Redirection vers sites douteux par google

Salut,
Un peu de lecture :
http://www.commentcamarche.net/contents/processus/svchost exe.php3

Voici:


--------- Logfile of AD-Remover 1.0.8.2 by C_XX ---------

# START at: 14:39:13 | Mer 31/12/2008 | Microsoft® Windows XP™ SP2 (v5.1.2600)
# BOOT MODE: Normal

# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

# PC: MARCEL-DCVIHCQ6 | USER: Administrateur ( Current user is an administrator)

# DRIVE(S):
- C:\ (File System: NTFS)

# Internet Explorer v7.0.5730.13

--------- [ RUNNING PROCESSES: 29 ] ---------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vVX3000.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\ntvdm.exe

-----------------------------------


+-----------------------| Boonty/Boonty Games Elements found :

.

+-----------------------| Eorezo Elements found :

"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "EoEngine"
.
[20/10/2008 22:04] C:\Program Files\EoRezo
[20/10/2008 22:04] C:\Program Files\EoRezo\EoAdv
[20/10/2008 18:25] C:\Program Files\EoRezo\EoAdv\eoAdv.url
[24/09/2008 08:24] C:\Program Files\EoRezo\EoAdv\EoRezoBho.old
[20/10/2008 18:25] C:\Program Files\EoRezo\EoAdv\tmp
[24/09/2008 08:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.6168
[24/09/2008 08:24] C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.665
[20/10/2008 22:04] C:\Documents and Settings\Administrateur\Application Data\EoRezo
[20/10/2008 21:31] C:\Documents and Settings\Administrateur\Application Data\EoRezo\cmhost.cyp
[20/10/2008 21:31] C:\Documents and Settings\Administrateur\Application Data\EoRezo\ConfMedia.cyp
[20/10/2008 18:31] C:\Documents and Settings\Administrateur\Application Data\EoRezo\db
[20/10/2008 21:31] C:\Documents and Settings\Administrateur\Application Data\EoRezo\eoDesktop
[20/10/2008 19:23] C:\Documents and Settings\Administrateur\Application Data\EoRezo\eoStats
[20/10/2008 21:31] C:\Documents and Settings\Administrateur\Application Data\EoRezo\host.cyp
[20/10/2008 22:04] C:\Documents and Settings\Administrateur\Application Data\EoRezo\user.cyp
[20/10/2008 18:31] C:\Documents and Settings\Administrateur\Application Data\EoRezo\db\cat.cyp
[20/10/2008 21:31] C:\Documents and Settings\Administrateur\Application Data\EoRezo\eoDesktop\config.xml
[20/10/2008 21:31] C:\Documents and Settings\Administrateur\Application Data\EoRezo\eoDesktop\eoDesktop.html
[20/10/2008 21:31] C:\Documents and Settings\Administrateur\Application Data\EoRezo\eoDesktop\userConfig.xml
[20/10/2008 22:04] C:\Documents and Settings\Administrateur\Application Data\EoRezo\eoStats\eoStats.txt
[20/10/2008 19:05] C:\Documents and Settings\Administrateur\Cookies\administrateur@scache.eorezo[1].txt
[20/10/2008 22:04] C:\Documents and Settings\Administrateur\Cookies\administrateur@scache3.eorezo[1].txt

+-----------------------| Everest Poker Elements found :

.

+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

.

+-----------------------| It's TV Elements found :

"HKEY_CURRENT_USER\Software\ItsLabel\ItsTV"
"HKEY_USERS\S-1-5-21-789336058-1958367476-725345543-500\Software\ItsLabel"
.
[28/07/2008 18:58] C:\Documents and Settings\Administrateur\Application Data\ItsLabel
[29/07/2008 11:40] C:\Documents and Settings\Administrateur\Application Data\ItsLabel\ItsTV
[26/04/2007 17:54] C:\Documents and Settings\Administrateur\Application Data\ItsLabel\ItsTV\itsTV.xml

+-----------------------| Sweetim Elements found :

.
[28/09/2008 13:20] C:\WINDOWS\Installer\{3943C4CF-AC42-4E00-8824-25159B8478F1}\ARPPRODUCTICON.exe

+-----------------------| ADDED SCAN :



+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

...\1ppnh6s7.default\prefs.js :

~~~~ Mozilla FireFox version 1.5 ~~~~

* Browser Search Selected Engine: "Google"
* Browser Startup HomePage: "https://www.google.fr/?gws_rd=ssl"

+--+ +--+ +--+ +--+
.

+---------------------------------------------------------------------------+

+--[HKEY_CURRENT_USER\..\Run]

MoneyAgent REG_SZ "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe

+--[HKEY_LOCAL_MACHINE\..\Run]

NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
VX3000 REG_SZ C:\WINDOWS\vVX3000.exe
pccguide.exe REG_SZ "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
PCClient.exe REG_SZ "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
TM Outbreak Agent REG_SZ "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
TkBellExe REG_SZ "realsched.exe" -osboot
EoEngine REG_SZ
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime

+--[HKEY_USERS\.DEFAULT\..\Run]

CTFMON.EXE REG_SZ C:\WINDOWS\System32\CTFMON.EXE

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://go.microsoft.com/fwlink/?LinkId=69157

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://go.microsoft.com/fwlink/?LinkId=69157

+---------------------------------------------------------------------------+

- "C:\AD-report-Scan-31.12.2008.log" (~6690 bytes)

# END at: 14:40:55 | 31/12/2008 - Time elapsed: 1 minute, 41 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 118 lines ]
+---------------------------------------------------------------------------+

--------- Logfile of AD-Remover 1.0.8.2 by C_XX ---------

*** Limited to ***

Eorezo
It's TV
Sweetim

******************

# START at: 16:36:51 | Mer 31/12/2008 | Microsoft® Windows XP™ SP2 (v5.1.2600)
# BOOT MODE: Normal

# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

# PC: MARCEL-DCVIHCQ6 | USER: Administrateur ( Current user is an administrator)

# DRIVE(S):
- C:\ (File System: NTFS)

# Internet Explorer v7.0.5730.13

--------- [ RUNNING PROCESSES: 30 ] ---------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vVX3000.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ntvdm.exe

-----------------------------------

(!) ---- IE start pages reset

+-----------------------| Eorezo Elements Deleted :

"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "EoEngine"
.
[20/10/2008 22:04] C:\Program Files\EoRezo
[20/10/2008 22:04] C:\Documents and Settings\Administrateur\Application Data\EoRezo
[20/10/2008 19:05] C:\Documents and Settings\Administrateur\Cookies\administrateur@scache.eorezo[1].txt
[20/10/2008 22:04] C:\Documents and Settings\Administrateur\Cookies\administrateur@scache3.eorezo[1].txt

+-----------------------| It's TV Elements Deleted :

"HKEY_CURRENT_USER\Software\ItsLabel\ItsTV"
"HKEY_USERS\S-1-5-21-789336058-1958367476-725345543-500\Software\ItsLabel"
.
[28/07/2008 18:58] C:\Documents and Settings\Administrateur\Application Data\ItsLabel

+-----------------------| Sweetim Elements Deleted :

.
[28/09/2008 13:20] C:\WINDOWS\Installer\{3943C4CF-AC42-4E00-8824-25159B8478F1}\ARPPRODUCTICON.exe

Le rapport est incomplet? C'est peut etre que je l'ai arrêté pendant le nettoyage des fichiers temporaires: ça a bugé à ce moment. Mais, comme l'indique ce rapport, ce que tu m'as fait enlever est bien parti.

Pour les symptômes: c'est comme j'ai expliqué plus haut: les recherches google qui emmènent 2 coup sur 3 vers un site porno, pocker ou un faux bureau qui veut faire croire que le systeme est infecté et qui propose un faux antivirus.
Et surtout, ce truc empêche trend de se mettre à jour et spybot de démarrer et de se mettre à jour. Même après réinstallation.

--------- Logfile of AD-Remover 1.0.8.2 by C_XX ---------

# START at: 13:27:57 | Ven 02/01/2009 | Microsoft® Windows XP™ SP2 (v5.1.2600)
# BOOT MODE: Normal

# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

# PC: MARCEL-DCVIHCQ6 | USER: Administrateur ( Current user is an administrator)

# DRIVE(S):
- C:\ (File System: NTFS)

# Internet Explorer v7.0.5730.13

--------- [ RUNNING PROCESSES: 30 ] ---------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vVX3000.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\ntvdm.exe

-----------------------------------


+-----------------------| Boonty/Boonty Games Elements found :

.

+-----------------------| Eorezo Elements found :

.

+-----------------------| Everest Poker Elements found :

.

+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

.

+-----------------------| It's TV Elements found :

.

+-----------------------| Sweetim Elements found :

.

+-----------------------| ADDED SCAN :



+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

...\1ppnh6s7.default\prefs.js :

~~~~ Mozilla FireFox version 1.5 ~~~~

* Browser Search Selected Engine: "Google"
* Browser Startup HomePage: "https://www.google.fr/?gws_rd=ssl"

+--+ +--+ +--+ +--+
.

+---------------------------------------------------------------------------+

+--[HKEY_CURRENT_USER\..\Run]

MoneyAgent REG_SZ "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe

+--[HKEY_LOCAL_MACHINE\..\Run]

NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
VX3000 REG_SZ C:\WINDOWS\vVX3000.exe
pccguide.exe REG_SZ "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
PCClient.exe REG_SZ "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
TM Outbreak Agent REG_SZ "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
TkBellExe REG_SZ "realsched.exe" -osboot
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime

+--[HKEY_USERS\.DEFAULT\..\Run]

CTFMON.EXE REG_SZ C:\WINDOWS\System32\CTFMON.EXE

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://fr.msn.com/

+---------------------------------------------------------------------------+

- "C:\AD-report-Clean-31.12.2008.log" (~3289 bytes)

- "C:\AD-report-Scan-01.01.2009.log" (~4169 bytes)

- "C:\AD-report-Scan-02.01.2009.log" (~3706 bytes)

- "C:\AD-report-Scan-31.12.2008.log" (~4611 bytes)

# END at: 13:29:38 | 02/01/2009 - Time elapsed: 1 minute, 40 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 80 lines ]
+---------------------------------------------------------------------------+

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:00:38, on 02/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vVX3000.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Administrateur\Bureau\hey.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe

Alors, malwarebytes refuse de démarrer: il s'active dans les processus mais rien, comme spybot...

Qu'est ce qui peut empêcher le démarrage d'un programme?

Même ad aware refuse les maj.

J'ai réinstallé trend: pas de maj possible, du coup il est encore moins à jours qu'avant...
Un autre petit rapport, pendant une recherche et un tentative de maj de trend, je sais pas si ça change quelque chose ou si on voit une quelqu'onque activité:

à savoir que les redirections sont plus fréquentes quand je clique sur un lien google vers telecharger.com ou certains forums d'entraide informatique comme le votre par exemple.

Lors des tentatives de maj, le message souvent parle de problème de connection au serveur de maj

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:48:35, on 03/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vVX3000.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\Internet Security\PCCMAIN.EXE
C:\Documents and Settings\Administrateur\Bureau\hey.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : BIOS Date: 04/14/04 23:56:12 Ver: 08.00.09
USER : Administrateur ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:26 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 03/01/2009|23:17 )

--------------------\\ Listing des dossiers dans APPLIC~1

[19/10/2008|21:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\2020 Fusion
[01/03/2008|22:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[08/03/2008|12:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[05/02/2008|10:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\Clintonville Software
[21/10/2008|19:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\dvdcss
[25/10/2008|19:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\eTeks
[20/10/2008|18:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
[31/01/2008|13:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[05/02/2008|13:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\LimeWire
[31/01/2008|14:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[05/02/2008|16:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\MechCAD
[31/01/2008|15:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\Media Player Classic
[04/11/2008|20:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[31/01/2008|13:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[20/10/2008|06:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[19/02/2008|18:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[22/05/2008|14:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\TaoUSign
[06/09/2008|20:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\vlc
[13/08/2008|00:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR

[29/02/2008|12:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[08/08/2008|21:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[27/12/2008|13:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[20/10/2008|19:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[19/10/2008|21:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\iDeal Designer Hygena
[29/07/2008|11:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[03/01/2009|14:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[15/03/2008|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[31/01/2008|15:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[01/01/2009|14:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[31/01/2008|15:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[29/01/2008|18:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[29/01/2008|18:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[29/01/2008|20:38] C:\DOCUME~1\Marcel\APPLIC~1\Adobe
[29/01/2008|19:22] C:\DOCUME~1\Marcel\APPLIC~1\Creative
[29/01/2008|18:11] C:\DOCUME~1\Marcel\APPLIC~1\Identities
[29/01/2008|20:38] C:\DOCUME~1\Marcel\APPLIC~1\Macromedia
[31/01/2008|15:49] C:\DOCUME~1\Marcel\APPLIC~1\Microsoft
[29/01/2008|19:27] C:\DOCUME~1\Marcel\APPLIC~1\Mozilla

[29/01/2008|18:09] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[03/01/2009 12:47][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[03/01/2009 14:32][--ah-----] C:\WINDOWS\tasks\SA.DAT
[24/08/2001 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[02/07/2008|08:11] C:\Program Files\Adobe
[12/02/2008|14:31] C:\Program Files\Ahead
[05/02/2008|14:18] C:\Program Files\Alcohol Soft
[08/08/2008|21:47] C:\Program Files\Apple Software Update
[02/09/2008|12:58] C:\Program Files\CCleaner
[10/07/2008|12:54] C:\Program Files\CD Audio Reader Filter
[31/01/2008|18:25] C:\Program Files\Combined Community Codec Pack
[29/01/2008|18:02] C:\Program Files\ComPlus Applications
[29/01/2008|19:23] C:\Program Files\Creative
[10/07/2008|12:54] C:\Program Files\DirectVobSub
[10/07/2008|12:51] C:\Program Files\DivX
[31/01/2008|18:39] C:\Program Files\DScaler5
[09/12/2008|21:16] C:\Program Files\eMule
[20/10/2008|06:03] C:\Program Files\Fichiers communs
[25/10/2008|10:34] C:\Program Files\Furnish Pro
[21/10/2008|08:03] C:\Program Files\Google
[31/01/2008|18:38] C:\Program Files\Haali
[31/01/2008|15:43] C:\Program Files\Hewlett-Packard
[31/01/2008|15:41] C:\Program Files\HP
[11/04/2008|12:22] C:\Program Files\InstallShield Installation Information
[29/01/2008|18:16] C:\Program Files\Intel
[11/12/2008|19:49] C:\Program Files\Internet Explorer
[22/11/2008|09:02] C:\Program Files\iWizz
[11/12/2008|22:52] C:\Program Files\Java
[10/07/2008|12:56] C:\Program Files\K-Lite Codec Pack
[29/01/2008|18:54] C:\Program Files\Lavalys
[29/07/2008|11:28] C:\Program Files\Lavasoft
[03/01/2009|14:17] C:\Program Files\Malwarebytes' Anti-Malware
[14/08/2008|19:31] C:\Program Files\Messenger
[29/02/2008|11:57] C:\Program Files\MeuhMeuhTV
[29/07/2008|11:33] C:\Program Files\Microsoft ActiveSync
[29/01/2008|20:14] C:\Program Files\microsoft frontpage
[03/04/2008|14:31] C:\Program Files\Microsoft LifeCam
[10/02/2008|23:10] C:\Program Files\Microsoft Money
[04/11/2008|20:00] C:\Program Files\Microsoft Office
[29/01/2008|18:38] C:\Program Files\Movie Maker
[03/01/2009|14:39] C:\Program Files\Mozilla Firefox
[04/11/2008|20:00] C:\Program Files\MSECache
[29/01/2008|18:02] C:\Program Files\MSN Gaming Zone
[29/01/2008|18:36] C:\Program Files\NetMeeting
[10/07/2008|12:54] C:\Program Files\OpenSource Flash Video Splitter
[31/01/2008|17:26] C:\Program Files\Outlook Express
[27/12/2008|13:52] C:\Program Files\QuickTime
[25/02/2008|13:12] C:\Program Files\Real
[10/12/2008|15:02] C:\Program Files\RealMedia
[29/01/2008|18:29] C:\Program Files\Services en ligne
[10/07/2008|12:54] C:\Program Files\SHOUTcast Source
[25/10/2008|21:42] C:\Program Files\Sweet Home 3D
[27/12/2008|12:00] C:\Program Files\Trend Micro
[29/01/2008|18:11] C:\Program Files\Uninstall Information
[11/04/2008|11:31] C:\Program Files\ViaMichelin
[10/07/2008|12:37] C:\Program Files\VideoLAN
[31/01/2008|15:31] C:\Program Files\Windows Live
[04/12/2008|18:24] C:\Program Files\Windows Media Connect 2
[09/12/2008|14:25] C:\Program Files\Windows Media Player
[29/01/2008|18:36] C:\Program Files\Windows NT
[29/01/2008|18:02] C:\Program Files\WindowsUpdate
[13/08/2008|00:45] C:\Program Files\WinRAR
[29/01/2008|18:05] C:\Program Files\xerox
[08/12/2008|22:39] C:\Program Files\Zoom Player

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[15/02/2008|12:11] C:\Program Files\Fichiers communs\Adobe
[12/02/2008|14:31] C:\Program Files\Fichiers communs\Ahead
[27/12/2008|13:51] C:\Program Files\Fichiers communs\Apple
[29/01/2008|20:14] C:\Program Files\Fichiers communs\Designer
[31/01/2008|15:43] C:\Program Files\Fichiers communs\Hewlett-Packard
[29/01/2008|19:21] C:\Program Files\Fichiers communs\InstallShield
[05/02/2008|13:09] C:\Program Files\Fichiers communs\Java
[04/11/2008|20:00] C:\Program Files\Fichiers communs\Microsoft Shared
[29/01/2008|18:03] C:\Program Files\Fichiers communs\MSSoap
[29/01/2008|17:56] C:\Program Files\Fichiers communs\ODBC
[20/10/2008|06:03] C:\Program Files\Fichiers communs\Real
[29/01/2008|18:03] C:\Program Files\Fichiers communs\Services
[29/01/2008|17:56] C:\Program Files\Fichiers communs\SpeechEngines
[31/01/2008|17:26] C:\Program Files\Fichiers communs\System
[31/01/2008|15:26] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[29/07/2008|11:27] C:\Program Files\Fichiers communs\Wise Installation Wizard
[20/10/2008|06:03] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 37 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme


--------------------\\ Recherche d'autres infections

--------------------\\ ROOTKIT !!

Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS]

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\ADMINI~1\Bureau\musique\photos kris\Divers\Nero\Keygen.exe
C:\DOCUME~1\ADMINI~1\Bureau\musique\photos kris\nero key gen\keygen.nfo
C:\DOCUME~1\ADMINI~1\Recent\Trend-Pc-Cillin-2004-Crack.lnk


[F:210][D:21]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
[F:19][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies
[F:522][D:4]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 03/01/2009|23:29 - Option : [1]

--------------------\\ Fin du rapport a 23:29:07

ton lien ne fonctionne pas.

àa marche toujours pas mais je l'ai trouvé ailleurs, je test ça de suite, merci.

il n'a pas réussi à redémarrer tout seul et les problèmes sont revenus aussitôt, je recommence?

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
Item C:\WINDOWS\system32\ is whitelisted and cannot be moved.
Item C:\WINDOWS\system32\ is whitelisted and cannot be moved.
Item C:\WINDOWS\system32\ is whitelisted and cannot be moved.
Item C:\WINDOWS\system32\ is whitelisted and cannot be moved.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7c4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\1ppnh6s7.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\1ppnh6s7.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\1ppnh6s7.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\1ppnh6s7.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\1ppnh6s7.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01042009_030519

ça c'est ce midi:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
Item C:\WINDOWS\system32\ is whitelisted and cannot be moved.
Item C:\WINDOWS\system32\ is whitelisted and cannot be moved.
Item C:\WINDOWS\system32\ is whitelisted and cannot be moved.
Item C:\WINDOWS\system32\ is whitelisted and cannot be moved.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01042009_125747

celui ci c'était vers 3h:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
Item C:\WINDOWS\system32\ is whitelisted and cannot be moved.
Item C:\WINDOWS\system32\ is whitelisted and cannot be moved.
Item C:\WINDOWS\system32\ is whitelisted and cannot be moved.
Item C:\WINDOWS\system32\ is whitelisted and cannot be moved.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_c0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01042009_032019

Files moved on Reboot...
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_c0.dat not found!

à chaque fois que j'utilise ce programme, les problèmes reviennent et pas moyen de trouver les .dll qui posent problèmes, ils n'apparaissent pas dans system32 même en mode sans échec.

C'est bête car sdfix fonctinne très bien, je dois bouger, je vais essayer danss la semaine, de relancer sdfix et d'en profiter pour scanner avec trend et malwarebytes avant que ça revienne, j'aurais du y penser avant, je sais pas si ça va faire grand chose mais je pense que si celui qui a fabriqué ce virus veut bloquer ces programmes c'est qu'ils peuvent certainement y faire quelque chose.

Une autre idée sinon?