Mon pc s'eteint tous seul

nother94 Messages postés 8 Statut Membre -  
nother94 Messages postés 8 Statut Membre -
Bonjour,

Après un analyse avec avast, il me trouve un virus avec comme nom: pbfr2.dll localiser dans c:\windows\system32, et le virus se nome win32;adware;gen[adw]; Les symptomes de mon pc sont qu'il s'eteint tous seul et impossible de le ralumer aussitot il faut attendre plusieurs minutes.
j'ai telecharger hijacktis et voila le rapport:

pour moi cela est du chinois

Logfile of HijackThis v1.99.1
Scan saved at 22:17:47, on 05/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JEANMI~1\LOCALS~1\Temp\Rar$EX00.406\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.mini20.com/?tm=1&kw=Secure+Web+Search+Engine&KW1=Secure%20Web%20Search%20Engine&KW2=Best%20Malware%20Detection%20And%20Removal%20Software&searchbox=0&domainname=0&backfill=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 9477921593
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E809CCB-7702-4E03-812A-3139CFEC85B1}: NameServer = 86.64.145.146 84.103.237.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E809CCB-7702-4E03-812A-3139CFEC85B1}: NameServer = 86.64.145.146 84.103.237.146
O17 - HKLM\System\CS3\Services\Tcpip\..\{0E809CCB-7702-4E03-812A-3139CFEC85B1}: NameServer = 86.64.145.144 84.103.237.144
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Mais la je ni comprend rien, si quelqu'un veut bien m'aider je suis completement perdu

Merci de votre aide
Configuration: Windows XP
Internet Explorer 6.0

6 réponses

  1. Utilisateur anonyme
     
    poste ton log sur http://hijackthis.de/fr (décoche la case en bas inutile)
    0
    1. nother94 Messages postés 8 Statut Membre
       
      Merci de ton aide

      voila une des reponses,

      O2 - BHO: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll (file missing)
      Effacer à tout prix !
      Inscription superflue (car sans effet) qui peut donc être effacée ! pbfrv2.dll - 2020Search, http://www.spywareguide.com/product_show .php?id=640 adware variant

      comment effacer ? et quoi effacer

      Merci pour votre aide
      0
      1. nother94 Messages postés 8 Statut Membre > nother94 Messages postés 8 Statut Membre
         
        je ne trouve pas le fichier pbfr2dll dans windows systeme32pour le supprimer, est ce normale?
        0
      2. Jiminsk Messages postés 2658 Statut Membre 113 > nother94 Messages postés 8 Statut Membre
         
        Salut,

        Il faut relancer Hijackthis, cocher cette ligne :

        O2 - BHO: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll (file missing)

        Puis cliquer sur le bouton "Fix Checked" dans la fenêtre de Hijackthis.

        Il te demandera confirmation, clique "oui.
        0
      3. nother94 Messages postés 8 Statut Membre > Jiminsk Messages postés 2658 Statut Membre
         
        merci jiminsk,

        j'ai fait ce que tu m'a dit + cocher 03 toolbar pbfr... qui etait à supprumier egalement.
        j'ai fait un nouveau scan avec hijackthis et ensuite je l'ai analyser, il me trouve plus de fichier à supprimer. je te poste le rapport hijack.

        Est ce que je suis debarassé du virus ?ou est ce qui il y a autre chose a faire

        Merci pour ton aide

        Rapport hijack:


        Scan saved at 09:25:48, on 06/09/2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\RUNDLL32.EXE
        C:\WINDOWS\SOUNDMAN.EXE
        C:\WINDOWS\ALCWZRD.EXE
        C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
        C:\Apps\Powercinema\PCMService.exe
        C:\apps\ABoard\ABoard.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\apps\ABoard\AOSD.exe
        C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
        C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
        C:\Program Files\QuickTime\qttask.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\PROGRA~1\MI3AA1~1\wcescomm.exe
        C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
        C:\PROGRA~1\MI3AA1~1\rapimgr.exe
        C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
        c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
        c:\APPS\Powercinema\Kernel\TV\CLSched.exe
        C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
        c:\APPS\HIDSERVICE\HIDSERVICE.exe
        C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
        C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\WINDOWS\system32\slserv.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\Program Files\Windows Live\Messenger\usnsvc.exe
        C:\Program Files\Windows Live\Messenger\msnmsgr.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
        C:\Program Files\WinRAR\WinRAR.exe
        C:\DOCUME~1\JEANMI~1\LOCALS~1\Temp\Rar$EX00.485\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.mini20.com/?tm=1&kw=Secure+Web+Search+Engine&KW1=Secure%20Web%20Search%20Engine&KW2=Best%20Malware%20Detection%20And%20Removal%20Software&searchbox=0&domainname=0&backfill=0
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
        O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
        O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
        O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
        O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
        O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
        O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
        O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
        O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
        O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
        O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
        O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
        O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
        O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
        O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
        O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
        O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
        O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
        O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
        O17 - HKLM\System\CCS\Services\Tcpip\..\{0E809CCB-7702-4E03-812A-3139CFEC85B1}: NameServer = 86.64.145.146 84.103.237.146
        O17 - HKLM\System\CS1\Services\Tcpip\..\{0E809CCB-7702-4E03-812A-3139CFEC85B1}: NameServer = 86.64.145.146 84.103.237.146
        O17 - HKLM\System\CS3\Services\Tcpip\..\{0E809CCB-7702-4E03-812A-3139CFEC85B1}: NameServer = 86.64.145.144 84.103.237.144
        O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
        O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
        O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
        O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
        O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
        O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
        O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
        O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
        O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
        0
  2. Jiminsk Messages postés 2658 Statut Membre 113
     
    Salut,

    Je ne faisais que répondre au #3, je ne suis pas expert en rapport HijackThis.
    Mais est-ce que ton problème est réglé? Le pc s'éteint toujours tout seul ?
    0
  3. nother94 Messages postés 8 Statut Membre
     
    oui le pc s'eteint toujours et après un nouveau scan d'avast il me trouve win32:adware-gen dans le system volume information restore

    je ne sais pas quoi faire

    merci de votre aide
    0
    1. Jiminsk Messages postés 2658 Statut Membre 113
       
      Bonjour,

      télécharge ceci :

      http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware

      Installe le programme, mets-le à jour.
      Hors connexion, désactive avast!, lance un scan complet de malwarebyte.
      Place en quarantaine tout ce qu'il trouvera.
      Copie le rapport de scan.
      Une fois terminé, réactive ton antivirus,
      colle le rapport malwarebyte dans ton prochain post.
      0
  4. raissa
     
    bjr mon pc seteind aprè son demarage un message dereur avec un compte arebour de 60seconde .aprè recherche sur le web jai eu cme slution la cmande shutdown mai je ne sai pa commen fai svp help
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. nother94 Messages postés 8 Statut Membre
     
    bonjour jiminsk,

    desoler pour le temps de reponse

    j'ai fait ce que tu m'as dit et voila je rapport

    Malwarebytes' Anti-Malware 1.27
    Version de la base de données: 1132
    Windows 5.1.2600 Service Pack 2

    09/09/2008 18:49:00
    mbam-log-2008-09-09 (18-48-53).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 106971
    Temps écoulé: 46 minute(s), 25 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 4
    Fichier(s) infecté(s): 43

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\pbfrv2.pbfrv2 (Adware.2020Search) -> No action taken.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\dynamic toolbar (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\Cache (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\PBFRV2 (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache (Adware.2020search) -> No action taken.

    Fichier(s) infecté(s):
    C:\Program Files\dynamic toolbar\batch.bat (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\unins000.dat (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\unins000.exe (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\Cache\go.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\Cache\home.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\Cache\logo_pb.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\Cache\parent_off.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\Cache\parent_on.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\Cache\pbfrv2tb0200.cfg (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\Cache\popup_off.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\Cache\popup_on.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\Cache\search.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\Cache\services.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\Cache\skin.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\Cache\skin1.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\Cache\skin2.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\Cache\skin3.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\Cache\skin4.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\Cache\skin5.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\Cache\store.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\Cache\style.css (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\Cache\support.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\Cache\ticker.xml (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\go.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\home.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\logo_pb.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\parent_off.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\parent_on.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\pbfrv2tb0200.cfg (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\popup_off.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\popup_on.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\search.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\services.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin1.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin2.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin3.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin4.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin5.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\store.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\style.css (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\support.bmp (Adware.2020search) -> No action taken.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\ticker.xml (Adware.2020search) -> No action taken.

    comme tu le vois beaucoup de fichier infecter et maintenant qu' est que j'en fait

    Merci de ton aide
    0
  7. nother94 Messages postés 8 Statut Membre
     
    Desolé petit oubli , je ne les avait pas mis en quarantaine cela est fait et voila le nouveau rapport

    Malwarebytes' Anti-Malware 1.27
    Version de la base de données: 1132
    Windows 5.1.2600 Service Pack 2

    09/09/2008 19:55:17
    mbam-log-2008-09-09 (19-55-17).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 79209
    Temps écoulé: 12 minute(s), 21 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 4
    Fichier(s) infecté(s): 43

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\pbfrv2.pbfrv2 (Adware.2020Search) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\dynamic toolbar (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2 (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache (Adware.2020search) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Program Files\dynamic toolbar\batch.bat (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\unins000.dat (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\unins000.exe (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\go.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\home.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\logo_pb.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\parent_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\parent_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\pbfrv2tb0200.cfg (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\popup_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\popup_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\search.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\services.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\skin.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\skin1.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\skin2.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\skin3.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\skin4.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\skin5.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\store.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\style.css (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\support.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\Cache\ticker.xml (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\go.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\home.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\logo_pb.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\parent_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\parent_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\pbfrv2tb0200.cfg (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\popup_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\popup_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\search.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\services.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin1.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin2.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin3.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin4.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin5.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\store.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\style.css (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\support.bmp (Adware.2020search) -> Quarantined and deleted successfully.
    C:\Program Files\dynamic toolbar\PBFRV2\Cache\ticker.xml (Adware.2020search) -> Quarantined and deleted successfully.

    et maintenant qu est que je fait?
    est ce ce que je suis débarrassé?

    J'attent ta reponse

    Merci
    0