Prosím o kontrolu logu Vyřešeno

[Noski]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:54:11, on 11.7.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
D:\Programy atd\MS Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Steam\Steam.exe
C:\Users\Adam\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
D:\Programy atd\MS Office\Office12\ONENOTEM.EXE
C:\Users\Adam\AppData\Local\Temp\explorer.exe
C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Programy atd\Miranda IM\miranda32.exe
C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\taskeng.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~2\MSOFFI~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programy atd\MS Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programy atd\adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Microsoft Windows Hosting Service Login] C:\Users\Adam\AppData\Local\Temp\explorer.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = D:\Programy atd\MS Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~2\MSOFFI~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~2\MSOFFI~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~2\MSOFFI~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\MSOFFI~1\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~2\MSOFFI~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\System32\Skype4COM.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: DroidExplorer Service (DroidExplorerService) - Ryan Conrad - C:\Program Files\Droid Explorer\DroidExplorer.Service.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 5295 bytes

[Reklama]

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programy atd\adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Microsoft Windows Hosting Service Login] C:\Users\Adam\AppData\Local\Temp\explorer.exe

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

[Noski]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4301

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11.7.2010 11:21:20
mbam-log-2010-07-11 (11-21-20).txt

Typ skenu: Rychlý sken
Skenované objekty: 129163
Uplynulý čas: 7 minuta(y), 52 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Users\Adam\AppData\Local\Temp\explorer.exe (Trojan.Buzus) -> No action taken.


Asi smazat, co?

[jaro3]

OK.

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit nový log z MbAM.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

[Noski]

ComboFix 10-07-10.02 - Adam 11.07.2010 13:29:45.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1033.18.2046.1409 [GMT 2:00]
Spuštěný z: d:\stahování\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\x86
c:\windows\system32\x86\android_usb.inf
c:\windows\system32\x86\androidusb.sys
c:\windows\system32\x86\androidusb86.cat
c:\windows\system32\x86\WdfCoInstaller01005.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-11 do 2010-07-11 )))))))))))))))))))))))))))))))
.

2010-07-11 11:37 . 2010-07-11 11:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-11 11:27 . 2010-07-11 11:28 -------- d-----w- C:\32788R22FWJFW
2010-07-11 08:48 . 2010-07-11 08:48 388096 ----a-r- c:\users\Adam\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-11 08:45 . 2010-07-11 08:45 -------- d-----w- c:\program files\Intel Corporation
2010-07-11 08:44 . 2010-07-11 08:44 -------- d-----w- c:\program files\ATI Technologies
2010-07-11 08:44 . 2010-07-11 08:44 -------- d-----w- c:\program files\ATI
2010-07-09 09:08 . 2010-07-09 09:08 -------- d-----w- c:\program files\AGEIA Technologies
2010-07-09 09:08 . 2010-07-09 09:08 -------- d-----w- c:\windows\system32\AGEIA
2010-07-09 09:08 . 2010-07-09 09:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-09 08:57 . 2010-07-09 09:05 -------- d-----w- C:\BDS
2010-06-25 12:24 . 2010-06-25 12:24 -------- d-----w- C:\divx
2010-06-25 11:00 . 2010-06-25 11:01 -------- d-----w- c:\users\Adam\AppData\Roaming\avidemux
2010-06-25 10:55 . 2010-06-25 10:55 -------- d-----w- c:\program files\Avidemux 2.5
2010-06-25 10:55 . 2010-06-25 10:55 -------- d-----w- c:\program files\PSPad editor
2010-06-25 10:39 . 2010-06-25 10:39 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-06-17 17:32 . 2010-06-17 17:32 -------- d-----w- c:\program files\Droid Explorer
2010-06-17 17:32 . 2010-06-17 17:32 2711552 ----a-r- c:\users\Adam\AppData\Roaming\Microsoft\Installer\{DCEC1999-077E-4554-93A0-756145D1994D}\AppIcon.exe
2010-06-17 17:26 . 2010-06-17 17:28 -------- d-----w- c:\windows\system32\amd64

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-11 11:26 . 2010-02-20 15:53 622444 ----a-w- c:\windows\system32\perfh005.dat
2010-07-11 11:26 . 2010-02-20 15:53 118612 ----a-w- c:\windows\system32\perfc005.dat
2010-07-11 11:23 . 2010-06-09 09:40 -------- d-----w- c:\program files\Steam
2010-07-11 08:48 . 2010-02-20 16:41 -------- d-----w- c:\program files\trend micro
2010-07-11 07:42 . 2010-06-09 09:40 -------- d-----w- c:\program files\Common Files\Steam
2010-07-10 07:22 . 2010-02-21 14:01 -------- d-----w- c:\users\Adam\AppData\Roaming\vlc
2010-07-10 05:27 . 2010-02-21 14:03 -------- d-----w- c:\users\Adam\AppData\Roaming\dvdcss
2010-07-09 08:58 . 2010-02-19 14:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-09 08:50 . 2010-02-20 14:51 -------- d-----w- c:\users\Adam\AppData\Roaming\BitTorrent
2010-07-06 08:45 . 2010-03-25 17:08 -------- d-----w- c:\users\Adam\AppData\Roaming\BSplayer
2010-06-25 10:39 . 2010-04-23 19:14 -------- d-----w- c:\program files\DivX
2010-06-25 10:39 . 2010-03-15 15:36 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-21 12:16 . 2010-02-20 15:15 -------- d-----w- c:\users\Adam\AppData\Roaming\AIMP
2010-06-10 15:36 . 2010-06-10 10:34 -------- d-----w- c:\users\Adam\AppData\Roaming\Tropico 3
2010-06-09 12:20 . 2010-06-02 08:41 -------- d-----w- c:\program files\LG Electronics
2010-06-09 10:29 . 2010-02-19 15:33 110376 ----a-w- c:\users\Adam\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-09 09:27 . 2010-04-08 17:34 -------- d-----w- c:\users\Adam\AppData\Roaming\Skype
2010-06-09 08:22 . 2010-04-08 17:35 -------- d-----w- c:\users\Adam\AppData\Roaming\skypePM
2010-06-06 18:11 . 2010-06-06 18:11 -------- d-----w- c:\program files\DIFX
2010-06-06 18:11 . 2010-06-06 18:11 -------- d-----w- c:\program files\infineon
2010-06-06 13:56 . 2010-06-06 13:56 -------- d-----w- c:\programdata\Codemasters
2010-06-06 13:42 . 2010-06-06 13:42 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-06-06 13:42 . 2010-06-06 13:42 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-06-06 13:42 . 2010-06-06 13:42 -------- d-----w- c:\program files\OpenAL
2010-06-06 07:27 . 2010-06-06 07:27 -------- d-----w- c:\users\Adam\AppData\Roaming\InstallShield
2010-06-04 13:46 . 2010-06-04 13:46 -------- d-----w- c:\program files\MSXML 4.0
2010-06-04 13:42 . 2010-06-04 13:42 -------- d--h--w- c:\users\Adam\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
2010-06-04 05:57 . 2010-06-02 09:08 1046456 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\LGUserCSTool.exe
2010-06-02 09:15 . 2010-06-02 08:36 -------- d-----w- c:\users\Adam\AppData\Roaming\LG Electronics
2010-06-02 09:08 . 2010-06-02 09:08 -------- d-----w- c:\programdata\LGMOBILEAX
2010-06-01 15:58 . 2010-06-01 15:58 -------- d-----w- c:\users\Adam\AppData\Roaming\Malwarebytes
2010-06-01 15:56 . 2010-06-01 15:56 -------- d-----w- c:\programdata\Malwarebytes
2010-06-01 09:55 . 2010-06-01 08:16 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-01 09:55 . 2010-06-01 08:15 215016 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-01 08:16 . 2010-06-01 08:16 138056 ----a-w- c:\users\Adam\AppData\Roaming\PnkBstrK.sys
2010-06-01 08:16 . 2010-06-01 08:16 138056 ----a-w- c:\users\Adam\AppData\Roaming\PnkBstrK.sys
2010-06-01 08:15 . 2010-06-01 08:15 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-06-01 08:15 . 2010-06-01 08:15 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-05-26 18:39 . 2010-05-26 18:39 -------- d-----w- c:\users\Adam\AppData\Roaming\Reallusion
2010-05-26 18:38 . 2010-05-26 18:38 -------- d-----w- c:\programdata\InstallShield
2010-05-26 18:38 . 2010-02-19 14:57 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-26 18:37 . 2010-05-26 18:37 9843864 ----a-w- c:\programdata\Skype\Plugins\Plugins\95F12167483D466CABC98CAFE4B4FD93\CT4SKypePlugIn20_Multi_Media.exe
2010-05-26 18:37 . 2010-05-26 18:37 77824 ----a-w- c:\programdata\Skype\Plugins\Plugins\95F12167483D466CABC98CAFE4B4FD93\RLLauncher.exe
2010-05-26 18:35 . 2010-05-26 18:35 72704 ----a-w- c:\programdata\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\RemoteControl.dll
2010-05-26 18:35 . 2010-05-26 18:35 630272 ----a-w- c:\programdata\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\CrashRpt.dll
2010-05-26 18:35 . 2010-05-26 18:35 613888 ----a-w- c:\programdata\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\sound\WMASoundPlugin.dll
2010-05-26 18:35 . 2010-05-26 18:35 5439488 ----a-w- c:\programdata\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\PamelaPCR.exe
2010-05-26 18:35 . 2010-05-26 18:35 53760 ----a-w- c:\programdata\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\zlib.dll
2010-05-26 18:35 . 2010-05-26 18:35 489984 ----a-w- c:\programdata\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\dbghelp.dll
2010-05-26 18:35 . 2010-05-26 18:35 444928 ----a-w- c:\programdata\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\sound\SystemMP3SoundPlugin.dll
2010-05-26 18:35 . 2010-05-26 18:35 1603072 ----a-w- c:\programdata\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\sound\VorbisOGGSoundPlugin.dll
2010-05-26 18:35 . 2010-05-26 18:35 1495040 ----a-w- c:\programdata\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\lng.dll
2010-05-26 18:35 . 2010-05-26 18:35 1138688 ----a-w- c:\programdata\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\libeay32.dll
2010-05-26 18:32 . 2010-05-26 18:21 1712128 ----a-w- c:\programdata\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\GdiPlus.dll
2010-05-26 18:32 . 2010-05-26 18:21 640000 ----a-w- c:\programdata\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\dbghelp.dll
2010-05-26 18:28 . 2010-05-26 18:26 466944 ------w- c:\windows\Setup1.exe
2010-05-26 18:28 . 2010-05-26 18:26 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-05-26 18:21 . 2010-05-26 18:21 868352 ----a-w- c:\programdata\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\LieDetector.exe
2010-05-26 18:21 . 2010-05-26 18:21 53760 ----a-w- c:\programdata\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\zlib.dll
2010-05-20 04:49 . 2010-06-02 09:08 317368 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
2010-05-20 04:49 . 2010-06-02 09:08 79800 ----a-w- c:\programdata\LGMOBILEAX\LGMLauncher.exe
2010-05-20 04:49 . 2010-06-02 09:08 206784 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\B2CAppUninstall.exe
2010-05-20 04:41 . 2010-06-02 09:08 516096 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\LGMUpgradeDL.dll
2010-05-06 22:39 . 2010-06-02 09:08 102400 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\LGMobileDL.dll
2010-04-29 13:39 . 2010-06-01 15:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-06-01 15:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 19:20 . 2010-04-23 19:20 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-23 19:15 . 2010-04-23 19:15 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-23 19:15 . 2010-04-23 19:15 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-04-23 19:15 . 2010-04-23 19:15 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-04-23 19:15 . 2010-04-23 19:15 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-04-23 19:15 . 2010-04-23 19:15 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-23 19:15 . 2010-04-23 19:15 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-04-23 19:13 . 2010-04-23 19:15 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-04-23 19:13 . 2010-04-23 19:15 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-04-21 14:59 . 2010-04-21 14:59 411368 ----a-w- c:\windows\system32\deployJava1.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-20 135664]
"Steam"="c:\program files\Steam\Steam.exe" [2010-06-09 1238352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-02-11 2756488]
"GrooveMonitor"="d:\programy atd\MS Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="d:\programy atd\adobe\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2010-05-20 317368]
"Malwarebytes Anti-Malware (reboot)"="d:\programy atd\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - d:\programy atd\MS Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 DroidExplorerService;DroidExplorer Service;c:\program files\Droid Explorer\DroidExplorer.Service.exe [2009-10-06 253440]
R3 GarenaPEngine;GarenaPEngine;c:\users\Adam\AppData\Local\Temp\CWG787F.tmp [x]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-01-11 3461904]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-02 691696]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-02-11 51792]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-10-21 315392]

.
Obsah adresáře 'Naplánované úlohy'

2010-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3445958169-1514109408-3489284124-1000Core.job
- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-20 14:26]

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3445958169-1514109408-3489284124-1000UA.job
- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-20 14:26]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~2\MSOFFI~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\scqix59h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: d:\programy atd\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Adam\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\scqix59h.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: d:\programy atd\adobe\Reader\browser\nppdf32.dll
FF - plugin: d:\programy atd\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
d:\programy atd\greprefs\all.js - pref("ui.use_native_colors", true);
d:\programy atd\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
d:\programy atd\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
d:\programy atd\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
d:\programy atd\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\programy atd\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
d:\programy atd\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
d:\programy atd\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
d:\programy atd\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\programy atd\greprefs\all.js - pref("network.proxy.type", 5);
d:\programy atd\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
d:\programy atd\greprefs\all.js - pref("svg.smil.enabled", false);
d:\programy atd\greprefs\all.js - pref("accelerometer.enabled", true);
d:\programy atd\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\programy atd\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\programy atd\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\programy atd\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\programy atd\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
d:\programy atd\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\programy atd\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\programy atd\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\programy atd\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
d:\programy atd\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
d:\programy atd\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
d:\programy atd\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
d:\programy atd\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\c:\users\Adam\AppData\Local\Temp\CWG787F.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-07-11 13:40:52
ComboFix-quarantined-files.txt 2010-07-11 11:40

Před spuštěním: 2 315 997 184
Po spuštění: 2 868 518 912

- - End Of File - - 6B298C031FDCF2C718700E9578750AA8

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001


Klikni na soubor a vyber: uložit jako, v okně vyber:
Název souboru: fixme.reg
Typ souboru : všechny soubory
Kam: na svojí plochu
Klikni na uložit .Poklepej na ploše na soubor fixme.reg. Win se zeptá , zdali chceš přidat do registru, klikni na Ano.
Restart PC.
***********************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\users\Adam\AppData\Local\Temp\CWG787F.tmp
c:\windows\system32\GameMon.des

Folder::
C:\32788R22FWJFW

DirLook::
c:\windows\system32\amd64

Driver::
GarenaPEngine
npggsvc

Registry::
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"=-
 [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GarenaPEngine]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

RegLock::
 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[Noski]

ComboFix 10-07-10.02 - Adam 11.07.2010 18:45:12.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1033.18.2046.1435 [GMT 2:00]
Spuštěný z: d:\stahování\ComboFix.exe
Použité ovládací přepínače :: c:\users\Adam\Desktop\CFScript.txt

FILE ::
"c:\users\Adam\AppData\Local\Temp\CWG787F.tmp"
"c:\windows\system32\GameMon.des"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\32788R22FWJFW
c:\32788r22fwjfw\EN-US\cmd.cfxxe.mui
c:\windows\system32\GameMon.des

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GARENAPENGINE


((((((((((((((((((((((((( Soubory vytvořené od 2010-06-11 do 2010-07-11 )))))))))))))))))))))))))))))))
.

2010-07-11 16:53 . 2010-07-11 16:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-11 08:48 . 2010-07-11 08:48 388096 ----a-r- c:\users\Adam\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-11 08:45 . 2010-07-11 08:45 -------- d-----w- c:\program files\Intel Corporation
2010-07-11 08:44 . 2010-07-11 08:44 -------- d-----w- c:\program files\ATI Technologies
2010-07-11 08:44 . 2010-07-11 08:44 -------- d-----w- c:\program files\ATI
2010-07-09 09:08 . 2010-07-09 09:08 -------- d-----w- c:\program files\AGEIA Technologies
2010-07-09 09:08 . 2010-07-09 09:08 -------- d-----w- c:\windows\system32\AGEIA
2010-07-09 09:08 . 2010-07-09 09:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-09 08:57 . 2010-07-09 09:05 -------- d-----w- C:\BDS
2010-06-25 12:24 . 2010-06-25 12:24 -------- d-----w- C:\divx
2010-06-25 11:00 . 2010-06-25 11:01 -------- d-----w- c:\users\Adam\AppData\Roaming\avidemux
2010-06-25 10:55 . 2010-06-25 10:55 -------- d-----w- c:\program files\Avidemux 2.5
2010-06-25 10:55 . 2010-06-25 10:55 -------- d-----w- c:\program files\PSPad editor
2010-06-25 10:39 . 2010-06-25 10:39 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-06-17 17:32 . 2010-06-17 17:32 -------- d-----w- c:\program files\Droid Explorer
2010-06-17 17:32 . 2010-06-17 17:32 2711552 ----a-r- c:\users\Adam\AppData\Roaming\Microsoft\Installer\{DCEC1999-077E-4554-93A0-756145D1994D}\AppIcon.exe
2010-06-17 17:26 . 2010-06-17 17:28 -------- d-----w- c:\windows\system32\amd64

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-11 16:55 . 2010-06-09 09:40 -------- d-----w- c:\program files\Steam
2010-07-11 16:47 . 2010-02-20 15:53 622444 ----a-w- c:\windows\system32\perfh005.dat
2010-07-11 16:47 . 2010-02-20 15:53 118612 ----a-w- c:\windows\system32\perfc005.dat
2010-07-11 08:48 . 2010-02-20 16:41 -------- d-----w- c:\program files\trend micro
2010-07-11 07:42 . 2010-06-09 09:40 -------- d-----w- c:\program files\Common Files\Steam
2010-07-10 07:22 . 2010-02-21 14:01 -------- d-----w- c:\users\Adam\AppData\Roaming\vlc
2010-07-10 05:27 . 2010-02-21 14:03 -------- d-----w- c:\users\Adam\AppData\Roaming\dvdcss
2010-07-09 08:58 . 2010-02-19 14:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-09 08:50 . 2010-02-20 14:51 -------- d-----w- c:\users\Adam\AppData\Roaming\BitTorrent
2010-07-06 08:45 . 2010-03-25 17:08 -------- d-----w- c:\users\Adam\AppData\Roaming\BSplayer
2010-06-25 10:39 . 2010-04-23 19:14 -------- d-----w- c:\program files\DivX
2010-06-25 10:39 . 2010-03-15 15:36 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-21 12:16 . 2010-02-20 15:15 -------- d-----w- c:\users\Adam\AppData\Roaming\AIMP
2010-06-10 15:36 . 2010-06-10 10:34 -------- d-----w- c:\users\Adam\AppData\Roaming\Tropico 3
2010-06-09 12:20 . 2010-06-02 08:41 -------- d-----w- c:\program files\LG Electronics
2010-06-09 10:29 . 2010-02-19 15:33 110376 ----a-w- c:\users\Adam\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-09 09:27 . 2010-04-08 17:34 -------- d-----w- c:\users\Adam\AppData\Roaming\Skype
2010-06-09 08:22 . 2010-04-08 17:35 -------- d-----w- c:\users\Adam\AppData\Roaming\skypePM
2010-06-06 18:11 . 2010-06-06 18:11 -------- d-----w- c:\program files\DIFX
2010-06-06 18:11 . 2010-06-06 18:11 -------- d-----w- c:\program files\infineon
2010-06-06 13:56 . 2010-06-06 13:56 -------- d-----w- c:\programdata\Codemasters
2010-06-06 13:42 . 2010-06-06 13:42 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-06-06 13:42 . 2010-06-06 13:42 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-06-06 13:42 . 2010-06-06 13:42 -------- d-----w- c:\program files\OpenAL
2010-06-06 07:27 . 2010-06-06 07:27 -------- d-----w- c:\users\Adam\AppData\Roaming\InstallShield
2010-06-04 13:46 . 2010-06-04 13:46 -------- d-----w- c:\program files\MSXML 4.0
2010-06-04 13:42 . 2010-06-04 13:42 -------- d--h--w- c:\users\Adam\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
2010-06-04 05:57 . 2010-06-02 09:08 1046456 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\LGUserCSTool.exe
2010-06-02 09:15 . 2010-06-02 08:36 -------- d-----w- c:\users\Adam\AppData\Roaming\LG Electronics
2010-06-02 09:08 . 2010-06-02 09:08 -------- d-----w- c:\programdata\LGMOBILEAX
2010-06-01 15:58 . 2010-06-01 15:58 -------- d-----w- c:\users\Adam\AppData\Roaming\Malwarebytes
2010-06-01 15:56 . 2010-06-01 15:56 -------- d-----w- c:\programdata\Malwarebytes
2010-06-01 09:55 . 2010-06-01 08:16 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-01 09:55 . 2010-06-01 08:15 215016 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-01 08:16 . 2010-06-01 08:16 138056 ----a-w- c:\users\Adam\AppData\Roaming\PnkBstrK.sys
2010-06-01 08:16 . 2010-06-01 08:16 138056 ----a-w- c:\users\Adam\AppData\Roaming\PnkBstrK.sys
2010-06-01 08:15 . 2010-06-01 08:15 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-06-01 08:15 . 2010-06-01 08:15 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-05-26 18:39 . 2010-05-26 18:39 -------- d-----w- c:\users\Adam\AppData\Roaming\Reallusion
2010-05-26 18:38 . 2010-05-26 18:38 -------- d-----w- c:\programdata\InstallShield
2010-05-26 18:38 . 2010-02-19 14:57 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-26 18:37 . 2010-05-26 18:37 9843864 ----a-w- c:\programdata\Skype\Plugins\Plugins\95F12167483D466CABC98CAFE4B4FD93\CT4SKypePlugIn20_Multi_Media.exe
2010-05-26 18:37 . 2010-05-26 18:37 77824 ----a-w- c:\programdata\Skype\Plugins\Plugins\95F12167483D466CABC98CAFE4B4FD93\RLLauncher.exe
2010-05-26 18:35 . 2010-05-26 18:35 72704 ----a-w- c:\programdata\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\RemoteControl.dll
2010-05-26 18:35 . 2010-05-26 18:35 630272 ----a-w- c:\programdata\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\CrashRpt.dll
2010-05-26 18:35 . 2010-05-26 18:35 613888 ----a-w- c:\programdata\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\sound\WMASoundPlugin.dll
2010-05-26 18:35 . 2010-05-26 18:35 5439488 ----a-w- c:\programdata\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\PamelaPCR.exe
2010-05-26 18:35 . 2010-05-26 18:35 53760 ----a-w- c:\programdata\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\zlib.dll
2010-05-26 18:35 . 2010-05-26 18:35 489984 ----a-w- c:\programdata\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\dbghelp.dll
2010-05-26 18:35 . 2010-05-26 18:35 444928 ----a-w- c:\programdata\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\sound\SystemMP3SoundPlugin.dll
2010-05-26 18:35 . 2010-05-26 18:35 1603072 ----a-w- c:\programdata\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\sound\VorbisOGGSoundPlugin.dll
2010-05-26 18:35 . 2010-05-26 18:35 1495040 ----a-w- c:\programdata\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\lng.dll
2010-05-26 18:35 . 2010-05-26 18:35 1138688 ----a-w- c:\programdata\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\libeay32.dll
2010-05-26 18:32 . 2010-05-26 18:21 1712128 ----a-w- c:\programdata\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\GdiPlus.dll
2010-05-26 18:32 . 2010-05-26 18:21 640000 ----a-w- c:\programdata\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\dbghelp.dll
2010-05-26 18:28 . 2010-05-26 18:26 466944 ------w- c:\windows\Setup1.exe
2010-05-26 18:28 . 2010-05-26 18:26 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-05-26 18:21 . 2010-05-26 18:21 868352 ----a-w- c:\programdata\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\LieDetector.exe
2010-05-26 18:21 . 2010-05-26 18:21 53760 ----a-w- c:\programdata\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\zlib.dll
2010-05-20 04:49 . 2010-06-02 09:08 317368 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
2010-05-20 04:49 . 2010-06-02 09:08 79800 ----a-w- c:\programdata\LGMOBILEAX\LGMLauncher.exe
2010-05-20 04:49 . 2010-06-02 09:08 206784 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\B2CAppUninstall.exe
2010-05-20 04:41 . 2010-06-02 09:08 516096 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\LGMUpgradeDL.dll
2010-05-06 22:39 . 2010-06-02 09:08 102400 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\LGMobileDL.dll
2010-04-29 13:39 . 2010-06-01 15:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-06-01 15:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 19:20 . 2010-04-23 19:20 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-23 19:15 . 2010-04-23 19:15 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-23 19:15 . 2010-04-23 19:15 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-04-23 19:15 . 2010-04-23 19:15 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-04-23 19:15 . 2010-04-23 19:15 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-04-23 19:15 . 2010-04-23 19:15 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-23 19:15 . 2010-04-23 19:15 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-04-23 19:13 . 2010-04-23 19:15 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-04-23 19:13 . 2010-04-23 19:15 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-04-21 14:59 . 2010-04-21 14:59 411368 ----a-w- c:\windows\system32\deployJava1.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\amd64 ----

2010-06-17 17:28 . 2009-02-05 13:59 1919968 ----a-w- c:\windows\system32\amd64\WdfCoInstaller01005.dll
2010-06-17 17:28 . 2009-02-05 13:59 3445 ----a-w- c:\windows\system32\amd64\android_usb.inf
2010-06-17 17:28 . 2009-02-05 13:59 8569 ----a-w- c:\windows\system32\amd64\androidusba64.cat
2010-06-17 17:28 . 2009-02-05 13:59 31744 ----a-w- c:\windows\system32\amd64\androidusb.sys


(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-20 135664]
"Steam"="c:\program files\Steam\Steam.exe" [2010-06-09 1238352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-02-11 2756488]
"GrooveMonitor"="d:\programy atd\MS Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="d:\programy atd\adobe\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2010-05-20 317368]
"Malwarebytes Anti-Malware (reboot)"="d:\programy atd\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - d:\programy atd\MS Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-02 691696]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-02-11 51792]
S2 DroidExplorerService;DroidExplorer Service;c:\program files\Droid Explorer\DroidExplorer.Service.exe [2009-10-06 253440]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-10-21 315392]

.
Obsah adresáře 'Naplánované úlohy'

2010-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3445958169-1514109408-3489284124-1000Core.job
- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-20 14:26]

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3445958169-1514109408-3489284124-1000UA.job
- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-20 14:26]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~2\MSOFFI~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\scqix59h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: d:\programy atd\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Adam\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\scqix59h.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: d:\programy atd\adobe\Reader\browser\nppdf32.dll
FF - plugin: d:\programy atd\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
d:\programy atd\greprefs\all.js - pref("ui.use_native_colors", true);
d:\programy atd\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
d:\programy atd\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
d:\programy atd\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
d:\programy atd\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\programy atd\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
d:\programy atd\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
d:\programy atd\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
d:\programy atd\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\programy atd\greprefs\all.js - pref("network.proxy.type", 5);
d:\programy atd\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
d:\programy atd\greprefs\all.js - pref("svg.smil.enabled", false);
d:\programy atd\greprefs\all.js - pref("accelerometer.enabled", true);
d:\programy atd\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\programy atd\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\programy atd\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\programy atd\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\programy atd\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
d:\programy atd\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\programy atd\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\programy atd\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\programy atd\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
d:\programy atd\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
d:\programy atd\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
d:\programy atd\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
d:\programy atd\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(2968)
c:\windows\System32\ieframe.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\users\Adam\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\program files\Common Files\Steam\SteamService.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2010-07-11 18:59:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-11 16:59
ComboFix2.txt 2010-07-11 11:40

Před spuštěním: 2 571 624 448
Po spuštění: 2 387 234 816

- - End Of File - - 832B6FFD01AC98C442B2BA536BAA0FA9

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG či Avast, následně T-Cleaner smaž a zapni si AVG či Avast.


Vlož ještě nový log z HJT.

[Noski]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:30:31, on 11.7.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
D:\Programy atd\MS Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
D:\Programy atd\MS Office\Office12\ONENOTEM.EXE
C:\Users\Adam\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Windows\Explorer.exe
C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~2\MSOFFI~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programy atd\MS Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programy atd\adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = D:\Programy atd\MS Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~2\MSOFFI~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~2\MSOFFI~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~2\MSOFFI~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\MSOFFI~1\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~2\MSOFFI~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\System32\Skype4COM.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: DroidExplorer Service (DroidExplorerService) - Ryan Conrad - C:\Program Files\Droid Explorer\DroidExplorer.Service.exe

--
End of file - 3859 bytes

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programy atd\adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

[Noski]

Díky. A ještě by mě zajímalo, jestli jsem měl v PC hodně bordelu. :)