VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Služba Centra zabezpečenia systému sa nedá spustiť

https://forum.viry.cz:443/viewtopic.php?t=112359

Stránka 1 z 1

Služba Centra zabezpečenia systému sa nedá spustiť

Napsal: 10 čer 2011 09:11
od konig
Od včera sa v mojom PC objavuje hlásenie z predmetu správy. NOD mi nasiel v PC jedneho trojskeho kona, odstranil som ho, ale hlasenie sa stale opakuje. V com moze byt problem? Tu je log:

Kód: Vybrat vše

Logfile of random's system information tool 1.08 (written by random/random)
Run by majo at 2011-06-10 10:06:44
Microsoft Windows 7 Ultimate  Service Pack 1
System drive C: has 136 GB (57%) free of 238 GB
Total RAM: 2047 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:07:09, on 10. 6. 2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Plán2\schedhlp.exe
D:\programy\Adobe\Acrobat\acrotray.exe
C:\Program Files\Q Draw Software Resource\Resent\RS_ReSent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Users\majo\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\majo\Desktop\RSIT.exe
C:\Program Files\trend micro\majo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=15556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\programy\MSOFFI~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\programy\MSOFFI~1\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WebIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Služba Acronis Scheduler2] "C:\Program Files\Common Files\Acronis\Plán2\schedhlp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "D:\programy\Adobe\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\programy\Adobe\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ReSent] "C:\Program Files\Q Draw Software Resource\Resent\RS_ReSent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\majo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [4ECYTQ9SIC] C:\Users\majo\AppData\Local\Temp\Ywp.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = majo\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Obrazovková spinka a spúšťač programu OneNote 2010.lnk.disabled
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://D:\programy\MSOFFI~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://D:\programy\MSOFFI~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Previesť cieľ odkazu do formátu Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Previesť do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Pridať cieľ odkazu do existujúceho súboru PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Pridať do existujúceho súboru PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\programy\MSOffice2010\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\programy\MSOffice2010\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B4E4EF3-E3CC-41E8-BA3D-AC8B3F1FEB6A}: NameServer = 194.160.130.21,193.87.9.70
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ABBYY FineReader 10 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.10.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: RSEBoardServer - Unknown owner - C:\Program Files\Q Draw Software\rseboardser.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

--
End of file - 11123 bytes

======Scheduled tasks folder======

C:\Windows\tasks\AutoKMS.job
C:\Windows\tasks\Dzirsetalm.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1782959191-3568186234-2826655914-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1782959191-3568186234-2826655914-1000UA.job
C:\Windows\tasks\Spybot - Search & Destroy -  Scheduled Task.job
C:\Windows\tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\TRANSLAT\WebIE.dll [2011-03-15 503808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - D:\programy\MSOFFI~1\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-11-15 340384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - D:\programy\MSOFFI~1\Office14\URLREDIR.DLL [2010-01-16 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-11-15 340384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{D4027C7F-154A-4066-A1AD-4243D8127440}
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\TRANSLAT\WebIE.dll [2011-03-15 503808]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-11-15 340384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-11-16 2054360]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-05-22 7514656]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2009-11-26 5129128]
"Služba Acronis Scheduler2"=C:\Program Files\Common Files\Acronis\Plán2\schedhlp.exe [2009-11-26 361976]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15 932288]
""= []
"Adobe Acrobat Speed Launcher"=D:\programy\Adobe\Acrobat\Acrobat_sl.exe [2010-11-15 36760]
"Acrobat Assistant 8.0"=D:\programy\Adobe\Acrobat\Acrotray.exe [2010-11-15 821144]
"ReSent"=C:\Program Files\Q Draw Software Resource\Resent\RS_ReSent.exe [2011-05-06 429056]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"Nektra OEAPI"= []
"OEXPRESS"= []
"Google Update"=C:\Users\majo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
"4ECYTQ9SIC"=C:\Users\majo\AppData\Local\Temp\Ywp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe [2011-06-09 399736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Flow!Works Server.lnk]
C:\PROGRA~1\QOMO\FLOW!W~1\driver\DIGITA~1.EXE [2010-03-18 368640]

C:\Users\majo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\majo\AppData\Roaming\Dropbox\bin\Dropbox.exe
Obrazovková spinka a spúšťač programu OneNote 2010.lnk.disabled - D:\programy\MSOffice2010\Office14\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=D:\programy\MSOFFI~1\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-06-10 10:06:45 ----D---- C:\Program Files\trend micro
2011-06-10 10:06:44 ----D---- C:\rsit
2011-06-09 13:38:43 ----RASH---- C:\Windows\system32\framedync.dll
2011-06-09 12:00:45 ----D---- C:\Program Files\uTorrent
2011-06-08 11:30:08 ----D---- C:\Users\majo\AppData\Roaming\VirtuaWin
2011-06-08 11:30:05 ----D---- C:\Program Files\VirtuaWin
2011-06-02 13:59:42 ----D---- C:\Program Files\TurAtlas
2011-06-01 13:13:27 ----D---- C:\ProgramData\Mindjet
2011-06-01 13:13:19 ----D---- C:\Program Files\Mindjet
2011-06-01 11:41:53 ----D---- C:\Windows\XSxS
2011-06-01 11:41:53 ----D---- C:\Program Files\Xenocode
2011-05-26 14:37:58 ----D---- C:\Users\majo\AppData\Roaming\DeepBurner
2011-05-26 14:17:19 ----D---- C:\Program Files\Astonsoft
2011-05-25 06:31:02 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2011-05-17 06:22:35 ----A---- C:\Windows\system32\poqexec.exe
2011-05-13 10:32:57 ----D---- C:\Windows\system32\xlive
2011-05-13 10:32:53 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2011-05-13 10:32:04 ----A---- C:\Windows\system32\XAudio2_6.dll
2011-05-13 10:32:04 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2011-05-13 10:32:04 ----A---- C:\Windows\system32\xactengine3_6.dll
2011-05-13 10:32:03 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2011-05-13 08:43:14 ----A---- C:\Windows\system32\XceedFtp.dll
2011-05-13 08:43:14 ----A---- C:\Windows\system32\wodFtpDLX.dll
2011-05-13 08:42:45 ----D---- C:\Program Files\CoffeeCup Software
2011-05-13 08:36:06 ----SH---- C:\Windows\WSYS049.SYS
2011-05-11 06:25:49 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2011-05-11 06:25:49 ----A---- C:\Windows\system32\drivers\usbport.sys
2011-05-11 06:25:49 ----A---- C:\Windows\system32\drivers\usbhub.sys
2011-05-11 06:25:49 ----A---- C:\Windows\system32\drivers\usbehci.sys
2011-05-11 06:25:49 ----A---- C:\Windows\system32\drivers\usbd.sys
2011-05-11 06:25:49 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2011-05-11 06:25:45 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-05-11 06:25:44 ----A---- C:\Windows\system32\ntoskrnl.exe

======List of files/folders modified in the last 1 months======

2011-06-10 10:06:50 ----D---- C:\Windows\Temp
2011-06-10 10:06:45 ----RD---- C:\Program Files
2011-06-10 10:04:16 ----D---- C:\Users\majo\AppData\Roaming\Skype
2011-06-10 09:40:47 ----D---- C:\Windows\system32\config
2011-06-10 08:42:18 ----D---- C:\Users\majo\AppData\Roaming\skypePM
2011-06-10 08:41:59 ----D---- C:\Users\majo\AppData\Roaming\Dropbox
2011-06-10 08:20:10 ----D---- C:\Program Files\ABBYY FineReader 10
2011-06-10 06:33:55 ----D---- C:\Windows\System32
2011-06-10 06:33:55 ----D---- C:\Windows\inf
2011-06-10 06:33:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-06-10 06:28:55 ----D---- C:\Windows\Tasks
2011-06-10 06:28:55 ----D---- C:\Windows\system32\Tasks
2011-06-10 06:28:26 ----D---- C:\ProgramData\LogMeIn
2011-06-09 14:46:41 ----D---- C:\Users\majo\AppData\Roaming\vlc
2011-06-09 12:10:37 ----D---- C:\Users\majo\AppData\Roaming\uTorrent
2011-06-09 07:19:35 ----SHD---- C:\Windows\Installer
2011-06-09 07:19:35 ----HD---- C:\Config.Msi
2011-06-08 13:27:56 ----SHD---- C:\System Volume Information
2011-06-08 11:34:29 ----D---- C:\Windows\system32\FxsTmp
2011-06-08 07:24:25 ----D---- C:\Program Files\Opera
2011-06-08 06:19:52 ----D---- C:\Windows\system32\wbem
2011-06-08 06:19:52 ----AD---- C:\Windows
2011-06-08 06:18:47 ----D---- C:\Windows\system32\wfp
2011-06-08 06:18:47 ----D---- C:\Windows\system32\DriverStore
2011-06-08 06:18:47 ----D---- C:\Windows\system32\drivers\etc
2011-06-08 06:18:47 ----D---- C:\Windows\system32\drivers
2011-06-08 06:18:46 ----D---- C:\Windows\winsxs
2011-06-08 06:18:46 ----D---- C:\Windows\system32\drivers\UMDF
2011-06-08 06:18:46 ----D---- C:\Windows\system32\catroot2
2011-06-08 06:18:46 ----D---- C:\Users\majo\AppData\Roaming\PhotoFiltre
2011-06-08 06:18:45 ----D---- C:\Users\majo\AppData\Roaming\GHISLER
2011-06-08 06:18:45 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-06-08 06:18:45 ----D---- C:\Program Files\Electronic Arts
2011-06-08 06:18:45 ----D---- C:\aScAgenda
2011-06-08 06:18:35 ----D---- C:\Windows\registration
2011-06-08 06:18:29 ----RSD---- C:\Windows\assembly
2011-06-08 06:18:17 ----HD---- C:\ProgramData
2011-06-01 12:48:19 ----D---- C:\Windows\Prefetch
2011-05-31 11:27:01 ----D---- C:\Program Files\Google
2011-05-25 06:30:15 ----D---- C:\Windows\system32\catroot
2011-05-24 07:05:30 ----D---- C:\Windows\system32\NDF
2011-05-18 06:20:53 ----D---- C:\Program Files\Common Files\microsoft shared
2011-05-13 10:26:40 ----SD---- C:\ProgramData\Microsoft
2011-05-11 06:26:46 ----A---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2010-08-06 158272]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-11-25 436792]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258); C:\Windows\system32\DRIVERS\tdrpm258.sys [2010-08-06 911680]
R0 timounter;Acronis Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2010-08-06 581984]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 SASDIFSV;SASDIFSV; \??\D:\programy\SAS\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL; \??\D:\programy\SAS\SASKUTIL.SYS [2010-05-10 67656]
R2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [2009-06-09 38400]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2009-11-16 95896]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [2010-09-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [2010-09-17 47640]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2008-01-10 5120]
R3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2010-08-06 160288]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 4994560]
R3 hhusb5;HHUsb5 - Kernel Driver 01/01/2010, 0.0.0.1; C:\Windows\system32\DRIVERS\hhusb5.sys [2010-01-13 30264]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-05-22 2361952]
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys [2010-09-17 10144]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-19 7680]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
R3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2010-11-30 25088]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2010-11-20 393216]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2010-11-20 60416]
S3 massfilter;ZTE Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys [2010-06-11 9216]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-03-26 47360]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2010-03-25 99728]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys [2010-03-25 31824]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys [2010-06-11 105088]
S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys [2010-06-11 105088]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\Windows\system32\DRIVERS\ZTEusbser6k.sys [2010-06-11 105088]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-22 814344]
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AcrSch2Svc;Služba Acronis Scheduler2; C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe [2009-11-26 661008]
R2 afcdpsrv;Acronis Nonstop Backup service; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-08-06 2480048]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 176128]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2010-12-08 136584]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2010-11-08 390528]
R2 RSEBoardServer;RSEBoardServer; C:\Program Files\Q Draw Software\rseboardser.exe [2011-05-06 433152]
R2 TeamViewer6;TeamViewer 6; C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe [2010-11-30 2222376]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-20 136176]
S2 KMService;KMService; C:\Windows\system32\srvany.exe [2003-04-18 8192]
S2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-11-16 20680]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-20 136176]
S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; D:\programy\MSOffice2010\Office14\GROOVE.EXE [2010-01-21 30963576]
S3 ose;Office  Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-04-12 1343400]

Re: Služba Centra zabezpečenia systému sa nedá spustiť

Napsal: 10 čer 2011 09:16
od JaRon
1. nevkladaj prispevky do code :!:
2. FIXni v HijackThis:
O4 - HKCU\..\Run: [4ECYTQ9SIC] C:\Users\majo\AppData\Local\Temp\Ywp.exe
+ restart PC

Re: Služba Centra zabezpečenia systému sa nedá spustiť

Napsal: 13 čer 2011 05:48
od konig
Za code sa ospravedlnujem, v piatok som sa tesil, vsetko najskor slo ako malo, bohuzial, dnes ked som po vikende zapol PC, zasa sa objavilo hlasenie, ze sluzba sa neda spustit. Co s tym?

Re: Služba Centra zabezpečenia systému sa nedá spustiť

Napsal: 13 čer 2011 13:21
od JaRon
vycisti PC s MBAM - log vloz + log RSIT aktualny
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz