i want to erase it, plz help

system · September 29, 2013, 1:57pm

Hi,
Since a couple of weeks, i have the message :

Object: http://bookmakers55.free.fr/Bitcoin/1/API.class
Process: C:\Windows\System32\svchost.exe
I found that a directory temp is created each time i start windows.

I post may logs in case of someone could help me. Thanks in advance.

AdwCleaner v3.005 - Report created 25/09/2013 at 21:56:50

Updated 22/09/2013 by Xplode

Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

Username : Rnuls - RNULS-PC

Running from : D:\Download\Downloads\adwcleaner.exe

Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{116BA71C-8187-4F15-9A1F-C9D6289155D1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\ Internet Explorer v8.0.7601.17514

-\ Mozilla Firefox v

[ File : C:\Users\Rnuls\AppData\Roaming\Mozilla\Firefox\Profiles\zw9a1zph.default\prefs.js ]

-\ Google Chrome v

[ File : C:\Users\Rnuls\AppData\Local\Google\Chrome\User Data\Default\preferences ]

AdwCleaner[R0].txt - [1530 octets] - [25/09/2013 21:00:15]
AdwCleaner[R1].txt - [1378 octets] - [25/09/2013 21:03:26]
AdwCleaner[R2].txt - [1438 octets] - [25/09/2013 21:13:06]
AdwCleaner[R3].txt - [1358 octets] - [25/09/2013 21:56:50]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1418 octets] ##########

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2013.09.25.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Rnuls :: RNULS-PC [administrateur]

25/09/2013 21:59:14
mbam-log-2013-09-25 (21-59-14).txt

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)

essexboy · September 29, 2013, 2:23pm

Hi run Adwcleaner again and after the scan select Clean

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O3 - HKU\S-1-5-21-1774482332-3511696485-3237036302-1000\..\Toolbar\ShellBrowser: (no name) - {D2BF470E-ED1C-487F-A300-2BD8835EB6CE} - No CLSID value found.
O3 - HKU\S-1-5-21-1774482332-3511696485-3237036302-1000\..\Toolbar\ShellBrowser: (no name) - {D2BF470E-ED1C-487F-A333-2BD8835EB6CE} - No CLSID value found.
O3 - HKU\S-1-5-21-1774482332-3511696485-3237036302-1000\..\Toolbar\ShellBrowser: (no name) - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - No CLSID value found.

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

FINALLY

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application

https://dl.dropbox.com/u/73555776/tdss%20start.JPG

[*]Then click on Change parameters.

https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG

[*]Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.

[*]Click the Start Scan button.

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

https://dl.dropbox.com/u/73555776/tdss%20threat.JPG

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Get the report by selecting Reports

https://dl.dropbox.com/u/73555776/tdss%20report.JPG

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

system · September 29, 2013, 5:38pm

ok, here is the log of OTL.

system · September 29, 2013, 5:48pm

and there is the log of tdskiller (no malicious object found …)

system · September 29, 2013, 6:05pm

Seems to be good, the message disappeared and the temp directory has gone.

MANY BIG THANKS ESSEXBOY AND ALL IN PEOPLE THE FORUM THAT HELP PEOPLE LIKE ME !!! ;D 8)

essexboy · September 29, 2013, 9:29pm

Run OTL and press the cleanup button