Error 5: Access Denied

C

ChegNerd

New member
Local time
4:30 PM
Messages
1
These pop up errors keep coming up even when my computer is just sitting there. I think it's linked to visual basic command line compiler. I'm thinking it's either a worm or that visual basic is malfunctioning and I should reinstall? I've tried 4 different antivirus programs (WSS, AVG, Avira, Trend Micro Housecall) half said there was a problem but couldn't do anything because the infected file is inaccessible and the other half doesn't detect anything. Anyone have an idea how to fix this?

"";"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe (3664):\memory_00400000";"Virus identified Worm/Koobface.AG";"Object is inaccessible."

Error.png
 

My Computer

OS
Win7 32-bit
Download Combofix from any of the links below, and save it to your desktop.<--Important
Link 1
Link 2
Link 3

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.
  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Please be patient while the scan runs, at times it may appear to stall.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
After rebooting ensure your Security applications have been re-enabled.

In your next reply post:
ComboFix.txt

***A guide and tutorial on "How to use Combofix" can be found here:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
Hey, i just stumbled over this forum because i have the same problem,
so i did the stuff and here is the file

ComboFix.txt
Code: 
ComboFix 11-04-12.02 - Patrice 13/04/2011  20:38:17.2.4 - x64
Microsoft Windows*7 Édition Intégrale   6.1.7601.1.1252.33.1036.18.8191.5909 [GMT 2:00]
Lancé depuis: c:\users\Patrice\Desktop\ComboFix.exe
AV: Panda Global Protection 2011 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
FW: Panda Personal Firewall 2011 *Disabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
SP: Panda Global Protection 2011 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Patrice\AppData\Roaming\data.dat
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2011-03-13 au 2011-04-13  ))))))))))))))))))))))))))))))))))))
.
.
2011-04-13 17:47 . 2011-04-13 17:47	--------	d-----w-	c:\programdata\RegCure
2011-04-13 17:47 . 2011-04-13 17:49	--------	d-----w-	c:\program files (x86)\RegCure
2011-04-13 17:39 . 2011-04-13 17:39	--------	d-----w-	c:\programdata\UAB
2011-04-13 17:39 . 2011-04-13 17:39	--------	d-----w-	c:\users\Patrice\AppData\Local\PC_Drivers_Headquarters
2011-04-13 17:39 . 2011-04-13 17:39	--------	d-----w-	c:\programdata\PC Drivers HeadQuarters
2011-04-13 17:38 . 2011-04-13 17:38	--------	d-----w-	c:\program files (x86)\PC Drivers HeadQuarters
2011-04-12 14:08 . 2011-03-15 05:17	8424784	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FA957D08-05FF-4D89-8C4B-3B493BEF15F0}\mpengine.dll
2011-04-11 16:13 . 2011-04-11 16:13	--------	d-----w-	c:\windows\system32\appmgmt
2011-04-10 16:49 . 2010-11-11 11:49	81008	----a-w-	c:\windows\system32\drivers\vmci.sys
2011-04-10 16:48 . 2010-11-11 11:49	68720	----a-w-	c:\windows\system32\drivers\vmx86.sys
2011-04-10 16:48 . 2010-11-11 11:48	334448	----a-w-	c:\windows\SysWow64\vmnetdhcp.exe
2011-04-10 16:48 . 2010-11-11 11:48	404080	----a-w-	c:\windows\SysWow64\vmnat.exe
2011-04-10 16:48 . 2010-11-11 11:47	30320	----a-w-	c:\windows\system32\drivers\vmnetuserif.sys
2011-04-10 16:48 . 2010-11-11 11:49	968816	----a-w-	c:\windows\system32\vnetlib64.dll
2011-04-10 16:47 . 2010-11-11 11:47	31856	----a-w-	c:\windows\system32\drivers\VMkbd.sys
2011-04-10 16:47 . 2010-11-11 10:31	38512	----a-w-	c:\windows\system32\drivers\hcmon.sys
2011-04-10 16:47 . 2011-04-10 16:47	--------	d-----w-	c:\program files (x86)\Common Files\VMware
2011-04-10 16:46 . 2011-04-10 16:46	--------	d-----w-	c:\program files (x86)\VMware
2011-04-06 15:02 . 2011-04-06 15:02	--------	d-----w-	c:\windows\SysWow64\wbem\en-US
2011-04-06 15:02 . 2011-04-06 15:02	--------	d-----w-	c:\windows\system32\wbem\en-US
2011-03-31 15:42 . 2011-03-31 15:51	--------	d-----w-	c:\users\Patrice\AppData\Roaming\Polynomial
2011-03-30 20:22 . 2011-03-30 20:23	--------	d-----w-	c:\users\Patrice\AppData\Roaming\DarksporeData
2011-03-30 17:42 . 2011-04-03 10:28	--------	d-----w-	c:\program files (x86)\FxPro - MetaTrader
2011-03-27 14:09 . 2011-03-27 14:09	--------	d-----w-	c:\users\Patrice\AppData\Roaming\MySQL
2011-03-27 13:55 . 2011-03-27 13:55	--------	d-----w-	c:\programdata\MySQL
2011-03-25 22:23 . 2011-03-27 12:16	--------	d-----w-	c:\users\Patrice\AppData\Roaming\TortoiseSVN
2011-03-25 22:03 . 2011-04-13 18:42	--------	d-----w-	c:\users\Patrice\AppData\Local\TSVNCache
2011-03-25 22:01 . 2011-03-25 22:01	--------	d-----w-	c:\program files\TortoiseSVN
2011-03-25 22:01 . 2011-03-25 22:01	--------	d-----w-	c:\program files\Common Files\TortoiseOverlays
2011-03-24 18:52 . 2011-03-24 18:52	--------	d-----w-	c:\program files\iTunes
2011-03-24 18:52 . 2011-03-24 18:52	--------	d-----w-	c:\program files\iPod
2011-03-24 18:50 . 2011-03-24 18:50	--------	d-----w-	c:\program files (x86)\Safari
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-12 18:47 . 2010-12-31 22:13	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-03-11 14:20 . 2010-06-24 10:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-23 18:12 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2011-02-23 18:12 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2011-02-23 06:28 . 2011-02-23 06:28	67176	----a-w-	c:\windows\system32\OpenCL.dll
2011-02-23 06:28 . 2011-02-23 06:28	6606440	----a-w-	c:\windows\system32\nvcuda.dll
2011-02-23 06:28 . 2011-02-23 06:28	57960	----a-w-	c:\windows\SysWow64\OpenCL.dll
2011-02-23 06:28 . 2011-02-23 06:28	5654120	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2011-02-23 06:28 . 2011-02-23 06:28	4942952	----a-w-	c:\windows\SysWow64\nvcuda.dll
2011-02-23 06:28 . 2011-02-23 06:28	3112040	----a-w-	c:\windows\system32\nvcuvid.dll
2011-02-23 06:28 . 2011-02-23 06:28	2895976	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2011-02-23 06:28 . 2011-02-23 06:28	2479720	----a-w-	c:\windows\system32\nvcuvenc.dll
2011-02-23 06:28 . 2011-02-23 06:28	2251368	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2011-02-23 06:28 . 2011-02-23 06:28	18580072	----a-w-	c:\windows\system32\nvcompiler.dll
2011-02-23 06:28 . 2011-02-23 06:28	1614440	----a-w-	c:\windows\system32\nvdispco642090.dll
2011-02-23 06:28 . 2011-02-23 06:28	15047272	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2011-02-23 06:28 . 2011-02-23 06:28	1359976	----a-w-	c:\windows\system32\nvgenco642040.dll
2011-02-23 06:28 . 2011-02-23 06:28	13011560	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2011-02-23 06:28 . 2011-02-23 06:28	12962792	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2011-02-23 06:28 . 2011-02-23 06:28	12862568	----a-w-	c:\windows\system32\nvd3dumx.dll
2011-02-23 06:28 . 2010-07-10 04:38	2200680	----a-w-	c:\windows\system32\nvapi64.dll
2011-02-23 06:28 . 2010-07-10 04:38	20473960	----a-w-	c:\windows\system32\nvoglv64.dll
2011-02-23 06:28 . 2010-07-10 04:38	1965672	----a-w-	c:\windows\SysWow64\nvapi.dll
2011-02-23 06:28 . 2010-07-10 04:38	10079336	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2011-02-23 06:28 . 2009-07-13 21:59	7732328	----a-w-	c:\windows\system32\nvwgf2umx.dll
2011-02-19 12:05 . 2011-03-09 15:57	1139200	----a-w-	c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-09 15:57	1544192	----a-w-	c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-09 15:57	902656	----a-w-	c:\windows\system32\d2d1.dll
2011-02-19 06:30 . 2011-03-09 15:57	1076736	----a-w-	c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-09 15:57	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
2011-02-02 17:11 . 2010-11-28 22:23	270720	------w-	c:\windows\system32\MpSigStub.exe
2011-01-17 21:10 . 2011-01-17 21:10	275360	----a-w-	c:\windows\system32\DreamScene.dll
2011-01-17 11:09 . 2011-02-23 17:49	197120	----a-w-	c:\windows\system32\d3d10_1.dll
2011-01-17 05:47 . 2011-02-23 17:49	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2011-01-15 12:41 . 2011-01-15 12:41	16384	----a-w-	c:\users\Patrice\AppData\Roaming\Setup.exe
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-04-13_18.27.27   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-04-13 17:56	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-04-13 18:44	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-04-13 18:44	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-13 17:56	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-13 17:56	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-13 18:44	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-04-13 14:22 . 2011-04-13 14:22	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-04-13 18:43 . 2011-04-13 18:43	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-04-13 18:43 . 2011-04-13 18:43	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-04-13 14:22 . 2011-04-13 14:22	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2011-04-13 18:42	346516              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-04-13 14:21	346516              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-10 16:38 . 2011-04-13 18:42	790216              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1035084798-2913511090-3409800675-1000-12288.dat
- 2011-04-10 16:38 . 2011-04-10 16:51	790216              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1035084798-2913511090-3409800675-1000-12288.dat
+ 2010-11-28 21:35 . 2011-04-13 18:42	13362468              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1035084798-2913511090-3409800675-1000-8192.dat
- 2010-11-28 21:35 . 2011-04-13 14:21	13362468              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1035084798-2913511090-3409800675-1000-8192.dat
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-29 14:26	3908192	----a-w-	c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-11-29 14:26	3908192	----a-w-	c:\program files (x86)\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-11-29 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2010-11-28 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APVXDWIN"="c:\program files (x86)\Panda Security\Panda Global Protection 2011\APVXDWIN.EXE" [2010-08-26 988480]
"SCANINICIO"="c:\program files (x86)\Panda Security\Panda Global Protection 2011\Inicio.exe" [2010-06-11 68928]
"AudioDrvEmulator"="c:\program files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" [2006-11-22 57344]
"wmagent.exe"="c:\program files (x86)\WebMoney Agent\wmagent.exe" [2009-10-19 210400]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2010-11-11 129648]
.
c:\users\Patrice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
Psi.lnk - c:\program files (x86)\Psi\Psi.exe [2009-12-3 8456704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 136176]
R3 bcm44amd64;Pilote XP du contrôleur intégré Broadcom 440x 10/100;c:\windows\system32\DRIVERS\b44amd64.sys [x]
R3 cpuz130;cpuz130;c:\users\Patrice\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-12-14 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-02-10 1038088]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot64.sys [x]
S1 ShldFlt;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShldFlt.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm6460.sys [x]
S2 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT64.SYS [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
S2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\DRIVERS\COMFiltr.sys [x]
S2 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT64.SYS [x]
S2 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetm64.SYS [x]
S2 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT64.SYS [x]
S2 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETTDI64.SYS [x]
S2 PskSvcRetail;Panda PSK service;c:\program files (x86)\Panda Security\Panda Global Protection 2011\PskSvc.exe [2010-08-16 28992]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
S2 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT64.SYS [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [x]
S3 NETIMFLT01060042;PANDA NDIS IM Filter Miniport v1.6.0.42;c:\windows\system32\DRIVERS\n64i1642.sys [x]
S3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [x]
.
.
Contenu du dossier 'Tâches planifiées'
.
2011-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-21 22:25]
.
2011-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-21 22:25]
.
2011-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1035084798-2913511090-3409800675-1000Core.job
- c:\users\Patrice\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-28 22:25]
.
2011-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1035084798-2913511090-3409800675-1000UA.job
- c:\users\Patrice\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-28 22:25]
.
2011-04-13 c:\windows\Tasks\RegCure Program Check.job
- c:\program files (x86)\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-04-13 c:\windows\Tasks\RegCure.job
- c:\program files (x86)\RegCure\RegCure.exe [2010-05-19 23:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55	99080	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55	99080	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55	99080	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55	99080	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55	99080	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55	99080	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55	99080	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55	99080	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55	99080	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\logitech gaming software\lcore.exe" [2010-11-16 104008]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.fr/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
TCP: {EA758360-F04B-4320-981E-CAF0EA4280E2} = 192.168.1.1
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
.
- - - - ORPHELINS SUPPRIMES - - - -
.
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"f:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"f:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1035084798-2913511090-3409800675-1000\Software\SecuROM\License information*]
"datasecu"=hex:43,1d,68,57,93,47,95,14,d5,c1,ed,9d,a9,fc,5b,ab,2a,14,2c,40,73,
   c7,c3,24,d6,31,92,55,c8,48,7b,f8,63,93,c5,fd,5d,ec,10,bd,d0,e9,f3,6f,07,65,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Panda Security\Panda Global Protection 2011\TPSrvWow.exe
c:\program files (x86)\PANDA SECURITY\PANDA GLOBAL PROTECTION 2011\WebProxy.exe
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Panda Security\Panda Global Protection 2011\PsCtrls.exe
c:\program files (x86)\Panda Security\Panda Global Protection 2011\PavFnSvr.exe
c:\program files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
c:\program files (x86)\Panda Security\Panda Global Protection 2011\pavsrvx86.exe
c:\program files (x86)\Panda Security\Panda Global Protection 2011\AVENGINE.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\panda security\panda global protection 2011\firewall\PSHOST.EXE
c:\program files (x86)\Panda Security\Panda Global Protection 2011\PsImSvc.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
.
**************************************************************************
.
Heure de fin: 2011-04-13  20:46:10 - La machine a redémarré
ComboFix-quarantined-files.txt  2011-04-13 18:46
ComboFix2.txt  2011-04-13 18:29
.
Avant-CF: 92*858*810*368 octets libres
Après-CF: 92*586*049*536 octets libres
.
- - End Of File - - DBC7679105EC285483F57226646B63F3
 

My Computer

OS
Windows 7 x64
You must log in or register to reply here.
Back
Top