Virus facebook a l aide

Question

Bonjour, 



Configuration: Windows XP / Firefox 6.0

Mon ordinateur est atteint du meme mal :(
Je poste le rapport usb.fix


quelqu un peux m aider ????? svp

Malekal_morte- · Answer

Salut,

C'est quoi les symptômes ?

chantal · Answer

Merci

Mon antivirus avira a disparu...je n arrive plus a ouvrir facebook......

Malekal_morte- · Answer

Ce serait pas ça : https://www.malekal.com/backdoor-win32-bafruz-b-trojan-killav-intelligent/
par hasard ?

Si tu as encore le lien vers cette "vidéo", je suis preneur.

fais ça :

Télécharge et installe Malwarebyte : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/         
Mets le à jour, fais un scan rapide, supprime tout et poste le rapport ici.         
!!! Malwarebyte doit être à jour avant de faire le scan !!!        
Supprime bien ce qui est détecté : bouton supprimer sélection.      


~~   

Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/    

* Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.    
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)    

* Lance OTL    
* Sur OTL, sous Personnalisation, copie-colle le script ci-dessous :    
netsvcs   
msconfig   
safebootminimal   
safebootnetwork   
activex   
drivers32   
%ALLUSERSPROFILE%\Application Data\*.   
%ALLUSERSPROFILE%\Application Data\*.exe /s   
%APPDATA%\*.   
%APPDATA%\*.exe /s   
%temp%\.exe /s   
%SYSTEMDRIVE%\*.exe   
%systemroot%\*. /mp /s   
%systemroot%\system32\*.dll /lockedfiles   
%systemroot%\Tasks\*.job /lockedfiles   
%systemroot%\system32\drivers\*.sys /lockedfiles   
%systemroot%\System32\config\*.sav   
/md5start   
explorer.exe   
winlogon.exe   
wininit.exe   
/md5stop   
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s   
CREATERESTOREPOINT   
nslookup www.google.fr /c   
SAVEMBR:0   
hklm\software\clients\startmenuinternet|command /rs   
hklm\software\clients\startmenuinternet|command /64 /rs    
* Clique sur le bouton Analyse.    
* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport OTL.txt (et Extra.txt si présent), donne le ou les liens pjjoint qui pointent vers ces rapports ici dans un nouveau message.

Chantal8484 · Answer

ok merci je fais ca et reviens :)

Chantal8484 · Answer

ps  je n ;ai plus le lien du video mais si je retrouve je te l enverrai...

Chantal8484 · Answer

Voici le rapport de malwarebytes


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Version de la base de données: 7519

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

2011-08-20 12:39:55
mbam-log-2011-08-20 (12-39-55).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 183077
Temps écoulé: 3 minute(s), 26 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 12
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 22

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Agent.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVSYSDRIVER32 (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run	ray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Trojan.Agent) -> Value: l1rezerv.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Backdoor.Agent) -> Value: wxpdrv -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2998508.exe (Trojan.Downloader.Gen) -> Value: 2998508.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2407182.exe (Trojan.Downloader.Gen) -> Value: 2407182.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3767366.exe (Trojan.Downloader.Gen) -> Value: 3767366.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\92841930-loader2.exe (Trojan.Agent) -> Value: 92841930-loader2.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6289569.exe (Trojan.Downloader.Gen) -> Value: 6289569.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
c:\WINDOWSpcminer (Trojan.BCMiner) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\WINDOWS\update.tray-8-0\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\sysdriver32_.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS
ew111.exe (Rootkit.0Access.XGen) -> Quarantined and deleted successfully.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\WINDOWSpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWSpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWSpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWSpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWSpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWSpcminer\curllib.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWSpcminer\libeay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWSpcminer\libsasl.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWSpcminer\openldap.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWSpcminerpcminer-4way.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWSpcminerpcminer-cpu.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWSpcminerpcminer-cuda.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWSpcminerpcminer-opencl.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWSpcminer\ssleay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.

Chantal8484 · Answer

Dois je faire la correction sur otl car j ai juste scanner

Chantal8484 · Answer

ok je reviens avec ca desolee un peu de difficulte avec celui la

Chantal8484 · Answer

Bon voila je crois que je j y suis arrivee lolll par contre je dois te dire que je n ai pas fait de corrction avant de t'envoyer ces liens ets-ce correct comme ca?



https://pjjoint.malekal.com/files.php?id=89389cd59d8p10e10f14b14n13y78z12s9u10b12s5w8c10w7b98c6i13



https://pjjoint.malekal.com/files.php?id=ba2f31b163v13g9z13x13h6f6t6z9n8k13q15z8i11d12o14x12v12b7j10f5

Chantal8484 · Answer

Tu es toujours la?

Chantal8484 · Answer

Je reviens plus tard voir ce que tu m as poste 
merci

Malekal_morte- · Answer

c'est bien Backdoor.Win32.Bafruz. 


Télécharge ce tool : http://batchdhelus.open-web.fr/programme/MalwaresUploader.exe  
Puis tu coches Malekal à gauche  
Dans le cadre en bas, copie/colle les chemins des fichiers suivants :  

C:\WINDOWS\update.7.1\svchostdriver.exe

et tu clics sur Upload en bas.  


puis :


Relance OTL.  
o sous Personnalisation, copie_colle le contenu du cadre ci dessous et clic Correction, un rapport apparraitra suite à l'operation que tu conserveras sur clé usb par exemple afin d'en coller le resultat:  

:OTL 
PRC - [2011-08-20 10:38:40 | 000,382,464 | ---- | M] () -- C:\WINDOWS\update.7.1\svchostdriver.exe 
MOD - [2011-08-20 10:38:40 | 000,382,464 | ---- | M] () -- C:\WINDOWS\update.7.1\svchostdriver.exe 
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\2.bin\NPFunWeb.dll File not found 
[2011-08-20 10:43:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.5.0  
[2011-08-20 10:40:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.2  
[2011-08-20 10:38:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.7.1 
[2011-08-20 10:35:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.1  
[2011-08-20 10:34:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-8-0-lnk  
[2011-08-20 10:34:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-8-0
:commands
[ResetHosts]  

* redemarre le pc sous windows et poste le rapport ici  

Yes, no, maybe 
I don't know 
Can you repeat the question? 
You're not the boss of me now

Chantal8484 · Answer

ok je m y met  

merci pour ton aide :)

Chantal8484 · Answer

voila j ai fait ce que tu demandais...voici le rapport

========== OTL ==========
Process svchostdriver.exe killed successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@funwebproducts.com/Plugin\ deleted successfully.
C:\WINDOWS\update.5.0 folder moved successfully.
C:\WINDOWS\update.2 folder moved successfully.
C:\WINDOWS\update.7.1 folder moved successfully.
C:\WINDOWS\update.1 folder moved successfully.
C:\WINDOWS\update.tray-8-0-lnk folder moved successfully.
C:\WINDOWS\update.tray-8-0 folder moved successfully.
 
OTL by OldTimer - Version 3.2.26.5 log created on 08202011_182203

Malekal_morte- · Answer

Réinstalle Antivir.

Chantal8484 · Answer

ok j ai reinstalle avira  je scan?

Malekal_morte- · Answer

Si tu veux :)

Chantal8484 · Answer

lolll  ok j essais ca car ca ne fonctionne toujours pas lolll

Malekal_morte- · Answer

quoi donc qui ne fonctionne tjrs pas ?

Chantal8484 · Answer

incaple d ouvrir une page facebook pour se connecte ca me dis youjours que firefox ne peux ouvrir la page mais lorsque j essais d autre page tout fonctionne bien .....

Malekal_morte- · Answer

Refais un coup de OTL : https://forums.commentcamarche.net/forum/affich-22940548-virus-facebook-a-l-aide#19

reprends bien le script.

Je vais me pieuter, à demain :)

Chantal8484 · Answer

je voulais dire incapable *  lol

Chantal8484 · Answer

ok bonne nuit a toi je posterai le rapport et reviendrai demain :)
merci :)

et....bonne nuit

Chantal8484 · Answer

Finalement je te le poste tout de suite ...lorsuqe je fais la premiere etape et que je clic sur upload.....ca me dit   vous devez choisir un fichier valide....je vais quand meme poursuive avec l autre etape et attendrai a demain pour le reste

Virus facebook a l aide

24 réponses

Votre réponse

Discussions similaires

Newsletters