Stránka 1 z 1
bcmwl5.sys zpusobuje BSOD
Napsal: 30 kvě 2011 20:46
od obraz
Dobry den, zniceho nic mi stavkuje notebook, po nabehnuti windows xp vyskoci modra obrazovka a ihned se restartuje.. Zadne zmeny HW ani SW neprobehly, zjistil jsem, ze to zpusobuje ovladac wifi - bcmwl5.sys. Googlem jsem nasel 2 priciny co by to mohlo zpusobit.. Jednim je udajne nekompatibilita (?), na kterou by mela pomoct aktualizace ovladace, ta napomohla.. Druhou pricinou by mohla byt nejaka havet, proto chci poprosit, jestli muzu zaslat log (RSIT, ComboFix?) a muzete mi nekdo zkontrolovat log..?
Re: bcmwl5.sys zpusobuje BSOD
Napsal: 30 kvě 2011 21:19
od Rudy
OK. Logy zkontrolovat můžeme. Nejprve poprosím o RSIT:
http://www.viry.cz/forum/viewtopic.php?f=13&t=105895 .
Re: bcmwl5.sys zpusobuje BSOD
Napsal: 30 kvě 2011 21:28
od obraz
Kód: Vybrat vše
Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2011-05-30 22:24:05
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 20 GB (26%) free of 76 GB
Total RAM: 1919 MB (75% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:24:30, on 30.5.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Razer\Lachesis\razerhid.exe
C:\WINDOWS\System32\MAFWTray.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Razer\Lachesis\OSD.exe
C:\Program Files\Razer\Lachesis\razertra.exe
C:\Program Files\Razer\Lachesis\razerofa.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\wincmd\WINCMD32.EXE
C:\Program Files\QIP\qip.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Plocha\NET\RSIT.exe
C:\Program Files\trend micro\Administrator.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\MAFWTray.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKUS\S-1-5-21-709852436-361809534-4294162701-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'postgres')
O4 - HKUS\S-1-5-21-709852436-361809534-4294162701-1005\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'postgres')
O4 - HKUS\S-1-5-21-709852436-361809534-4294162701-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'postgress')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 7114 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2010-06-09 138240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2010-06-09 138240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-11-24 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Lachesis"=C:\Program Files\Razer\Lachesis\razerhid.exe [2007-09-12 172032]
"M-Audio Taskbar Icon"=C:\WINDOWS\System32\MAFWTray.exe [2008-03-03 252424]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-05-10 3459712]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-07-21 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-08-28 12536]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======File associations======
.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2011-05-30 22:24:05 ----D---- C:\rsit
2011-05-30 19:06:54 ----N---- C:\WINDOWS\system32\BCMWLU00.EXE
2011-05-30 19:06:54 ----N---- C:\WINDOWS\system32\BCMWLD2K.EXE
2011-05-30 15:18:00 ----ASH---- C:\hiberfil.sys
2011-05-30 12:38:34 ----A---- C:\WINDOWS\ntbtlog.txt
2011-05-17 22:31:14 ----D---- C:\Program Files\MSECache
2011-05-17 13:41:58 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-05-17 13:41:58 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-05-17 13:41:56 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-05-17 13:41:56 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-05-17 13:41:56 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-05-17 13:41:55 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-05-17 13:41:55 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-05-17 13:41:55 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-05-17 13:41:33 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-05-17 13:41:22 ----D---- C:\Program Files\AVAST Software
2011-05-17 13:41:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2011-05-17 02:28:45 ----SHD---- C:\Config.Msi
2011-05-17 02:28:21 ----SHD---- C:\RECYCLER
2011-05-17 02:27:10 ----D---- C:\Documents and Settings\Administrator\Data aplikací\TuneUp Software
2011-05-17 02:26:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2011-05-17 02:26:34 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-05-17 01:28:47 ----D---- C:\Program Files\Microsoft Office
2011-05-17 01:02:06 ----A---- C:\WINDOWS\NIRCMD.exe
2011-05-17 01:02:06 ----A---- C:\WINDOWS\MBR.exe
2011-05-17 01:02:05 ----A---- C:\WINDOWS\zip.exe
2011-05-17 01:02:05 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-05-17 01:02:05 ----A---- C:\WINDOWS\SWSC.exe
2011-05-17 01:02:05 ----A---- C:\WINDOWS\SWREG.exe
2011-05-17 01:02:05 ----A---- C:\WINDOWS\sed.exe
2011-05-17 01:02:05 ----A---- C:\WINDOWS\PEV.exe
2011-05-17 01:02:05 ----A---- C:\WINDOWS\grep.exe
2011-05-17 01:01:51 ----D---- C:\WINDOWS\ERDNT
2011-05-17 00:52:03 ----HD---- C:\Qoobox
2011-05-17 00:24:33 ----A---- C:\WINDOWS\system32\msonpmon.dll
2011-05-17 00:13:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-05-15 00:29:55 ----D---- C:\Program Files\In The Money
2011-05-12 19:50:05 ----D---- C:\Program Files\TableNinja
2011-05-07 00:26:20 ----D---- C:\WINDOWS\system32\QuickTime
2011-05-07 00:26:01 ----D---- C:\Program Files\Common Files\TechSmith Shared
2011-05-07 00:25:55 ----D---- C:\Program Files\TechSmith
2011-05-07 00:25:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\TechSmith
2011-05-05 13:48:01 ----D---- C:\Markhand
======List of files/folders modified in the last 1 months======
2011-05-30 22:24:30 ----D---- C:\Program Files\trend micro
2011-05-30 22:22:00 ----D---- C:\WINDOWS\Temp
2011-05-30 20:51:46 ----A---- C:\WINDOWS\wincmd.ini
2011-05-30 20:14:54 ----D---- C:\WINDOWS\system32\CatRoot2
2011-05-30 19:53:24 ----D---- C:\WINDOWS
2011-05-30 19:51:16 ----SHD---- C:\WINDOWS\CSC
2011-05-30 19:26:44 ----D---- C:\WINDOWS\SoftwareDistribution
2011-05-30 19:08:21 ----D---- C:\WINDOWS\system32\drivers
2011-05-30 19:08:19 ----HD---- C:\WINDOWS\inf
2011-05-30 19:06:54 ----D---- C:\WINDOWS\system32
2011-05-30 19:06:35 ----HD---- C:\SwSetup
2011-05-30 02:02:19 ----D---- C:\Program Files\PokerStars
2011-05-27 00:08:53 ----SHD---- C:\WINDOWS\Installer
2011-05-24 01:48:45 ----D---- C:\Program Files\Full Tilt Poker
2011-05-24 00:40:41 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-05-21 22:26:56 ----D---- C:\Program Files\Holdem Manager
2011-05-17 22:31:14 ----RD---- C:\Program Files
2011-05-17 13:41:48 ----D---- C:\WINDOWS\WinSxS
2011-05-17 13:28:17 ----D---- C:\Program Files\Odeon10CombinedDemo
2011-05-17 13:28:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\Odeon
2011-05-17 10:18:24 ----D---- C:\WINDOWS\system32\config
2011-05-17 02:18:08 ----N---- C:\WINDOWS\system.ini
2011-05-17 02:16:34 ----D---- C:\WINDOWS\AppPatch
2011-05-17 02:16:31 ----D---- C:\Program Files\Common Files
2011-05-17 01:29:47 ----A---- C:\WINDOWS\ODBC.INI
2011-05-17 01:29:32 ----RSD---- C:\WINDOWS\assembly
2011-05-17 01:29:16 ----RSD---- C:\WINDOWS\Fonts
2011-05-17 01:29:11 ----D---- C:\WINDOWS\SHELLNEW
2011-05-17 01:29:05 ----D---- C:\Program Files\Common Files\DESIGNER
2011-05-17 01:28:48 ----D---- C:\Program Files\Microsoft.NET
2011-05-17 01:28:47 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-05-17 01:24:52 ----D---- C:\WINDOWS\system
2011-05-17 01:24:48 ----RHD---- C:\MSOCache
2011-05-17 01:02:05 ----SHD---- C:\System Volume Information
2011-05-17 01:02:05 ----D---- C:\WINDOWS\system32\Restore
2011-05-17 00:54:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG10
2011-05-17 00:53:52 ----RSHD---- C:\WINDOWS\system32\dllcache
2011-05-17 00:36:21 ----D---- C:\Program Files\MSBuild
2011-05-17 00:34:05 ----D---- C:\Program Files\Common Files\System
2011-05-17 00:34:03 ----A---- C:\WINDOWS\win.ini
2011-05-12 19:50:06 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2011-05-02 18:07:21 ----D---- C:\WINDOWS\Microsoft.NET
2011-05-02 14:27:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-05-02 14:24:01 ----D---- C:\WINDOWS\system32\en-us
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2009-09-23 64288]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-08-30 639224]
R0 timounter;Acronis True Image Backup Archive Explorer; C:\WINDOWS\system32\DRIVERS\timntr.sys [2010-08-28 441760]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-05-10 30808]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-05-10 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-05-10 441176]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-05-10 307928]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-05-10 49240]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-05-10 19544]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-05-10 102616]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-04-18 13059]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2010-08-28 44384]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-07-21 3565056]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2006-03-30 130432]
R3 b57w2k;Broadcom NetLink (TM) Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-26 142720]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-07-20 38144]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-07-20 346496]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-04-18 1038336]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-04-18 200576]
R3 LachesisFltr;Lachesis Mouse Driver; C:\WINDOWS\system32\drivers\Lachesis.sys [2007-08-08 12032]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-04-18 703488]
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-05-03 178176]
S3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-06-07 152960]
S3 ajwv30wh;ajwv30wh; C:\WINDOWS\system32\drivers\ajwv30wh.sys []
S3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-04-28 429184]
S3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-02-16 57096]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 DELTAFW;Service for M-Audio FW Driver (WDM); C:\WINDOWS\system32\DRIVERS\deltafw.sys []
S3 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
S3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-01-30 1035008]
S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-01-30 201600]
S3 MAFW;MAFW; C:\WINDOWS\system32\DRIVERS\mafw.sys [2008-03-03 193032]
S3 MAFWBOOT;Bootloader Service for M-Audio FW Driver (WDM); C:\WINDOWS\system32\DRIVERS\mafwboot.sys []
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys []
S3 uisp;Freescale USB JW32 driver; C:\WINDOWS\System32\Drivers\usbicp.sys [2005-12-21 14592]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-07-21 602112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-05-10 42184]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-12 153376]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-14 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-14 117248]
R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [2009-03-13 65536]
R2 postgresql-8.4;PostgreSQL Server 8.4; C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w []
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
S2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-08-30 77944]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-09-24 820008]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2011-04-25 1181328]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Re: bcmwl5.sys zpusobuje BSOD
Napsal: 30 kvě 2011 21:31
od Rudy
Toto je OK. Ještě dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Re: bcmwl5.sys zpusobuje BSOD
Napsal: 30 kvě 2011 21:42
od obraz
Log z ComboFixu dodam zitra.. Behem skenu v CF nekdy dojde k restartu pc a nechci riskovat ze bych ho jiz dnes nespustil, musim dodelat neco do skoly..
Re: bcmwl5.sys zpusobuje BSOD
Napsal: 30 kvě 2011 22:01
od Rudy
Sken CF zkuste v nouz. režimu.