Hijack na moje oko wygląda dobrze poza jakimiś yahoo, a niestety logów z Combofixa czytać nie umiem, dlatego prośba o pomoc.
Szczegóły błędu:
- Kod: Zaznacz wszystko
Nazwa zdarzenia problemu: APPCRASH
Nazwa aplikacji: Explorer.exe
Wersja aplikacji: 6.0.6001.18164
Sygnatura czasowa aplikacji: 4907e242
Nazwa modułu z błędem: StackHash_6943
Wersja modułu z błędem: 6.0.6001.18000
Sygnatura czasowa modułu z błędem: 4791a7a6
Kod wyjątku: c0000374
Przesunięcie wyjątku: 000b015d
Wersja systemu operacyjnego: 6.0.6001.2.1.0.768.2
Identyfikator ustawień regionalnych: 1045
Dodatkowe informacje 1: 6943
Dodatkowe informacje 2: 4d87ca74c27cf7cfe7880d9dc451f547
Dodatkowe informacje 3: 6aa8
Dodatkowe informacje 4: 9c7aadb002b1f458059561911d9ed411
Logi z Combofixa
- Kod: Zaznacz wszystko
ComboFix 09-01-11.04 - Danuta 2009-01-12 17:56:48.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.1.1045.18.1014.209 [GMT 1:00]
Running from: c:\users\Danuta\Downloads\ComboFix.exe
AV: Bezpieczny Internet 7.00 *On-access scanning disabled* (Outdated)
AV: Norton Internet Security *On-access scanning disabled* (Outdated)
FW: Bezpieczny Internet 7.00 *disabled*
FW: Norton Internet Security *disabled*
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\x64
c:\windows\Temp\log.txt
.
((((((((((((((((((((((((( Files Created from 2008-12-12 to 2009-01-12 )))))))))))))))))))))))))))))))
.
2009-01-11 18:37 . 2009-01-11 18:37 <DIR> d-------- c:\users\Danuta\AppData\Roaming\CyberLink
2009-01-11 18:37 . 2009-01-11 18:37 <DIR> d-------- c:\users\All Users\CyberLink
2009-01-11 18:37 . 2009-01-11 18:37 <DIR> d-------- c:\programdata\CyberLink
2009-01-08 22:05 . 2009-01-08 22:05 <DIR> d-------- c:\program files\Symcom
2009-01-08 18:41 . 2009-01-08 18:41 <DIR> d-------- c:\program files\Firebird
2009-01-08 18:41 . 2007-01-31 01:05 356,437 --a------ c:\windows\System32\GDS32.DLL
2009-01-08 18:39 . 2009-01-08 18:44 <DIR> d-------- c:\users\Danuta\AppData\Roaming\LeftHand
2009-01-08 18:18 . 2009-01-08 18:24 <DIR> d-------- C:\fakturka
2009-01-08 13:52 . 2009-01-08 13:53 <DIR> d-------- C:\TGSoft
2008-12-14 15:49 . 2008-12-14 15:49 410,984 --a------ c:\windows\System32\deploytk.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-09 20:46 --------- d-----w c:\program files\Winamp
2009-01-09 12:11 --------- d-----w c:\program files\Bezpieczny Internet
2008-12-14 14:49 --------- d-----w c:\program files\Java
2008-12-11 18:16 --------- d-----w c:\program files\Windows Mail
2008-11-13 20:14 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-22 01:22 2,048 ----a-w c:\windows\System32\tzres.dll
2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll
2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-05 22:31 417,792 ----a-w c:\users\Danuta\GL4JavbJauGljJNI14.dll
2008-06-18 09:29 174 --sha-w c:\program files\desktop.ini
2008-05-31 18:16 98,312 ----a-w c:\users\Danuta\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-04-21 22:25 92,064 ----a-w c:\users\Danuta\mqdmmdm.sys
2008-04-21 22:25 9,232 ----a-w c:\users\Danuta\mqdmmdfl.sys
2008-04-21 22:25 79,328 ----a-w c:\users\Danuta\mqdmserd.sys
2008-04-21 22:25 5,936 ----a-w c:\users\Danuta\mqdmwhnt.sys
2008-04-21 22:25 4,048 ----a-w c:\users\Danuta\mqdmcr.sys
2008-04-21 22:24 66,656 ----a-w c:\users\Danuta\mqdmbus.sys
2008-04-21 22:24 6,208 ----a-w c:\users\Danuta\mqdmcmnt.sys
2008-04-21 22:24 25,600 ----a-w c:\users\Danuta\usbsermptxp.sys
2008-04-21 22:24 22,768 ----a-w c:\users\Danuta\usbsermpt.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-15 850704]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792]
"F-Secure Manager"="c:\program files\Bezpieczny Internet\Common\FSM32.EXE" [2007-04-26 183208]
"F-Secure TNB"="c:\program files\Bezpieczny Internet\FSGUI\TNBUtil.exe" [2007-04-26 740208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-05-29 c:\windows\SkyTel.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-07-16 535336]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E645C12E-DF47-4AA8-B5A9-BC2E18117609}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{283B63B8-8B41-4084-BBDF-B078F49B0C74}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{1C4D8EC6-3E19-4E89-8B4B-1D8D84380AF1}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{AE1F99CE-9BF0-43F4-ADAA-63AF590A39A4}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{F573A358-12FE-4AEC-98D4-7B36DD815EA2}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{FDA668D9-997C-4605-9603-1F25DB2EF067}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{A546C5BA-7460-4DBC-970F-1520FD093077}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\Bezpieczny Internet\HIPS\fshs.sys [2008-01-29 41184]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [2008-01-29 35024]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2008-01-29 60064]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\Bezpieczny Internet\Anti-Virus\minifilter\fsvista.sys [2008-01-29 13168]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Bezpieczny Internet\Anti-Virus\minifilter\fsgk.sys [2008-01-29 59760]
R4 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2008-01-26 23:13:10 13560]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2007-02-08 179712]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Bezpieczny Internet\Anti-Virus\win2k\fsfilter.sys [2008-01-29 40048]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Bezpieczny Internet\Anti-Virus\win2k\fsrec.sys [2008-01-29 25456]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
2009-01-12 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\BEZPIE~1\ANTI-V~1\fsav.exe [2007-04-26 12:42]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-Firebird - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.pl/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://pl.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Bezpieczny Internet\FSPS\program\fslsp.dll
FF - ProfilePath - c:\users\Danuta\AppData\Roaming\Mozilla\Firefox\Profiles\qaikprel.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.pl
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 18:02:38
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-01-12 18:05:04
ComboFix-quarantined-files.txt 2009-01-12 17:05:00
Pre-Run: 36˙971˙683˙840 bajt˘w wolnych
Post-Run: 37,124,694,016 bajt˘w wolnych
170 --- E O F --- 2008-12-17 21:46:14
Na wszelki wypadek wrzucam jeszcze loga z hijacka:
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:17:08, on 12-01-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Bezpieczny Internet\Common\FSM32.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\Bezpieczny Internet\FSGUI\fsguidll.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Danuta\Desktop\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://pl.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Bezpieczny Internet\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Bezpieczny Internet\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Kontrola rodzicielska... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Bezpieczny Internet\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Bezpieczny Internet\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Kontrola rodzicielska... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Bezpieczny Internet\FSPC\fspcmsie.dll
O13 - Gopher Prefix:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Bezpieczny Internet\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Bezpieczny Internet\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Bezpieczny Internet\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Bezpieczny Internet\Common\FSMA32.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7262 bytes
Z góry dzięki za wszelką pomoc.
