.. ask.com je jen toolbar nebo nejakej jinej smejd... ok s tema BSOD to snad nespecha.. driv to padalo porad na to niv4_disp, ale to sem asi vyresil instalaci ovladacu pro graf. kartu... posledne to bylo win32sys... uvidime co na to vas kolega vecer:) jinak jeste je mozny ze tyhle veci mely co docineni s tim vypinanim monitoru(samozrejme reknu pritelkyni at to sleduje jestli se to nezlepsilo)...EDIT:Ptal sem se pritelkyne a sekal se i touchpad takze je nejspis neco podelanyho v pc... ale porad mi nejde do hlavy ze senzor v pc se podela tak se seka touchpad.. ale mys pres USB prece nepouziva senzor v pc ne?
log zde:
ComboFix 10-10-10.03 - Uživatel 11.10.2010 18:34:27.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.460 [GMT 2:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Uživatel\Plocha\CFScript.txt
AV: ESET Smart Security 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FILE ::
"c:\documents and settings\Uživatel\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll"
"c:\windows\Tasks\AppleSoftwareUpdate.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Ask.com\
c:\program files\Ask.com\\cobrand.ico
c:\program files\Ask.com\\config.xml
c:\program files\Ask.com\\favicon.ico
c:\program files\Ask.com\\fv_2cd.ico
c:\program files\Ask.com\\GenericAskToolbar.dll
c:\program files\Ask.com\\mupcfg.xml
c:\program files\Ask.com\\SaUpdate.exe
c:\program files\Ask.com\\UpdateTask.exe
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SP_RSSRV
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-11 do 2010-10-11 )))))))))))))))))))))))))))))))
.
2010-10-11 03:43 . 2010-10-11 15:41 -------- d-----w- c:\program files\trend micro
2010-10-11 03:43 . 2010-10-11 03:46 -------- d-----w- C:\rsit
2010-10-11 01:33 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-10-11 01:33 . 2010-10-11 01:33 -------- d-----w- c:\windows\Logs
2010-10-11 01:33 . 2010-10-11 01:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PassMark
2010-10-11 01:33 . 2010-10-11 01:33 -------- d-----w- c:\program files\BurnInTest
2010-10-09 16:08 . 2010-10-09 16:08 -------- d-----w- c:\program files\Garmin
2010-10-09 16:08 . 2010-10-09 16:08 -------- d-----w- C:\MapSource
2010-10-09 15:57 . 2010-10-09 16:17 -------- d-----w- C:\garmin
2010-10-09 15:42 . 2004-03-08 22:00 260880 ----a-w- c:\windows\system32\MSFLXGRD.OCX
2010-10-09 15:42 . 2010-10-09 15:42 -------- d-----w- c:\program files\Img2gps
2010-10-09 15:31 . 2010-10-04 21:08 74240 ----a-w- c:\windows\gmt.exe
2010-10-09 15:31 . 2010-10-09 15:31 -------- d-----w- c:\program files\GmapTool
2010-10-09 15:28 . 2010-10-09 15:28 -------- d-----w- c:\program files\cGPSmapper
2010-10-09 15:07 . 2010-10-09 15:08 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\GARMIN
2010-10-09 15:07 . 2010-10-09 15:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\GARMIN
2010-10-09 14:35 . 2009-04-17 13:48 9344 ----a-w- c:\windows\system32\drivers\grmnusb.sys
2010-10-09 14:35 . 2009-04-17 13:48 18304 ----a-w- c:\windows\system32\drivers\grmngen.sys
2010-10-09 12:42 . 2001-08-17 17:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2010-10-09 12:41 . 2001-08-17 16:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2010-10-09 12:40 . 2001-10-24 08:24 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2010-10-09 12:39 . 2008-04-13 20:11 17664 -c--a-w- c:\windows\system32\dllcache\ppa3.sys
2010-10-09 12:38 . 2001-10-24 08:24 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll
2010-10-09 12:37 . 2001-08-17 17:28 797500 -c--a-w- c:\windows\system32\dllcache\ltsmt.sys
2010-10-09 12:36 . 2008-04-14 07:51 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2010-10-09 12:35 . 2001-10-24 07:58 907456 -c--a-w- c:\windows\system32\dllcache\hcf_msft.sys
2010-10-09 12:34 . 2001-08-17 16:12 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
2010-10-09 12:33 . 2008-04-13 18:06 48640 -c--a-w- c:\windows\system32\dllcache\cwrwdm.sys
2010-10-09 12:32 . 2001-10-24 07:49 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-10-09 12:31 . 2008-04-13 20:06 44928 -c--a-w- c:\windows\system32\dllcache\agpcpq.sys
2010-10-08 19:15 . 2010-10-09 20:14 -------- d-----w- C:\zaloha
2010-10-08 19:12 . 2010-10-08 19:12 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Safe mirror
2010-10-08 19:11 . 2010-10-08 19:12 -------- d-----w- c:\program files\Cobian Backup 10
2010-10-07 23:09 . 2010-10-07 23:09 -------- d-----w- c:\documents and settings\Uživatel\Local Settings\Data aplikací\Innovative Solutions
2010-10-07 23:09 . 2010-10-07 23:09 -------- d-----w- c:\program files\Innovative Solutions
2010-10-06 23:31 . 2010-10-06 23:31 -------- d-----w- c:\windows\system32\AGEIA
2010-10-06 23:31 . 2010-10-06 23:31 -------- d-----w- c:\program files\AGEIA Technologies
2010-10-06 23:31 . 2010-10-06 23:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-10-06 23:27 . 2010-10-06 23:27 -------- d-----w- C:\NVIDIA
2010-09-30 14:45 . 2010-09-30 14:46 -------- d-sh--w- c:\documents and settings\Uzivatel
2010-09-30 00:53 . 2010-09-30 00:53 -------- d-----w- c:\program files\Zeallsoft
2010-09-25 15:21 . 2010-09-25 15:21 -------- d-----w- c:\program files\Speccy
2010-09-24 15:23 . 2010-09-24 15:23 -------- d-----w- c:\program files\Common Files\Skype
2010-09-24 15:23 . 2010-09-24 15:23 -------- d-----r- c:\program files\Skype
2010-09-23 21:58 . 2010-10-10 22:02 -------- d-----w- c:\documents and settings\Uživatel\Local Settings\Data aplikací\AskToolbar
2010-09-23 19:41 . 2010-09-23 19:41 -------- d-----w- c:\program files\FreeTime
2010-09-23 19:05 . 2010-09-23 19:12 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\Jpeg Resampler
2010-09-23 19:05 . 2010-09-23 19:05 -------- d-----w- c:\program files\JPEG Resampler
2010-09-20 15:57 . 2010-10-11 02:24 -------- d-----w- C:\SuperWebcamRecorder
2010-09-18 15:02 . 2010-09-18 15:05 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\ooVoo Details
2010-09-18 15:01 . 2010-09-18 15:01 -------- d-----w- c:\program files\ooVoo
2010-09-17 14:26 . 2008-04-13 20:16 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
------- Sigcheck -------
[-] 2008-04-29 . B054BB152547F33685D19F3343F444D0 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Infium"="c:\program files\QIP 2010\qip.exe" [2010-08-12 5829584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13594624]
"nwiz"="nwiz.exe" [2009-01-30 1657376]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-01-25 53248]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-04-07 2145000]
"VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-08-29 143360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Uživatel\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Uživatel\\Dokumenty\\Downloads\\utorrent-portable\\utorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7.4.2010 21:07 114984]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [15.5.2008 13:07 61424]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [8.10.2010 21:12 67584]
R2 CobianBackup10;Cobian Backup 10;c:\program files\Cobian Backup 10\cbService.exe [8.10.2010 21:12 1125376]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [7.4.2010 21:07 810120]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 18:33 50704]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [6.7.2010 17:03 173352]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [11.3.2010 11:17 25088]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [17.9.2010 16:27 251904]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [17.9.2010 16:27 398720]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1.2.2010 18:47 135664]
.
Obsah adresáře 'Naplánované úlohy'
2010-10-11 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-08-23 12:11]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\qje8yiac.default\
FF - component: c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\qje8yiac.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\components\qippipe.dll
FF - component: c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\qje8yiac.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\qje8yiac.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\qje8yiac.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\qje8yiac.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-602162358-2139871995-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9E447679-0EE1-0509-60C3-895A89BE369C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaonjggpcgdjjfibpkblihgofajhkm"=hex:61,69,69,64,68,70,6d,70,70,6f,65,65,62,6c,
6a,68,69,6b,6f,69,68,68,6c,70,70,68,66,6c,70,6b,6b,62,6b,63,6a,69,64,6a,70,\
"iajofaenkfifolblje"=hex:6a,61,66,64,64,64,6c,66,68,63,70,6f,62,6c,65,6c,6c,68,
6d,61,00,00
"hadolpjfclohfddf"=hex:6a,61,67,64,63,61,69,68,6b,69,62,70,65,6e,68,6e,70,6c,
6f,69,00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3800)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PSIService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\TeamViewer\Version5\TeamViewer.exe
.
**************************************************************************
.
Celkový čas: 2010-10-11 18:45:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-11 16:45
ComboFix2.txt 2010-10-11 16:04
Před spuštěním: Volných bajtů: 171 175 587 840
Po spuštění: Volných bajtů: 171 104 473 088
- - End Of File - - 24DA87E6C61C7AA244D9CAB5C19C28F1
Buh vi co ten senzor je zac...Uvidime co kolega na BSOD, me se zdaji logy jiz ciste...ESET Smart Security ma jiz v sobe antispyware (proto je to balicek All-in-one) narozdil jen od NODu32 coz je jen antivir (a musi tak byt doplnen firewallem a antispy)...
Přispějete na provoz fóra?