Jump to content
Perduedslesbois

Trojan infection pls help!

Recommended Posts

Hi M. :)

 

I can't delete the registry keys like before. And I can't delete the avgntflt.sys.. it says: "ERROR ACCESS DENIED. Check if the disk is full or protected in writting and that the file is not currently in use"

 

I find that weird that I have Avira stuff in in my system32!

 

Thx again and good night, I'll be back tomorrow :)

Share this post


Link to post
Share on other sites

Please download the correct version of SystemLook for your computer and save it to your desktop.
You can check here if you're not sure if your computer is 32-bit or 64-bit

SystemLook 32-bit x86 | or | SystemLook 64-bit x64

  • If using Windows XP just double click on SystemLook.exe to run it.
  • For all other versions of Windows, right click over SystemLook.exe or SystemLook_x64.exe and choose Run as administrator to run it
  • Copy the contents of the following code box into the main text field - including the colon characters.
    :filefind*avgntflt**avguard**Avira**java*:folderfind*avgntflt**avguard**Avira**java*:regfindAvirajavaAntiVirService
  • Click the Look button to start the scan
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop named SystemLook.txt

Share this post


Link to post
Share on other sites

Hi M. :)

 

First of all, I'm sorry but I forgot to tell you that I did not remove Java from my computer yet, cause I know that a lot of sites use it. And you did not specialy mention a problem about this program in my computer.... so I hope you did not wrote it in the search cause you were wondering why there is still Java files showing. If so, I am really sorry! (There is a lot of them!)

 

And I don't know if this report will show all the Avira stuff, but I wanted to tell you that the mini driver I told you about in my system 32 was just an exemple beyond many, I have other Avira files in my system32 with other names too.

 

Here:

 

P.S. Do you want me to scan the system again without asking for java stuff? It will be easier for you to read the report...

SystemLook.txt

Share this post


Link to post
Share on other sites

I'm sorry but I forgot to tell you that I did not remove Java from my computer yet, cause I know that a lot of sites use it.

Actually very few sites use it. Some sites with children's games run it and some with server control type programs but in "most" cases if a site requires Java then you better beware that site. I've scoured thousands of websites searching for malware as well as all types of various general and specialty websites and only a couple "require" Java. Personally if a site requires Java I would look for another site as that one is probably doing something underhanded with your computer or your information. Now if you're thinking of JavaScript that is something completely different and not the same thing.

Please send me a list of sites that you think require Java and I'll check them out for you (you can send it via a PM if you like) but again, aside from a few sites that do freebie games for kids you really should not need Java. There are certainly some exceptions but keeping Java because some site tells you it needs Java is probably because they're looking to either steal data from you or infect you or they've just never updated their old site. Sorry, but I'm quite anti-Java as you can tell. I have to use Java myself but that is because I want to use a GUI to connect to some Server applications that want it but aside from that I don't allow Java to run on any websites I visit.

So regardless if you want or use Java or not, for now please uninstall ALL versions of Java and when we're done here if you do want it then you can reinstall it.

Thanks

Share this post


Link to post
Share on other sites

Hi M. :)

 

Thx for this answer. O no, I am not a fan of Java! I don't know very well this program( hehe and the difference with Javascript) and I read here in other posts that this program is not good with security problems; that is why I asked you if it was ok to remove it.

 

I am very surprised about what you said, and happy to learn that sites who requires it can be bads! But you know what? The first time I got Java on my computer is because of my internet company! O.O I needed it to go on their site! Wow, it doesn't make me confident about them!

 

Is there any program to replace Java? Cause I am not a big net surfer but I think most of my sites need it :( Thanks for helping me with my sites list! :) Here:

 

videotron.com (my internet cable company)

youtube.com

dailymotion.com

miniclip.com ( one of my favorite! Go there each day!)

wizard101.com

gsn.com

google.ca (search browser)

....and now here! And security-x.fr

 

..and other sites when I do some researchs but now I know that it's not good to go where they ask to have Java! :D

 

.. Do I need to run the System scan again?

Share this post


Link to post
Share on other sites

Hi M. :)

 

Thx for this answer. O no, I am not a fan of Java! I don't know very well this program( hehe and the difference with Javascript) and I read here in other posts that this program is not good with security problems; that is why I asked you if it was ok to remove it.

 

I am very surprised about what you said, and happy to learn that sites who requires it can be bads! But you know what? The first time I got Java on my computer is because of my internet company! O.O I needed it to go on their site! Wow, it doesn't make me confident about them!

 

Is there any program to replace Java? Cause I am not a big net surfer but I think most of my sites need it :( Thanks for helping me with my sites list! :) Here:

 

videotron.com (my internet cable company)  - No Java Required

youtube.com  - No Java Required

dailymotion.com  - No Java Required

miniclip.com ( one of my favorite! Go there each day!)  (Possibly need Java for some content, other content requires the Unity Web Player)

wizard101.com  (Does not list Java as a requirement, https://www.wizard101.com/game/system-requirements )

gsn.com  (not positive but I think these are all Flash Games, not Java based)

google.ca (search browser)  - No Java Required

....and now here! And security-x.fr  -  No Java Required for our site or this one.

 

..and other sites when I do some researchs but now I know that it's not good to go where they ask to have Java! :D

 

.. Do I need to run the System scan again?

 

 

Yes, for now please uninstall all versions of Java and run the scan again please.

Share this post


Link to post
Share on other sites

My my!! PROBLEM again!.....

 

I removed Java and reboot the computer. I tried to run the scan system, error. So I replaced it by a new download, error. So I put the system exe and the system txt in garbage; to start new. So I fresh dowload the system scan and tried again to run it, ERROR!

 

So now after a few seconds, there is always an error message when I run it :( So I am unable to do the scan. It says that windows had a problem running the program and need to close.

 

And! If I make a search with the word java, there still plenty of stuff..is it normal?

 

 

post-144080-0-80065400-1378432617_thumb.

Share this post


Link to post
Share on other sites

Hi M. :)

 

... Awww it was just to lose your time and mine by posting pointless message!.. I continued to try the scan again and again and finally it worked! :P

 

So, here:

 

And I am very happy to learned that my sites don't need Java. I play mostly games and I thought I needed it. But I am surprise about my internet company...

 

..Oh, and do you have a link where I can learn what is java script? And the difference between?Thx :)

 

Waiting your instructions

SystemLook.txt

Share this post


Link to post
Share on other sites

Please save the attached file CFScript.txt to your computer.  Do not run it from your Web browser.  You need to save it to your computer in the same location as Combofix.exe

 

Then close all open Web browsers and programs and then drag and drop CFScript.txxt onto Combofix.exe to run it.

 

When done it will produce a new log, please post that log.

 

Thanks

 

CFScript.txt

Share this post


Link to post
Share on other sites

Hi M. :)

 

I ran combofix and it was about to reboot the computer but it froze while the desktop had disapeared; the machine looked lost in a "loop". I wait more than 20 minutes and I finally shut down the machine manually.

 

It scared me cause it never happened before with my computer! :(

 

But in the start all seems ok and combofix produced the log, here:

 

ComboFix 13-09-06.01 - home 2013-09-06  22:23:50.7.2 - x86
Microsoft Windows XP Professionnel  5.1.2600.3.1252.2.1036.18.2015.1641 [GMT -4:00]
Lancé depuis: c:\documents and settings\home\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\home\Bureau\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
FILE ::
"c:\docume~1\home\LOCALS~1\APPLIC~1\ASKTOO~2\DOWNLO~1\AVIRAT~1.DLL"
"c:\documents and settings\home\Local Settings\Application Data\AskToolbar\Downloaded Program Files\AviraTrans.dll"
"c:\documents and settings\home\Local Settings\temp\java_install_reg.log"
"c:\documents and settings\home\Recent\avira_registry_cleaner_en.zip.lnk"
"c:\documents and settings\home\Recent\FIXAVIRA.lnk"
"c:\documents and settings\home\Recent\java.JPG.lnk"
"c:\frst\Quarantine\Avira\AntiVir Desktop\avgntflt.inf"
"c:\windows\Prefetch\JAVAW.EXE-2DC32ABC.pf"
"c:\windows\system32\deployJava1.dll"
"c:\windows\system32\drivers\avgntflt.sys"
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Avira
c:\documents and settings\All Users\Application Data\Avira(2)
c:\documents and settings\All Users\Application Data\Avira(2)\AntiVir Desktop(2)\EVENTDB(2)\avevtdb.dbe
c:\documents and settings\All Users\Application Data\Avira(2)\AntiVir Desktop(2)\LOGFILES(2)\sched.log
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\CONFIG\avwin.ini
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\avevtdb.dbe
c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\LOGFILES\sched.log
c:\documents and settings\home\Application Data\Avira
c:\windows\Sun
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2013-08-07 au 2013-09-07  ))))))))))))))))))))))))))))))))))))
.
.
2013-09-02 08:54 . 2013-09-02 08:54 -------- d-----w- c:\documents and settings\home\Application Data\Comodo
2013-09-02 08:21 . 2013-09-02 08:21 -------- d-----w- c:\program files\Fichiers communs\COMODO
2013-09-02 08:08 . 2013-09-07 03:03 248001 ----a-w- c:\windows\system32\drivers\sfi.dat
2013-09-02 08:06 . 2013-09-02 08:07 -------- d-s---w- c:\documents and settings\All Users\Application Data\Shared Space
2013-09-02 07:13 . 2013-09-02 07:13 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\COMODO
2013-09-02 07:13 . 2013-09-02 07:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\COMODO
2013-09-02 07:10 . 2013-09-02 07:10 48392 ----a-w- c:\windows\system32\certsentry.dll
2013-09-02 07:07 . 2013-09-02 07:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2013-08-28 16:30 . 2013-08-28 16:30 -------- d--h--w- c:\windows\PIF
2013-08-20 02:25 . 2013-08-20 02:29 -------- d-----w- c:\program files\ERUNT
2013-08-19 07:47 . 2013-08-25 21:28 -------- d-----w- C:\FRST
2013-08-19 00:35 . 2013-08-19 01:35 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-08-16 20:10 . 2013-08-16 20:10 -------- d-----w- c:\windows\Logs
2013-08-16 19:41 . 2013-08-16 19:42 -------- d-----w- c:\windows\system32\NtmsData
2013-08-16 19:34 . 2013-08-16 19:34 -------- d-----w- C:\boot
2013-08-16 19:34 . 2013-08-28 16:34 -------- d-----w- c:\program files\Macrium
2013-08-16 19:27 . 2013-08-16 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrium
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-09 01:59 . 2013-07-09 01:59 587352 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2013-06-28 20:02 . 2013-06-28 20:02 16504 ----a-w- c:\windows\system32\drivers\pssnap.sys
2013-06-18 20:16 . 2013-06-18 20:16 99520 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-06-18 20:16 . 2013-06-18 20:16 32816 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-06-18 20:16 . 2013-06-18 20:16 18528 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-06-18 20:15 . 2013-06-18 20:15 35488 ----a-w- c:\windows\system32\cmdcsr.dll
2013-06-18 20:15 . 2013-06-18 20:15 348584 ----a-w- c:\windows\system32\guard32.dll
2013-06-18 20:15 . 2013-06-18 20:15 40664 ----a-w- c:\windows\system32\cmdkbd32.dll
2013-06-18 20:15 . 2013-06-18 20:15 278232 ----a-w- c:\windows\system32\cmdvrt32.dll
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-09-30 1740288]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2012-05-30 1842384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-07-09 1464536]
"gbrspcontrol"="c:\program files\Fichiers communs\COMODO\GeekBuddyRSP.exe" [2013-05-30 1851088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
Start GeekBuddy.lnk - c:\program files\Comodo\GeekBuddy\launcher.exe "unit_manager.exe" [2013-7-24 49360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Fichiers communs\Comodo\GeekBuddyRSP.exe"= c:\program files\Fichiers communs\Comodo\GeekBuddyRSP.exe:127.0.0.1/255.255.255.255:Enabled:GeekBuddy RSP
"c:\\Program Files\\File Type Assistant\\TSAssist.exe"=
"c:\\Program Files\\FinalMediaPlayer\\FMPCheckForUpdates.exe"=
.
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [07/05/2013 03:00 36112]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [18/06/2013 16:16 18528]
R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [08/07/2013 21:59 587352]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [18/06/2013 16:16 32816]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Fichiers communs\COMODO\launcher_service.exe [24/07/2013 08:50 70352]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [01/08/2013 07:20 2095808]
R2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files\Fichiers communs\COMODO\GeekBuddyRSP.exe [30/05/2013 08:47 1851088]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [30/03/2011 12:09 109728]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [08/04/2013 19:47 418376]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08/04/2013 19:47 22856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08/04/2013 19:47 701512]
S3 ADM8511;Belkin USB Ethernet Adapter;c:\windows\system32\drivers\NET8511.SYS [30/03/2011 11:44 24424]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\Comodo\COMODO Internet Security\cmdvirth.exe [18/06/2013 16:15 127192]
S3 WIMMount;WIMMount;\??\c:\program files\Macrium\Reflect\wimmount.sys --> c:\program files\Macrium\Reflect\wimmount.sys [?]
.
Contenu du dossier 'Tâches planifiées'
.
2013-09-07 c:\windows\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-09 01:59]
.
2013-09-07 c:\windows\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-09 01:59]
.
2013-09-07 c:\windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-09 01:59]
.
2013-09-07 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-09 01:59]
.
2013-09-07 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2013-04-10 21:24]
.
2013-09-07 c:\windows\Tasks\ProgramRefresh-ATFST.job
- c:\program files\File Type Assistant\TSASetup.exe [2013-04-10 01:18]
.
2013-09-07 c:\windows\Tasks\ProgramUpdateCheck.job
- c:\program files\File Type Assistant\tsassist.exe [2013-04-10 17:09]
.
.
------- Examen supplémentaire -------
.


TCP: DhcpNameServer = 24.201.245.77 24.200.0.1 24.53.0.2
TCP: Interfaces\{E09B6166-8D26-46DF-B5DC-F2814CD3551F}: NameServer = 156.154.70.25,156.154.71.25
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-06 23:04
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"v5Licence0"="15-YKNE-76RZ-ZWT9-D88T-YNWW-P4V9WWS"
"Activated"="N"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'lsass.exe'(780)
c:\windows\system32\guard32.dll
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
.
- - - - - - - > 'explorer.exe'(2264)
c:\windows\system32\guard32.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\program files\Atomic Alarm Clock\Clock.dll
c:\windows\system32\webcheck.dll
.
- - - - - - - > 'csrss.exe'(696)
c:\windows\system32\cmdcsr.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\COMODO\COMODO Internet Security\cavwp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Comodo\GeekBuddy\unit_manager.exe
c:\program files\Comodo\GeekBuddy\unit.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\COMODO\COMODO Internet Security\cis.exe
.
**************************************************************************
.
Heure de fin: 2013-09-06  23:08:27 - La machine a redémarré
ComboFix-quarantined-files.txt  2013-09-07 03:08
ComboFix2.txt  2013-09-04 03:30
ComboFix3.txt  2013-09-04 02:12
ComboFix4.txt  2013-09-02 09:37
ComboFix5.txt  2013-09-07 02:20
.
Avant-CF: 26 326 577 152 octets libres
Après-CF: 26 328 424 448 octets libres
.
- - End Of File - - 9DF50BBD65023C2992CEFCD71647693C
C99C3199CFAA4CBDCD91493F6D113A50
 

Share this post


Link to post
Share on other sites

Please restart the computer one more time and then run the following.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


 

Share this post


Link to post
Share on other sites

Hi M. :)

 

Here the FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2013 02
Ran by home (administrator) on IBMCAMRESEAU on 07-09-2013 10:00:30
Running from C:\Documents and Settings\home\Bureau
Microsoft Windows XP Professionnel Service Pack 3 (X86) OS Language: French Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Comodo Security Solutions Inc.) C:\Program Files\Fichiers communs\COMODO\launcher_service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
() C:\Program Files\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Fichiers communs\COMODO\GeekBuddyRSP.exe
(Intel Corporation) C:\WINDOWS\system32\IProsetMonitor.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Fichiers communs\COMODO\GeekBuddyRSP.exe
() C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
(Gadwin Systems, Inc) C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\GeekBuddy\unit.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1464536 2013-07-08] (COMODO)
HKLM\...\Run: [gbrspcontrol] - C:\Program Files\Fichiers communs\COMODO\GeekBuddyRSP.exe [1851088 2013-05-30] (Comodo Security Solutions, Inc.)
Winlogon\Notify\igfxcui: igfxsrvc.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HonorAutoRunSetting] 1
HKLM\...\Policies\Explorer: [NoDriveAutoRun] 67108863
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun] 323
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [skinClock] - C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe [1740288 2008-09-30] ()
HKCU\...\Run: [Gadwin PrintScreen] - C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [1842384 2012-05-30] (Gadwin Systems, Inc)
HKCU\...\Policies\Explorer: [NoDriveTypeAutoRun] 323
HKCU\...\Policies\Explorer: [NoDriveAutoRun] 67108863
HKCU\...\Policies\Explorer: [NoDrives] 0
Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/defaultf.aspx?ocid=iehp
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU -&Liens - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 24.201.245.77 24.200.0.1 24.53.0.2
Tcpip\..\Interfaces\{E09B6166-8D26-46DF-B5DC-F2814CD3551F}: [NameServer]156.154.70.25,156.154.71.25

========================== Services (Whitelisted) =================

R2 CLPSLauncher; C:\Program Files\Fichiers communs\COMODO\launcher_service.exe [70352 2013-07-24] (Comodo Security Solutions Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [4801304 2013-07-08] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [127192 2013-06-18] (COMODO)
R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2095808 2013-08-01] ()
R2 GeekBuddyRSP; C:\Program Files\Fichiers communs\COMODO\GeekBuddyRSP.exe [1851088 2013-05-30] (Comodo Security Solutions, Inc.)
R2 Intel® PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [109728 2011-01-17] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 AntiVirService; "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 ADM8511; C:\Windows\System32\DRIVERS\NET8511.SYS [24424 2000-12-12] (ADMtek)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [66616 2011-12-14] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [138192 2011-12-14] (Avira GmbH)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [36112 2013-05-07] (Windows ® Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [18528 2013-06-18] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [587352 2013-07-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [32816 2013-06-18] (COMODO)
R3 E1000; C:\Windows\System32\DRIVERS\e1000325.sys [171152 2011-03-30] (Intel Corporation)
R3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [737874 2004-08-20] (Intel Corporation)
R0 Inspect; C:\Windows\System32\DRIVERS\inspect.sys [99520 2013-06-18] (COMODO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 WDM_YAMAHAAC97; C:\Windows\System32\drivers\yacxgc.sys [205440 2003-06-27] (YAMAHA CORPORATION)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 WIMMount; \??\C:\Program Files\Macrium\Reflect\wimmount.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-06 23:08 - 2013-09-06 23:08 - 00011678 _____ C:\ComboFix.txt
2013-09-05 21:46 - 2013-09-05 21:59 - 00080356 _____ C:\Documents and Settings\home\Bureau\SystemLook.txt
2013-09-05 21:46 - 2013-09-05 21:46 - 00139264 _____ C:\Documents and Settings\home\Bureau\SystemLook.exe
2013-09-02 04:54 - 2013-09-02 04:54 - 00000000 ____D C:\Documents and Settings\home\Application Data\Comodo
2013-09-02 04:21 - 2013-09-02 04:21 - 00000000 ____D C:\Program Files\Fichiers communs\COMODO
2013-09-02 04:08 - 2013-09-07 09:58 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
2013-09-02 04:08 - 2013-09-07 09:58 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
2013-09-02 04:08 - 2013-09-07 09:58 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
2013-09-02 04:08 - 2013-09-07 09:58 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
2013-09-02 04:08 - 2013-09-07 04:09 - 00248384 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2013-09-02 04:06 - 2013-09-02 04:07 - 00000000 ___SD C:\Documents and Settings\All Users\Application Data\Shared Space
2013-09-02 04:03 - 2013-09-02 04:03 - 00000746 _____ C:\WINDOWS\system32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
2013-09-02 04:01 - 2013-09-02 04:01 - 150622552 _____ (COMODO) C:\Documents and Settings\home\Bureau\cispro_installer.exe
2013-09-02 03:13 - 2013-09-02 03:13 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\COMODO
2013-09-02 03:10 - 2013-09-02 03:10 - 00048392 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.dll
2013-09-02 03:07 - 2013-09-02 03:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Comodo Downloader
2013-08-28 12:30 - 2013-08-28 12:30 - 00000000 ___HD C:\WINDOWS\PIF
2013-08-28 01:49 - 2013-08-28 01:49 - 00353352 _____ (Malwarebytes Corporation) C:\Documents and Settings\home\Bureau\mbam-check-2.0.0.1000.exe
2013-08-28 01:49 - 2013-08-28 01:49 - 00029598 _____ C:\Documents and Settings\home\Bureau\CheckResults.txt
2013-08-25 23:52 - 2013-09-07 09:59 - 01081843 _____ (Farbar) C:\Documents and Settings\home\Bureau\FRST.exe
2013-08-25 20:43 - 2013-08-25 20:43 - 11260240 _____ (Microsoft Corporation) C:\Documents and Settings\home\Bureau\mseinstall.exe
2013-08-24 15:40 - 2013-08-24 15:40 - 00010398 _____ C:\list.txt
2013-08-24 15:21 - 2013-08-24 15:21 - 00010398 _____ C:\liste.txt
2013-08-23 11:55 - 2013-08-23 11:55 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-08-23 11:55 - 2013-08-23 11:55 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2013-08-23 11:55 - 2013-08-23 11:55 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2013-08-23 11:55 - 2013-08-23 11:55 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-08-23 11:55 - 2013-08-23 11:55 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2013-08-23 00:46 - 2013-08-23 00:48 - 00000000 ____D C:\WINDOWS\pss
2013-08-22 21:22 - 2013-09-06 22:19 - 05120615 ____R (Swearware) C:\Documents and Settings\home\Bureau\ComboFix.exe
2013-08-20 19:10 - 2013-08-20 19:10 - 00005536 _____ C:\Documents and Settings\home\Bureau\xpnetdiag.xml
2013-08-19 22:25 - 2013-08-19 22:29 - 00000000 ____D C:\Program Files\ERUNT
2013-08-19 22:25 - 2013-08-19 22:25 - 00000617 _____ C:\Documents and Settings\home\Bureau\NTREGOPT.lnk
2013-08-19 22:25 - 2013-08-19 22:25 - 00000598 _____ C:\Documents and Settings\home\Bureau\ERUNT.lnk
2013-08-19 22:24 - 2013-08-19 22:24 - 00791393 _____ (Lars Hederer                                                ) C:\Documents and Settings\home\Bureau\erunt-setup.exe
2013-08-19 03:47 - 2013-08-25 17:28 - 00000000 ____D C:\FRST
2013-08-19 02:42 - 2013-08-19 02:42 - 00000000 _RSHD C:\cmdcons
2013-08-19 02:42 - 2011-03-30 10:53 - 00000212 _____ C:\Boot.bak
2013-08-19 02:42 - 2004-08-03 23:00 - 00263488 __RSH C:\cmldr
2013-08-19 02:40 - 2011-06-26 02:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-08-19 02:40 - 2010-11-07 13:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-08-19 02:40 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-08-19 02:40 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-08-19 02:40 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-08-19 02:40 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-08-19 02:40 - 2000-08-30 20:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-08-19 02:40 - 2000-08-30 20:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-08-19 02:40 - 2000-08-30 20:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-08-19 02:39 - 2013-09-06 23:08 - 00000000 ____D C:\Qoobox
2013-08-19 02:27 - 2013-08-19 02:28 - 00002776 _____ C:\Documents and Settings\home\Bureau\Rkill.txt
2013-08-19 02:27 - 2013-08-19 02:27 - 01898112 _____ (Bleeping Computer, LLC) C:\Documents and Settings\home\Bureau\rkill.exe
2013-08-18 20:35 - 2013-08-18 21:35 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-08-16 20:12 - 2013-08-23 11:55 - 00000000 ____D C:\WINDOWS\erdnt
2013-08-16 16:41 - 2013-08-28 12:35 - 00011071 _____ C:\Documents and Settings\home\Bureau\attach.txt
2013-08-16 16:41 - 2013-08-28 12:35 - 00006134 _____ C:\Documents and Settings\home\Bureau\dds.txt
2013-08-16 16:40 - 2013-08-16 16:40 - 00000000 ___RD C:\Documents and Settings\home\Mes documents\Mes vidéos
2013-08-16 15:41 - 2013-08-16 15:42 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2013-08-16 15:34 - 2013-08-28 12:34 - 00000000 ____D C:\Program Files\Macrium
2013-08-16 15:30 - 2013-08-16 15:31 - 00000000 ____D C:\Documents and Settings\home\Mes documents\Macrium
2013-08-16 15:27 - 2013-08-16 16:06 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Macrium
2013-08-16 15:06 - 2013-08-16 15:06 - 00688992 ____R (Swearware) C:\Documents and Settings\home\Bureau\dds.com
2013-08-08 03:34 - 2013-08-08 05:07 - 00331324 _____ C:\Documents and Settings\home\Mes documents\Layout.ini

==================== One Month Modified Files and Folders =======

2013-09-07 10:00 - 2011-03-30 11:41 - 00000000 ____D C:\Documents and Settings\home\Bureau
2013-09-07 09:59 - 2013-08-25 23:52 - 01081843 _____ (Farbar) C:\Documents and Settings\home\Bureau\FRST.exe
2013-09-07 09:58 - 2013-09-02 04:08 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
2013-09-07 09:58 - 2013-09-02 04:08 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
2013-09-07 09:58 - 2013-09-02 04:08 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
2013-09-07 09:58 - 2013-09-02 04:08 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
2013-09-07 09:52 - 2011-03-30 05:29 - 00588861 _____ C:\WINDOWS\setupapi.log
2013-09-07 04:09 - 2013-09-02 04:08 - 00248384 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2013-09-06 23:21 - 2011-03-30 10:57 - 01521316 _____ C:\WINDOWS\WindowsUpdate.log
2013-09-06 23:20 - 2013-04-09 21:16 - 00000392 _____ C:\WINDOWS\Tasks\ProgramUpdateCheck.job
2013-09-06 23:20 - 2013-04-09 21:16 - 00000384 _____ C:\WINDOWS\Tasks\Final Media Player Update Checker.job
2013-09-06 23:20 - 2011-12-14 20:33 - 00000757 _____ C:\Documents and Settings\home\Application Data\AtomicAlarmClock.ini
2013-09-06 23:20 - 2011-03-30 11:39 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-09-06 23:19 - 2011-03-30 11:41 - 00000184 ___SH C:\Documents and Settings\home\ntuser.ini
2013-09-06 23:19 - 2011-03-30 11:39 - 00032582 _____ C:\WINDOWS\SchedLgU.Txt
2013-09-06 23:09 - 2011-03-30 11:01 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-09-06 23:08 - 2013-09-06 23:08 - 00011678 _____ C:\ComboFix.txt
2013-09-06 23:08 - 2013-08-19 02:39 - 00000000 ____D C:\Qoobox
2013-09-06 23:04 - 2004-08-05 08:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-09-06 23:03 - 2004-08-05 08:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2013-09-06 22:30 - 2011-03-30 05:30 - 00000000 ____D C:\Program Files\Fichiers communs
2013-09-06 22:19 - 2013-08-22 21:22 - 05120615 ____R (Swearware) C:\Documents and Settings\home\Bureau\ComboFix.exe
2013-09-06 21:18 - 2013-04-09 21:18 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\FileTypeAssistant
2013-09-06 21:18 - 2013-04-09 21:16 - 00000448 _____ C:\WINDOWS\Tasks\ProgramRefresh-ATFST.job
2013-09-06 21:18 - 2013-04-09 21:16 - 00000000 ____D C:\Program Files\File Type Assistant
2013-09-05 23:35 - 2013-01-07 04:25 - 00000000 ___RD C:\Documents and Settings\home\Mes documents\Mes images
2013-09-05 21:59 - 2013-09-05 21:46 - 00080356 _____ C:\Documents and Settings\home\Bureau\SystemLook.txt
2013-09-05 21:55 - 2013-02-04 10:50 - 00000000 ____D C:\Documents and Settings\home\Mes documents\PrintScreen Files
2013-09-05 21:55 - 2011-03-30 05:33 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-09-05 21:55 - 2011-03-30 05:33 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-09-05 21:46 - 2013-09-05 21:46 - 00139264 _____ C:\Documents and Settings\home\Bureau\SystemLook.exe
2013-09-04 00:09 - 2011-03-30 11:41 - 00000000 ____D C:\Documents and Settings\home
2013-09-02 05:07 - 2011-03-30 10:56 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-09-02 04:54 - 2013-09-02 04:54 - 00000000 ____D C:\Documents and Settings\home\Application Data\Comodo
2013-09-02 04:54 - 2013-01-22 19:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\COMODO
2013-09-02 04:22 - 2013-01-22 19:41 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO
2013-09-02 04:22 - 2011-03-30 05:30 - 00000000 ____D C:\Documents and Settings\All Users\Bureau
2013-09-02 04:21 - 2013-09-02 04:21 - 00000000 ____D C:\Program Files\Fichiers communs\COMODO
2013-09-02 04:07 - 2013-09-02 04:06 - 00000000 ___SD C:\Documents and Settings\All Users\Application Data\Shared Space
2013-09-02 04:05 - 2013-01-22 19:37 - 00000000 ____D C:\Program Files\Comodo
2013-09-02 04:03 - 2013-09-02 04:03 - 00000746 _____ C:\WINDOWS\system32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
2013-09-02 04:01 - 2013-09-02 04:01 - 150622552 _____ (COMODO) C:\Documents and Settings\home\Bureau\cispro_installer.exe
2013-09-02 03:13 - 2013-09-02 03:13 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\COMODO
2013-09-02 03:10 - 2013-09-02 03:10 - 00048392 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.dll
2013-09-02 03:10 - 2013-01-22 19:37 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\COMODO
2013-09-02 03:07 - 2013-09-02 03:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Comodo Downloader
2013-09-02 01:38 - 2011-03-30 12:33 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2013-08-28 12:35 - 2013-08-16 16:41 - 00011071 _____ C:\Documents and Settings\home\Bureau\attach.txt
2013-08-28 12:35 - 2013-08-16 16:41 - 00006134 _____ C:\Documents and Settings\home\Bureau\dds.txt
2013-08-28 12:34 - 2013-08-16 15:34 - 00000000 ____D C:\Program Files\Macrium
2013-08-28 12:30 - 2013-08-28 12:30 - 00000000 ___HD C:\WINDOWS\PIF
2013-08-28 01:49 - 2013-08-28 01:49 - 00353352 _____ (Malwarebytes Corporation) C:\Documents and Settings\home\Bureau\mbam-check-2.0.0.1000.exe
2013-08-28 01:49 - 2013-08-28 01:49 - 00029598 _____ C:\Documents and Settings\home\Bureau\CheckResults.txt
2013-08-25 20:59 - 2012-01-18 20:59 - 00001919 _____ C:\WINDOWS\epplauncher.mif
2013-08-25 20:43 - 2013-08-25 20:43 - 11260240 _____ (Microsoft Corporation) C:\Documents and Settings\home\Bureau\mseinstall.exe
2013-08-25 17:28 - 2013-08-19 03:47 - 00000000 ____D C:\FRST
2013-08-24 15:40 - 2013-08-24 15:40 - 00010398 _____ C:\list.txt
2013-08-24 15:21 - 2013-08-24 15:21 - 00010398 _____ C:\liste.txt
2013-08-23 11:55 - 2013-08-23 11:55 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-08-23 11:55 - 2013-08-23 11:55 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2013-08-23 11:55 - 2013-08-23 11:55 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2013-08-23 11:55 - 2013-08-23 11:55 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-08-23 11:55 - 2013-08-23 11:55 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2013-08-23 11:55 - 2013-08-16 20:12 - 00000000 ____D C:\WINDOWS\erdnt
2013-08-23 11:55 - 2011-03-30 05:29 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.bak
2013-08-23 11:55 - 2011-03-30 05:29 - 00024576 _____ C:\WINDOWS\system32\config\SAM.bak
2013-08-23 11:55 - 2011-03-30 05:28 - 13631488 _____ C:\WINDOWS\system32\config\software.bak
2013-08-23 11:55 - 2011-03-30 05:28 - 04456448 _____ C:\WINDOWS\system32\config\system.bak
2013-08-23 11:55 - 2011-03-30 05:28 - 00262144 _____ C:\WINDOWS\system32\config\default.bak
2013-08-23 00:48 - 2013-08-23 00:46 - 00000000 ____D C:\WINDOWS\pss
2013-08-23 00:48 - 2011-03-30 05:28 - 00000328 __RSH C:\boot.ini
2013-08-23 00:48 - 2004-08-05 08:00 - 00000507 _____ C:\WINDOWS\win.ini
2013-08-20 19:10 - 2013-08-20 19:10 - 00005536 _____ C:\Documents and Settings\home\Bureau\xpnetdiag.xml
2013-08-19 22:29 - 2013-08-19 22:25 - 00000000 ____D C:\Program Files\ERUNT
2013-08-19 22:25 - 2013-08-19 22:25 - 00000617 _____ C:\Documents and Settings\home\Bureau\NTREGOPT.lnk
2013-08-19 22:25 - 2013-08-19 22:25 - 00000598 _____ C:\Documents and Settings\home\Bureau\ERUNT.lnk
2013-08-19 22:24 - 2013-08-19 22:24 - 00791393 _____ (Lars Hederer                                                ) C:\Documents and Settings\home\Bureau\erunt-setup.exe
2013-08-19 02:42 - 2013-08-19 02:42 - 00000000 _RSHD C:\cmdcons
2013-08-19 02:28 - 2013-08-19 02:27 - 00002776 _____ C:\Documents and Settings\home\Bureau\Rkill.txt
2013-08-19 02:27 - 2013-08-19 02:27 - 01898112 _____ (Bleeping Computer, LLC) C:\Documents and Settings\home\Bureau\rkill.exe
2013-08-19 01:52 - 2011-03-30 11:41 - 00000000 ___HD C:\Documents and Settings\home\Voisinage réseau
2013-08-18 21:35 - 2013-08-18 20:35 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-08-16 16:40 - 2013-08-16 16:40 - 00000000 ___RD C:\Documents and Settings\home\Mes documents\Mes vidéos
2013-08-16 16:06 - 2013-08-16 15:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Macrium
2013-08-16 15:49 - 2011-03-30 10:55 - 00000000 ____D C:\WINDOWS\Registration
2013-08-16 15:49 - 2011-03-30 05:23 - 00000000 ____D C:\WINDOWS\repair
2013-08-16 15:42 - 2013-08-16 15:41 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2013-08-16 15:31 - 2013-08-16 15:30 - 00000000 ____D C:\Documents and Settings\home\Mes documents\Macrium
2013-08-16 15:06 - 2013-08-16 15:06 - 00688992 ____R (Swearware) C:\Documents and Settings\home\Bureau\dds.com
2013-08-14 14:45 - 2013-04-12 19:32 - 00000000 ____D C:\Eric
2013-08-08 12:14 - 2013-08-07 01:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Big Fish
2013-08-08 12:14 - 2013-08-07 01:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\BigFishCache
2013-08-08 05:07 - 2013-08-08 03:34 - 00331324 _____ C:\Documents and Settings\home\Mes documents\Layout.ini

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe
[2004-08-05 08:00] - [2008-04-13 20:34] - 0512000 ____A (Microsoft Corporation) dd73d6b9f6b4cb630cf35b438b540174

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2004-08-05 08:00] - [2008-04-13 20:33] - 0579584 ____A (Microsoft Corporation) e853f84d3ce2faa2a802e33cf89ac023

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Share this post


Link to post
Share on other sites

HI M. :)

 

Just a question, I always take a quick look in the results and what is that in the one month created files and folders?:

 

2013-08-19 02:40 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-08-19 02:40 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-08-19 02:40 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe

 

The date are weirds and I never heard about SteelWeerX

 

Thx, waiting for your instructions

Share this post


Link to post
Share on other sites

Hi M. :)

 

Here the log:

 

ComboFix 13-09-06.01 - home 2013-09-07  23:03:40.8.2 - x86
Microsoft Windows XP Professionnel  5.1.2600.3.1252.2.1036.18.2015.1594 [GMT -4:00]
Lancé depuis: c:\documents and settings\home\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\home\Bureau\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
FILE ::
"c:\windows\System32\DRIVERS\avgntflt.sys"
"c:\windows\System32\DRIVERS\avipbb.sys"
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2013-08-08 au 2013-09-08  ))))))))))))))))))))))))))))))))))))
.
.
2013-09-02 08:54 . 2013-09-02 08:54 -------- d-----w- c:\documents and settings\home\Application Data\Comodo
2013-09-02 08:21 . 2013-09-02 08:21 -------- d-----w- c:\program files\Fichiers communs\COMODO
2013-09-02 08:08 . 2013-09-08 02:48 260912 ----a-w- c:\windows\system32\drivers\sfi.dat
2013-09-02 08:06 . 2013-09-02 08:07 -------- d-s---w- c:\documents and settings\All Users\Application Data\Shared Space
2013-09-02 07:13 . 2013-09-02 07:13 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\COMODO
2013-09-02 07:13 . 2013-09-02 07:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\COMODO
2013-09-02 07:10 . 2013-09-02 07:10 48392 ----a-w- c:\windows\system32\certsentry.dll
2013-09-02 07:07 . 2013-09-02 07:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2013-08-28 16:30 . 2013-08-28 16:30 -------- d--h--w- c:\windows\PIF
2013-08-20 02:25 . 2013-08-20 02:29 -------- d-----w- c:\program files\ERUNT
2013-08-19 07:47 . 2013-08-25 21:28 -------- d-----w- C:\FRST
2013-08-19 00:35 . 2013-08-19 01:35 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-08-16 20:10 . 2013-08-16 20:10 -------- d-----w- c:\windows\Logs
2013-08-16 19:41 . 2013-08-16 19:42 -------- d-----w- c:\windows\system32\NtmsData
2013-08-16 19:34 . 2013-08-16 19:34 -------- d-----w- C:\boot
2013-08-16 19:34 . 2013-08-28 16:34 -------- d-----w- c:\program files\Macrium
2013-08-16 19:27 . 2013-08-16 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrium
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-09 01:59 . 2013-07-09 01:59 587352 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2013-06-28 20:02 . 2013-06-28 20:02 16504 ----a-w- c:\windows\system32\drivers\pssnap.sys
2013-06-18 20:16 . 2013-06-18 20:16 99520 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-06-18 20:16 . 2013-06-18 20:16 32816 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-06-18 20:16 . 2013-06-18 20:16 18528 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-06-18 20:15 . 2013-06-18 20:15 35488 ----a-w- c:\windows\system32\cmdcsr.dll
2013-06-18 20:15 . 2013-06-18 20:15 348584 ----a-w- c:\windows\system32\guard32.dll
2013-06-18 20:15 . 2013-06-18 20:15 40664 ----a-w- c:\windows\system32\cmdkbd32.dll
2013-06-18 20:15 . 2013-06-18 20:15 278232 ----a-w- c:\windows\system32\cmdvrt32.dll
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-09-30 1740288]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2012-05-30 1842384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-07-09 1464536]
"gbrspcontrol"="c:\program files\Fichiers communs\COMODO\GeekBuddyRSP.exe" [2013-05-30 1851088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
Start GeekBuddy.lnk - c:\program files\Comodo\GeekBuddy\launcher.exe "unit_manager.exe" [2013-7-24 49360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Fichiers communs\Comodo\GeekBuddyRSP.exe"= c:\program files\Fichiers communs\Comodo\GeekBuddyRSP.exe:127.0.0.1/255.255.255.255:Enabled:GeekBuddy RSP
"c:\\Program Files\\File Type Assistant\\TSAssist.exe"=
"c:\\Program Files\\FinalMediaPlayer\\FMPCheckForUpdates.exe"=
.
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [07/05/2013 03:00 36112]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [18/06/2013 16:16 18528]
R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [08/07/2013 21:59 587352]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [18/06/2013 16:16 32816]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Fichiers communs\COMODO\launcher_service.exe [24/07/2013 08:50 70352]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [01/08/2013 07:20 2095808]
R2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files\Fichiers communs\COMODO\GeekBuddyRSP.exe [30/05/2013 08:47 1851088]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [30/03/2011 12:09 109728]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [08/04/2013 19:47 418376]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08/04/2013 19:47 22856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08/04/2013 19:47 701512]
S3 ADM8511;Belkin USB Ethernet Adapter;c:\windows\system32\drivers\NET8511.SYS [30/03/2011 11:44 24424]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\Comodo\COMODO Internet Security\cmdvirth.exe [18/06/2013 16:15 127192]
S3 WIMMount;WIMMount;\??\c:\program files\Macrium\Reflect\wimmount.sys --> c:\program files\Macrium\Reflect\wimmount.sys [?]
.
Contenu du dossier 'Tâches planifiées'
.
2013-09-08 c:\windows\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-09 01:59]
.
2013-09-08 c:\windows\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-09 01:59]
.
2013-09-08 c:\windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-09 01:59]
.
2013-09-08 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-09 01:59]
.
2013-09-08 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2013-04-10 21:24]
.
2013-09-07 c:\windows\Tasks\ProgramRefresh-ATFST.job
- c:\program files\File Type Assistant\TSASetup.exe [2013-04-10 01:18]
.
2013-09-08 c:\windows\Tasks\ProgramUpdateCheck.job
- c:\program files\File Type Assistant\tsassist.exe [2013-04-10 17:09]
.
.
------- Examen supplémentaire -------
.


TCP: DhcpNameServer = 24.201.245.77 24.200.0.1 24.53.0.2
TCP: Interfaces\{E09B6166-8D26-46DF-B5DC-F2814CD3551F}: NameServer = 156.154.70.25,156.154.71.25
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-07 23:16
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"v5Licence0"="15-YKNE-76RZ-ZWT9-D88T-YNWW-P4V9WWS"
"Activated"="N"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'lsass.exe'(776)
c:\windows\system32\guard32.dll
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
.
- - - - - - - > 'explorer.exe'(3448)
c:\windows\system32\guard32.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\MPR.dll
.
- - - - - - - > 'csrss.exe'(692)
c:\windows\system32\cmdcsr.dll
.
Heure de fin: 2013-09-07  23:21:04
ComboFix-quarantined-files.txt  2013-09-08 03:20
ComboFix2.txt  2013-09-07 03:08
ComboFix3.txt  2013-09-04 03:30
ComboFix4.txt  2013-09-04 02:12
ComboFix5.txt  2013-09-08 03:00
.
Avant-CF: 26 322 731 008 octets libres
Après-CF: 26 330 247 168 octets libres
.
- - End Of File - - FA81CA50630E17828BD125F122C4468B
C99C3199CFAA4CBDCD91493F6D113A50
 

Share this post


Link to post
Share on other sites

Hi M. :)

 

Yeah, it's very weird to not be able to remove an AV I think. Thanks for trying. (Do you know why this Avira does that?)

 

Like I said I think the computer is ok, seems to run well; thanks for your help. If we are done, I'll just ask a little help to remove all the tools we used.

Share this post


Link to post
Share on other sites

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
It will also reset your System Restore by flushing out previous restore points and create a new restore point.
It will also remove all the backups our tools may have created.

Uninstall ComboFix (if used):

  • Turn off all active protection software including your antivirus.
  • Push the "Windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • Please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.

CF-Uninstall.png

Remove the rest of the tools used:



Please download
OTCleanIt
and save it to your Desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not go ahead and delete it by yourself.
  • If asked to restart the computer, please do so


Note:
If you receive a warning from your firewall or other security programs regarding
OTCleanIt
attempting to contact the internet, please allow it to do so.


AdwCleaner Removal:

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes

ESET antivirus Removal:
  • This tool can be uninstalled via the Control Panel, Programs, Uninstall


If there are any other left over Folders, Files, Logs then you can delete them on your own.

Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


 
If you're not currently using Malwarebytes PRO then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.
 

Share this post


Link to post
Share on other sites

Hi M. :) Thx for all your help! And the offer if I saw infection signs.

 

The computer is running well but there are a few littles things not like before, now I have a SVCHOST.EXE who takes 50-95% when I start the machine. It may last several minutes. I think it appeared in the middle of our process here. I had SVCHOST before but not taking this much cpu....Is it ok?

 

My internet seems a little bit slower than before, but maybe it's my AV. Or is there things I need to boxchecked somewhere cause we reseted the internet?

 

Beside that all seems ok! :D

 

Hum for the tool cleaning, I have done the steps, after there were some leftover that I remove with the install/uninstall. But there is stll RKILL, but not listed there..is it ok if I just throw it in the garbage?

 

...Thx for all the reading you gave me! :D I like to learn about computers!

 

And last question, what do you think if I encrypt my Windows files with the tool in Windows? Will I be more protected from malwares to modified my files?

 

Bye bye thx for all your PATIENCE! :D

Share this post


Link to post
Share on other sites

When a computer starts the SVCHOSTS file is going to be very busy as it needs to check for all kinds of updates and running other operations.  It is quite normal for it to be the busiest process for a while and even after a few minutes it can still be a high resource usage service but that does not mean anything is wrong by itself.

 

Slow Internet can be due to many things including issues from your own ISP.

 

Yes you can delete any left over tools

 

No encrypting your files would not make them safer from infections and in fact could potentially do the opposite and make it nearly impossible to recover them if something happened.

But regardless an infection has as much or more access to the encrypted files as you do so now it would not help.

 

Take care

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.