Is not a valid Win32 application

Solved
Thibaut -  
 gen-hackman -
Hello,

For some time now, I've been having problems related to "Win32".

Indeed, when I try to launch an .exe application, I get an error message saying "program_name is not a valid Win32 application".

I’ve done some research, first checking whether the application was compatible with my operating system (Windows Vista Premium Edition).

I then looked at the website commentcamarche.net, particularly the section dedicated to this issue (https://www.commentcamarche.net/faq/6845-exe-n-est-pas-une-application-win32-valide).
I tried the various solutions proposed there.

Nothing works; I still have the same problem.

I've also noticed a troubling fact that each USB drive connected to my PC gets infected by a virus.

However, my antivirus (Avast), which is regularly updated, does not detect any viruses (I performed a full scan of my entire hard drive).

I thought it might be the "Beagle" virus and took corrective action with the second solution proposed on the commentcamarche.net site titled "Combofix".

It cleared up some space on my hard drive and created a nice little report that I don't understand, but in no case is my problem resolved.

Is it worth trying the other solutions?
Knowing that I cannot download any applications due to my problem.

Do you have a solution to propose??

Thank you for your help

PS: if needed, I can send the report from the file created by Combofix.

Best regards.
Configuration: Windows Vista Firefox 3.0.14

13 answers

  1. gen-hackman
     
    diagnostic? good....;)

    Print these instructions because you will need to close all windows and applications during the installation and analysis.

    ▶ Download:

    Malwarebytes

    or:

    Malwarebytes

    ▶ Install it (make sure to select "French"; do not change the installation settings) and update it.

    (Note: If you receive an error message indicating that "COMCTL32.OCX" is missing during installation, download it here: COMCTL32.OCX

    ▶ Check out the Tutorial to familiarize yourself with the program:

    (that said, it is very easy to use).

    Restart Malwarebytes by strictly following these instructions:

    ! Disconnect and close all running applications!

    ▶ Launch Malwarebytes.

    Perform a "Complete" scan.

    ▶ Let the program work (and do not use the PC for anything else during the scan).
    ▶ At the end click on "results."

    ▶ Make sure all infected objects are checked, then click on "remove."

    Note: if you need to restart your PC to complete the cleanup, do it!

    Post the saved report after removing the infected objects (in the "report/log" tab of Malwarebytes, the most recent one)

    --
    ♦G3и-н@¢км@и™©®♦
    1
    1. Thibaut
       
      Malwarebytes worked well, it found an infected file

      Thank you for the disinfection process.

      Here is the report:

      Malwarebytes' Anti-Malware 1.41
      Database version: 3238
      Windows 6.0.6000

      11/26/2009 8:22:05 PM
      mbam-log-2009-11-26 (20-22-05).txt

      Scan type: Full scan (C:\|D:\|H:\|I:\|)
      Items scanned: 382996
      Elapsed time: 1 hour(s), 22 minute(s), 3 second(s)

      Infected memory process(es): 0
      Infected memory module(s): 0
      Infected Registry key(s): 0
      Infected Registry value(s): 0
      Infected Registry data item(s): 0
      Infected folder(s): 1
      Infected file(s): 0

      Infected memory process(es):
      (No harmful item detected)

      Infected memory module(s):
      (No harmful item detected)

      Infected Registry key(s):
      (No harmful item detected)

      Infected Registry value(s):
      (No harmful item detected)

      Infected Registry data item(s):
      (No harmful item detected)

      Infected folder(s):
      C:\Program Files\DivoCodec (Trojan.Downloader) -> Quarantined and deleted successfully.

      Infected file(s):
      (No harmful item detected)
      0
  2. gen-hackman
     
    don't mess with the pros!!!

    ########### [ Option 1 ( Search ) ]

    ▶ Download FindyKill by Chiquitine29 to your desktop:

    https://www.commentcamarche.net/telecharger/securite/2759-adwcleaner/

    ! Log out and close all running applications!

    ▶ Double click (right-click "run as administrator" for Vista) on "FindyKill.exe" to start the installation and leave the default installation settings.

    ▶ Connect your external data sources to your PC, (USB stick, external hard drive, etc...)

    ▶ Double-click (right-click "run as administrator" for Vista) on the FindyKill shortcut on your desktop to launch the tool.

    ▶ In the main menu, choose option "F" for French and press [enter].

    ▶ In the second menu, choose option "1" (search) and press [enter]

    ▶ Let the tool do its job and do not touch anything ...

    ▶ Post the report that appears at the end on the forum ...

    ( the report is also saved under C:\FindyKill.txt )
    ( CTRL+A to select all, CTRL+C to copy and CTRL+V to paste )

    --
    ♦G3и-н@¢км@и™©®♦
    0
    1. Thibaut
       
      Oki doki

      Here it is done.

      Below is the report.

      Thank you for the analysis :


      ############################## | FindyKill V5.019 |

      # User : Thibaut (Administrators) # PC-DE-THIBAUT
      # Update on 16/11/2009 by Chiquitine29
      # Start at: 14:50:06 | 26/11/2009
      # Website : http://pagesperso-orange.fr/NosTools/index.html
      # Contact : FindyKill.Contact@gmail.com

      # Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz
      # Microsoft® Windows Vista™ Home Premium Edition (6.0.6000 32-bit) #
      # Internet Explorer 7.0.6000.16916
      # Windows Firewall Status : Enabled
      # AV : AVG 7.5.552 7.5.552 [ Enabled | Updated ]
      # AV : avast! antivirus 4.8.1351 [VPS 091126-0] 4.8.1351 [ Enabled | Updated ]

      # A:\ # 3.5-inch Floppy Disk Drive # 1.39 Mo (0.58 Mo free) # FAT
      # C:\ # Local Hard Disk # 30 Go (1.55 Go free) [System] # NTFS
      # D:\ # Local Hard Disk # 117.04 Go (45.99 Go free) [Data] # NTFS
      # E:\ # CD-ROM Drive
      # F:\ # Removable Disk
      # G:\ # CD-ROM Drive
      # H:\ # Removable Disk # 981.72 Mo (286.34 Mo free) [KRYSTEL] # FAT
      # I:\ # Removable Disk # 977.47 Mo (961.02 Mo free) [CLÉ TIBO] # FAT

      ############################## | Active Processes |

      C:\Windows\System32\smss.exe
      C:\Windows\system32\csrss.exe
      C:\Windows\system32\wininit.exe
      C:\Windows\system32\csrss.exe
      C:\Windows\system32\services.exe
      C:\Windows\system32\lsass.exe
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\winlogon.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\Ati2evxx.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\SLsvc.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\Ati2evxx.exe
      C:\Windows\system32\Dwm.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Windows\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Launch Manager\HotkeyApp.exe
      C:\Windows\System32\spoolsv.exe
      C:\Windows\system32\taskeng.exe
      D:\annex programs\iTunes\iTunesHelper.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Windows\system32\svchost.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
      C:\Program Files\Alwil Software\Avast4\ashDisp.exe
      C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Dassault Systemes\B14\intel_a\code\bin\CATSysDemon.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Windows\system32\svchost.exe
      C:\Program Files\Option\GlobeTrotter Connect\GtFix.exe
      D:\webserver\bin\win32\matlabserver.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\svchost.exe
      d:\bin\win32\matlab.exe
      C:\Windows\system32\SearchIndexer.exe
      C:\Windows\system32\WUDFHost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files\Windows Media Player\wmpnetwk.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Launch Manager\WisLMSvc.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\system32\wbem\unsecapp.exe
      C:\Windows\system32\wuauclt.exe
      C:\Program Files\Internet Explorer\ieuser.exe
      C:\Windows\system32\conime.exe
      C:\Program Files\Windows Media Player\wmplayer.exe
      C:\Windows\system32\wbem\wmiprvse.exe

      ################## | C: |


      ################## | C:\Windows |


      ################## | C:\Windows\system32 |


      ################## | C:\Windows\system32\drivers |


      ################## | C:\Users\Thibaut\AppData\Roaming |


      ################## | Other detections ... |

      ################## | Temporary Internet Files |


      ################## | Registry / Infectious Keys |

      Present! [HKLM\software\microsoft\security center] "AntiVirusDisableNotify"
      Present! [HKLM\software\microsoft\security center] "FirewallDisableNotify"
      Present! [HKLM\software\microsoft\security center] "UpdatesDisableNotify"
      Present! [HKLM\software\microsoft\security center\Svc] "AntiVirusOverride"
      Present! [HKLM\software\microsoft\security center\Svc] "FirewallOverride"
      Present! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"

      ################## | State / Services / Information |

      # Display hidden files : OK

      # Safe mode : OK

      # Uac : OK

      # Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
      # EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
      # Wlansvc -> Start = 2 ( Good = 2 | Bad = 4 )
      # SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
      # windefend -> Start = 2 ( Good = 2 | Bad = 4 )
      # wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
      # wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )


      ################## | Cracks / Keygens / Serials |

      "D:\Thibaut\Desktop\keygen.exe"
      03/06/2009 05:14 |Size 97792 |Crc32 cbdbec12 |Md5 55e05cdb1a6f8fb7110eb000ea38e564


      ################## | ! End of report # FindyKill V5.019 ! |
      0
  3. gen-hackman
     
    remove this keygen, then:

    ########### [ Option 2 ( Removal ) ]

    ▶ Disconnect and close all running applications (including the browser).

    ▶ Connect your external data sources to your PC (USB key, external hard drive, etc.)

    ▶ Relaunch "FindyKill" (right-click "as administrator" for Vista): in the main menu choose option " F " for French and hit [enter].

    ▶ In the second menu choose option 2 (removal) and hit [enter]

    ▶ The PC will restart automatically ...

    ▶ the program will work, do not touch anything ..., your desktop will not be accessible, that's normal!

    ▶ Post the report that appears at the end (the report is also saved under C:\FindyKill.txt)

    ▶ If the desktop does not reappear, press Ctrl + Alt + Delete, Tab "File", "New Task", type explorer.exe and confirm
    --
    ♦G3и-н@¢ки™©®♦
    0
    1. Thibaut
       
      This step being completed, I am posting the report:


      ############################## | FindyKill V5.019 |

      # User: Thibaut (Administrators) # PC-DE-THIBAUT
      # Update on 16/11/2009 by Chiquitine29
      # Start at: 15:14:21 | 26/11/2009
      # Website: http://pagesperso-orange.fr/NosTools/index.html
      # Contact: FindyKill.Contact@gmail.com

      # Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz
      # Microsoft® Windows Vista™ Home Premium Edition (6.0.6000 32-bit) #
      # Internet Explorer 7.0.6000.16916
      # Windows Firewall Status: Enabled
      # AV: AVG 7.5.552 7.5.552 [ Enabled | Updated ]
      # AV: avast! antivirus 4.8.1351 [VPS 091126-0] 4.8.1351 [ Enabled | Updated ]

      # A:\ # 3.5-inch Floppy Drive # 1.39 MB (0.58 MB free) # FAT
      # C:\ # Local Hard Drive # 30 GB (1.46 GB free) [System] # NTFS
      # D:\ # Local Hard Drive # 117.04 GB (45.99 GB free) [Data] # NTFS
      # E:\ # CD-ROM Drive
      # F:\ # Removable Drive
      # G:\ # CD-ROM Drive
      # H:\ # Removable Drive # 981.72 MB (286.34 MB free) [KRYSTEL] # FAT
      # I:\ # Removable Drive # 977.47 MB (961.02 MB free) [TIBO USB] # FAT

      ############################## | Active Processes |

      C:\Windows\System32\smss.exe
      C:\Windows\system32\csrss.exe
      C:\Windows\system32\csrss.exe
      C:\Windows\system32\wininit.exe
      C:\Windows\system32\services.exe
      C:\Windows\system32\lsass.exe
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\winlogon.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\Ati2evxx.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\SLsvc.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\Ati2evxx.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\System32\spoolsv.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Dassault Systemes\B14\intel_a\code\bin\CATSysDemon.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Windows\system32\svchost.exe
      C:\Program Files\Option\GlobeTrotter Connect\GtFix.exe
      D:\webserver\bin\win32\matlabserver.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\SearchIndexer.exe
      d:\bin\win32\matlab.exe
      C:\Windows\system32\WUDFHost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\runonce.exe
      C:\Windows\system32\conime.exe
      C:\Windows\system32\PresentationSettings.exe
      C:\Windows\system32\wbem\wmiprvse.exe

      ################## | C: |


      ################## | C:\Windows |


      ################## | C:\Windows\system32 |


      ################## | C:\Windows\system32\drivers |


      ################## | C:\Users\Thibaut\AppData\Roaming |


      ################## | Other removals ... |

      ################## | Temporary Internet Files |


      ################## | Registry / Infectious Keys |

      Deleted! [HKLM\software\microsoft\security center] "AntiVirusDisableNotify"
      Deleted! [HKLM\software\microsoft\security center] "FirewallDisableNotify"
      Deleted! [HKLM\software\microsoft\security center] "UpdatesDisableNotify"
      Deleted! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"

      ################## | Status / Services / Information |

      # Safe mode: OK


      # Show hidden files: OK

      # UAC: OK

      # Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
      # EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
      # Wlansvc -> Start = 2 ( Good = 2 | Bad = 4 )
      # SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
      # windefend -> Start = 2 ( Good = 2 | Bad = 4 )
      # wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
      # wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

      ################## | PEH ... |


      ################## | Cracks / Keygens / Serials |


      ################## | ! End of report # FindyKill V5.019 ! |
      0
  4. gen-hackman
     
    Download OTL from OLDTimer

    save it on your Desktop.

    ▶ Double click (for Vista => right-click "run as administrator") on OTL.exe to launch it.

    ▶ Check the 2 boxes Lop and Purity

    ▶ Check the box in front of scan all users

    ▶ set it to "60 Days"

    ▶ in the left column, set everything to all

    do not change this:

    "files created within" and "files modified within"


    ▶ Click on Run Scan.

    At the end of the scan, Notepad will open with the report (OTL.txt).

    This file is on your Desktop (generally C:\Documents and settings\your_session_name\OTL.txt)

    ▶▶▶ DO NOT POST IT ON THE FORUM

    To send it to me, click on this link: http://www.cijoint.fr/

    ▶ Click on Browse and locate the above file.

    ▶ Click on Open.

    ▶ Click on "Click here to drop the file".

    A link of this form:

    http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

    is added to the page.

    ▶ Copy this link in your reply.

    ▶▶ You will do the same with the "Extra.txt".

    --
    ♦G3и-н@¢ки™©®♦
    0
    1. Thibaut
       
      Here is the link for the OTL file:

      http://www.cijoint.fr/cjlink.php?file=cj200911/cij67uEZCF.txt

      And the link for the Extras file:

      http://www.cijoint.fr/cjlink.php?file=cj200911/cijIMBPbyx.txt


      I have a quick question:

      Can this virus spread through USB drives and infect other computers in the same way (causing the same issues)?
      0
  5. gen-hackman
     
    I don't know, first I need to know:

    Is this yours? :

    D:\webserver\bin\win32\matlabserver.exe
    --
    ♦G3и-н@¢км@и™©®♦
    0
    1. Thibaut
       
      Yes, it's mine, it's a numerical calculation software.

      I don't know if this file is useful for the Matlab software.

      The origin of this software isn't "reliable," but I've had it for a while (1 year) and I've never had any problems until today.
      0
  6. gen-hackman
     
    ▶ Click on the Start menu / Control Panel / Folder Options / then in the View tab
    * - Check Show hidden files and folders
    * - Uncheck Hide extensions for known file types
    * - Uncheck Hide protected operating system files (recommended)

    ▶ Click on Apply, then OK.

    Don't forget to hide the hidden files and protected operating system files again at the end of the cleanup, it's important

    Have the following file(s) analyzed on Virustotal:

    Virus Total

    * Click on Browse at the top, choose This PC and search for these files:

    D:\webserver\bin\win32\matlabserver.exe

    * Now click on Submit the file. and let it work while "Current status: analyzing" is displayed.
    * The file may be queued due to a high volume of analysis requests. In this case, you will need to wait without refreshing the page.
    * When the analysis is complete ("Current status: finished"), click on Formatted
    * A new window of your browser will appear
    * Then click on the two arrows
    * Right-click on the page, and choose Select All, then copy
    * Finally paste the result into your next response.

    Note: To analyze another file, click at the bottom on Other file.

    then:

    ▶ Double-click on OTL.exe to launch it.

    ▶ Copy the list that is in bold below,

    ▶ paste it in the area under Customs Scans/Fixes:

    :processes
    explorer.exe
    iexplore.exe
    firefox.exe
    msnmsgr.exe
    Teatimer.exe

    :OTL
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
    O4 - HKLM..\Run: [autopoll] C:\PROGRA~1\AUTOPO~1\autopoll.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-290061431-370062678-2208403576-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-290061431-370062678-2208403576-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-290061431-370062678-2208403576-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE File not found

    :reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"=-
    "iTunesHelper"=-
    "QuickTime Task"=-

    :commands
    [emptytemp]
    [start explorer]
    [reboot]


    ▶ Click on RunFix to start the removal.

    ▶ Post the report.

    --
    ♦G3и-н@¢км@и™©®♦
    0
    1. Thibaut
       
      Here is the report from the virustotal site:

      I will launch the application in OTL and I will send you the report in the next response.


      File matlabserver.exe received on 2009.11.26 15:57:32 (UTC)
      Antivirus Version Last Update Result
      a-squared 4.5.0.43 2009.11.26 -
      AhnLab-V3 5.0.0.2 2009.11.26 -
      AntiVir 7.9.1.78 2009.11.26 -
      Antiy-AVL 2.0.3.7 2009.11.26 -
      Authentium 5.2.0.5 2009.11.26 -
      Avast 4.8.1351.0 2009.11.26 -
      AVG 8.5.0.425 2009.11.26 -
      BitDefender 7.2 2009.11.26 -
      CAT-QuickHeal 10.00 2009.11.26 -
      ClamAV 0.94.1 2009.11.26 -
      Comodo 3045 2009.11.26 -
      DrWeb 5.0.0.12182 2009.11.26 -
      eSafe 7.0.17.0 2009.11.26 -
      eTrust-Vet 35.1.7143 2009.11.26 -
      F-Prot 4.5.1.85 2009.11.25 -
      F-Secure 9.0.15370.0 2009.11.24 -
      Fortinet 4.0.14.0 2009.11.26 -
      GData 19 2009.11.26 -
      Ikarus T3.1.1.74.0 2009.11.26 -
      Jiangmin 11.0.800 2009.11.26 -
      K7AntiVirus 7.10.905 2009.11.25 -
      Kaspersky 7.0.0.125 2009.11.26 -
      McAfee 5813 2009.11.25 -
      McAfee+Artemis 5813 2009.11.25 -
      McAfee-GW-Edition 6.8.5 2009.11.26 -
      Microsoft 1.5302 2009.11.26 -
      NOD32 4639 2009.11.26 -
      Norman 6.03.02 2009.11.25 -
      nProtect 2009.1.8.0 2009.11.26 -
      Panda 10.0.2.2 2009.11.26 -
      PCTools 7.0.3.5 2009.11.26 -
      Prevx 3.0 2009.11.26 -
      Rising 22.23.03.10 2009.11.26 -
      Sophos 4.48.0 2009.11.26 -
      Sunbelt 3.2.1858.2 2009.11.26 -
      Symantec 1.4.4.12 2009.11.26 -
      TheHacker 6.5.0.2.079 2009.11.26 -
      TrendMicro 9.100.0.1001 2009.11.26 -
      VBA32 3.12.12.0 2009.11.26 -
      ViRobot 2009.11.26.2056 2009.11.26 -
      VirusBuster 5.0.21.0 2009.11.25 -
      Additional information
      File size: 536576 bytes
      MD5...: 7580504957c77ac0f245a93a50f878eb
      SHA1..: fe1e5686323adfd07152fce556ee409d5679f74e
      SHA256: 6a252c65eb0af4d98952264ce7ba1f78a86b7a8b4afa7e8626fb8ff7b3fdbd9c
      ssdeep: 12288:btfxdQ9NXv7TdTBL8CTQwtKNXUdg0qRhfyo3EZNs:btjQ9NXDTBJ8CsNly<br>qRhfyT<br>
      PEiD..: -
      PEInfo: PE Structure information

      ( base data )
      entrypointaddress.: 0x6412f
      timedatestamp.....: 0x408a39a8 (Sat Apr 24 09:55:52 2004)
      machinetype.......: 0x14c (I386)

      ( 4 sections )
      name viradd virsiz rawdsiz ntrpy md5
      .text 0x1000 0x63338 0x64000 6.24 0148997cf9701cfd46afeb63144fee91
      .rdata 0x65000 0x2706 0x3000 4.19 bbc91ac0b792dfc0c4672e455cbb6d4a
      .data 0x68000 0x10698 0xa000 5.87 bc1af317a649ee630941cfae89522822
      _TEXT_HA 0x79000 0x10a82 0x11000 6.54 795e3f5196387de95827555b822cdcc9

      ( 9 imports )
      > KERNEL32.dll: FormatMessageA, lstrlenA, LocalFree, SetConsoleCtrlHandler, GetVersionExA, Sleep, ResetEvent, WaitForSingleObject, GetModuleFileNameA, GetLastError, GetProcAddress, CreateEventA, CloseHandle, LoadLibraryA, SetLastError, GetPrivateProfileIntA, GetPrivateProfileStringA, QueryPerformanceFrequency, QueryPerformanceCounter, SleepEx, DeviceIoControl, SetEvent, ReadFile, GetCurrentThread, FindClose, CreateFileA, FindNextFileW, FindFirstFileA, FindNextFileA, GetProcessTimes, GetTickCount, FindFirstFileW, GetEnvironmentVariableA, GetCommandLineW, GetEnvironmentVariableW, MultiByteToWideChar, CreateMutexA, WideCharToMultiByte, SetHandleInformation, SetErrorMode, ReleaseMutex, VirtualAlloc, GetCurrentProcess, VirtualFree, GetVolumeInformationA, GetVersion, GetDriveTypeA, GetWindowsDirectoryA, CreateSemaphoreA, FreeLibrary, OpenSemaphoreA, ReleaseSemaphore, SetThreadPriority, GetModuleHandleA, WriteFile<br> > ADVAPI32.dll: DeleteService, StartServiceA, RegCloseKey, RegDeleteValueA, RegEnumValueA, RegOpenKeyExA, RegCreateKeyExA, RegQueryValueExA, RegQueryValueExW, RegSetValueExA, RegSetValueExW, GetUserNameA, GetUserNameW, RegEnumKeyExA, QueryServiceStatus, OpenServiceA, StartServiceCtrlDispatcherA, RegisterServiceCtrlHandlerA, SetServiceStatus, DeregisterEventSource, ReportEventA, RegisterEventSourceA, CloseServiceHandle, CreateServiceA, OpenSCManagerA, ControlService<br> > WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<br> > libeng.dll: engOpenSingleUse, engClose, engEvalString, engOutputBuffer<br> > MSVCRT.dll: tolower, vsprintf, printf, _stricmp, rand, srand, fgets, vfprintf, strcmp, sscanf, localtime, abs, calloc, strncmp, _endthread, fprintf, _sys_nerr, strtol, malloc, getenv, __p__environ, fflush, longjmp, free, memcmp, qsort, _findclose, _stat, _findnext, _findfirst, mktime, _setjmp3, _sys_errlist, _wfreopen, _wopen, __3@YAXPAX@Z, _wstat, rename, _wrename, _waccess, remove, _wremove, _wunlink, _putenv, _exit, clearerr, ungetc, fgetc, _mkdir, putc, fputc, fwrite, _XcptFilter, __p___initenv, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, __dllonexit, _onexit, _controlfp, memset, memcpy, strchr, __2@YAPAXI@Z, fseek, fclose, fopen, _unlink, ftell, fread, ctime, signal, strrchr, exit, _beginthread, _errno, atoi, _iob, strstr, _pctype, __mb_cur_max, _isctype, sprintf, toupper, strncpy, strlen, strtok, atol, _wfopen, time, freopen, strcpy, strcat, _close, _mktemp, _access, _open, _getcwd, _getpid<br> > COMCTL32.dll: -<br> > USER32.dll: GetActiveWindow, GetParent, MoveWindow, ScreenToClient, ShowWindow, MessageBoxA, EnableWindow, GetWindowRect, GetDlgItem, SendMessageA, GetWindowLongA, MessageBeep, SetDlgItemTextA, GetDlgItemTextW, GetDlgItemTextA, EndDialog, GetFocus, SetFocus, SetWindowTextA, GetClientRect, GetSystemMetrics, wsprintfA, CreateDialogIndirectParamA, DialogBoxIndirectParamA<br> > comdlg32.dll: GetOpenFileNameA<br> > NETAPI32.dll: Netbios<br>
      ( 0 exports )

      RDS...: NSRL Reference Data Set
      -
      pdfid.: -
      trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
      Win32 Executable Generic (14.7%)
      Win32 Dynamic Link Library (generic) (13.1%)
      Generic Win/DOS Executable (3.4%)
      DOS Executable Generic (3.4%)
      sigcheck:
      publisher....: n/a
      copyright....: n/a
      product......: n/a
      description..: n/a
      original name: n/a
      internal name: n/a
      file version.: n/a
      comments.....: n/a
      signers......: -
      signing date.: -
      verified.....: Unsigned
      0
  7. gen-hackman
     
    It's good the following.
    --
    ♦G3и-н@¢ки™©®♦
    0
    1. Thibaut
       
      And here's the continuation:

      So, the diagnostic doc?


      All processes killed
      ========== PROCESSES ==========
      No active process named explorer.exe was found!
      No active process named iexplore.exe was found!
      No active process named firefox.exe was found!
      No active process named msnmsgr.exe was found!
      No active process named Teatimer.exe was found!
      ========== OTL ==========
      Prefs.js: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03 removed from extensions.enabledItems
      Prefs.js: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05 removed from extensions.enabledItems
      Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\autopoll deleted successfully.
      C:\PROGRA~1\AUTOPO~1\autopoll.exe moved successfully.
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
      Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
      Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
      Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
      Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
      Registry key HKEY_USERS\S-1-5-21-290061431-370062678-2208403576-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
      Registry value HKEY_USERS\S-1-5-21-290061431-370062678-2208403576-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
      Registry key HKEY_USERS\S-1-5-21-290061431-370062678-2208403576-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
      Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
      ========== REGISTRY ==========
      Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
      ========== COMMANDS ==========

      [EMPTYTEMP]

      User: All Users

      User: Default
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 67 bytes

      User: Default User
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes

      User: Public
      ->Temp folder emptied: 0 bytes

      User: Thibaut
      ->Temp folder emptied: 31966 bytes
      ->Temporary Internet Files folder emptied: 229894808 bytes
      ->Java cache emptied: 376283 bytes
      ->FireFox cache emptied: 94881262 bytes

      %systemdrive% .tmp files removed: 0 bytes
      %systemroot% .tmp files removed: 0 bytes
      %systemroot%\System32 .tmp files removed: 0 bytes
      Windows Temp folder emptied: 106822 bytes
      %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 6279697 bytes
      RecycleBin emptied: 0 bytes

      Total Files Cleaned = 316.21 mb


      OTL by OldTimer - Version 3.1.10.1 log created on 11262009_170955

      Files\Folders moved on Reboot...
      File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
      File\Folder C:\Windows\temp\hsperfdata_PC-DE-THIBAUT$\2780 not found!

      Registry entries deleted on Reboot...
      0
  8. gen-hackman
     
    Disable your antivirus for the duration of the operation as well as your firewall if present

    ▶ Download List&Kill'em and save it on your desktop

    ▶ unzip it, (right click/extract.....)

    It does not require installation

    ▶ double click (right click "run as administrator" for Vista) to start the scan

    choose the language then select option 1 = Search Mode

    ▶ let the tool work

    ▶ Post the content of the report that opens

    --
    ♦G3и-н@¢км@и™©®♦
    0
    1. Thibaut
       
      And here is the content

      So, are we on the right track?

      catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-11-26 21:02:48
      Windows 6.0.6000 NTFS

      scanning hidden processes ...

      scanning hidden services & system hive ...

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6b7a51e9]
      "0016dbe574bd"=hex:c5,3d,72,75,51,24,4c,02,b5,bd,93,62,78,21,db,00
      "0015b90a7952"=hex:b8,24,b6,06,80,14,4e,d1,1a,95,9f,78,42,03,79,be
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
      "s1"=dword:2df9c43f
      "s2"=dword:110480d0
      "h0"=dword:00000001

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
      "p0"="C:\Program Files\DAEMON Tools\"
      "h0"=dword:00000000
      "khjeh"=hex:9c,ce,ed,8e,40,bb,a6,1b,df,b2,d3,da,45,3b,6c,ea,a3,c6,ed,22,cf,..

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
      "a0"=hex:20,01,00,00,27,03,02,03,3c,a5,67,e7,3b,b2,74,e2,79,e2,af,15,39,..
      "khjeh"=hex:59,b2,04,c2,15,82,a3,4a,b1,21,75,ae,38,21,82,cb,dc,b5,5c,b6,29,..

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
      "khjeh"=hex:95,8c,5e,fd,7b,10,69,d4,10,3e,49,d1,7e,0e,d1,b1,39,19,5d,1a,1b,..

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
      "khjeh"=hex:c0,65,72,32,b2,fa,e0,72,32,a0,44,f7,15,ca,46,16
      0
  9. gen-hackman
     
    You haven't read the instructions well ^^

    it's not the one that opened
    --
    ♦G3и-н@¢км@и™©®♦
    0
    1. Thibaut
       
      Ah, too bad.

      It must be the fatigue. I’ll rest with a good night’s sleep and I’ll pick this up tomorrow.

      For now, it’s not blocking my PC but it’s preventing me from installing new applications that I’m going to need soon.

      In any case, I thank you again for your help.

      I hope we’ll resolve this issue tomorrow.

      Good luck in your struggle against other people's problems.

      See you!
      0
  10. gen-hackman
     
    lol thanks have a good evening ^^
    --
    ♦G3и-н@¢ки™©®♦
    0
    1. Thibaut
       
      Hello,

      Here I am back to eradicate this virus (if that's the case).

      I found the corresponding file, hoping that this time it's the right one:

      List'em by g3n-h@ckm@n 1.0.5.6

      Thanks to Chiquitine29.....

      User: Thibaut (Administrators) # PC-DE-THIBAUT
      Update on 25/11/2009 by g3n-h@ckm@n ::::: 13:00
      Start at: 12:02:28 | 27/11/2009
      Contact: g3n-h@ckm@n on CCM

      Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz
      Microsoft® Windows Vista™ Home Premium Edition (6.0.6000 32-bit) #
      Internet Explorer 7.0.6000.16916
      Windows Firewall Status: Disabled
      AV: AVG 7.5.552 7.5.552 [ Enabled | Updated ]
      AV: avast! antivirus 4.8.1351 [VPS 091127-1] 4.8.1351 [ (!) Disabled | Updated ]

      A:\ -> 3.5-inch floppy disk drive | 1.39 MB (0.58 MB free) | FAT
      C:\ -> Local hard disk | 30 GB (1.42 GB free) [System] | NTFS
      D:\ -> Local hard disk | 117.04 GB (45.99 GB free) [Data] | NTFS
      E:\ -> CD-ROM drive
      F:\ -> Removable drive
      G:\ -> CD-ROM drive
      H:\ -> Removable drive | 981.72 MB (286.34 MB free) [KRYSTEL] | FAT
      I:\ -> Removable drive | 977.47 MB (961.02 MB free) [TIBO KEY] | FAT

      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Running processes

      C:\Windows\System32\smss.exe 424
      C:\Windows\system32\csrss.exe 492
      C:\Windows\system32\wininit.exe 540
      C:\Windows\system32\csrss.exe 552
      C:\Windows\system32\services.exe 584
      C:\Windows\system32\lsass.exe 596
      C:\Windows\system32\lsm.exe 604
      C:\Windows\system32\winlogon.exe 652
      C:\Windows\system32\svchost.exe 796
      C:\Windows\system32\svchost.exe 876
      C:\Windows\System32\svchost.exe 908
      C:\Windows\system32\Ati2evxx.exe 1004
      C:\Windows\System32\svchost.exe 1028
      C:\Windows\System32\svchost.exe 1056
      C:\Windows\system32\svchost.exe 1120
      C:\Windows\system32\SLsvc.exe 1228
      C:\Windows\system32\svchost.exe 1268
      C:\Windows\system32\svchost.exe 1408
      C:\Windows\system32\Ati2evxx.exe 1456
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1664
      C:\Windows\system32\Dwm.exe 1728
      C:\Program Files\Alwil Software\Avast4\ashServ.exe 1760
      C:\Windows\Explorer.EXE 1776
      C:\Windows\System32\spoolsv.exe 348
      C:\Windows\system32\svchost.exe 440
      C:\Windows\system32\taskeng.exe 460
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1188
      C:\Program Files\Dassault Systemes\B14\intel_a\code\bin\CATSysDemon.exe 1704
      C:\Program Files\Bonjour\mDNSResponder.exe 432
      C:\Windows\system32\svchost.exe 1132
      C:\Program Files\Option\GlobeTrotter Connect\GtFix.exe 692
      D:\webserver\bin\win32\matlabserver.exe 1792
      C:\Windows\system32\svchost.exe 2056
      C:\Windows\system32\svchost.exe 2072
      C:\Windows\System32\svchost.exe 2104
      C:\Windows\system32\SearchIndexer.exe 2136
      d:\bin\win32\matlab.exe 2400
      C:\Windows\system32\WUDFHost.exe 2568
      C:\Program Files\Windows Defender\MSASCui.exe 3392
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3436
      C:\Program Files\Launch Manager\HotkeyApp.exe 3448
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe 3484
      C:\Program Files\Alwil Software\Avast4\ashDisp.exe 3504
      C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE 3532
      C:\Program Files\Windows Sidebar\sidebar.exe 3560
      C:\Windows\ehome\ehtray.exe 3568
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 3576
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE 3676
      C:\Windows\ehome\ehmsas.exe 3764
      C:\Program Files\Launch Manager\WisLMSvc.exe 3776
      C:\Windows\system32\wbem\wmiprvse.exe 3820
      C:\Program Files\OpenOffice.org 2.3\program\soffice.exe 3888
      C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN 3920
      C:\Windows\system32\wbem\unsecapp.exe 2868
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 3136
      C:\Windows\system32\taskeng.exe 1216
      C:\Program Files\Windows Media Player\wmpnetwk.exe 3904
      C:\Windows\servicing\TrustedInstaller.exe 2324
      C:\Windows\System32\svchost.exe 4152
      C:\Windows\system32\wuauclt.exe 4600
      D:\Thibaut\Desktop\List_Kill'em.exe 1528
      C:\Windows\system32\conime.exe 4408
      C:\Windows\system32\cmd.exe 4364
      C:\Windows\system32\wbem\wmiprvse.exe 4124
      C:\Users\Thibaut\AppData\Local\temp\91A4.tmp\pv.exe 4704

      ======================
      Startup keys "Run"
      ======================

      ! REG.EXE VERSION 3.0

      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
      Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
      swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

      ! REG.EXE VERSION 3.0

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
      Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      HotkeyApp REG_SZ "C:\Program Files\Launch Manager\HotkeyApp.exe"
      StartCCC REG_SZ C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
      SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      CanonSolutionMenu REG_SZ C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
      CanonMyPrinter REG_SZ C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
      =====================
      Additional keys
      =====================

      ! REG.EXE VERSION 3.0

      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
      ConsentPromptBehaviorAdmin REG_DWORD 0x2
      ConsentPromptBehaviorUser REG_DWORD 0x1
      EnableInstallerDetection REG_DWORD 0x1
      EnableLUA REG_DWORD 0x1
      EnableSecureUIAPaths REG_DWORD 0x1
      EnableVirtualization REG_DWORD 0x1
      PromptOnSecureDesktop REG_DWORD 0x1
      ValidateAdminCodeSignatures REG_DWORD 0x0
      dontdisplaylastusername REG_DWORD 0x0
      legalnoticecaption REG_SZ
      legalnoticetext REG_SZ
      scforceoption REG_DWORD 0x0
      shutdownwithoutlogon REG_DWORD 0x1
      undockwithoutlogon REG_DWORD 0x1
      FilterAdministratorToken REG_DWORD 0x0
      UacDisableNotify REG_DWORD 0x0

      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI
      ===============
      ===============
      BHO:
      ======

      ! REG.EXE VERSION 3.0

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}

      ========
      Services
      ========
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

      Ndisuio: 0x3
      EapHost: 0x2
      Wlansvc: 0x2
      SharedAccess: 0x2
      windefend: 0x2
      wuauserv: 0x2
      =========

      =========================
      Environment variables:
      =========================

      ALLUSERSPROFILE=C:\ProgramData
      APPDATA=C:\Users\Thibaut\AppData\Roaming
      choice=1
      CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
      CommonProgramFiles=C:\Program Files\Common Files
      COMPUTERNAME=PC-DE-THIBAUT
      ComSpec=C:\Windows\system32\cmd.exe
      configsetroot=C:\Windows\ConfigSetRoot
      FP_NO_HOST_CHECK=NO
      HOMEDRIVE=C:
      HOMEPATH=\Users\Thibaut
      LOCALAPPDATA=C:\Users\Thibaut\AppData\Local
      LOGONSERVER=\\PC-DE-THIBAUT
      NUMBER_OF_PROCESSORS=2
      OS=Windows_NT
      Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem;D:\bin\win32;
      PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
      PROCESSOR_ARCHITECTURE=x86
      PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 10, GenuineIntel
      PROCESSOR_LEVEL=6
      PROCESSOR_REVISION=0f0a
      ProgramData=C:\ProgramData
      ProgramFiles=C:\Program Files
      PROMPT=$P$G
      PUBLIC=C:\Users\Public
      QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
      SystemDrive=C:
      SystemRoot=C:\Windows
      TEMP=C:\Users\Thibaut\AppData\Local\Temp
      TMP=C:\Users\Thibaut\AppData\Local\Temp
      USERDOMAIN=PC-de-Thibaut
      USERNAME=Thibaut
      USERPROFILE=C:\Users\Thibaut
      windir=C:\Windows


      ¤¤¤¤¤¤¤¤¤¤ Present files and folders:

      C:\Windows\jautoexp.dat
      C:\Windows\mbr.exe
      C:\Windows\System32\drivers\etc\hosts.msn

      ¤¤¤¤¤¤¤¤¤¤ Present registry keys:


      =====================
      Rootkit Verification
      =====================
      0
  11. gen-hackman
     
    there's a missing piece, the end ^^

    ▶ Restart List&Kill'em like you did for option 1 (either by right-clicking for Vista),

    but this time:

    ▶ choose option 2 = Destruction Mode

    let the tool do its work.

    at the end of the scan a report will open, close it and then restart

    ▶ paste the content in your response
    --
    ♦G3и-н@¢км@и™©®♦
    0
    1. Thibaut
       
      the idiot, yet I had done a Ctrl+A, strange

      here is the end of the message:


      =====================
      Verification Rootkits
      =====================

      catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-11-27 12:03:54
      Windows 6.0.6000 NTFS

      scanning hidden processes ...

      scanning hidden services & system hive ...

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6b7a51e9]
      "0016dbe574bd"=hex:c5,3d,72,75,51,24,4c,02,b5,bd,93,62,78,21,db,00
      "0015b90a7952"=hex:b8,24,b6,06,80,14,4e,d1,1a,95,9f,78,42,03,79,be
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
      "s1"=dword:2df9c43f
      "s2"=dword:110480d0
      "h0"=dword:00000001

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
      "p0"="C:\Program Files\DAEMON Tools\"
      "h0"=dword:00000000
      "khjeh"=hex:9c,ce,ed,8e,40,bb,a6,1b,df,b2,d3,da,45,3b,6c,ea,a3,c6,ed,22,cf,..

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
      "a0"=hex:20,01,00,00,27,03,02,03,3c,a5,67,e7,3b,b2,74,e2,79,e2,af,15,39,..
      "khjeh"=hex:59,b2,04,c2,15,82,a3,4a,b1,21,75,ae,38,21,82,cb,dc,b5,5c,b6,29,..

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
      "khjeh"=hex:95,8c,5e,fd,7b,10,69,d4,10,3e,49,d1,7e,0e,d1,b1,39,19,5d,1a,1b,..

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
      "khjeh"=hex:c0,65,72,32,b2,fa,e0,72,32,a0,44,f7,15,ca,46,16,99,1d,2f,d2,55,..

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
      "khjeh"=hex:d1,7e,6f,e4,47,f1,8f,35,0e,61,cc,88,c9,06,50,f1,5f,61,d9,3a,9b,..

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
      "khjeh"=hex:d1,7e,6f,e4,47,f1,8f,35,0e,61,cc,88,c9,06,50,f1,5f,61,d9,3a,9b,..
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6b7a51e9]
      "0016dbe574bd"=hex:c5,3d,72,75,51,24,4c,02,b5,bd,93,62,78,21,db,00
      "0015b90a7952"=hex:b8,24,b6,06,80,14,4e,d1,1a,95,9f,78,42,03,79,be
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
      "p0"="C:\Program Files\DAEMON Tools\"
      "h0"=dword:00000000
      "khjeh"=hex:9c,ce,ed,8e,40,bb,a6,1b,df,b2,d3,da,45,3b,6c,ea,a3,c6,ed,22,cf,..

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
      "a0"=hex:20,01,00,00,27,03,02,03,3c,a5,67,e7,3b,b2,74,e2,79,e2,af,15,39,..
      "khjeh"=hex:59,b2,04,c2,15,82,a3,4a,b1,21,75,ae,38,21,82,cb,dc,b5,5c,b6,29,..

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
      "khjeh"=hex:95,8c,5e,fd,7b,10,69,d4,10,3e,49,d1,7e,0e,d1,b1,39,19,5d,1a,1b,..

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
      "khjeh"=hex:c0,65,72,32,b2,fa,e0,72,32,a0,44,f7,15,ca,46,16,99,1d,2f,d2,55,..

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
      "khjeh"=hex:d1,7e,6f,e4,47,f1,8f,35,0e,61,cc,88,c9,06,50,f1,5f,61,d9,3a,9b,..

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
      "khjeh"=hex:d1,7e,6f,e4,47,f1,8f,35,0e,61,cc,88,c9,06,50,f1,5f,61,d9,3a,9b,..

      scanning hidden registry entries ...

      scanning hidden files ...
      0
    2. Thibaut
       
      And here is the deletion report:

      Kill'em by g3n-h@ckm@n 1.0.5.6

      User: Thibaut (Administrators) # PC-DE-THIBAUT
      Update on 25/11/2009 by g3n-h@ckm@n ::::: 13:00
      Start at: 18:12:17 | 27/11/2009
      Contact: g3n-h@ckm@n on CCM

      Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz
      Microsoft® Windows Vista™ Home Premium Edition (6.0.6000 32-bit) #
      Internet Explorer 7.0.6000.16916
      Windows Firewall Status: Disabled
      AV: AVG 7.5.552 7.5.552 [ Enabled | Updated ]
      AV: avast! antivirus 4.8.1351 [VPS 091127-1] 4.8.1351 [ (!) Disabled | Updated ]

      A:\ -> 3.5-inch floppy disk drive | 1.39 MB (0.58 MB free) | FAT
      C:\ -> Local hard drive | 30 GB (1.36 GB free) [System] | NTFS
      D:\ -> Local hard drive | 117.04 GB (45.99 GB free) [Data] | NTFS
      E:\ -> CD-ROM drive
      F:\ -> Removable drive
      G:\ -> CD-ROM drive
      H:\ -> Removable drive | 981.72 MB (286.34 MB free) [KRYSTEL] | FAT
      I:\ -> Removable drive | 977.47 MB (961.02 MB free) [CLÉ TIBO] | FAT


      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Running processes


      C:\Windows\System32\smss.exe 424
      C:\Windows\system32\csrss.exe 556
      C:\Windows\system32\wininit.exe 604
      C:\Windows\system32\csrss.exe 616
      C:\Windows\system32\services.exe 648
      C:\Windows\system32\lsass.exe 660
      C:\Windows\system32\lsm.exe 668
      C:\Windows\system32\winlogon.exe 716
      C:\Windows\system32\svchost.exe 860
      C:\Windows\system32\svchost.exe 940
      C:\Windows\System32\svchost.exe 972
      C:\Windows\system32\Ati2evxx.exe 1072
      C:\Windows\System32\svchost.exe 1092
      C:\Windows\System32\svchost.exe 1124
      C:\Windows\system32\svchost.exe 1160
      C:\Windows\system32\SLsvc.exe 1292
      C:\Windows\system32\svchost.exe 1348
      C:\Windows\system32\Ati2evxx.exe 1444
      C:\Windows\system32\svchost.exe 1520
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1792
      C:\Program Files\Alwil Software\Avast4\ashServ.exe 1840
      C:\Windows\system32\Dwm.exe 1852
      C:\Windows\Explorer.EXE 1904
      C:\Program Files\Windows Defender\MSASCui.exe 2016
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 2040
      C:\Program Files\Launch Manager\HotkeyApp.exe 300
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe 320
      C:\Program Files\Alwil Software\Avast4\ashDisp.exe 348
      C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE 924
      C:\Program Files\Windows Sidebar\sidebar.exe 980
      C:\Windows\ehome\ehtray.exe 1252
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 1284
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE 1156
      C:\Program Files\OpenOffice.org 2.3\program\soffice.exe 1412
      C:\Windows\System32\spoolsv.exe 2052
      C:\Windows\system32\svchost.exe 2076
      C:\Windows\system32\taskeng.exe 2088
      C:\Windows\ehome\ehmsas.exe 2368
      C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN 2408
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 2640
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 2948
      C:\Program Files\Dassault Systemes\B14\intel_a\code\bin\CATSysDemon.exe 2980
      C:\Program Files\Bonjour\mDNSResponder.exe 3000
      C:\Windows\system32\svchost.exe 3012
      C:\Program Files\Option\GlobeTrotter Connect\GtFix.exe 3048
      D:\webserver\bin\win32\matlabserver.exe 3212
      C:\Windows\system32\svchost.exe 3252
      C:\Windows\system32\svchost.exe 3268
      C:\Windows\System32\svchost.exe 3308
      C:\Windows\system32\SearchIndexer.exe 3356
      d:\bin\win32\matlab.exe 3604
      C:\Windows\system32\WUDFHost.exe 3784
      C:\Windows\System32\mobsync.exe 3912
      C:\Windows\system32\taskeng.exe 596
      C:\Program Files\Launch Manager\WisLMSvc.exe 2128
      C:\Windows\system32\wbem\wmiprvse.exe 1988
      C:\Program Files\Windows Media Player\wmplayer.exe 2804
      C:\Program Files\Windows Media Player\WMPNSCFG.exe 4192
      C:\Program Files\Windows Media Player\wmpnetwk.exe 4244
      C:\Windows\system32\wbem\unsecapp.exe 5736
      C:\Windows\system32\wbem\wmiprvse.exe 1324
      C:\Windows\system32\wuauclt.exe 2220
      D:\Thibaut\Desktop\List_Kill'em.exe 4804
      C:\Windows\system32\conime.exe 4864
      C:\Windows\system32\cmd.exe 4264
      C:\Users\Thibaut\AppData\Local\temp\2DC3.tmp\pv.exe 4760

      Files scanned:
      =================


      ¤¤¤¤¤¤¤¤¤¤ Present files and folders:

      "C:\Windows\jautoexp.dat"
      "C:\Windows\mbr.exe"
      "C:\Windows\System32\drivers\etc\hosts.msn"


      ¤¤¤¤¤¤¤¤¤¤ File actions:

      Quarantine:

      hosts.msn.Kill'em
      jautoexp.dat.Kill'em
      MBR.exe.Kill'em

      ====================
      Cleaned hosts files
      ====================
      ¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch

      AgAppLaunch.db
      AgCx_Hibernate.snp.db
      AgCx_S1_S-1-5-21-290061431-370062678-2208403576-1000.snp.db
      AgCx_SC1.db
      AgCx_SC1.db.trx
      AgCx_SC2.db
      AgGlFaultHistory.db
      AgGlFgAppHistory.db
      AgGlGlobalHistory.db
      AgGlUAD_P_S-1-5-21-290061431-370062678-2208403576-1000.db
      AgGlUAD_S-1-5-21-290061431-370062678-2208403576-1000.db
      AgRobust.db
      Layout.ini
      NTOSBOOT-B00DFAAD.pf
      PfSvPerfStats.bin
      ReadyBoot



      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
      0
  12. gen-hackman
     
    Do you still have this message?

    When I try to run an .exe application, I get an error message saying "program_name is not a valid Win32 application."
    --
    ♦G3и-н@¢км@и™©®♦
    0
    1. Thibaut
       
      Impeccable, thank you very much.
      0
  13. gen-hackman
     
    ▶ Download: ATF Cleaner by Atribune

    Double-click (right-click "Run as administrator" for Vista) ATF-Cleaner.exe to launch the program.
    Under the Main tab, choose: Select All
    Click the Empty Selected button
    If you are using the Firefox browser:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button
    NOTE: If you want to keep your saved passwords, click No at the prompt.
    If you are using the Opera browser:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button
    NOTE: If you want to keep your saved passwords, click No at the prompt.
    Click Exit from the main menu to close the program.
    For technical support, double-click the email address located at the bottom of each menu.

    __________________________________________________

    ▶ You can keep ATF for potential deeper cleanings
    __________________________________________________

    ▶---> Download ToolsCleaner2 to your Desktop.
    * Double-click (right-click "Run as administrator" for Vista) on ToolsCleaner2.exe to launch it.
    * Click on Search and let the scan run.
    * Click on Delete to finalize.
    * You may, if you wish, use the Optional Options.
    * Click on Quit to get the report.
    * Post the report (TCleaner.txt) found at the root of your hard drive (C:\).
    ________________________________________________

    ▶ You can delete ToolCleaner
    _________________________________________________

    ▶ Download and install CCleaner (Do not install the Yahoo Toolbar):

    * Launch it (right-click "Run as administrator" for Vista) Go to Options then Advanced and uncheck the box Clear only files etc....
    * Go to Cleaner, choose Analyze. Once completed, start the cleaning.
    * Then, choose Registry, then Search for issues. Once completed, fix all issues as often as it finds them in the scan.
    * Make sure in the options the setting is at Windows startup and set to "secure deletion" 35 passes (Gutmann)
    __________________________________________________

    Warning: do not touch the PC while it is working!

    ▶ Cleaning and Defragmentation of your Disks

    *Cleaning:

    Right-click on "My Computer" (Computer for Vista) ==>"Open" ==> right-click on the C drive ==> Properties ==> "General" tab
    Click on the "Disk Cleanup" button, OK
    Do this for each of your drives
    ________________________________________________

    *Error checking:

    Right-click on "My Computer" (Computer for Vista) ==>"Open" ==> right-click on the C drive ==> Properties ==> "Tools" tab
    "Check Now", a box opens, check the boxes:
    - Automatically fix file system errors...
    - Scan for and attempt recovery of bad sectors...

    ---> Start, OK
    Note: if it asks you to restart your PC to do this, restart and let it run; it takes a little time, that’s normal
    Do this for each of your drives
    ________________________________________________

    Then still in the same tab, choose:

    *Defragmentation:
    "Defragment now", OK
    A box opens, select the drive to defragment, and click on "Analyze", then after the analysis, "Defragment". OK
    Do this for each of your drives
    _______________________________________________

    Note: if you have a defragmentation utility, use it instead

    To do this, Defraggler is suggested
    _________________________________________________

    ▶ Can you check your Java Console? :

    and install the new version if needed (in this case uninstall the old version first).

    Here’s how to uninstall:

    JavaRa

    Extract the file on the Desktop (Right-click > Extract All).
    * Double-click (right-click "Run as administrator" for Vista) on the JavaRa directory.
    * Then double-click on the JavaRa.exe file (the exe may not be displayed).
    * Choose French then click on Select.
    * Click on Check for Updates.
    * Select Update via jucheck.exe then click on Search.
    * Allow the process to connect if it asks, click on Install and follow the installation instructions which take a few minutes.
    * Once the installation is complete, return to the JavaRa screen and click on Remove old versions.
    * Click Yes to confirm. Let it work and then click on OK, then a second time on OK.
    * A report will open. Post it in your next reply.
    * Close the application.

    Note: the report is also located in C:\ under the name JavaRa.log.

    _________________________________________________

    ▶ Update Adobe Reader if not done (uninstall the previous version first)
    __________________________________________________

    ▶ I advise you if you don’t have it, to better secure your PC by installing a firewall:

    Online Armor or KERIO or JETICO or ZONE ALARM (only use the free firewall) or COMODO

    https://www.commentcamarche.net/telecharger/securite/16545-online-armor-personal-firewall/
    https://www.01net.com/telecharger/windows/Securite/firewall/fiches/39911.html
    https://forum.pcastuces.com/sujet.asp?f=25&s=35606
    https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
    https://manuelsdaide.com/contact/
    http://www.open-files.com/forum/index.php?showtopic=29277
    https://www.commentcamarche.net/telecharger/securite/24863-zonealarm/
    ___________________________________________________

    ▶ You can also empty your recycle bin, though CCleaner does it automatically
    _____________________________________________________

    ▶ If we used MalwareByte's Anti-Malware, empty its quarantine:

    * Launch the program then click on <Quarantine>.
    * Select all items then click on <delete>.
    * Exit the program.
    ______________________________________________________

    if you have installed Antivir:

    Configuration
    ________________________________________________________

    ▶ Same for your antivirus: empty its quarantine if not already done
    ______________________________________________________

    ▶ Disable and re-enable system restore, to do this: follow the instructions in the link:

    Link XP

    Link Vista

    As soon as that’s done, create a so-called "healthy" restore point to guard against potential future issues
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    A few tips and recommendations for the future:

    ▶ Run MalwareByte's Anti-Malware from time to time (once a week, depending on how you use your PC).
    ▶ Use your other protection software (antivirus scans, antispywares...). Don’t forget to update them before use.
    * Also remember to defragment your hard drives from time to time (keep enough space on C:\ (1/3 free to feel comfortable))
    _____________

    ▶ To properly protect your PC:
    [1 antivirus] + [1 firewall] + [a good antispyware with immunization] + [recent updates for Windows and Protection Software] + [use Firefox -or others- (Internet Explorer has security flaws that take a long time to fix but must be kept for Windows updates and Windows Live Messenger)]

    I recommend installing this Firefox extension to secure your browsing: WOT
    I recommend installing this Internet Explorer extension to secure your browsing: WOT

    PS: In fact, the best protection is you: what you do with your PC: where you surf, download... etc....
    Viruses exploit the vulnerabilities of your PC to infect a system

    if you wish to uninstall one antivirus in favor of another, here are a few links:

    Uninstall Avast
    Uninstall BitDefender
    Uninstall Norton
    Uninstall Kaspersky
    Uninstall AVG

    or all in one:

    Antivirus, Firewall, Antispyware Uninstallation
    _____________

    If you have Vista, don’t forget to re-enable User Account Control (UAC)
    ___________

    If you have Spybot S&D and we disabled the "Tea-timer," you can re-enable it
    ___________

    If we have shown hidden files, don’t forget to set them back to "hidden" attribute

    ▶ Click on the Start menu / Control Panel / Folder Options / then in the View tab
    * - Uncheck Show hidden files and folders
    * - check Hide extensions for known file types
    * - check Hide protected operating system files (recommended)

    ▶ Click on Apply, then OK.
    ____________

    There you go,

    Happy reading, see you soon, once all this is done,

    you can mark the thread as resolved

    Good luck and above all, be cautious and enjoy your surfing :)

    --
    ♦G3и-н@¢км@и™©®♦
    0