Problem s mwav

Zdravim.No vcera vecer som chcel spustit mwav lebo som to uz dost dlho nerobil tak ze skontrolujem pc a ono ho normalne nacitalo ale potom hodilo na 2-3 sekundy modru obrazovku a restartlo pc......a robi mi to stale ked to chcem spustit

No skenujem pc a nasiel som trojan-downloader.win32.agent.agnb.....moze to byt sposobene aj tym?Som zvedavy co este najde

Ano, virusy su v snahe zabranit detekcii schopne aj zhodit PC ala BSOD. Tento typ je len zaklad, cez neho sa do PC stahuje dalsi bordel. Doporucujem ti preskenovat PC so SAS Free (po updatovani) a nasledne CureIt AV (neinstaluje sa), pretoze na rozdiel od MWAV aj mazu. MWAV pouzi nakoniec, pre kontrolu a uz len manualne smazes, co zostane. Samozrejme najlepsie je pouzit HijackThis, ale iba ked vies, co je co (nazvy procesov a pod).

No tak KAV nasiel len tento jeden....Cureit som pustil predtym a nic.....idem este skusit ten prvy
SAS cisty.....tak uz to bude hadam ok.....za chvilu skusim mwav a hadam pojde
No nepomohlo....nacita mwav ale ked nabehne ta mala kocka s kotulajucim sa koleckom tak to cele padne

Naozaj nikto neviete?

Posli log z ComboFixu.

ComboFix 08-10-24.02 - Cíbiček 2008-10-25 20:55:09.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.1.1051.18.680 [GMT 2:00]
Running from: C:\Users\Cíbiček\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\CBIEK~1\AppData\Roaming\inst.exe
C:\Users\Cíbiček\AppData\Roaming\inst.exe
.
---- Previous Run -------
.
C:\Users\Cíbiček\AppData\Roaming\inst.exe

.
((((((((((((((((((((((((( Files Created from 2008-09-25 to 2008-10-25 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-25 18:50 5,505,024 --sha-w C:\Users\Cíbiček\ntuser.dat
2008-10-25 18:50 5,505,024 --sha-w C:\Users\Cíbiček\ntuser.dat
2008-10-25 18:50 360,480 --sha-w C:\Windows\system32\drivers\fidbox2.dat
2008-10-25 18:50 3,207,712 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-10-25 18:50 26,140 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-10-25 18:50 2,312 --sha-w C:\Windows\system32\drivers\fidbox2.idx
2008-10-25 18:50 --------- d-----w C:\Users\Cíbiček\AppData\Roaming\uTorrent
2008-10-25 18:50 --------- d-----w C:\Users\CBIEK~1\AppData\Roaming\uTorrent
2008-10-25 18:26 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-10-25 17:37 --------- d-----w C:\Users\Cíbiček\AppData\Roaming\LangSoft
2008-10-25 17:37 --------- d-----w C:\Users\CBIEK~1\AppData\Roaming\LangSoft
2008-10-25 17:18 2,142,208 ----a-w C:\Program Files\TRNCOM.DLL
2008-10-25 17:18 --------- d-----w C:\ProgramData\LangSoft
2008-10-25 14:30 138,464 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-10-25 13:46 --------- d-----w C:\Users\Cíbiček\AppData\Roaming\Skype
2008-10-25 13:46 --------- d-----w C:\Users\CBIEK~1\AppData\Roaming\Skype
2008-10-25 13:02 --------- d-----w C:\ProgramData\Kaspersky SDK
2008-10-25 11:32 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
2008-10-25 11:31 --------- d-----w C:\Users\Cíbiček\AppData\Roaming\SUPERAntiSpyware.com
2008-10-25 11:31 --------- d-----w C:\Users\CBIEK~1\AppData\Roaming\SUPERAntiSpyware.com
2008-10-25 11:31 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-10-25 11:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-25 08:56 --------- d-----w C:\Program Files\ESET
2008-10-25 08:56 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-10-23 19:30 --------- d-----w C:\ProgramData\BlazeVideo
2008-10-23 19:30 --------- d-----w C:\Program Files\Blaze Video Magic
2008-10-22 14:17 --------- d-----w C:\Program Files\Acala 3GP Movies Free
2008-10-22 09:32 --------- d-----w C:\Program Files\VistaCodecPack
2008-10-22 09:29 --------- d-----w C:\ProgramData\VistaCodecs
2008-10-22 08:08 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-10-21 12:29 --------- d-----w C:\Users\Cíbiček\AppData\Roaming\Nokia
2008-10-21 12:29 --------- d-----w C:\Users\CBIEK~1\AppData\Roaming\Nokia
2008-10-21 12:14 0 ---ha-w C:\Windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-10-21 12:14 --------- d-----w C:\Users\Cíbiček\AppData\Roaming\PC Suite
2008-10-21 12:14 --------- d-----w C:\Users\CBIEK~1\AppData\Roaming\PC Suite
2008-10-21 12:13 --------- d-----w C:\ProgramData\PC Suite
2008-10-21 09:54 --------- d-----w C:\Program Files\Nokia
2008-10-21 09:54 --------- d-----w C:\Program Files\DIFX
2008-10-21 09:54 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-10-21 09:54 --------- d-----w C:\Program Files\Common Files\Nokia
2008-10-21 09:53 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-10-21 09:50 --------- d-----w C:\ProgramData\Installations
2008-10-21 07:19 96,976 ----a-w C:\Windows\system32\drivers\klin.dat
2008-10-21 07:19 87,855 ----a-w C:\Windows\system32\drivers\klick.dat
2008-10-20 20:50 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-10-20 07:48 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-10-20 07:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-20 07:31 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-10-19 14:00 --------- d-----w C:\Program Files\Kaspersky Lab
2008-10-19 13:58 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
2008-10-19 07:15 --------- d-----w C:\Program Files\Ashampoo
2008-10-18 06:17 --------- d-----w C:\Program Files\Absolute Uninstaller
2008-10-16 18:23 --------- d-----w C:\Users\Cíbiček\AppData\Roaming\Vso
2008-10-16 18:23 --------- d-----w C:\Users\CBIEK~1\AppData\Roaming\Vso
2008-10-16 17:03 --------- d-----w C:\ProgramData\Lavasoft
2008-10-16 15:00 --------- d-----w C:\Users\Cíbiček\AppData\Roaming\Samsung
2008-10-16 15:00 --------- d-----w C:\Users\CBIEK~1\AppData\Roaming\Samsung
2008-10-16 12:34 5,632 ----a-w C:\Windows\system32\drivers\StarOpen.sys
2008-10-16 12:19 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-16 12:09 --------- d-----w C:\Program Files\Samsung
2008-10-16 12:06 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-16 11:19 --------- d-----w C:\ProgramData\Avira
2008-10-16 10:59 --------- d-----w C:\ProgramData\ashampoo
2008-10-15 19:45 --------- d-----w C:\Users\Cíbiček\AppData\Roaming\Premium Security Suite
2008-10-15 19:45 --------- d-----w C:\Users\CBIEK~1\AppData\Roaming\Premium Security Suite
2008-10-14 19:32 --------- d-----w C:\Program Files\Windows Mail
2008-10-14 19:30 --------- d-----w C:\ProgramData\Microsoft Help
2008-10-13 18:49 --------- d-----w C:\Users\Cíbiček\AppData\Roaming\Activision
2008-10-13 18:49 --------- d-----w C:\Users\CBIEK~1\AppData\Roaming\Activision
2008-10-13 18:49 --------- d-----w C:\ProgramData\Activision
2008-10-13 18:30 --------- d-----w C:\Program Files\Activision
2008-10-11 16:58 --------- d-----w C:\Program Files\DVDFab 5
2008-10-11 14:07 --------- d-----w C:\ProgramData\vsosdk
2008-10-11 05:45 --------- d-----w C:\ProgramData\NVIDIA
2008-10-10 18:53 47,360 ----a-w C:\Windows\system32\drivers\pcouffin.sys
2008-10-10 18:53 47,360 ----a-w C:\Users\Cíbiček\AppData\Roaming\pcouffin.sys
2008-10-10 18:53 47,360 ----a-w C:\Users\CBIEK~1\AppData\Roaming\pcouffin.sys
2008-10-10 18:50 --------- d-----w C:\Users\Cíbiček\AppData\Roaming\Any Video Converter Professional
2008-10-10 18:50 --------- d-----w C:\Users\CBIEK~1\AppData\Roaming\Any Video Converter Professional
2008-10-08 11:46 --------- d-----w C:\Program Files\Opera
2008-10-05 19:57 --------- d-----w C:\Users\Cíbiček\AppData\Roaming\Ahead
2008-10-05 19:57 --------- d-----w C:\Users\CBIEK~1\AppData\Roaming\Ahead
2008-10-05 17:31 22,328 ----a-w C:\Users\Cíbiček\AppData\Roaming\PnkBstrK.sys
2008-10-05 17:31 22,328 ----a-w C:\Users\CBIEK~1\AppData\Roaming\PnkBstrK.sys
2008-10-05 14:30 --------- d-----w C:\Users\Cíbiček\AppData\Roaming\WinRAR
2008-10-05 13:32 --------- d-----w C:\Program Files\AMD
2008-10-04 20:11 --------- d-----w C:\Users\Cíbiček\AppData\Roaming\Ashampoo
2008-10-04 20:11 --------- d-----w C:\Users\CBIEK~1\AppData\Roaming\Ashampoo
2008-10-04 18:41 --------- d-----w C:\Users\Cíbiček\AppData\Roaming\Flock
2008-10-04 18:41 --------- d-----w C:\Users\CBIEK~1\AppData\Roaming\Flock
2008-10-04 18:41 --------- d-----w C:\Program Files\Flock
2008-10-04 08:57 --------- d-----w C:\Program Files\Common Files\Ahead
2008-10-04 08:53 --------- d-----w C:\ProgramData\Nero
2008-10-04 08:53 --------- d-----w C:\Program Files\Nero
2008-10-04 08:04 --------- d-----w C:\Users\Cíbiček\AppData\Roaming\ICQ
2008-10-04 08:04 --------- d-----w C:\Users\CBIEK~1\AppData\Roaming\ICQ
2008-10-04 07:53 --------- d-----w C:\Program Files\Stardock
2008-10-04 07:53 --------- d-----w C:\Program Files\Common Files\Stardock
2008-10-03 22:03 --------- d-s---w C:\Users\Cíbiček\AppData\Roaming\Microsoft
2008-10-03 21:28 --------- d-----w C:\Users\Cíbiček\AppData\Roaming\GlarySoft
2006-11-02 12:33 248,320 ----a-w C:\Program Files\mozilla firefox\plugins\mpvis.DLL
2008-08-14 13:52 36,864 ----a-w C:\Program Files\mozilla firefox\plugins\spellcheck.dll
2006-11-02 12:33 99,328 ----a-w C:\Program Files\mozilla firefox\plugins\wmpband.dll
2006-11-02 12:33 194,560 ----a-w C:\Program Files\mozilla firefox\plugins\wmpnssci.dll
2006-11-02 12:33 158,720 ----a-w C:\Program Files\mozilla firefox\plugins\wmpsyncmgr.dll
2006-11-02 12:33 16,384 ----a-w C:\Program Files\mozilla firefox\plugins\wmssetup.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"uTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2008-10-08 270128]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm

[HKLM\~\startupfolder\C:^Users^Cíbiček^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
backup=C:\Windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Cíbiček^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
backup=C:\Windows\pss\Stardock ObjectDock.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIWatcher

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-17 14:20 490952 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Delete USB Error Key]
--a------ 2007-07-24 12:58 126976 C:\Program Files\Samsung\Samsung PC Studio 3\USB Drivers\SPS3_USB_Driver_Setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-09-12 05:28 8497696 C:\Windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPReview]
--a------ 2008-09-20 21:14 47560 C:\Windows\System32\SPReview.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-09-03 14:07 1576176 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D13111ED-9FFC-48EA-9955-E3142A5F16E6}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent (TCP-In)
"{79EC786F-96D0-4494-93A0-2A58B32D748A}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent (UDP-In)
"{D9DAEB79-AB73-4D17-B862-431E58A6B0CF}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{85138DEE-6298-4302-8827-FD1DC602D5D4}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{1E937274-451E-4E65-8905-06F9C9BCCEB5}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{C4664BDF-E016-40B9-A849-96BD87471396}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{D98FFE59-2C1B-438B-A9ED-98D436786792}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{5AED93B9-291F-42C6-B860-61D05CFFA61F}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{0B2EEF65-4BDC-4374-B0DC-FFC024F2C0E7}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{E395B015-7701-4A18-BEED-27671B15D397}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{F2B36E77-AAC7-4B19-9A0C-F2B6097CA365}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{94037020-C73E-4AE5-A2B4-9880DE96AB39}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E97818AE-E6B6-461D-AA9B-6C50DD7573D8}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{459BB7D4-B727-420C-9EBC-66FB19B09974}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{835BC1BB-86C2-4542-B9D5-DDDB7DFB4F44}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\czech\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\czech\setup.exe:Kaspersky Anti-Virus 2009 Setup
"UDP Query User{44E0FD1C-0E54-4EBA-968A-9B05C9451592}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\czech\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\czech\setup.exe:Kaspersky Anti-Virus 2009 Setup

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2008-03-26 20496]
R1 PSched;QoS Packet Scheduler;C:\Windows\system32\DRIVERS\pacer.sys [2008-04-05 72192]
S0 klbg;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\drivers\klbg.sys [2008-01-29 32784]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ea1cb14-8fce-11dd-8015-0019dbe5624e}]
\shell\AutoRun\command - E:\setup.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - ECACHE
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\CBIEK~1\AppData\Roaming\Mozilla\Firefox\Profiles\soxigv02.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.sk
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdrmv2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdsplay.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npwmsdrm.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npdivx32.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\NPOFF12.DLL
FF -: plugin - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-25 21:02:20
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-25 21:05:28
ComboFix-quarantined-files.txt 2008-10-25 19:05:22

Pre-Run: Systém nenašiel žiadne hlásenie pod číslom 0x2379 v súbore hlásenia Application.
Post-Run: 25,950,728,192 bytes free

230 --- E O F --- 2008-10-24 21:01:59

Poznamkovy blok -> skopirovat:

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ea1cb14-8fce-11dd-8015-0019dbe5624e}]

Ulozit ako typ "vsetky subory" s menom "%nieco%.reg", spustit, ok.


Ziadnu hrozbu nevidim.


Ehm, na co chces skenovat MWAVom, ked mas Kaspersky?

lebo mwav mi vzdy naslo daky bordel nech som to predtym scanoval hocicim....ale asi sa na to kaslem lebo stale zhadzuje pc a nemam uz na to nervy.Skusal som uz aj vista manager-ale akurat sa mi zrychlil pc ...no idem skusit kopcit do PB
Nejde to spustit
A este jedna vec:zas mi zacal mrznut pc...robilo mi to pri firefoxe tak som si dal flock a zacalo to robit tiez..