Wszystko otwiera się w nowych oknach (?)

[stajorek]

Skany robiłem ponieważ jak w temacie wszystko otwierało się w nowych okienkach, ale po resecie wymuszonym przez sptd.sys nagle wszystko zniknęło. W związku z tym proszę chociaż o profilaktyczne przejrzenie logów.

Gmer:

Kod: Zaznacz wszystko

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-02 22:22:52
Windows 5.1.2600 Dodatek Service Pack 2
Running: ehdg22bx.exe; Driver: D:\DOCUME~1\ADMIN~1.LAP\USTAWI~1\Temp\uxtdapow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0  SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1  SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----


OTL.txt

Kod: Zaznacz wszystko

OTL logfile created on: 10-04-02 22:15:27 - Run 1
OTL by OldTimer - Version 3.1.37.3     Folder = D:\Documents and Settings\Admin.LAPTOP\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yy-MM-dd

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): d:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 45,12 Gb Total Space | 25,71 Gb Free Space | 56,97% Space Free | Partition Type: NTFS
Drive D: | 103,91 Gb Total Space | 82,27 Gb Free Space | 79,17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-04-02 22:14:39 | 000,555,520 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Admin.LAPTOP\Pulpit\OTL.exe
PRC - [2010-04-02 22:13:44 | 000,293,376 | ---- | M] () -- D:\Documents and Settings\Admin.LAPTOP\Pulpit\ehdg22bx.exe
PRC - [2010-04-02 17:50:54 | 000,908,248 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-12-17 01:02:30 | 000,039,424 | ---- | M] (Nullsoft) -- D:\Program Files\Winamp\winampa.exe
PRC - [2007-07-26 15:57:02 | 000,192,512 | ---- | M] (Wistron) -- D:\Program Files\Launch Manager\HotkeyApp.exe
PRC - [2006-11-17 21:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) -- D:\Program Files\Launch Manager\WisLMSvc.exe
PRC - [2004-08-04 00:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-04-02 22:14:39 | 000,555,520 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Admin.LAPTOP\Pulpit\OTL.exe


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2006-11-17 21:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- D:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2008-04-13 23:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-02-26 16:01:44 | 004,737,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-02-08 09:50:40 | 005,955,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007-12-06 17:41:42 | 000,220,032 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007-02-07 00:43:26 | 000,090,880 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006-11-15 08:00:58 | 000,528,096 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2003-04-28 12:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\HOTKEY.sys -- (Hotkey)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - D:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2417076
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - D:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - D:\Program Files\gry\tbgry.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010-04-02 17:51:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010-04-02 17:51:00 | 000,000,000 | ---D | M]

[2009-12-14 21:50:23 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Admin.LAPTOP\Dane aplikacji\Mozilla\Extensions
[2009-12-14 21:50:23 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Admin.LAPTOP\Dane aplikacji\Mozilla\Firefox\Profiles\tj1p6iin.default\extensions
[2010-04-02 11:06:53 | 000,000,000 | ---D | M] -- D:\Program Files\Mozilla Firefox\extensions
[2009-08-31 14:11:24 | 000,927,232 | ---- | M] (Ganymede Technologies) -- D:\Program Files\Mozilla Firefox\plugins\NPBOARDS.dll
[2010-02-15 11:59:14 | 000,873,976 | ---- | M] (Ganymede Technologies) -- D:\Program Files\Mozilla Firefox\plugins\NPCARDS.dll
[2009-11-16 17:23:30 | 000,120,296 | ---- | M] ( ) -- D:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll
[2010-02-15 11:58:40 | 000,460,280 | ---- | M] (Ganymede Technologies) -- D:\Program Files\Mozilla Firefox\plugins\NPMAHJONG.dll
[2010-02-15 11:58:46 | 000,665,096 | ---- | M] (Ganymede Technologies) -- D:\Program Files\Mozilla Firefox\plugins\NPMARBLES.dll
[2010-02-15 11:59:10 | 000,587,280 | ---- | M] (Ganymede Technologies) -- D:\Program Files\Mozilla Firefox\plugins\NPWORDSSINGLE.dll
[2009-03-24 11:10:44 | 000,114,688 | ---- | M] (Zylom) -- D:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010-02-21 16:05:48 | 000,002,767 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-02-21 16:05:48 | 000,001,406 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-02-21 16:05:48 | 000,000,917 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-02-21 16:05:48 | 000,000,858 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-02-21 16:05:48 | 000,001,183 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-02-21 16:05:48 | 000,001,683 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2009-12-07 21:53:08 | 000,361,539 | R--- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1   www.007guard.com
O1 - Hosts: 127.0.0.1   007guard.com
O1 - Hosts: 127.0.0.1   008i.com
O1 - Hosts: 127.0.0.1   www.008k.com
O1 - Hosts: 127.0.0.1   008k.com
O1 - Hosts: 127.0.0.1   www.00hq.com
O1 - Hosts: 127.0.0.1   00hq.com
O1 - Hosts: 127.0.0.1   010402.com
O1 - Hosts: 127.0.0.1   www.032439.com
O1 - Hosts: 127.0.0.1   032439.com
O1 - Hosts: 127.0.0.1   www.0scan.com
O1 - Hosts: 127.0.0.1   0scan.com
O1 - Hosts: 127.0.0.1   1000gratisproben.com
O1 - Hosts: 127.0.0.1   www.1000gratisproben.com
O1 - Hosts: 127.0.0.1   1001namen.com
O1 - Hosts: 127.0.0.1   www.1001namen.com
O1 - Hosts: 127.0.0.1   100888290cs.com
O1 - Hosts: 127.0.0.1   www.100888290cs.com
O1 - Hosts: 127.0.0.1   www.100sexlinks.com
O1 - Hosts: 127.0.0.1   100sexlinks.com
O1 - Hosts: 127.0.0.1   10sek.com
O1 - Hosts: 127.0.0.1   www.10sek.com
O1 - Hosts: 127.0.0.1   www.1-2005-search.com
O1 - Hosts: 127.0.0.1   1-2005-search.com
O1 - Hosts: 12430 more lines...
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - D:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (gry Toolbar) - {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - D:\Program Files\gry\tbgry.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (gry Toolbar) - {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - D:\Program Files\gry\tbgry.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - D:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (gry Toolbar) - {8532A8B7-C06A-41BB-936A-8CE73E4711ED} - D:\Program Files\gry\tbgry.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - D:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [Alcmtr] D:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CtrlVol] D:\Program Files\Launch Manager\CtrlVol.exe File not found
O4 - HKLM..\Run: [HotkeyApp] D:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LaunchAp] D:\Program Files\Launch Manager\LaunchAp.exe File not found
O4 - HKLM..\Run: [Wbutton] D:\Program Files\Launch Manager\WButton.exe File not found
O4 - HKLM..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe (Nullsoft)
O4 - HKCU..\Run: [ALLUpdate] D:\Program Files\ALLPlayer\ALLUpdate.exe ()
O4 - Startup: D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Winamp Search - D:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - D:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.10 194.204.159.1 194.204.152.34
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - D:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: D:\WINDOWS\Web\Wallpaper\Idylla.bmp
O24 - Desktop BackupWallPaper: D:\WINDOWS\Web\Wallpaper\Idylla.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-08-24 16:39:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-02-18 16:02:05 | 000,095,615 | ---- | M] () - D:\AutoMapaSetupLog.txt -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-04-02 22:14:34 | 000,555,520 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Admin.LAPTOP\Pulpit\OTL.exe
[2010-04-02 22:05:41 | 000,880,624 | ---- | C] (Duplex Secure Ltd.) -- D:\Documents and Settings\Admin.LAPTOP\Pulpit\SPTDinst-v162-x86.exe
[2010-04-02 13:53:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Admin.LAPTOP\Dane aplikacji\Games
[2010-03-30 08:41:35 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Admin.LAPTOP\Dane aplikacji\StoneLoopsAL
[2010-03-26 20:28:50 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Admin.LAPTOP\Pulpit\Nowy folder
[2010-03-24 20:17:52 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Admin.LAPTOP\Pulpit\export
[2010-03-23 23:04:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Admin.LAPTOP\Pulpit\zmodek pmg
[2010-03-23 16:14:08 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Admin.LAPTOP\Moje dokumenty\Nowy folder
[2010-03-23 09:42:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\Merscom
[2010-03-23 09:42:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Admin.LAPTOP\Dane aplikacji\Merscom
[2010-03-20 20:20:50 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Symantec Shared
[2010-03-20 20:13:44 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\Symantec
[2010-03-20 20:13:44 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\drivers\NSS
[2010-03-20 20:13:44 | 000,000,000 | ---D | C] -- D:\Program Files\Norton Security Scan
[2010-03-20 20:13:44 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\Norton
[2010-03-20 20:13:44 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\drivers\NSS\0207030.022
[2010-03-20 20:13:42 | 000,000,000 | ---D | C] -- D:\Program Files\NortonInstaller
[2010-03-20 20:13:42 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\NortonInstaller
[2010-03-16 17:58:07 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Admin.LAPTOP\Moje dokumenty\Caribbean Riddle 1.0
[2010-03-15 13:50:01 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Admin.LAPTOP\Dane aplikacji\Coyotes Tale
[2010-03-15 12:56:22 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\FarmFrenzy-PizzaParty
[2010-03-11 18:17:45 | 000,000,000 | ---D | C] -- D:\WINDOWS\Minidump
[2010-03-11 15:22:05 | 000,237,056 | ---- | C] (MW Publishing) -- D:\WINDOWS\System32\mwgfx24.dll
[2010-03-11 15:22:05 | 000,191,488 | ---- | C] (MW Graphics) -- D:\WINDOWS\System32\mwgfx.dll
[2010-03-11 15:22:05 | 000,104,960 | ---- | C] (MW Graphics) -- D:\WINDOWS\System32\mwdds.dll
[2010-03-11 15:22:05 | 000,056,832 | ---- | C] (MW Graphics) -- D:\WINDOWS\System32\mwace.dll
[2010-03-11 15:22:05 | 000,028,672 | ---- | C] (MW Graphics) -- D:\WINDOWS\System32\mwgfxcopy.exe
[2010-03-06 12:45:30 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Admin.LAPTOP\Ustawienia lokalne\Dane aplikacji\STARGAZE_IMAGE_CACHE
[2009-08-24 17:50:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-08-24 16:42:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-08-24 16:39:14 | 000,000,000 | --SD | M] -- D:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2009-08-24 16:39:14 | 000,000,000 | --SD | M] -- D:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[3 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-04-02 22:14:39 | 000,555,520 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Admin.LAPTOP\Pulpit\OTL.exe
[2010-04-02 22:13:44 | 000,293,376 | ---- | M] () -- D:\Documents and Settings\Admin.LAPTOP\Pulpit\ehdg22bx.exe
[2010-04-02 22:10:51 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2010-04-02 22:10:49 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2010-04-02 22:09:47 | 002,883,584 | ---- | M] () -- D:\Documents and Settings\Admin.LAPTOP\ntuser.dat
[2010-04-02 22:09:47 | 000,000,292 | -HS- | M] () -- D:\Documents and Settings\Admin.LAPTOP\ntuser.ini
[2010-04-02 22:07:52 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2010-04-02 22:05:47 | 000,880,624 | ---- | M] (Duplex Secure Ltd.) -- D:\Documents and Settings\Admin.LAPTOP\Pulpit\SPTDinst-v162-x86.exe
[2010-04-02 15:00:02 | 011,920,070 | ---- | M] () -- D:\Documents and Settings\Admin.LAPTOP\Pulpit\Schwarzm__ller_Thermo_2009_by_Kisbrekusz___RS.zip
[2010-04-02 14:52:40 | 001,398,256 | ---- | M] () -- D:\Documents and Settings\Admin.LAPTOP\Pulpit\color.dds
[2010-04-02 13:52:54 | 000,000,938 | ---- | M] () -- D:\Documents and Settings\Admin.LAPTOP\Pulpit\Sherlock Holmes - Tajemnica perskiego dywanu.lnk
[2010-04-02 13:52:54 | 000,000,357 | ---- | M] () -- D:\Documents and Settings\Admin.LAPTOP\Pulpit\Gry.Pl.lnk
[2010-04-02 13:52:01 | 091,833,472 | ---- | M] () -- D:\Documents and Settings\Admin.LAPTOP\Pulpit\GryPlTheMysteryofthePersianCarpetPl_20089.exe
[2010-03-30 08:38:20 | 042,516,272 | ---- | M] () -- D:\Documents and Settings\Admin.LAPTOP\Pulpit\GryPlStoneloopsofJurassicaPl_20089.exe
[2010-03-29 19:00:08 | 001,846,369 | ---- | M] () -- D:\Documents and Settings\Admin.LAPTOP\Pulpit\Kurs Szybkiego Czytania - Czytaj 10 Razy Szybciej W 2 Tygodnie(bitnova.info).pdf
[2010-03-28 16:26:31 | 000,000,474 | -H-- | M] () -- D:\WINDOWS\tasks\Norton Security Scan for Admin.job
[2010-03-23 22:13:14 | 000,464,781 | ---- | M] () -- D:\Documents and Settings\Admin.LAPTOP\Moje dokumenty\ETSflarepack_by_Samson.scs
[2010-03-23 15:59:02 | 000,008,192 | ---- | M] () -- D:\Documents and Settings\Admin.LAPTOP\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-03-23 09:42:08 | 000,000,956 | ---- | M] () -- D:\Documents and Settings\Admin.LAPTOP\Pulpit\Tajemnica Mary Celeste.lnk
[2010-03-22 17:47:13 | 003,145,782 | ---- | M] () -- D:\norm.bmp
[2010-03-20 20:13:44 | 000,000,172 | ---- | M] () -- D:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini
[2010-03-20 19:40:47 | 004,585,677 | ---- | M] () -- D:\Documents and Settings\Admin.LAPTOP\Moje dokumenty\MAN TGX XXL 18.430 Lowdeck Emons.rar
[2010-03-20 19:27:18 | 002,986,038 | ---- | M] () -- D:\Documents and Settings\Admin.LAPTOP\Moje dokumenty\bez tytułu.bmp
[2010-03-20 17:12:19 | 002,641,874 | -H-- | M] () -- D:\Documents and Settings\Admin.LAPTOP\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-03-20 15:46:20 | 000,289,154 | ---- | M] () -- D:\Documents and Settings\Admin.LAPTOP\Moje dokumenty\6.jpg
[2010-03-16 09:56:46 | 000,769,282 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI
[2010-03-16 09:56:46 | 000,357,900 | ---- | M] () -- D:\WINDOWS\System32\perfh015.dat
[2010-03-16 09:56:46 | 000,313,222 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2010-03-16 09:56:46 | 000,050,978 | ---- | M] () -- D:\WINDOWS\System32\perfc015.dat
[2010-03-16 09:56:46 | 000,041,226 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2010-03-11 18:17:39 | 2137,473,024 | ---- | M] () -- D:\WINDOWS\MEMORY.DMP
[2010-03-11 15:22:05 | 000,000,680 | ---- | M] () -- D:\Documents and Settings\Admin.LAPTOP\Pulpit\DXTBmp.lnk
[2010-03-10 19:32:52 | 008,188,928 | ---- | M] () -- D:\Documents and Settings\Admin.LAPTOP\Moje dokumenty\MAN_TGX_XXL_18.430_Lowdeck_Emons(2).rar
[3 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-04-02 22:13:43 | 000,293,376 | ---- | C] () -- D:\Documents and Settings\Admin.LAPTOP\Pulpit\ehdg22bx.exe
[2010-04-02 14:58:10 | 011,920,070 | ---- | C] () -- D:\Documents and Settings\Admin.LAPTOP\Pulpit\Schwarzm__ller_Thermo_2009_by_Kisbrekusz___RS.zip
[2010-04-02 13:52:54 | 000,000,938 | ---- | C] () -- D:\Documents and Settings\Admin.LAPTOP\Pulpit\Sherlock Holmes - Tajemnica perskiego dywanu.lnk
[2010-04-02 13:41:37 | 091,833,472 | ---- | C] () -- D:\Documents and Settings\Admin.LAPTOP\Pulpit\GryPlTheMysteryofthePersianCarpetPl_20089.exe
[2010-03-30 08:34:30 | 042,516,272 | ---- | C] () -- D:\Documents and Settings\Admin.LAPTOP\Pulpit\GryPlStoneloopsofJurassicaPl_20089.exe
[2010-03-29 18:59:37 | 001,846,369 | ---- | C] () -- D:\Documents and Settings\Admin.LAPTOP\Pulpit\Kurs Szybkiego Czytania - Czytaj 10 Razy Szybciej W 2 Tygodnie(bitnova.info).pdf
[2010-03-28 15:03:30 | 000,349,680 | ---- | C] () -- D:\Documents and Settings\Admin.LAPTOP\Pulpit\details.dds
[2010-03-26 20:24:36 | 001,398,256 | ---- | C] () -- D:\Documents and Settings\Admin.LAPTOP\Pulpit\color.dds
[2010-03-24 08:23:51 | 009,670,536 | ---- | C] () -- D:\Documents and Settings\Admin.LAPTOP\Pulpit\truck.bak
[2010-03-23 22:12:28 | 000,464,781 | ---- | C] () -- D:\Documents and Settings\Admin.LAPTOP\Moje dokumenty\ETSflarepack_by_Samson.scs
[2010-03-23 09:42:08 | 000,000,956 | ---- | C] () -- D:\Documents and Settings\Admin.LAPTOP\Pulpit\Tajemnica Mary Celeste.lnk
[2010-03-22 17:47:13 | 003,145,782 | ---- | C] () -- D:\norm.bmp
[2010-03-20 20:13:47 | 000,000,474 | -H-- | C] () -- D:\WINDOWS\tasks\Norton Security Scan for Admin.job
[2010-03-20 20:13:44 | 000,000,172 | ---- | C] () -- D:\WINDOWS\System32\drivers\NSS\0207030.022\isolate.ini
[2010-03-20 19:34:19 | 004,585,677 | ---- | C] () -- D:\Documents and Settings\Admin.LAPTOP\Moje dokumenty\MAN TGX XXL 18.430 Lowdeck Emons.rar
[2010-03-20 19:23:11 | 002,986,038 | ---- | C] () -- D:\Documents and Settings\Admin.LAPTOP\Moje dokumenty\bez tytułu.bmp
[2010-03-20 15:45:57 | 000,289,154 | ---- | C] () -- D:\Documents and Settings\Admin.LAPTOP\Moje dokumenty\6.jpg
[2010-03-11 15:22:05 | 000,000,680 | ---- | C] () -- D:\Documents and Settings\Admin.LAPTOP\Pulpit\DXTBmp.lnk
[2010-03-10 19:21:59 | 008,188,928 | ---- | C] () -- D:\Documents and Settings\Admin.LAPTOP\Moje dokumenty\MAN_TGX_XXL_18.430_Lowdeck_Emons(2).rar
[2010-02-21 10:29:56 | 000,000,038 | ---- | C] () -- D:\WINDOWS\avisplitter.ini
[2010-02-21 10:29:54 | 000,205,824 | ---- | C] () -- D:\WINDOWS\System32\xvidvfw.dll
[2010-02-21 10:29:52 | 000,085,504 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll
[2010-02-21 10:29:52 | 000,000,547 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll.manifest
[2010-02-21 10:16:44 | 000,008,192 | ---- | C] () -- D:\Documents and Settings\Admin.LAPTOP\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-08-29 19:17:19 | 000,000,427 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2009-08-27 13:44:01 | 000,178,176 | ---- | C] () -- D:\WINDOWS\System32\unrar.dll
[2009-08-27 13:41:36 | 000,881,664 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll
[2009-08-24 18:51:47 | 000,009,867 | ---- | C] () -- D:\WINDOWS\System32\drivers\HOTKEY.sys
[2009-08-24 18:41:06 | 000,147,456 | ---- | C] () -- D:\WINDOWS\System32\igfxCoIn_v4924.dll
[2004-08-04 00:44:00 | 000,081,920 | ---- | C] () -- D:\WINDOWS\System32\ieencode.dll
[2004-07-17 11:36:38 | 000,027,440 | ---- | C] () -- D:\WINDOWS\System32\drivers\secdrv.sys
< End of report >


Extras:

Kod: Zaznacz wszystko

OTL Extras logfile created on: 10-04-02 22:15:27 - Run 1
OTL by OldTimer - Version 3.1.37.3     Folder = D:\Documents and Settings\Admin.LAPTOP\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yy-MM-dd

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): d:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 45,12 Gb Total Space | 25,71 Gb Free Space | 56,97% Space Free | Partition Type: NTFS
Drive D: | 103,91 Gb Total Space | 82,27 Gb Free Space | 79,17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\Nowe Gadu-Gadu\gg.exe" = D:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu -- (GG Network S.A.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{90280415-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional z programem FrontPage
"{AC76BA86-7AD7-1045-7B44-A91000000001}" = Adobe Reader 9.1 - Polish
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adventures of Robinson Crusoe" = Adventures of Robinson Crusoe
"ALLPlayer_is1" = ALLPlayer V4.X
"Bilbo: Cztery strony świata" = Bilbo: Cztery strony świata
"Blood Ties" = Blood Ties
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"Fix-it-up: Przygoda Kate" = Fix-it-up: Przygoda Kate
"GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker
"gry Toolbar" = gry Toolbar
"Hania - Pomocnik Świętego Mikołaja" = Hania - Pomocnik Świętego Mikołaja
"ipla" = ipla 2.1.1
"Karaibska łamigłówka" = Karaibska łamigłówka
"Kawiarnia Amelii" = Kawiarnia Amelii
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.7.0 (Full)
"Królestwa w chmurach" = Królestwa w chmurach
"Magiczna Encyklopedia – część pierwsza" = Magiczna Encyklopedia – część pierwsza
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mistrzowie Kuchni" = Mistrzowie Kuchni
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Natalie Brooks: Sekrety Domu Skarbów" = Natalie Brooks: Sekrety Domu Skarbów
"NSS" = Norton Security Scan
"Odlotowa Farma 2" = Odlotowa Farma 2
"Odlotowa Farma 2: Pizza Party!" = Odlotowa Farma 2: Pizza Party!
"Opowieści Kojota: Siostry Ognia i Wody" = Opowieści Kojota: Siostry Ognia i Wody
"Romance of Rome" = Romance of Rome
"Sherlock Holmes - Tajemnica perskiego dywanu" = Sherlock Holmes - Tajemnica perskiego dywanu
"Skarby Montezumy 2" = Skarby Montezumy 2
"Sprill: Tajemnice Trójkąta Bermudzkiego" = Sprill: Tajemnice Trójkąta Bermudzkiego
"Stoneloops! of Jurassica" = Stoneloops! of Jurassica
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tajemnica Mary Celeste" = Tajemnica Mary Celeste
"Tajemnica tęczy" = Tajemnica tęczy
"Tajemnice Horusa" = Tajemnice Horusa
"Tęczowa Pajęczyna 2" = Tęczowa Pajęczyna 2
"The Mysterious City - Golden Prague" = The Mysterious City - Golden Prague
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Media Format Runtime" = Windows Media Format Runtime
"Wizard's Hat" = Wizard's Hat
"Zaczarowana Jaskinia" = Zaczarowana Jaskinia
"Zaczarowane wyspy" = Zaczarowane wyspy

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Detektor Winampa

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 10-03-16 12:15:18 | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd caribbean riddle.wrp.exe, wersja 0.0.0.0,
moduł powodujący błąd audiere.dll, wersja 1.9.4.0, adres błędu 0x00004039.

Error - 10-03-19 10:28:59 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.1.3685, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 10-03-20 14:32:18 | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd winamp.exe, wersja 5.5.7.2789, moduł powodujący
błąd gen_ml.dll, wersja 0.0.0.0, adres błędu 0x000072ee.

Error - 10-03-22 17:02:07 | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd winamp.exe, wersja 5.5.7.2789, moduł powodujący
błąd gen_ml.dll, wersja 0.0.0.0, adres błędu 0x000072ee.

Error - 10-03-22 17:02:19 | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd zmodeler2.exe, wersja 1.0.0.959, moduł powodujący
błąd zmodeler2.exe, wersja 1.0.0.959, adres błędu 0x00007b48.

Error - 10-03-22 17:02:26 | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd zmodeler2.exe, wersja 1.0.0.959, moduł powodujący
błąd zmodeler2.exe, wersja 1.0.0.959, adres błędu 0x00007b48.

Error - 10-03-22 17:14:04 | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd winamp.exe, wersja 5.5.7.2789, moduł powodujący
błąd gen_ml.dll, wersja 0.0.0.0, adres błędu 0x000072ee.

Error - 10-03-23 10:01:24 | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd zmodeler2.exe, wersja 1.0.0.959, moduł powodujący
błąd zmodeler2.exe, wersja 1.0.0.959, adres błędu 0x00007b48.

Error - 10-03-23 10:09:38 | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd zmodeler2.exe, wersja 1.0.0.959, moduł powodujący
błąd zmodeler2.exe, wersja 1.0.0.959, adres błędu 0x00007b48.

Error - 10-03-23 10:30:09 | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd winamp.exe, wersja 5.5.7.2789, moduł powodujący
błąd gen_ml.dll, wersja 0.0.0.0, adres błędu 0x000072ee.

[ System Events ]
Error - 10-04-02 15:25:50 | Computer Name = LAPTOP | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk0\D wystąpił zły blok.

Error - 10-04-02 15:25:54 | Computer Name = LAPTOP | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk0\D wystąpił zły blok.

Error - 10-04-02 15:25:58 | Computer Name = LAPTOP | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk0\D wystąpił zły blok.

Error - 10-04-02 15:56:25 | Computer Name = LAPTOP | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk0\D wystąpił zły blok.

Error - 10-04-02 15:56:30 | Computer Name = LAPTOP | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk0\D wystąpił zły blok.

Error - 10-04-02 15:56:34 | Computer Name = LAPTOP | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk0\D wystąpił zły blok.

Error - 10-04-02 15:56:38 | Computer Name = LAPTOP | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk0\D wystąpił zły blok.

Error - 10-04-02 16:09:41 | Computer Name = LAPTOP | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk0\D wystąpił zły blok.

Error - 10-04-02 16:09:46 | Computer Name = LAPTOP | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk0\D wystąpił zły blok.

Error - 10-04-02 16:16:44 | Computer Name = LAPTOP | Source = Disk | ID = 262151
Description = W urządzeniu \Device\Harddisk0\D wystąpił zły blok.


< End of report >


Z góry dziękuje

[ordynat]

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe File not found

Co jest "grane"? Dlaczego nie ma tego bardzo ważnego pliku Systemowego?
Zrób nowy log z OTL, ale oprócz normalnych ustawień, dodaj jeszcze jedno:
W pole Custom Scans/Fixes wklej:

%systemdrive%\userinit.* /s /md5

i dopiero wtedy kliknij "Run Scan".
.