VIRY.CZ

Neviem či patrí táto téma vôbec do tohoto fóra ale:

Kamarát si pri "čistení PC" zmazal obsah adresára vo WIN XP C:\windows\installer
Odvtedy sa ikony na ploche zle zobrazujú (ako neznáme odkazy na súbory) ale spustiť idú. Keď som chcel preinštalovať office, napísalo : Inštalácia sa nedokončila úspešne. Počas inštalácie sa vyskytla chyba. Inštaláciu nie je možné dokončiť.

Zdravim
Obnovit system

obnova vykonaná, súbory sú tam neni

No, treba vybrat taky datum, teda pred zmazanim obsahu zlozky.
Ide o to ze tato zlozka je chranena, tu su ulozene informácie o inštalácii pre
vsetky programy, ktoré boli nainstalovane do pocitaca.Ak
odstranite niečo z tejto zlozky, moze sa stat nepredvidatelne chyby s
viacerymi aplikaciami.
Teda skus skorsi datum.

dal som už aj vtedy bod obnovenia ktorý určite stačil, ale dal som ešte omnoho dozadšie a nepomohlo

tak, treba znova nainstalovat, preinstalovat vsetky programy.

herodesominv píše:Neviem či patrí táto téma vôbec do tohoto fóra ale:

Kamarát si pri "čistení PC" zmazal obsah adresára vo WIN XP C:\windows\installer
Odvtedy sa ikony na ploche zle zobrazujú (ako neznáme odkazy na súbory) ale spustiť idú. Keď som chcel preinštalovať office, napísalo : Inštalácia sa nedokončila úspešne. Počas inštalácie sa vyskytla chyba. Inštaláciu nie je možné dokončiť.

No, ja som to cital, treba skusit teraz, nakolko obnovoval si system, a treba pre instalovat vsetky programy, skus ci tiez bude
hadzat chybovu hlasku.

nopomohlo

PROSIM CITAJTE POZORNE NAVOD!!!,

Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix
Log znej vloz sem.

Stahni OTListIt2>> OTL
Označ položku Pro všechny uživatele.
Označ položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Klikni na tlačítko Prohledat
Po dokončení, sem vlož logy OTL.Txt a Extras.txt

ComboFix 11-05-12.02 - bielik . 05. 2011 14:37:17.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.503.117 [GMT 2:00]
Running from: c:\documents and settings\bielik\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\bielik\Application Data\ACD Systems\ACDSee\ImageDB.ddf
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\raddrv.dll
.
----- BITS: Possible infected sites -----
.
.
((((((((((((((((((((((((( Files Created from 2011-04-13 to 2011-05-13 )))))))))))))))))))))))))))))))
.
.
2011-05-13 11:44 . 2011-05-13 11:44 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2004-08-04 08:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2004-08-04 08:00 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-04 08:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 13:51 . 2004-08-04 08:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 13:51 . 2004-08-04 08:00 667136 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 13:51 . 2004-08-04 08:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-02-17 13:18 . 2004-08-04 08:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-04 08:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:37 . 2004-08-04 08:00 369664 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32 . 2009-07-06 08:50 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-04 08:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2007-11-14 11:27 . 2007-12-05 06:50 3814 ----a-w- c:\program files\cist.bat
2004-12-08 09:39 . 2007-11-14 06:58 138 ----a-w- c:\program files\Zmaz_index_pri_chybe_profilu.cmd
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft WebServer"="c:\program files\WebSvr\System\svctrl" [X]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-06 524800]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_04\bin\jusched.exe" [2004-02-22 32881]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"LanguageMonitor"="c:\windows\system32\Oplmsb01.exe" [2004-01-09 94208]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2967:UDP"= 2967:UDP:SymantecAntivirus UDP/2967
"4899:TCP"= 4899:TCP:RAdmin
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14. 5. 2009 16:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14. 5. 2009 16:49 94360]
R2 ekrn;ESET Service;c:\program files\Eset\ESET NOD32 Antivirus\ekrn.exe [14. 5. 2009 16:47 731840]
R2 OkiPar;OkiPar;c:\windows\system32\drivers\OkiPar.sys [20. 1. 2009 14:35 36928]
R2 r_server;Remote Administrator Service;c:\windows\system32\r_server.exe [6. 7. 2009 8:42 708608]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25. 3. 2010 11:25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9. 1. 2010 22:37 4640000]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://go.compaq.com/1Q00CDT/0409/bl7.asp
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-13 14:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-05-13 14:44:14
ComboFix-quarantined-files.txt 2011-05-13 12:44
.
Pre-Run: 23 729 065 984 bytes free
Post-Run: 23 700 045 824 bytes free
.
- - End Of File - - 62D8D4089E1D18145AD0A54A2FDED60D

OTL Extras logfile created on: 13. 5. 2011 14:48:12 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = c:\install
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000041b | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy

503,00 Mb Total Physical Memory | 182,00 Mb Available Physical Memory | 36,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,27 Gb Total Space | 22,10 Gb Free Space | 59,29% Space Free | Partition Type: NTFS
Drive D: | 700,16 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: OSV_BIELIK | User Name: bielik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\PROGRA~1\ACDSYS~1\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2967:UDP" = 2967:UDP:*:Enabled:SymantecAntivirus UDP/2967
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"4899:TCP" = 4899:TCP:*:Enabled:RAdmin

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}" = Nokia PC Suite
"{5B9A67D4-04EC-46FF-9496-AF7BBFD84593}" = DvsAktualizácia
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04
"{7E8E9DDD-A5DA-4B2D-9038-C3F445E77B13}" = DVSRekod
"{879EA19D-A327-43C4-AA59-9CE454A5A0DE}" = OKI B4100_4250 Status Monitor
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{90140000-0010-041B-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Slovak) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{6C1729BE-7232-41A7-B414-F826218336D5}" =
"{90140000-0015-041B-0000-0000000FF1CE}" = Microsoft Office Access MUI (Slovak) 2010
"{90140000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2010
"{90140000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2010
"{90140000-0019-041B-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Slovak) 2010
"{90140000-001A-041B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovak) 2010
"{90140000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2010
"{90140000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2010
"{90140000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2010
"{90140000-0044-041B-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Slovak) 2010
"{90140000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2010
"{90140000-00A1-041B-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Slovak) 2010
"{90140000-00BA-041B-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Slovak) 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DF62F79C-BD69-4737-8C74-93F26B895B91}" = ESET NOD32 Antivirus
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"ACDSee" = ACDSee
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Coroutine" = Coroutine for Java
"F064B256B4A20996EA9E333B5E0F14B61AB3333D" = Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSNINST" = MSN
"Nokia PC Suite" = Nokia PC Suite
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Personal Web Server" = Personal Web Server
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"Remote Administrator v2.2" = Remote Administrator v2.2
"Totalcmd" = Total Commander (Remove or Repair)
"Windows XP Service Pack" = Windows XP Service Pack 3
"Zuma's Revenge!1.0" = Zuma's Revenge!

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2077929231-2037684856-2768723756-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dream Aquarium_is1" = Dream Aquarium

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9. 5. 2011 3:04:48 | Computer Name = OSV_BIELIK | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Aktualizáciu {2A3320D6-C805-4280-B423-B665BDE33D8F}
sa nepodarilo nainštalovať. Kód chyby 1603. Ďalšie informácie sú uvedené v súbore
denníka C:\DOCUME~1\bielik\LOCALS~1\Temp\NDP1.1sp1-KB979906-X86\NDP1.1sp1-KB979906-X86-msi.0.log.

Error - 9. 5. 2011 3:04:50 | Computer Name = OSV_BIELIK | Source = NativeWrapper | ID = 5000
Description =

Error - 9. 5. 2011 3:49:25 | Computer Name = OSV_BIELIK | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 9. 5. 2011 3:49:27 | Computer Name = OSV_BIELIK | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Aktualizáciu {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}
sa nepodarilo nainštalovať. Kód chyby 1603. Ďalšie informácie sú uvedené v súbore
denníka C:\DOCUME~1\bielik\LOCALS~1\Temp\NDP1.1sp1-KB2416447-X86\NDP1.1sp1-KB2416447-X86-msi.0.log.

Error - 9. 5. 2011 3:49:28 | Computer Name = OSV_BIELIK | Source = NativeWrapper | ID = 5000
Description =

Error - 9. 5. 2011 4:44:05 | Computer Name = OSV_BIELIK | Source = NativeWrapper | ID = 5000
Description =

Error - 13. 5. 2011 6:11:56 | Computer Name = OSV_BIELIK | Source = Microsoft Office 14 | ID = 5000
Description = EventType office12setup, P1 {10140000-0f00-0000-0000--0000000ff1ce},
P2 14.0.4755.1000, P3 x, P4 msiapicallfailure, P5 proplus_proplusww.xml, P6 x,
P7 x, P8 NIL, P9 NIL, P10 NIL.

Error - 13. 5. 2011 6:12:21 | Computer Name = OSV_BIELIK | Source = Microsoft Office 14 | ID = 5000
Description = EventType office12setup, P1 {10140000-0f00-0000-0000--0000000ff1ce},
P2 14.0.4755.1000, P3 x, P4 msiapicallfailure, P5 proplus_proplusww.xml, P6 x,
P7 x, P8 NIL, P9 NIL, P10 NIL.

Error - 13. 5. 2011 6:18:28 | Computer Name = OSV_BIELIK | Source = Microsoft Office 14 | ID = 5000
Description = EventType office12setup, P1 {10140000-0f00-0000-0000--0000000ff1ce},
P2 14.0.4755.1000, P3 x, P4 msiapicallfailure, P5 proplus_proplusww.xml, P6 x,
P7 x, P8 NIL, P9 NIL, P10 NIL.

Error - 13. 5. 2011 8:21:58 | Computer Name = OSV_BIELIK | Source = Microsoft Office 14 | ID = 5000
Description = EventType office12setup, P1 {10140000-0f00-0000-0000--0000000ff1ce},
P2 14.0.4755.1000, P3 x, P4 msiapicallfailure, P5 proplus_proplusww.xml, P6 x,
P7 x, P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 10. 5. 2011 8:46:58 | Computer Name = OSV_BIELIK | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: eeCtrl

Error - 11. 5. 2011 1:08:22 | Computer Name = OSV_BIELIK | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: eeCtrl

Error - 11. 5. 2011 2:54:24 | Computer Name = OSV_BIELIK | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 12. 5. 2011 2:49:06 | Computer Name = OSV_BIELIK | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: eeCtrl

Error - 13. 5. 2011 1:03:33 | Computer Name = OSV_BIELIK | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: eeCtrl

Error - 13. 5. 2011 2:54:25 | Computer Name = OSV_BIELIK | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 13. 5. 2011 6:39:55 | Computer Name = OSV_BIELIK | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: eeCtrl

Error - 13. 5. 2011 6:40:54 | Computer Name = OSV_BIELIK | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 13. 5. 2011 7:46:00 | Computer Name = OSV_BIELIK | Source = Service Control Manager | ID = 7026
Description = Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému
zlyhali pri načítaní: eeCtrl

Error - 13. 5. 2011 7:47:00 | Computer Name = OSV_BIELIK | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >

OTL logfile created on: 13. 5. 2011 14:48:12 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = c:\install
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000041b | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy

503,00 Mb Total Physical Memory | 182,00 Mb Available Physical Memory | 36,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,27 Gb Total Space | 22,10 Gb Free Space | 59,29% Space Free | Partition Type: NTFS
Drive D: | 700,16 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: OSV_BIELIK | User Name: bielik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.05.13 14:28:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- c:\install\OTL.exe
PRC - [2009.05.14 16:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009.05.14 16:47:08 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe
PRC - [2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.03.26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2007.03.23 13:20:52 | 000,227,328 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2005.03.30 20:44:55 | 000,757,796 | ---- | M] (C. Ghisler & Co.) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2004.06.17 13:41:57 | 000,708,608 | ---- | M] () -- C:\WINDOWS\system32\r_server.exe
PRC - [2004.01.09 17:28:04 | 000,094,208 | ---- | M] (Oki Data Corporation) -- C:\WINDOWS\system32\Oplmsb01.exe


========== Modules (SafeList) ==========

MOD - [2011.05.13 14:28:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- c:\install\OTL.exe
MOD - [2010.08.23 18:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010.03.25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009.05.14 16:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.05.14 16:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2007.03.26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2004.06.17 13:41:57 | 000,708,608 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\r_server.exe -- (r_server)


========== Driver Services (SafeList) ==========

DRV - [2009.05.14 16:49:32 | 000,094,360 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009.05.14 16:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.05.14 16:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2007.02.22 10:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007.02.22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007.02.22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007.02.22 10:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2004.08.03 19:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004.08.03 19:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004.08.03 19:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004.08.03 19:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004.08.03 19:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004.08.03 19:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004.08.03 19:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004.08.03 19:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004.08.03 19:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004.08.03 19:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004.08.03 19:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004.08.03 19:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004.08.03 19:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004.08.03 19:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004.08.03 19:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2003.06.23 14:52:52 | 000,036,928 | ---- | M] (Oki Data Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\DRIVERS\OKIPAR.SYS -- (OkiPar)
DRV - [2002.04.04 08:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2077929231-2037684856-2768723756-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-2077929231-2037684856-2768723756-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.01.20 13:07:30 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011.05.13 14:41:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [LanguageMonitor] C:\WINDOWS\System32\Oplmsb01.exe (Oki Data Corporation)
O4 - HKLM..\Run: [Microsoft WebServer] C:\Program Files\WebSvr\System\svctrl.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [srmclean] C:\cpqs\scom\srmclean.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe ()
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2077929231-2037684856-2768723756-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2077929231-2037684856-2768723756-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2077929231-2037684856-2768723756-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2077929231-2037684856-2768723756-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Od&oslať do programu OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21O16 - DPF: {0E032749-E947-4ABE-99E2-9A3A2E824914}
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {320B7206-B21A-4CC6-8178-6EF4150A9626}
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 6863140437 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 7887569890 (MUWebControl Class)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5}
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\bielik\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\bielik\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.06.09 03:24:14 | 000,000,175 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.05.13 14:44:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011.05.13 14:35:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.05.13 14:35:54 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.05.13 14:35:54 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.05.13 14:35:54 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.05.13 14:35:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.05.13 14:35:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.05.13 14:46:58 | 000,001,717 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2011.05.13 14:41:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.05.13 14:27:26 | 004,348,041 | R--- | M] () -- C:\Documents and Settings\bielik\Desktop\ComboFix.exe
[2011.05.13 13:54:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.05.13 13:45:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.05.13 13:45:42 | 527,290,368 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.09 09:30:54 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.05.09 09:07:36 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.05.02 14:30:00 | 000,002,275 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DVSRekod.lnk
[2011.04.18 09:38:23 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\bielik\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.05.13 14:35:54 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.05.13 14:35:54 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.05.13 14:35:54 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.05.13 14:35:54 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.05.13 14:35:54 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.05.13 14:34:47 | 004,348,041 | R--- | C] () -- C:\Documents and Settings\bielik\Desktop\ComboFix.exe
[2011.03.25 11:55:56 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010.06.21 16:50:44 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\OCRBReader.dll
[2009.11.09 13:53:57 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Winchat.ini
[2009.07.06 08:42:51 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\r_server.exe
[2009.07.02 12:14:51 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\bielik\Local Settings\Application Data\fusioncache.dat
[2009.01.20 14:35:14 | 000,000,808 | ---- | C] () -- C:\WINDOWS\System32\OKIPAR.DAT
[2008.11.22 16:22:49 | 000,000,165 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008.10.29 13:30:08 | 000,003,424 | ---- | C] () -- C:\Documents and Settings\bielik\Application Data\NMM-MetaData.db
[2007.12.05 08:50:58 | 000,003,814 | ---- | C] () -- C:\Program Files\cist.bat
[2007.11.14 08:58:33 | 000,000,138 | ---- | C] () -- C:\Program Files\Zmaz_index_pri_chybe_profilu.cmd
[2006.06.09 15:52:15 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\bielik\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.03.20 14:31:49 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\OPSB1LOC.DLL
[2005.12.07 12:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005.06.03 13:31:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005.05.10 14:05:58 | 000,028,779 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2005.05.10 14:05:58 | 000,024,681 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2005.05.06 10:04:40 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\corojdk11.dll
[2005.05.06 10:04:40 | 000,067,072 | ---- | C] () -- C:\WINDOWS\System32\corojie.dll
[2005.05.06 10:04:40 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\jdde.dll
[2005.05.06 10:04:40 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\corojs.dll
[2005.05.06 10:04:40 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\jcuninstall.exe
[2005.05.06 09:54:15 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005.05.04 15:11:27 | 000,006,688 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2005.05.04 15:11:24 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2005.05.04 14:50:33 | 000,000,201 | ---- | C] () -- C:\WINDOWS\OPLK.INI
[2005.03.30 20:44:43 | 000,001,717 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2004.12.08 17:41:17 | 000,000,451 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004.11.30 03:25:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004.11.30 03:21:37 | 000,000,822 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004.11.30 03:08:59 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004.08.09 16:00:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004.08.09 15:44:32 | 000,383,254 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.09 15:44:32 | 000,053,608 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.09 15:40:44 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004.08.09 15:33:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004.08.09 15:28:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.04 10:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 10:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 10:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 10:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 10:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 10:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 10:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.04 10:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002.05.28 10:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002.05.28 10:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2008.04.17 13:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Nokia
[2008.04.17 13:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Nokia Multimedia Player
[2009.09.04 14:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\PC Suite
[2009.12.18 15:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2008.04.17 12:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2006.03.20 14:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OPLMNB01
[2008.04.17 12:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011.04.28 08:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005.05.25 08:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bielik\Application Data\ACD Systems
[2009.11.28 15:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bielik\Application Data\Nokia
[2009.11.20 13:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bielik\Application Data\Nokia Multimedia Player
[2009.11.28 15:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bielik\Application Data\PC Suite

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADF211B1

< End of report >

o remote administrator viem že tam je nainštalovaný a riešim to cez neho u kamaráta doma aby som nemusel uňho sedieť

c:\program files\cist.bat
Najdi,pravy klik>.upravit>.obsah vloz sem