Vous êtes sur la page 1sur 3

ComboFix 15-01-29.01 - computer 21/02/2015 23:32:54.6.

1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1256.213.1036.18.991.530 [GMT 1:0
0]
Running from: d:\documents and settings\computer\Bureau\ComboFix.exe
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
)))))))))))))))))))))))))))))
.
.
d:\windows\secure.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))
))))))))))))))))))))))))))))))
.
.
-------\Legacy_LogikSrv
-------\Service_LogikSrv
.
.
((((((((((((((((((((((((( Files Created from 2015-01-21 to 2015-02-21 )))))))
))))))))))))))))))))))))
.
.
2015-02-12 15:14 . 2008-12-11 10:57
333952 -c----wd:\windows\syste
m32\dllcache\srv.sys
2015-02-12 15:14 . 2008-10-15 16:35
337408 -c----wd:\windows\syste
m32\dllcache\netapi32.dll
2015-02-12 15:14 . 2015-02-12 15:14
-------d--h--wd:\windo
ws\$hf_mig$
2015-02-12 15:14 . 2008-10-24 11:21
455296 -c----wd:\windows\syste
m32\dllcache\mrxsmb.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
)))))))))))))))))))))))))))))))
.
2015-02-21 22:40 . 2014-03-29 23:06
69632 ----a-wd:\windows\lgkls
p.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2014-07-02 21648480]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="d:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455

168]
"PHIME2002A"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [
2006-10-26 31016]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_s
l.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2014-03-29 14
8888]
"CyberClient"="c:\client_v5\p_client.exe" [2004-05-13 1182208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
edApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 DepFrzHi;DepFrzHi;d:\windows\system32\drivers\DepFrzHi.sys [24/06/2002 11:39
12288]
R0 DepFrzLo;DepFrzLo;d:\windows\system32\drivers\DepFrzLo.sys [24/06/2002 11:38
51125]
R2 DFServEx;DFServEx;d:\program files\HyperTechnologies\Deep Freeze\DFServEx.exe
[24/06/2002 11:38 271360]
R2 LogikSrv;Indispensable pour CYBERLOGIK ;d:\windows\secure.exe --> d:\windows\
secure.exe [?]
R2 SkypeUpdate;Skype Updater;d:\program files\Skype\Updater\Updater.exe [03/04/2
014 20:21 315008]
.
--- Other Services/Drivers In Memory --.
*NewlyCreated* - LOGIKSRV
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D3
45-D564-463c-AFF1-A69D9E530F96}]
2014-12-20 00:58
1087816 ----a-wd:\program files\Google\Chrome\A
pplication\39.0.2171.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-21 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2014-03-29 22:49]
.
2015-02-21 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2014-03-29 22:49]
.
.
------- Supplementary Scan ------.
uInternet Connection Wizard,ShellNext = hxxp://upload.sosvirus.org/index.html
IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/300

0
TCP: Interfaces\{F02E13E5-22CF-4B26-BD45-388F8FCABF23}: NameServer = 208.67.222.
222
FF - ProfilePath - d:\documents and settings\computer\Application Data\Mozilla\F
irefox\Profiles\7k7rvsd1.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net
Rootkit scan 2015-02-21 23:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes --------------------.
- - - - - - - > 'Explorer.EXE'(1488)
d:\windows\system32\eappprxy.dll
.
Completion time: 2015-02-21 23:39:24 - machine was rebooted
ComboFix-quarantined-files.txt 2015-02-21 22:39
ComboFix2.txt 2015-02-01 10:31
ComboFix3.txt 2014-12-06 00:14
ComboFix4.txt 2014-07-02 12:03
ComboFix5.txt 2015-02-21 22:30
.
Pre-Run: 21218992128 octets libres
Post-Run: 21209448448 octets libres
.
- - End Of File - - BEF5904C730B5C80931EF34D24C9B712
C99C3199CFAA4CBDCD91493F6D113A50