combofix nedokaze odstranit soubor

[Milar]

Ahoj, potřebuji poradit. Projel jsem pc combofix a nasel mi par veci, ale bohuzel jednu z nich nedokaze odstranit (snad se jedna o vir)... Prosim, pokud nekdo vi jak na to, tak poradte... Dekuji

ComboFix 10-08-22.07 - Mila 24.08.2010 9:44.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.2094 [GMT 2:00]
Spuštěný z: c:\users\Mila\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\etc\lmhosts . . . . nemohl být smazán

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-24 do 2010-08-24 )))))))))))))))))))))))))))))))
.

2010-08-24 07:48 . 2010-08-24 07:49 -------- d-----w- c:\users\Mila\AppData\Local\temp
2010-08-24 07:48 . 2010-08-24 07:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-24 07:48 . 2010-08-24 07:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-17 20:16 . 2010-08-17 20:16 -------- d-----w- c:\users\Mila\AppData\Roaming\Malwarebytes
2010-08-17 20:15 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-17 20:15 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-16 08:35 . 2010-08-16 09:08 -------- d-----w- c:\users\Mila\AppData\Roaming\vlc
2010-08-03 12:41 . 2010-08-23 20:34 -------- d-----w- c:\program files\Crawler
2010-08-02 20:11 . 2010-07-09 11:18 20328 ----a-w- c:\windows\system32\drivers\cpuz134_x32.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 07:48 . 2009-09-17 16:12 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-24 06:14 . 2010-08-24 06:14 123046 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_08_24_08_03_48_small.dmp.zip
2010-08-23 20:27 . 2007-09-05 15:26 624612 ----a-w- c:\windows\system32\perfh005.dat
2010-08-23 20:27 . 2007-09-05 15:26 118962 ----a-w- c:\windows\system32\perfc005.dat
2010-08-23 20:22 . 2010-08-23 20:23 2089984 ----a-w- c:\windows\Internet Logs\xDB6B9E.tmp
2010-08-23 20:22 . 2010-08-23 20:23 13312 ----a-w- c:\windows\Internet Logs\xDB6A65.tmp
2010-08-23 20:21 . 2010-08-23 20:22 2089984 ----a-w- c:\windows\Internet Logs\xDB68D1.tmp
2010-08-23 20:21 . 2010-08-23 20:22 280576 ----a-w- c:\windows\Internet Logs\xDB67E6.tmp
2010-08-23 17:15 . 2009-09-17 18:27 -------- d-----w- c:\users\Mila\AppData\Roaming\Spyware Terminator
2010-08-23 11:06 . 2009-09-17 18:27 -------- d-----w- c:\programdata\Spyware Terminator
2010-08-16 06:32 . 2009-10-10 06:31 29675186 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-08-15 19:10 . 2009-09-18 06:03 -------- d-----w- c:\users\Mila\AppData\Roaming\dvdcss
2010-08-13 15:59 . 2010-08-13 19:23 2062848 ----a-w- c:\windows\Internet Logs\xDB731D.tmp
2010-08-13 15:59 . 2010-08-13 19:23 171520 ----a-w- c:\windows\Internet Logs\xDB7232.tmp
2010-08-11 11:36 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-10 06:27 . 2010-08-10 06:28 2046464 ----a-w- c:\windows\Internet Logs\xDB735B.tmp
2010-08-10 06:27 . 2010-08-10 06:28 135680 ----a-w- c:\windows\Internet Logs\xDB7251.tmp
2010-08-04 13:05 . 2010-08-04 13:06 2042368 ----a-w- c:\windows\Internet Logs\xDBC265.tmp
2010-08-04 13:05 . 2010-08-04 13:06 1140736 ----a-w- c:\windows\Internet Logs\xDBC15B.tmp
2010-07-24 06:16 . 2009-09-17 09:08 -------- d-----w- c:\users\Mila\AppData\Roaming\GHISLER
2010-07-21 19:08 . 2009-09-17 18:27 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-07-17 10:25 . 2009-11-07 06:58 420890 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-06-26 06:05 . 2010-08-11 11:36 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 11:36 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 11:36 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 11:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-23 11:51 . 2009-11-07 06:58 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-06-23 11:51 . 2009-12-06 10:18 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-06-23 11:51 . 2009-12-06 10:18 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-06-21 13:37 . 2010-08-11 11:36 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-11 11:36 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-11 11:36 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-11 11:36 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-16 16:39 . 2010-08-11 11:36 912776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-16 14:01 . 2010-08-11 11:36 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-06-14 08:46 . 2010-06-14 08:48 1977344 ----a-w- c:\windows\Internet Logs\xDBBA0C.tmp
2010-06-14 08:46 . 2010-06-14 08:48 2917888 ----a-w- c:\windows\Internet Logs\xDBB8B3.tmp
2010-06-11 16:16 . 2010-08-11 11:36 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-11 11:36 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-06-08 17:35 . 2010-08-11 11:36 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-11 11:36 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-27 20:08 . 2010-08-11 11:36 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-05-26 17:06 . 2010-06-10 05:17 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 05:17 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-12-31 21:28 . 2009-12-31 21:28 1686 ----a-w- c:\program files\The Business Upper Intermediate.lnk
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RMClock"="c:\instalace\RMClock\RMClockLauncher.exe" [2008-02-29 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="c:\instalace\Spyware Terminator\SpywareTerminatorShield.exe" [2010-07-21 2176512]
"avgnt"="c:\instalace\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"ZoneAlarm Client"="c:\instalace\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\instalace\Adobe 9\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\instalace\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-02-12 11:37 174872 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-02-26 18:46 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-12 02:01 32768 ----a-w- c:\instalace\ASUSDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-04-10 14:01 4431872 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-05-05 09:01 1466368 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2010-07-21 19:08 2176512 ----a-w- c:\instalace\Spyware Terminator\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 19:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 13:28 149280 ----a-w- c:\instalace\Java\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):42,29,7c,a9,43,38,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1205144050-1625341816-4136319536-1000]
"EnableNotificationsRef"=dword:00000001

R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [x]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-21 691696]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-07-21 142592]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\instalace\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-04-04 46592]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-10-26 4247552]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\instal~1\OFFICE~1\Office12\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\instalace\Avira\AntiVir Desktop\avguard.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\instalace\Spyware Terminator\sp_rsser.exe
c:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
c:\instalace\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2010-08-24 09:55:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-24 07:55
ComboFix2.txt 2010-08-23 19:48

Před spuštěním: Volných bajtů: 129 184 329 728
Po spuštění: Volných bajtů: 129 142 378 496

Current=1 Default=1 Failed=0 LastKnownGood=41 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41
- - End Of File - - C05220BCBE53BADB3DD8DF2C8F23B62D

[JaRon]

uvedeny subor moze byt legalny
odinstaluj Terminatora - mas tam privela AS
+
prescanuj PC s MBAM

[Milar]

dekuji za radu... sken MBAM nic nenasel...

[JaRon]

obsah suboru c:\windows\system32\drivers\etc\lmhosts mozes pozriet v notepade
prip. ho vloz do fora

[Milar]

kdyz v total commanderu dam zobrazi F3, tak se zobrazi pouze prazdny list bez jakehokoliv popisku...

[JaRon]

to bUde OK
vycisti PC s CCleanerom a hotovo

[Milar]

Dobre...
Dekuji za Vas cas

[JaRon]

za malo