ComboFix 15-01-29.01 - computer 21/02/2015 23:32:54.6.1 - x86Microsoft Windows XP Professionnel 5.1.2600.3.1256.213.1036.18.991.530 [GMT 1:00]Running from: d:\documents and settings\computer\Bureau\ComboFix.exe * Created a new restore point.WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..d:\windows\secure.exe..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_LogikSrv-------\Service_LogikSrv..((((((((((((((((((((((((( Files Created from 2015-01-21 to 2015-02-21 )))))))))))))))))))))))))))))))..2015-02-12 15:14 . 2008-12-11 10:57 333952 -c----w- d:\windows\system32\dllcache\srv.sys2015-02-12 15:14 . 2008-10-15 16:35 337408 -c----w- d:\windows\system32\dllcache\netapi32.dll2015-02-12 15:14 . 2015-02-12 15:14 -------- d--h--w- d:\windows\$hf_mig$2015-02-12 15:14 . 2008-10-24 11:21 455296 -c----w- d:\windows\system32\dllcache\mrxsmb.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2015-02-21 22:40 . 2014-03-29 23:06 69632 ----a-w- d:\windows\lgklsp.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Skype"="d:\program files\Skype\Phone\Skype.exe" [2014-07-02 21648480]"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-13 15360].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IMJPMIG8.1"="d:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]"PHIME2002ASync"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]"PHIME2002A"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2014-03-29 148888]"CyberClient"="c:\client_v5\p_client.exe" [2004-05-13 1182208].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-13 15360].[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="d:\\Program Files\\Skype\\Phone\\Skype.exe"="d:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=.R0 DepFrzHi;DepFrzHi;d:\windows\system32\drivers\DepFrzHi.sys [24/06/2002 11:39 12288]R0 DepFrzLo;DepFrzLo;d:\windows\system32\drivers\DepFrzLo.sys [24/06/2002 11:38 51125]R2 DFServEx;DFServEx;d:\program files\HyperTechnologies\Deep Freeze\DFServEx.exe [24/06/2002 11:38 271360]R2 LogikSrv;Indispensable pour CYBERLOGIK ;d:\windows\secure.exe --> d:\windows\secure.exe [?]R2 SkypeUpdate;Skype Updater;d:\program files\Skype\Updater\Updater.exe [03/04/2014 20:21 315008].--- Other Services/Drivers In Memory ---.*NewlyCreated* - LOGIKSRV.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-12-20 00:58 1087816 ----a-w- d:\program files\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2015-02-21 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job- d:\program files\Google\Update\GoogleUpdate.exe [2014-03-29 22:49].2015-02-21 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job- d:\program files\Google\Update\GoogleUpdate.exe [2014-03-29 22:49]..------- Supplementary Scan -------.uInternet Connection Wizard,ShellNext = hxxp://upload.sosvirus.org/index.htmlIE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000TCP: Interfaces\{F02E13E5-22CF-4B26-BD45-388F8FCABF23}: NameServer = 208.67.222.222FF - ProfilePath - d:\documents and settings\computer\Application Data\Mozilla\Firefox\Profiles\7k7rvsd1.default\..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2015-02-21 23:40Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'Explorer.EXE'(1488)d:\windows\system32\eappprxy.dll.Completion time: 2015-02-21 23:39:24 - machine was rebootedComboFix-quarantined-files.txt 2015-02-21 22:39ComboFix2.txt 2015-02-01 10:31ComboFix3.txt 2014-12-06 00:14ComboFix4.txt 2014-07-02 12:03ComboFix5.txt 2015-02-21 22:30.Pre-Run: 21218992128 octets libresPost-Run: 21209448448 octets libres.- - End Of File - - BEF5904C730B5C80931EF34D24C9B712C99C3199CFAA4CBDCD91493F6D113A50