Ouverture page internet intempestive

Bonjour,

Je suis nouvelle sur le forum, je m'excuse par avance si mes explications ne sont pas claires et je vous remercie d'avance pour votre aide.
Depuis plusieurs jours je me bat avec un virus/spyware, je sais pas...
J'ai consulté à plusieurs reprises le forum et essayé de me débrouiller avec divers conseils mais j'ai pas l'impression d'avoir réussi à m'en débarasser.
Ce qui m'a alerté se sont des pages de pub qui s'ouvraient quand je cliquais sur un lien suite à une recherche sur google.
Voici les différentes choses que j'ai faites :
- scan avast qui m'a détecté "rootkit system32\drivers\isapnp.sys" que j'ai supprimé avec tdsskiller.
- installation d'un anti malware Malwarebyte (qui en passant n'arrive pas à ce mettre à jour) qui m'a trouvé différentes choses voici le rapport :

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/05/2011 11:59:12
mbam-log-2011-05-11 (11-59-12).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 146401
Temps écoulé: 8 minute(s), 54 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 15
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 22

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
c:\program files\EoRezo\EoAdv\eorezobho.dll (Rogue.Eorezo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1 (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1 (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\EoRezoBHO.EoBho (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{64F56FC1-1272-44CD-BA6E-39723696E350} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350} (Rogue.Eorezo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{B922D405-6D13-4A2B-AE89-08A030DA4402} (Adware.WidgiToolbar) -> Value: {B922D405-6D13-4A2B-AE89-08A030DA4402} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B922D405-6D13-4A2B-AE89-08A030DA4402} (Adware.WidgiToolbar) -> Value: {B922D405-6D13-4A2B-AE89-08A030DA4402} -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.19,93.188.160.49) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4B3F8609-CEF4-4713-B5CD-A09EF212E481}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.19,93.188.160.49) Good: () -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
c:\program files\EoRezo (Rogue.Eorezo) -> Delete on reboot.
c:\program files\EoRezo\EoAdv (Rogue.Eorezo) -> Delete on reboot.
c:\program files\EoRezo\lang (Rogue.Eorezo) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\program files\pdfforge toolbar\IE\4.3\pdfforgetoolbarie.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\program files\EoRezo\confmedia.cyp (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eoEngine.url (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\freeimage.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\Host.cyp (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\icon_eo.st.ico (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\mnginstaller.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\unins000.dat (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\unins000.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\user.cyp (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\EoAdv\eoAdv.url (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\EoAdv\eorezobho.dll (Rogue.Eorezo) -> Delete on reboot.
c:\program files\EoRezo\lang\ihm_eoclock.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\lang\ihm_eoengine.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\lang\ihm_eonet.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\lang\ihm_eorezotools.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\lang\ihm_eosudoku.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\lang\ihm_eoweather.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\lang\lang_en.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\lang\lang_es.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\lang\lang_fr.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\lang\lang_it.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.


j'ai supprimé tout ce qui concerne EOREZO. J'ai voulu supprimer "Trojan.DNSChanger" mais après cette suppression mon internet ne fonctionnait plus je l'ai donc restauré. concernant "Adware.WidgiToolbar" j'ai réussi à le supprimer après une 2ème analyse dont voici le rapport :


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/05/2011 14:09:48
mbam-log-2011-05-11 (14-09-48).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 191258
Temps écoulé: 22 minute(s), 11 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.19,93.188.160.49) Good: () -> Not selected for removal.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4B3F8609-CEF4-4713-B5CD-A09EF212E481}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.19,93.188.160.49) Good: () -> Not selected for removal.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\program files\pdfforge toolbar\widgihelper.exe (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f6a2eb6c-2bad-4a96-ac15-cc2ffcc89fae}\RP653\A0122527.rbf (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f6a2eb6c-2bad-4a96-ac15-cc2ffcc89fae}\RP653\A0122528.rbf (Adware.WidgiToolbar) -> Quarantined and deleted successfully.


J'ai enfin installé HijackThis dont voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:50:59, on 11/05/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\TeamViewer\Version6\tv_w32.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Fichiers communs\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Linksys\Network Storage\Network Drive Mapping Utility.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 9.0\Reader\pdfprevhndlrshim.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Fichiers communs\Spigot\Search Settings\SearchSettings.exe"
O4 - HKCU\..\Run: [Network Drive Mapping Utility] "C:\Program Files\Linksys\Network Storage\Network Drive Mapping Utility.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Ucuhulo] rundll32.exe "C:\WINDOWS\kCFCDL.dll",Startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: DEMARREP.BAT
O4 - Startup: DEMARREQ.BAT


Après tout ça, j'ai toujours une page yahoo ou google qui s'ouvre toute seule de temps en temps... ou quand je clique au hasard sur page internet déjà ouverte!! super bizarre!! ha oui j'oubliais, au démarrage du PC j'ai un message d'erreur :
C:\windows\kCFCDL.dll - Module introuvable

Voilà, j'ai fait le tour. Si quelqu'un peut m'aider je lui en serait trés reconnaissante.