Win32/Rootkit.Kryptik.AF

[MilanLukes]

PC se zda v pohodě.

Eset zkusím projet během hokeje...

Ale bod obnoveni je problem.. piseme mi to abych reset PC, to jsem udělal 3x a porad ti pise tu vec. Viz. screen. Moc znaly na PC Nejsem, ale bod obnovení jsem nemel od zacatku...

Soubor jsem vymazal...

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3807
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

28.2.2010 21:00:01
mbam-log-2010-02-28 (21-00-01).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 110850
Uplynulý čas: 18 minute(s), 18 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Documents and Settings\Ruud\Data aplikací\avdrn.dat (Malware.Trace)

[cernohous13]

Zkusíme opravu
Postupuj podle návodu zde: http://www.viry.cz/forum/viewtopic.php?f=46&t=24295

Reinstall System Restore

[MilanLukes]

ZDravím,

bod obnovení jsem provedl a slo to uplne super.

Jeste neco je potreba udelat?

PC se zda ze slape OK.
Eset zadny vir nenašel..

PS: Rád prispeju, ze tve super služby.

[cernohous13]

Tak budeme doufat, že je to v pořádku. Kdybys zaznamenal problém, určitě se ozvi.

Za případný příspěvek na chod fóra děkujeme

[Dr.Macák]

Tak mám stejný problém, bohužel. Najde se dobrá duše co mi poradí.

Log z RSITu

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dr. Macák at 2010-04-15 16:24:36
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 184 GB (39%) free of 477 GB
Total RAM: 2046 MB (72% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01677B4B-0610-4814-94A0-5F570DD7A88F}]
Google Plus - C:\PROGRA~1\GOOGLE~1\17GOOG~1.DLL [2009-10-28 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
IeCatch5 Class - C:\PROGRA~1\FlashGet\jccatch.dll [2006-05-16 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D286E828-E6B9-484d-A058-D7323666DE33}]
CescrtHlpr Object - C:\Program Files\RecFree.com\RecFreeToolbar\1.0.23.0\escort.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
gFlash Class - C:\PROGRA~1\FlashGet\getflash.dll [2006-09-12 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - C:\PROGRA~1\FlashGet\fgiebar.dll [2005-06-07 86016]
{0508F8F1-08E3-43EE-AAA8-09AD09803084} - RecFree Toolbar - C:\Program Files\RecFree.com\RecFreeToolbar\1.0.23.0\escorTlbr.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-11 18944]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-03-13 1443072]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736]
"Pd71HiFiPan"=C:\WINDOWS\system32\Pd71HiFiPan.Exe [2006-05-02 2203648]
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2008-06-27 19456]
"ISUSPM Startup"=c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-06-10 13758464]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-06-10 86016]
"DigidesignMMERefresh"=C:\Program Files\Digidesign\Drivers\MMERefresh.exe [2005-10-25 61440]
"Cm108Sound"=RunDll32 cm108.cpl,CMICtrlWnd []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"Miranda IM"=C:\\Program Files\\Miranda IM\\miranda32.exe [2010-03-23 697955]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\SIM\sim.exe"="C:\Program Files\SIM\sim.exe:*:Enabled:sim"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo 2\etqw.exe"="C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo 2\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars(TM) Demo 2"
"C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo 2\etqwded.exe"="C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo 2\etqwded.exe:*:Enabled:etqwded.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\Program Files\SmartFTP Client\SmartFTP+.exe"="C:\Program Files\SmartFTP Client\SmartFTP+.exe:*:Enabled:SmartFTP Client 3.0"
"C:\Program Files\SmartFTP Client\SmartFTP.exe"="C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"
"C:\Program Files\Chronograph\chrono.exe"="C:\Program Files\Chronograph\chrono.exe:*:Enabled:Chronograph"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\Program Files\Mass Effect\Binaries\MassEffect.exe"="C:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
"C:\Program Files\Mass Effect\MassEffectLauncher.exe"="C:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe"="C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Game"
"C:\Program Files\Mass Effect 2\MassEffect2Launcher.exe"="C:\Program Files\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Launcher"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23dd1392-b839-11de-ab10-001d60ca43ee}]
shell\AutoRun\command - J:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{349b923b-bb1d-11de-ab18-001d60ca43ee}]
shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44b936c3-c970-11dc-8815-806d6172696f}]
shell\AutoRun\command - D:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed4e86d8-a1ce-11de-aae0-001d60ca43ee}]
shell\AutoRun\command - J:\WDSetup.exe


======List of files/folders created in the last 1 months======

2010-04-15 16:12:21 ----D---- C:\rsit
2010-04-15 16:12:21 ----D---- C:\Program Files\trend micro
2010-04-15 15:52:18 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-15 15:52:05 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-15 15:51:58 ----HDC---- C:\WINDOWS\$NtUninstallKB981350$
2010-04-15 15:51:27 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-15 15:51:20 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-15 15:51:09 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-15 15:50:52 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-14 19:30:54 ----D---- C:\WINDOWS\LastGood
2010-04-11 20:52:02 ----D---- C:\Program Files\Steinberg
2010-04-09 16:45:58 ----D---- C:\Program Files\Machinarium
2010-03-31 19:21:17 ----HDC---- C:\WINDOWS\$NtUninstallKB980182$

======List of files/folders modified in the last 1 months======

2010-04-15 16:24:42 ----D---- C:\WINDOWS\temp
2010-04-15 16:24:28 ----D---- C:\WINDOWS\Prefetch
2010-04-15 16:15:39 ----D---- C:\WINDOWS\system32\drivers
2010-04-15 16:12:21 ----D---- C:\Program Files
2010-04-15 15:52:39 ----HD---- C:\WINDOWS\inf
2010-04-15 15:52:39 ----D---- C:\WINDOWS
2010-04-15 15:52:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-15 15:52:21 ----D---- C:\WINDOWS\system32
2010-04-15 15:52:15 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-15 15:52:15 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-15 15:52:13 ----A---- C:\WINDOWS\imsins.BAK
2010-04-15 15:51:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-15 15:51:27 ----D---- C:\Program Files\RivaTuner v2.06
2010-04-15 15:47:03 ----SD---- C:\WINDOWS\Tasks
2010-04-15 00:15:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-14 21:54:55 ----D---- C:\Documents and Settings\Dr. Macák\Data aplikací\Skype
2010-04-14 21:33:42 ----D---- C:\Documents and Settings\Dr. Macák\Data aplikací\skypePM
2010-04-14 21:05:15 ----D---- C:\Documents and Settings\Dr. Macák\Data aplikací\vlc
2010-04-14 19:52:55 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-14 19:40:15 ----SHD---- C:\WINDOWS\Installer
2010-04-14 19:39:55 ----D---- C:\Program Files\Google
2010-04-13 23:38:29 ----D---- C:\Program Files\FlashGet
2010-04-13 23:38:14 ----D---- C:\Documents and Settings\Dr. Macák\Data aplikací\foobar2000
2010-04-13 23:19:09 ----D---- C:\Documents and Settings\Dr. Macák\Data aplikací\dvdcss
2010-04-13 13:50:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google Updater
2010-04-11 23:08:59 ----D---- C:\Program Files\rajce
2010-04-11 21:00:45 ----A---- C:\WINDOWS\win.ini
2010-04-11 21:00:45 ----A---- C:\WINDOWS\system.ini
2010-04-11 20:58:47 ----A---- C:\WINDOWS\system32\msvcsv60.dll
2010-04-09 21:15:01 ----D---- C:\Documents and Settings\Dr. Macák\Data aplikací\FileZilla
2010-04-09 18:52:41 ----SD---- C:\Documents and Settings\Dr. Macák\Data aplikací\Microsoft
2010-04-09 14:39:30 ----D---- C:\WINDOWS\Minidump
2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-03-31 22:29:56 ----D---- C:\Documents and Settings\Dr. Macák\Data aplikací\Adobe
2010-03-31 22:23:57 ----D---- C:\Program Files\Adobe
2010-03-31 19:21:27 ----D---- C:\Program Files\Internet Explorer
2010-03-24 00:38:54 ----D---- C:\Program Files\Opera
2010-03-23 23:34:26 ----RSD---- C:\WINDOWS\Fonts
2010-03-23 19:07:25 ----D---- C:\Program Files\SpeedFan

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 43008]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-18 12664]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-03-13 29704]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 33800]
R2 cvintdrv;cvintdrv; C:\WINDOWS\system32\drivers\cvintdrv.sys [2008-04-07 4096]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-03-13 40456]
R2 NiViPxiK;NI-VISA PXI Driver; C:\WINDOWS\System32\drivers\NiViPxiKl.sys [2008-01-10 11360]
R2 sentinel;sentinel; \??\C:\WINDOWS\system32\drivers\sentinel.sys []
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-06-10 8087712]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-09-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-09-11 19968]
R3 Pd71HiFi_01;Service for Prodigy 7.1 HiFi; C:\WINDOWS\system32\drivers\Pd71HiFiwdm.sys [2006-05-02 36480]
R3 Pd71HiFi_AA;Service for Prodigy 7.1 HiFi Audio Driver (EWDM); C:\WINDOWS\system32\drivers\Pd71HiFi.sys [2006-05-02 37248]
R3 Pd71HiFiQve;QVE for Prodigy 7.1 HiFi Service; C:\WINDOWS\system32\drivers\Pd71HiFiQve.sys [2004-10-07 500224]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-08-11 14604]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2007-08-21 21760]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 USBPNPA;USB PnP Sound Device Interface; C:\WINDOWS\system32\drivers\CM108.sys [2007-07-20 1312768]
S1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys []
S1 SysTool;SysTool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\SysTool.sys [2006-11-10 24064]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
S3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
S3 aljkc547;aljkc547; C:\WINDOWS\system32\drivers\aljkc547.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 AVCSTRM;AVC Streaming Filter Driver; C:\WINDOWS\system32\DRIVERS\avcstrm.sys [2004-08-03 13696]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2008-06-27 99352]
S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
S3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2008-07-07 511000]
S3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2008-07-07 532376]
S3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2008-06-27 555032]
S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2008-07-07 347080]
S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2008-07-07 14360]
S3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2008-07-07 157208]
S3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2008-07-07 92696]
S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2008-07-07 797720]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2008-07-07 162840]
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2008-07-07 189464]
S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTAPE;Microsoft AV/C Tape Subunit Device; C:\WINDOWS\system32\DRIVERS\mstape.sys [2004-08-03 49024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nidimk;nidimk; \??\C:\WINDOWS\system32\drivers\nidimkl.sys []
S3 niorbk;niorbk; \??\C:\WINDOWS\system32\drivers\niorbkl.sys []
S3 nipalfwedl;nipalfwedl; C:\WINDOWS\System32\drivers\nipalfwedl.sys [2007-12-13 11904]
S3 nipalusbedl;nipalusbedl; C:\WINDOWS\System32\drivers\nipalusbedl.sys [2007-12-13 11896]
S3 NiViFWK;NI-VISA FireWire Driver; C:\WINDOWS\System32\drivers\NiViFWKl.sys [2007-07-19 11384]
S3 NiViPciK;NI-VISA PCI Driver; C:\WINDOWS\System32\drivers\NiViPciKl.sys [2008-01-10 11360]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2008-07-07 127512]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.06\RivaTuner32.sys []
S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-04 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WavePro;Service for GadgetLabs WavePro Driver; C:\WINDOWS\system32\DRIVERS\gldriver.sys [2005-11-29 119296]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S3 ZMHHPAudioSrv;ZOOM H Series High Performance Audio Driver Service; C:\WINDOWS\system32\drivers\zmhhpau.sys [2008-08-11 91136]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-01-04 587096]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 DigiRefresh;Digidesign MME Refresh Service; C:\Program Files\Digidesign\Drivers\MMERefresh.exe [2005-10-25 61440]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-03-13 472320]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 LkCitadelServer;Lookout Citadel Server; C:\WINDOWS\system32\lkcitdl.exe [2007-11-27 695136]
R2 lkClassAds;National Instruments PSP Server Locator; C:\WINDOWS\system32\lkads.exe [2007-11-27 40488]
R2 lkTimeSync;National Instruments Time Synchronization; C:\WINDOWS\system32\lktsrv.exe [2007-11-27 50736]
R2 NIDomainService;National Instruments Domain Service; C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe [2007-11-27 213552]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-06-10 168004]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-11-28 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-03-05 202024]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S2 gupdate1c9ab344d0e7132;Google Update Service (gupdate1c9ab344d0e7132); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-22 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 183280]
S2 NOD32FiXTemDono;Eset Nod32 Boot; C:\WINDOWS\system32\regedt32.exe [2001-10-25 3584]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-10-13 72704]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-11-09 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-03-13 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-03-01 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[cernohous13]

Zdravím,

co a kde našlo Rootkit.Kryptik.AF

stáhneš speciální verzi G-Mer
Special
ulož na plochu a spusť -> proběhne krátký scan
když dostaneš hlášku rootkit activity and asks if you want to run scan>>klikneš NO<<
a nastavíš to takto


>> klikneš scan,<<
na konci scanu >>SAVE<< název dej Gspeclog.txt>>ulož na plochu a obsah logu zkopíruj sem

[Dr.Macák]

Nějak jsem pozapomněl na popis. ESET mi začal hlásit Kryptika v oblasti driverů viz.

C:\WINDOWS\system32\drivers\hap16v2k.sys Win32/Rootkit.Kryptik.AF trojský kůň vyléčen smazáním - uložen do karantény NT AUTHORITY\SYSTEM Tato skutečnost byla zjištěna na nově vytvořeném souboru aplikací: C:\WINDOWS\System32\svchost.exe.

C:\WINDOWS\system32\drivers\drmkaud.sys Win32/Rootkit.Kryptik.AF trojský kůň chyba při léčení NT AUTHORITY\SYSTEM Tato skutečnost byla zjištěna při pokusu o spuštění souboru aplikací: C:\Program Files\Opera\opera.exe.

Bohužel to vypadá, že souborů je čim dál víc a proklikat se okny od ESETu je na dlouho. Občas XP ani nenajedou a dají se spustit jen ze zálohy. Poslední fční konfigurace.

Jdu dělat Scan...

[cernohous13]

Až bude Gmer, pokračuj ComboFixem

Stáhni si ComboFix
a ulož ho na plochu.
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace

[noap]

Zdravím Kryptikobíjce bohužel před pár dny mě tento vir taktéž napadl a nevím s ním rady, při každém spuštění počítače na mě vyskočí NOD s hláškou, že ho ulovil v počtu 46 ks....vyzkoušel jsem ten Ccleaner - ale bez výsledku..... moc prosím o radu jak se ho zbavit.

Zpráva z RootkotRevealu je následující:
HKLM\SECURITY\Policy\Secrets\SAC* 16.7.2008 13:44 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 16.7.2008 13:44 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet001\Services\udsrnmn 15.4.2010 19:07 0 bytes Hidden from Windows API.
Č 15.4.2010 19:07 0 bytes Hidden from Windows API.
C:\Documents and Settings\Rodina Pavl 15.4.2010 20:01 334 bytes Hidden from Windows API.
C:\Documents and Settings\Rodina Pavl 15.4.2010 19:32 334 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rodina Pavl 15.4.2010 19:51 92.46 KB Hidden from Windows API.
C:\Documents and Settings\Rodina Pavl 13.4.2010 21:41 203.85 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rodina Pavl 15.4.2010 19:37 20.29 KB Hidden from Windows API.
C:\Documents and Settings\Rodina Pavl 15.4.2010 19:50 41.64 KB Hidden from Windows API.
C:\Documents and Settings\Rodina Pavl 15.4.2010 19:37 22.63 KB Hidden from Windows API.
C:\Documents and Settings\Rodina Pavl 13.4.2010 21:42 132.27 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rodina Pavl 15.4.2010 19:50 20.97 KB Hidden from Windows API.
C:\Documents and Settings\Rodina Pavl 15.4.2010 20:00 31.96 KB Hidden from Windows API.
C:\Documents and Settings\Rodina Pavl 15.4.2010 19:53 117.23 KB Hidden from Windows API.
C:\Documents and Settings\Rodina Pavl 13.4.2010 21:41 410.25 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rodina Pavl 15.4.2010 19:50 50.72 KB Hidden from Windows API.
C:\Documents and Settings\Rodina Pavl 15.4.2010 19:37 32.49 KB Hidden from Windows API.
C:\Documents and Settings\Rodina Pavl 13.4.2010 18:26 21.72 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rodina Pavl 15.4.2010 19:56 139.49 KB Hidden from Windows API.
C:\Documents and Settings\Rodina Pavl 13.4.2010 21:42 98.13 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rodina Pavl 13.4.2010 21:41 129.75 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rodina Pavl 15.4.2010 19:37 38.40 KB Hidden from Windows API.
C:\Documents and Settings\Rodina Pavl 13.4.2010 21:42 138.06 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rodina Pavl 15.4.2010 19:53 174.49 KB Hidden from Windows API.
C:\Documents and Settings\Rodina Pavl 15.4.2010 19:37 17.16 KB Hidden from Windows API.
C:\Documents and Settings\Rodina Pavl 13.4.2010 21:43 118.57 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rodina Pavl 15.4.2010 19:56 77.93 KB Hidden from Windows API.
C:\Documents and Settings\Rodina Pavl 15.4.2010 19:50 29.38 KB Hidden from Windows API.
C:\Documents and Settings\Rodina Pavl 15.4.2010 19:53 140.59 KB Hidden from Windows API.
C:\Documents and Settings\Rodina Pavl 15.4.2010 19:53 31.33 KB Hidden from Windows API.
C:\Documents and Settings\Rodina Pavl 13.4.2010 21:42 109.48 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Rodina Pavl 15.4.2010 19:51 17.68 KB Hidden from Windows API.
C:\Documents and Settings\Rodina Pavl 15.4.2010 19:43 427 bytes Hidden from Windows API.
C:\Documents and Settings\Rodina Pavl 15.4.2010 19:40 23.81 KB Hidden from Windows API.
C:\Documents and Settings\Rodina Pavl 15.4.2010 19:41 2.51 KB Hidden from Windows API.
C:\Documents and Settings\Rodina Pavl 15.4.2010 19:47 35.62 KB Hidden from Windows API.
C:\Documents and Settings\Rodina Pavl 15.4.2010 19:42 20.77 KB Hidden from Windows API.
C:\Documents and Settings\Rodina Pavl 15.4.2010 19:53 22.40 KB Hidden from Windows API.
C:\Documents and Settings\Rodina Pavl 15.4.2010 19:44 29.71 KB Hidden from Windows API.

[cernohous13]

for noap
dej popis problému plus log RSIT do nového tématu v http://www.viry.cz/forum/viewforum.php?f=13

tady by to bylo nepřehledné

[Dr.Macák]

Tak se omlouvám za odmlku, ale při Scanu Gmerem se Win nějak sekly a po restartu, už nehodlaly naběhnout vůbec nijak. Takže jsem ve zkratce postoupil tak, že jsem pomocí Ultimate Bootable Win CD nabootoval vymazal podezřelé Drivery (podle data změny/vytvoření) potom ještě dal opravit Win pomocí instalačního CD. Momentálně se vše tváří dobře. Žádné hlášky z ESETu ani problémy. Každopádně bych projistotu ještě udělal nějaký Scan, abych mohl prohlásit, že už Kryptika nepotkám.

Každopádně díky za hbytou pomocí, doposud.

[cernohous13]

Systém byl už zřejmě silně napadený a nákaza se bránila i odhalení Gmerem

Kvalitními nástroji jsou CureIt - http://www.viry.cz/forum/viewtopic.php?t=47721
po spuštění proběhne Expresní skan - případný nález nejprve Léčit ...
před Kompletním skanováním nastav -> Volby -> Změnit nastavení -> vyhoď fajfku u Heuristická analýza -> Akce -> vyhoď fajfku u Výzva k akci
Jeho kvalita je vykoupena časem a vysokým využitím syst. prostředků (nemožnost současné práce na PC)

nebo AVPTool - http://www.viry.cz/forum/viewtopic.php?f=29&t=58179