc hide] C:\DOKUME~1\Markus\ANWEND~1\PROGRA~1\LOAD BOOB.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] H:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &Download with &DAP - H:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://H:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download &all with DAP - H:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - h:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - h:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Microsoft AntiSpyware helper - {44D25128-BF6C-464E-A6B0-95EB461D8744} - C:\WINDOWS\system32\wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {44D25128-BF6C-464E-A6B0-95EB461D8744} - C:\WINDOWS\system32\wldr.dll (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - h:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - h:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {44D25128-BF6C-464E-A6B0-95EB461D8744} - C:\WINDOWS\system32\wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {44D25128-BF6C-464E-A6B0-95EB461D8744} - C:\WINDOWS\system32\wldr.dll (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114712585468
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Unknown owner - H:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe" -run bl -n PersonalPro -v 5.0.0.0 -ttsr 10000000 (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe



Edit: Hab nach nem Update von escan das auch laufen lassen

File System Found infected by "KAZAA Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "cws.therealsearch Spyware/Adware" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\intmonp.exe infected by "Trojan.Win32.Puper.c" Virus. Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Markus\Desktop\salt-water Leecher\setup_mp3tool_1.5.3.2.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Programme\AOL 9.0\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Programme\Gemeinsame Dateien\aolback\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\System Volume Information\_restore{B069C361-0B21-4E10-913B-B3AEB3E105B3}\RP44\A0130839.exe infected by "Trojan.Win32.Favadd.u" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B069C361-0B21-4E10-913B-B3AEB3E105B3}\RP44\A0130843.exe infected by "Trojan.Win32.Puper.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B069C361-0B21-4E10-913B-B3AEB3E105B3}\RP44\A0135482.exe infected by "Trojan.Win32.Puper.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B069C361-0B21-4E10-913B-B3AEB3E105B3}\RP44\A0136250.exe infected by "not-a-virus:AdWare.Whenu.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B069C361-0B21-4E10-913B-B3AEB3E105B3}\RP45\A0136254.exe infected by "not-a-virus:AdWare.SaveNow.bc" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B069C361-0B21-4E10-913B-B3AEB3E105B3}\RP45\A0136255.exe infected by "not-a-virus:AdWare.SaveNow.bc" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B069C361-0B21-4E10-913B-B3AEB3E105B3}\RP45\A0136256.exe infected by "not-a-virus:AdWare.SaveNow.ay" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B069C361-0B21-4E10-913B-B3AEB3E105B3}\RP45\A0136257.exe infected by "not-a-virus:AdWare.SaveNow.ay" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B069C361-0B21-4E10-913B-B3AEB3E105B3}\RP45\A0136258.exe infected by "not-a-virus:AdWare.SaveNow.v" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B069C361-0B21-4E10-913B-B3AEB3E105B3}\RP45\A0136260.exe infected by "not-a-virus:AdWare.SaveNow.as" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B069C361-0B21-4E10-913B-B3AEB3E105B3}\RP45\A0136261.exe infected by "not-a-virus:AdWare.SaveNow.bd" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B069C361-0B21-4E10-913B-B3AEB3E105B3}\RP45\A0136262.exe infected by "not-a-virus:AdWare.SaveNow.az" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B069C361-0B21-4E10-913B-B3AEB3E105B3}\RP45\A0136269.exe infected by "not-a-virus:AdWare.SaveNow.v" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B069C361-0B21-4E10-913B-B3AEB3E105B3}\RP45\A0136274.exe infected by "not-a-virus:AdWare.Whenu.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B069C361-0B21-4E10-913B-B3AEB3E105B3}\RP45\A0136774.exe infected by "Trojan.Win32.Puper.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B069C361-0B21-4E10-913B-B3AEB3E105B3}\RP48\A0138056.exe infected by "Trojan.Win32.Puper.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B069C361-0B21-4E10-913B-B3AEB3E105B3}\RP48\A0138913.exe infected by "Trojan.Win32.Puper.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B069C361-0B21-4E10-913B-B3AEB3E105B3}\RP48\A0139173.exe infected by "Trojan.Win32.Puper.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\intmonp.exe infected by "Trojan.Win32.Puper.c" Virus. Action Taken: No Action Taken.
File D:\SOFTWARE\DIVX5.05\DIVXBUNDLE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File H:\System Volume Information\_restore{B069C361-0B21-4E10-913B-B3AEB3E105B3}\RP44\A0136239.exe infected by "not-a-virus:AdWare.Whenu.a" Virus. Action Taken: No Action Taken.
File H:\System Volume Information\_restore{B069C361-0B21-4E10-913B-B3AEB3E105B3}\RP45\A0136268.exe infected by "not-a-virus:AdWare.Whenu.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\intmonp.exe infected by "Trojan.Win32.Puper.c" Virus. Action Taken: No Action Taken.

#2 weiß ich jetzt grad auch nicht weiter

#3 Hallo emsca,

leider sieht es so aus als wenn Dein Rechner einige Trojaner und Würmer hat. Und das trotz Kaspersky!?

Der schlimmste Kandidat ist
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\system32\msmsgs.exe
=W32/Forbot-BD ein Wurm mit Backdoor-Funktionalität.
http://www.sophos.com/virusinfo/analyses/w32forbotbd.html

Die sauberste Lösung wäre, nach meiner Meinung, Du würdest Deinen PC platt machen und Windows neu installieren.

Gruß
Heron
__________
"Die Welt ist groß, weil der Kopf so klein"
Wilhelm Busch

#4 Das ist Mist, hab Windows grad vor nem Monat neu aufgesetzt, war nur ca 1,5 Wochen ohne Virenprog. unterwegs -.-.

Hab ne Hardwarefirewall, das vermindert doch das Risiko ungemein, oder?


trotzdem vielen dank.

#5

Zitat

Hab ne Hardwarefirewall, das vermindert doch das Risiko ungemein, oder?

Im Normalfall schon! Da ist es doppelt erstaunlich, dass Du Dir so viele "Gäste" eingefangen hast.

Wenn Du das System neu aufsetzt, kleiner Tipp: besorge Dir ein Prog mit dem Du ein Image Deiner System-Patition erstellen kannst (nachdem Du alle Progs aufgespielt hast und vor dem ersten Internetgang!). Z.B. Acronis TrueImage wäre ein freies Prog oder Norton Ghost ein anderes für diesen Zweck. Wenn Du dann wieder einmal Malware-Befall auf Deinem Rechner hast, einfach das saubere Image aufspielen und das war's.

Gruß
Heron
__________
"Die Welt ist groß, weil der Kopf so klein"
Wilhelm Busch

#6 hilfe mein desktopbild wurde ersetzt

Logfile of HijackThis v1.99.1
Scan saved at 19:17:02, on 02.06.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS.3\System32\smss.exe
E:\WINDOWS.3\system32\winlogon.exe
E:\WINDOWS.3\system32\services.exe
E:\WINDOWS.3\system32\lsass.exe
E:\WINDOWS.3\system32\svchost.exe
E:\WINDOWS.3\System32\svchost.exe
E:\WINDOWS.3\system32\spoolsv.exe
E:\WINDOWS.3\Explorer.EXE
E:\WINDOWS.3\system32\CTHELPER.EXE
E:\WINDOWS.3\TBPanel.exe
E:\Programme\Softwin\BitDefender Free Edition\bdmcon.exe
E:\Programme\Softwin\BitDefender Free Edition\bdnagent.exe
E:\Programme\Trojancheck 6\tcguard.exe
E:\Programme\F-Secure Anti-Virus\Common\FSM32.EXE
E:\WINDOWS.3\system32\ctfmon.exe
E:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
E:\WINDOWS.3\System32\CTsvcCDA.exe
E:\Programme\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
E:\Programme\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
E:\Programme\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE
E:\Programme\F-Secure Anti-Virus\backweb\4476822\Program\fspex.exe
E:\Programme\F-Secure Anti-Virus\Anti-Virus\fssm32.exe
E:\Programme\F-Secure Anti-Virus\Common\FSMA32.EXE
E:\WINDOWS.3\System32\nvsvc32.exe
E:\Programme\F-Secure Anti-Virus\Common\FSMB32.EXE
E:\Programme\F-Secure Anti-Virus\Common\FCH32.EXE
E:\WINDOWS.3\system32\slserv.exe
E:\WINDOWS.3\System32\MsPMSPSv.exe
E:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
E:\Programme\F-Secure Anti-Virus\Common\FAMEH32.EXE
E:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
E:\Programme\F-Secure Anti-Virus\Anti-Virus\fsav32.exe
E:\Programme\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
E:\Programme\F-Secure Anti-Virus\FSGUI\fsguiexe.exe
E:\WINDOWS.3\system32\wpabaln.exe
E:\WINDOWS.3\system32\wuauclt.exe
E:\Programme\WinRAR\WinRAR.exe
E:\DOKUME~1\VIKTOR~1\LOKALE~1\Temp\Rar$EX00.156\HijackThis.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS.3\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTRegRun] E:\WINDOWS.3\CTRegRun.EXE
O4 - HKLM\..\Run: [Gainward] E:\WINDOWS.3\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS.3\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BDMCon] E:\Programme\Softwin\BitDefender Free Edition\\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] E:\Programme\Softwin\BitDefender Free Edition\\bdnagent.exe
O4 - HKLM\..\Run: [Trojancheck 6 Guard] E:\Programme\Trojancheck 6\tcguard.exe
O4 - HKLM\..\Run: [F-Secure Manager] "E:\Programme\F-Secure Anti-Virus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "E:\Programme\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "E:\Programme\F-Secure Anti-Virus\FSGUI\FSSW.EXE" /reboot
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS.3\system32\ctfmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O23 - Service: F-Secure Anti-Virus 2005 (BackWeb Plug-in - 4476822) - Unknown owner - E:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - E:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS.3\System32\CTsvcCDA.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - E:\Programme\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - E:\Programme\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - E:\Programme\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\Programme\F-Secure Anti-Virus\Common\FSMA32.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS.3\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - E:\WINDOWS.3\SYSTEM32\slserv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - E:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - E:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe