Prosim o kontrolu logu

[ALEXUSS]

Dobry den,
Prosim Vas o kontrolu logu, pravdepodobne se do notebooku dostal nejaky vir, pocitac pracuje velmi pomalu, start pocitace trva extremne dlouho a kdyz z plochy spustim napriklad Internet explorer, tak se spusti, ale cela Plocha zmizi a mam jen prazdnou modrou obrazovku. Jen chci upozornit, ze notebook pouziva korejske Win Xp, coz snad nebude problem. Zde je log a predem diky za pomoc:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-01-04 18:56:08
Microsoft Windows XP Professional Service Pack 2
System drive C: has 8 GB (42%) free of 19 GB
Total RAM: 254 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 오후 6:58:22, on 2010-01-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\asnt2.exe
C:\WINDOWS\system32\npkcmsvc.exe
C:\Program Files\AhnLab\SiteGuard2\sgsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AhnLab\V3Lite\V3LSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Hcontrol.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\ATKOSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AhnLab\V3Lite\V3LRun.exe
C:\Program Files\AhnLab\V3Lite\MUpdate2\MUpdate2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\바탕 화면\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Administrator.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: Site Gaurd - {19217B99-F935-4A39-B857-A68A68D5BEBB} - C:\Program Files\AhnLab\SiteGuard2\SGAgenti.dll
O2 - BHO: gsearch - {375A6AB2-FEEC-445D-B853-2139FB561F80} - C:\PROGRA~1\GRETECH\GOMTVH~1\ghelper.dll
O2 - BHO: cside Class - {AEB636D6-CE03-4C89-9677-964A63322E2D} - C:\Program Files\GRETECH\GomTVHelper\InfoFinder\if.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: 곰TV 알리미 - {C7928CF3-9532-44C0-B8CC-98E2C11ECC9F} - C:\Program Files\GRETECH\GomTVHelper\InfoFinder\if.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\Hcontrol.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AhnLab V3Lite Tray Process] "C:\Program Files\AhnLab\V3Lite\V3LTray.exe" /logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mserv] C:\Documents and Settings\Administrator\Application Data\svcst.exe
O4 - HKCU\..\Run: [svchost] C:\Documents and Settings\Administrator\Application Data\svcst.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Administrator\reader_s.exe
O4 - HKLM\..\Policies\Explorer\Run: [AAAA] C:\WINDOWS\system32\hf0008.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O8 - Extra context menu item: 사이트가드 보이기(&S) - res://C:\Program Files\AhnLab\SiteGuard2\sgagenti.dll/201
O8 - Extra context menu item: 사이트가드 사용(&E) - res://C:\Program Files\AhnLab\SiteGuard2\sgagenti.dll/202
O9 - Extra button: 곰TV 도우미 - {013BCEA5-8309-448b-8604-85F23D7861A5} - C:\PROGRA~1\GRETECH\GOMTVH~1\ghelper.dll
O9 - Extra 'Tools' menuitem: 곰TV 도우미 - {013BCEA5-8309-448b-8604-85F23D7861A5} - C:\PROGRA~1\GRETECH\GOMTVH~1\ghelper.dll
O9 - Extra button: 샵가이드 - {EC9679F6-42B7-4593-9E1C-AF421066C123} - http://www.shop-guide.co.kr (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: 18D63578-EA2F-4A59-A49A-7F62E6B3DF3E -
O16 - DPF: {02FE7E8D-9DBD-4F77-8824-26C45D56CA9A} (CHANEL0 Control) - http://hanabank.chzero.com/urimap/urima ... CX_WEB.CAB
O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} (CyImage2Ctl Class) - http://cyimg6.cyworld.nate.com/ImageUpl ... pload2.cab
O16 - DPF: {06228E75-DEB1-11D3-B702-00001CD5DA14} (AxINIplugin20 Control) - http://cyb.koreanair.co.kr/initech/plug ... ugin20.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {148F17D2-A980-470A-9A49-2C032BF9BCDC} (MarkAny WebSAFER - SBSi) - http://www.sbs.co.kr/viewer/ppv/MAWS05.cab
O16 - DPF: {17B3533D-F11D-48B4-9EBC-A7C7428A1D0D} (HTMLer Class) - http://www.unitedcontinent.com/fremaker/HTMLer.cab
O16 - DPF: {18D63578-EA2F-4A59-A49A-7F62E6B3DF3E} (ImP3 Control) - http://activexdown.paran.com/paranactivex/data/ImP3.cab
O16 - DPF: {27BCC3E9-D724-493B-A79E-C2E12C03407A} (CfClient Class) - http://www.iloveschool.co.kr/cfcli.cab
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - http://www.vpay.co.kr/KVPplugin01.cab
O16 - DPF: {32D94A9F-9A18-4E12-863D-8AABA8CBDA78} (NateOnMMSAtx3 Class) - http://sms.nate.com/NateOnMMS_AX3.cab
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} - http://pib.wooribank.com/pib/cus/bio/scsk4.cab
O16 - DPF: {3B56E5F0-7B20-48BF-B439-A995BE5191EF} (SessionControl Control) - http://pib.wooribank.com/com/common/SessionControl.cab
O16 - DPF: {43B55A1C-C506-4FF3-8165-FFCE25269FA0} (IdiskLauncher Control) - http://magicdisk.megapass.net/IdiskLaun ... uncher.cab
O16 - DPF: {48113527-E6C8-457D-87A1-5CD1DB2D0F8E} (MKImage Control) - http://www.mangazzang.com/DRM/MKImage.cab
O16 - DPF: {48A80225-E859-4FF5-9E23-C64F356C2D10} (CTIViewer Control) - http://www.mangazzang.com/DRM/CTIViewer.cab
O16 - DPF: {4B48CEDD-EB09-4FD3-AA22-5BDE98EDEF90} (EZXSActiveX Control) - http://www.globalwindow.org/wps/ezxssso ... ctivex.cab
O16 - DPF: {4BC4C3E9-2BBB-4F28-A449-D25CD323109B} (HGAgentClient Control) - http://www.hangame.com/bar/HGAgentClient.cab
O16 - DPF: {4E452475-E8F6-4C26-9BA1-8105CB710199} (TvOnline Control) - http://www.everyzone.com/pcsafer/pcsafer.cab
O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} (KTCtrl Class) - http://speed.kornet.net/sw5/qtest/cab/K ... ewCtrl.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplayer/D ... Player.cab
O16 - DPF: {6A78826F-21EB-4015-A553-B7085ADAA461} (HiGameStart Control) - http://211.233.75.116/data/package/Test/HiGameStart.CAB
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} - http://www.hanabank.com/plugin/axINIplugin40.cab
O16 - DPF: {6E1D4E39-CE03-4EFE-A2EF-18209B91FF1A} - http://barobook.toponliemeeting.com/UriChat.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4354950733
O16 - DPF: {7451A3DE-A83D-469D-977B-D7627EEA07DD} (FcCommCtrl.AlbumDropBox) - http://home.freechal.com/etc/FcActivePa ... mmCtrl.CAB
O16 - DPF: {784B0583-ABC1-4D3B-9564-357AA32D007C} - http://cdn.naver.com/naver/tms/sbs/turbois9.cab
O16 - DPF: {79C871A6-F9C8-44DA-B2C9-CD9438D9642C} (EZXSInstaller Control) - http://www.kotra.or.kr/main/ezxssso/ins ... taller.cab
O16 - DPF: {7A9935D3-9B3C-4382-B62A-45CF92B18D74} (Uploader Class) - http://cyimg8.cyworld.com/storyRoom/CyImgResize.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://pib.wooribank.com/XecureObject/xw_install.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {8FA141C5-29D7-4408-A57B-619C463ED7BB} (Cychannel_Club1_10.UserControl1) - http://club.cyworld.nate.com/cychannel_ ... in1_11.CAB
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9/dmcc2.cab
O16 - DPF: {97154128-DC4C-4D5B-AF7C-CA7356238EC9} (Hanmail FileUpload Control) - http://wwl449.daum.net/hanmail-ax/HM_fileupload.cab
O16 - DPF: {97A54CA1-6034-4649-B845-588C00A3860A} (ScanExecute Control) - http://wwl449.daum.net/kl/module/ScanExecute.cab
O16 - DPF: {97F3D1C1-C8C2-471D-A139-298DEAA35E0B} (ToonsXComicPlus Control) - http://comicplus.donga.com/viewer/ToonsXComicPlus.cab
O16 - DPF: {99C709C7-4F58-46C1-855B-90213C760395} (V3D Client Control) - https://secure.kcp.co.kr/webpay/v3d/fil ... mclick.cab
O16 - DPF: {9B6D0E46-3F96-11D9-A711-004F4E099F85} (Originality.WEBnewszine) - http://webzine.golfchosun.com/WEBnewszi ... wszine.CAB
O16 - DPF: {9DEFEDFC-8193-4BE6-AA60-B6375AB7C8BE} (Launcher Class) - http://patch.mnet.com/NaverMusic/ActiveX/naverx.cab
O16 - DPF: {A00B2A53-60D9-4477-ADA3-60490770C5E0} (Hanmail Upload Control) - http://mail.daum.net/hanmail-ax/hanmail.cab
O16 - DPF: {A1832535-5218-42F9-8959-19E2BCABFABF} (INIwallet50 Control) - http://plugin.inicis.com/wallet50/INIwallet50.cab
O16 - DPF: {A671DC03-71D0-4CF0-895C-7D4A248FC1F1} (skcbgmset Class) - http://cyimg7.cyworld.nate.com/cymusic/ ... bgmset.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {AD5DCFE9-5729-42D3-931A-2BAD6AE6293E} (Lncher Class) - http://www.no-ad.co.kr/app2/numgr1.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,2,0
O16 - DPF: {BE068095-EEF1-485C-AA1B-288860ACFAED} - http://plugin.inicis.com/INIwallet00.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/bugsLoader20041018.cab
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1008 Class) - http://cdn.hangame.com/hangame/hansetup ... up1008.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.inca.co.kr/module/kookmin/npx.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://pgdownload.dacom.net/keycrypt/npkcx.cab
O16 - DPF: {D9C26CBE-DF8B-4224-94A8-518E9D77BBE4} (DBViewer Class) - http://www.humandream.com/dbook/release ... Viewer.cab
O16 - DPF: {E1CDC08F-F464-4682-AE6A-7689451387C0} (CAFE multiupload control) - http://cafeimg.hanmail.net/activex/dmcm ... n=1,0,0,22
O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlang.cab
O16 - DPF: {E83A492E-6E57-4273-A340-FB378B3F3A80} (AniCast2 Class) - http://211.43.204.139:8000/player/control/axacast2.cab
O16 - DPF: {ED1EEBEE-F0AA-474B-9829-61C482E72644} (PDBox25 Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDBox25.cab
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://www.skku.ac.kr/initech/plugin/INIS50.cab
O16 - DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} (Pandora_SetUp Control) - http://imgcdn.pandora.tv/pan_img/launch ... etUpAX.cab
O16 - DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} (NaverAXGuide Class) - http://file.naver.com/activex/test/NaverAXGuide.cab
O16 - DPF: {FE3B2990-3E0A-40C4-BC69-B61E5F2776E6} - http://login.freechal.com/freechalon/FcOnCtl2.cab
O20 - Winlogon Notify: asnt3 - C:\WINDOWS\SYSTEM32\AsntDll.dll
O20 - Winlogon Notify: Love - LoveFly.dll (file missing)
O23 - Service: AsNT2 - (c)ieasysoft - C:\WINDOWS\system32\asnt2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcmsvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: AhnLab SiteGuard Service (SGsvc) - AhnLab, Inc. - C:\Program Files\AhnLab\SiteGuard2\sgsvc.exe
O23 - Service: V3 Lite Service - AhnLab, Inc. - C:\Program Files\AhnLab\V3Lite\V3LSvc.exe

--
End of file - 11823 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19217B99-F935-4A39-B857-A68A68D5BEBB}]
SGAgentObj Class - C:\Program Files\AhnLab\SiteGuard2\SGAgenti.dll [2009-12-11 560752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{375A6AB2-FEEC-445D-B853-2139FB561F80}]
곰TV 길잡이 - C:\PROGRA~1\GRETECH\GOMTVH~1\ghelper.dll [2009-10-17 225448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEB636D6-CE03-4C89-9677-964A63322E2D}]
cside Class - C:\Program Files\GRETECH\GomTVHelper\InfoFinder\if.dll [2009-10-17 206008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]
Debug
{C7928CF3-9532-44C0-B8CC-98E2C11ECC9F} - 곰TV 알리미 - C:\Program Files\GRETECH\GomTVHelper\InfoFinder\if.dll [2009-10-17 206008]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"=C:\WINDOWS\Hcontrol.exe [2002-01-08 53248]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2002-01-09 151552]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2002-01-09 106496]
"AhnLab V3Lite Tray Process"=C:\Program Files\AhnLab\V3Lite\V3LTray.exe [2009-08-26 318136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"AAAA"=C:\WINDOWS\system32\hf0008.exe [2009-12-30 23912]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]
"mserv"=C:\Documents and Settings\Administrator\Application Data\svcst.exe []
"svchost"=C:\Documents and Settings\Administrator\Application Data\svcst.exe []
"reader_s"=C:\Documents and Settings\Administrator\reader_s.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8129]
r10689.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHNSD]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\blss]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Breg]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTV]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drvsyskit]
C:\Documents and Settings\Administrator\Application Data\hidires\hidr.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drv_st_key]
C:\Documents and Settings\Administrator\Application Data\hidn\hidn2.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eZmmod]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hcontrol]
C:\WINDOWS\Hcontrol.exe [2002-01-08 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HncUpdate]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hotbar]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe [2002-01-09 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe [2002-01-09 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jreg]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MegaDoctor]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
C:\WINDOWS\system32\pctspk.exe [2001-06-16 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TbWinUpdate]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TurboAgent]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherOnTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winabc]
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ibb3.dll,abcLaunchEv []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winabcJp]
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\b.dll,abcLaunchEv []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^시작 메뉴^프로그램^시작프로그램^Adobe Reader Speed Launch.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^시작 메뉴^프로그램^시작프로그램^GStartup.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^시작 메뉴^프로그램^시작프로그램^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [1999-02-18 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^시작 메뉴^프로그램^시작프로그램^PrecisionTime.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^시작 메뉴^프로그램^시작프로그램^Symantec Fax Starter Edition Port.lnk]
C:\PROGRA~1\MICROS~2\Office\1042\OLFSNT40.EXE [1999-03-09 45568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^시작 메뉴^프로그램^시작프로그램^파워플러스 실행.lnk]
[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\asnt3]
C:\WINDOWS\system32\AsntDll.dll [2004-12-15 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2002-01-09 286720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Love]
LoveFly.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{8DCB0AE8-533C-A1D2-29E1-3A811A35125A}"=C:\WINDOWS\system32\lpa32.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableProfileQuota"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\System32\p3aodsvr.exe"="C:\WINDOWS\System32\p3aodsvr.exe:*:Enabled:Bugs Player Control"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Nexon\Common\NMCOSrv.exe"="C:\Program Files\Nexon\Common\NMCOSrv.exe:*:Enabled:NexonMessenger Core"
"C:\Program Files\Nexon\Common\Patcher.exe"="C:\Program Files\Nexon\Common\Patcher.exe:*:Enabled:Nexon Patcher"
"C:\Program Files\DialK_Test\DKMain.exe"="C:\Program Files\DialK_Test\DKMain.exe:*:Enabled:DialK Messenger 0.1"
"C:\WINDOWS\System32\fscagent.exe"="C:\WINDOWS\System32\fscagent.exe:*:Enabled:클럽박스 파일전송 데몬"
"C:\WINDOWS\System32\clubbox.exe"="C:\WINDOWS\System32\clubbox.exe:*:Enabled:클럽박스 파일전송 관리자"
"C:\Program Files\AhnlabUbiware\EZXSClient\EZXSClient.exe"="C:\Program Files\AhnlabUbiware\EZXSClient\EZXSClient.exe:*:Disabled:EZXSClient MFC 응용 프로그램"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\System32\mshta.exe"="C:\WINDOWS\System32\mshta.exe:*:Disabled:Microsoft (R) HTML Application host"
"C:\WINDOWS\System32\skcbgm.exe"="C:\WINDOWS\System32\skcbgm.exe:*:Enabled:SK Communications Cyworld BGM Player"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer"
"C:\Program Files\Pruna\Pruna.exe"="C:\Program Files\Pruna\Pruna.exe:*:Enabled:pruna"
"C:\WINDOWS\System32\p3xsvr.exe"="C:\WINDOWS\System32\p3xsvr.exe:*:Enabled:p3xsvr Module"
"C:\Program Files\Ntamin\FreeStyle\FreeStyle.exe"="C:\Program Files\Ntamin\FreeStyle\FreeStyle.exe:*:Enabled:FreeStyle"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\NATEON\BIN\NateOnMain.exe"="C:\Program Files\NATEON\BIN\NateOnMain.exe:*:Enabled:NATE ON"
"C:\Program Files\NATEON\Addin\7AEF7E74-08E8-47b9-96F3-BC4A07E4D5E8\AVChatAgent.exe"="C:\Program Files\NATEON\Addin\7AEF7E74-08E8-47b9-96F3-BC4A07E4D5E8\AVChatAgent.exe:*:Enabled:NATEON AVCHAT"
"C:\Program Files\MyTV\MyTV Service Player\MyTVServicePlayer.exe"="C:\Program Files\MyTV\MyTV Service Player\MyTVServicePlayer.exe:*:Enabled:MyTV Service Player"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pruna\Pruna.exe"="C:\Program Files\Pruna\Pruna.exe:*:Enabled:pruna"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69a91042-ce72-11d7-999f-806d6172696f}]
shell\AutoRun\command - w2ngo.com
shell\explore\command - w2ngo.com
shell\open\command - w2ngo.com


======File associations======

.reg - open - regedit.exe %1

======List of files/folders created in the last 3 months======

2010-01-04 18:14:17 ----D---- C:\Program Files\trend micro
2010-01-04 18:14:00 ----D---- C:\rsit
2009-12-30 01:54:56 ----A---- C:\WINDOWS\system32\hf0008.exe
2009-11-15 08:06:15 ----A---- C:\WINDOWS\system32\ShortCutIcon.dll
2009-10-30 22:28:51 ----D---- C:\Documents and Settings\Administrator\Application Data\GRETECH
2009-10-30 22:28:10 ----D---- C:\Program Files\DtsFilter
2009-10-30 22:28:08 ----D---- C:\Program Files\GNU
2009-10-24 15:57:35 ----D---- C:\Documents and Settings\Administrator\Application Data\AhnLab
2009-10-24 15:56:40 ----D---- C:\Documents and Settings\All Users\Application Data\AhnLab
2009-10-24 15:49:27 ----A---- C:\WINDOWS\system32\NaverFDL.exe
2009-10-22 22:15:27 ----A---- C:\WINDOWS\system32\DaumActiveX_2_0_0_7.dll
2009-10-22 18:48:09 ----A---- C:\WINDOWS\SamsungMaster.INI
2009-10-22 18:47:21 ----D---- C:\Documents and Settings\Administrator\Application Data\InstallShield
2009-10-22 18:39:19 ----A---- C:\WINDOWS\UriUnInstall.INI
2009-10-22 13:21:30 ----SHD---- C:\WINDOWS\system32\lowsec
2009-10-16 22:31:46 ----A---- C:\Documents and Settings\Administrator\Application Data\iniasd.txt

======List of files/folders modified in the last 3 months======

2010-01-04 18:55:15 ----D---- C:\WINDOWS\system32
2010-01-04 18:49:16 ----D---- C:\WINDOWS\Temp
2010-01-04 18:45:43 ----D---- C:\WINDOWS\system32\drivers
2010-01-04 18:45:13 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-04 18:45:04 ----D---- C:\WINDOWS
2010-01-04 18:40:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-04 18:22:31 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-01-04 18:15:20 ----D---- C:\WINDOWS\Prefetch
2010-01-04 18:14:17 ----RD---- C:\Program Files
2010-01-04 17:46:15 ----D---- C:\WINDOWS\Internet Logs
2010-01-04 17:42:48 ----D---- C:\WINDOWS\system32\ZoneLabs
2010-01-02 03:01:03 ----A---- C:\WINDOWS\hpbafd.ini
2009-11-15 08:06:12 ----A---- C:\WINDOWS\system32\skcppl.dll
2009-11-15 08:06:12 ----A---- C:\WINDOWS\system32\skcbgm.dll
2009-11-03 00:44:44 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-30 22:28:20 ----D---- C:\Program Files\GRETECH
2009-10-24 16:01:05 ----D---- C:\Program Files\Common Files\AhnLab
2009-10-24 15:56:58 ----D---- C:\Program Files\AhnLab
2009-10-24 13:56:54 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2009-10-22 21:14:42 ----HD---- C:\$AVG8.VAULT$
2009-10-22 18:57:42 ----D---- C:\Program Files\naver
2009-10-22 18:49:03 ----D---- C:\Program Files\Samsung
2009-10-22 18:47:05 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-22 18:47:04 ----D---- C:\Program Files\Common Files
2009-10-22 18:45:19 ----SHD---- C:\WINDOWS\Installer
2009-10-22 18:44:04 ----D---- C:\Program Files\LG USB Drive 2.9
2009-10-22 18:42:26 ----D---- C:\Program Files\GumTV
2009-10-22 14:10:30 ----A---- C:\WINDOWS\system32\delog.txt
2009-10-22 14:08:22 ----D---- C:\Documents and Settings\Administrator\Application Data\Skype
2009-10-22 14:08:08 ----D---- C:\LXK7X00
2009-10-22 14:08:06 ----RSD---- C:\WINDOWS\assembly
2009-10-22 14:08:04 ----HD---- C:\WINDOWS\inf
2009-10-16 22:31:44 ----D---- C:\WINDOWS\system32\wbem
2009-10-09 23:13:38 ----D---- C:\Temp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2004-08-05 12160]
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-05 45568]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-03 87424]
R3 {A7E39B01-B403-11d4-BD18-00D0B7A1821E};AIM 3.0 Part 01 Codec Driver VCH-A; C:\WINDOWS\system32\drivers\Vch.sys [2002-01-15 18487]
R3 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-A; C:\WINDOWS\system32\drivers\wA301a.sys [2002-01-15 26681]
R3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 AhnRghNt;AhnRghNt; \??\C:\WINDOWS\system32\Drivers\AhnRghNt.sys []
R3 AhnSZE;AhnSZE; C:\WINDOWS\system32\drivers\AhnSZE.sys [2009-12-28 1327064]
R3 ASZFltNt;ASZFltNt; \??\C:\PROGRA~1\AhnLab\V3Lite\ASZFltNt.sys []
R3 ATamptNt_ASG;ATamptNt_ASG; \??\C:\Program Files\AhnLab\SiteGuard2\ATamptNt.sys []
R3 ATamptNt_V3LITE;ATamptNt_V3LITE; \??\C:\PROGRA~1\AhnLab\V3Lite\ATamptNt.sys []
R3 CdmDrvNt;CdmDrvNt; \??\C:\WINDOWS\system32\Drivers\CdmDrvNt.sys []
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-05 14080]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2004-08-05 9600]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2002-01-15 238461]
R3 mouhid;마우스 HID 드라이버; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2004-08-05 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ATKACPI.sys [2002-01-08 6004]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2004-08-04 28672]
R3 Ptserial;W2K Pctel Serial Device Driver; C:\WINDOWS\System32\DRIVERS\ptserial.sys [2001-06-09 133779]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-05 20480]
R3 v3engine;v3engine; \??\C:\WINDOWS\system32\drivers\v3engine.sys []
R3 V3Flt2K;V3Flt2K; \??\C:\PROGRA~1\AhnLab\V3Lite\V3Flt2K.sys []
S3 AhnFlt2k;AhnFlt2k; \??\C:\WINDOWS\system32\Drivers\AhnFlt2k.sys []
S3 AhnRec2k;AhnRec2k; \??\C:\WINDOWS\system32\Drivers\AhnRec2k.sys []
S3 Arp1394;1394 ARP 클라이언트 프로토콜; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-05 60800]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 IrCOMM2k;Virtual IR COM Port; C:\WINDOWS\System32\DRIVERS\ircomm2k.sys []
S3 JRSKD24;JRSKD24; \??\C:\WINDOWS\system32\JRSKD24.SYS []
S3 JRSUKD24;JRSUKD24; \??\C:\WINDOWS\system32\JRSUKD24.SYS []
S3 NIC1394;1394 넷 드라이버; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-05 61824]
S3 NPFWFLT;NPFWFLT; \??\C:\WINDOWS\system32\NPFWFLT.SYS []
S3 npkcrypt;npkcrypt; \??\C:\WINDOWS\system32\npkcrypt.sys []
S3 PZPFE;PZPFE; \??\C:\WINDOWS\system32\drivers\PZPFE.sys []
S3 sky_bus;SKTT USB Composite Device driver (WDM); C:\WINDOWS\System32\DRIVERS\sky_bus.sys [2004-04-12 52352]
S3 sky_mdfl;SKTT IMT-2000 Handset Filter; C:\WINDOWS\System32\DRIVERS\sky_mdfl.sys [2004-04-12 6096]
S3 sky_mdm;SKTT IMT-2000 Handset Drivers; C:\WINDOWS\System32\DRIVERS\sky_mdm.sys [2004-04-12 84384]
S3 sky_serd;SKTT IMT-2000 Handset Diagnostic Serial Port (WDM); C:\WINDOWS\System32\DRIVERS\sky_serd.sys [2004-04-12 66016]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbscan;USB 스캐너 드라이버; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB 대용량 저장소 드라이버; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-05 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AsNT2;AsNT2; C:\WINDOWS\system32\asnt2.exe [2004-12-23 45056]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
R2 npkcmsvc;npkcmsvc; C:\WINDOWS\system32\npkcmsvc.exe [2009-01-09 88727]
R2 SGsvc;AhnLab SiteGuard Service; C:\Program Files\AhnLab\SiteGuard2\sgsvc.exe [2009-12-14 597616]
R2 shpsv;Shop-Guide Updater Service; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
R2 V3 Lite Service;V3 Lite Service; C:\Program Files\AhnLab\V3Lite\V3LSvc.exe [2009-08-21 289464]
S2 npkcsvc;npkcsvc; C:\WINDOWS\system32\npkcsvc.exe [2004-03-31 172544]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-09 138168]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------

[JaRon]

no nepotesim Ta vidim tam prvky virut-u - takze posielam vseobecny navod, ale cesta bude strastiplna ,,,
VIRUT
Virut je fileinfector – napada hlavne spustitelne exe subory. Jeho liecenie je dost obtiazne,
je potrebne mat dostatok znalosti, casu a trpezlivosti. Mnozstvo pripadov konci formatom.
Ak ste pripraveni zabojovat – sanca je  Najskor si zazalohujte zivotne dolezite data ako
diplomova praca, svadobne fotky apod. a mozte sa pustit do diela ,,,
1. na zistenie rozsahu zavirenia su vhodne:
AVPTool - http://www.viry.cz/forum/viewtopic.php?f=29&t=58179
CureIT - http://www.viry.cz/forum/viewtopic.php?t=47721
Co pojde liecit nechajte liecit – ostatne poznačit – nemazat.
2. pouzit jednoucelove cistice:
Grisoft – http://www.avg.com/virus-removal.ndi-67762
Symantec - http://www.softpedia.com/progDownload/W ... 21930.html
3. pouzit bootCD a vyčistit najdene infiltracie
Avira Rescue Systém - http://www.avira.com/en/support/support_downloads.html
4. ak po vykonani niektoreho z krokov pocitac nenabehne, je potrebne mat poruke
instalacne CD Windows
5. pocas jednotlivých krokov spolupracovat s radcom - logy RSIT, MBAM apod.


Virut ma mnozstvo dalších „kumpanov“ – rootkity, trojany apod.
Citanie o tejto pliage –
http://download.norman.no/whitepapers/w ... rut_cm.pdf

[ALEXUSS]

Ahoj, díky za odpověď..co tedy navrhuješ? Pustit se do práce, nebo to odvézt někam do servisu, ať se s tím popere někdo jinej? Pokud jsi ochotnej mi s tím pomoct, můžem se do toho pustit. Přiznám se ale že jsem spíš amatér co se virů týče a tak si nejsem dle tvojí odpovědi, jestli má cenu se do toho léčení se mnou vůbec pouštět. V případě, že si myslíš, že by se to dalo zvládnout, tak mi prosím napiš co bych měl udělat jako první..

Jen pro informaci: Počítač je mýho šéfa v práci, nemám instalační CD k Windows, protože ten notebook od někoho dostal darem už nainstalovanej a za celou dobu, co ho má se systém nepřeinstalovával.. Takže instalační CD Windows by mohl být problém. Co se týče ostatních kroků, to bych myslím mohl zvládnout s tvojí spoluprácí.

Díky za info a jsem s pozdravem

[JaRon]

ako som pisal v prvom rade zazalohovat dolezite veci *.doc, *.xls, *.jpg atd.
virus napada exe subory, takze hocikedy moze dojst ku kolapsu PC
po zalohe mozes pristupit k bodu 1 - staci si vybrat jeden z uvedenych

P.S. pokial si na odvirenie netrufas, v servise urcite pristupia k format+install ,,,