pages de pubs qui s ouvrent

Bonjour tout le monde
voila mon probleme
j ai des pages de pubs qui s ouvrent a chaque pages internet que je visitent
comment faire pour m en debarasser
merci

bonjour

Désactiver l'antivirus
Télécharger et enregistrer sur le bureau
Combofix

=Double-clic sur Combofix
= Presser 1 si demandé
= Attendre la fermeture de l’outil ( 5 -10 mn ou plus si infection importante)
=Copier/coller le rapport dans la réponse
Un rapport dans C:\Combofix.txt à mettre dans la réponse
Réactiver l'antivirus


et pour contrôle
Télécharger sur le bureau
Hijackthis

=Double-clic dessus
= Clic Do a system scan and save the log
= copier le rapport, le coller dans la réponse

voila les rapports

Code:

  ComboFix 08-11-13.02 - satanas 2008-11-15 21:33:51.2 - NTFSx86
  Microsoft Windows XP Professionnel  5.1.2600.3.1252.1.1036.18.533 [GMT 1:00]
  Lancé depuis: c:\documents and settings\satanas\Bureau\ComboFix.exe
   * Un nouveau point de restauration a été créé
  .
  
  ((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
  .
  
  c:\documents and settings\satanas\Local Settings\Application Data\kebpmawt.dat
  c:\documents and settings\satanas\Local Settings\Application Data\kebpmawt.exe
  c:\documents and settings\satanas\Local Settings\Application Data\kebpmawt_nav.dat
  c:\documents and settings\satanas\Local Settings\Application Data\kebpmawt_navps.dat
  c:\program files\SAV
  
  .
  (((((((((((((((((((((((((((((   Fichiers créés du 2008-10-15 au 2008-11-15  ))))))))))))))))))))))))))))))))))))
  .
  
  2008-11-12 21:35 . 2008-11-12 21:35	63	--a------	c:\windows\yesmessenger.ini
  2008-11-12 21:34 . 2008-11-12 21:40	<REP>	d--------	c:\program files\YesMessenger
  2008-11-11 21:07 . 2008-10-24 12:21	455,296	-----c---	c:\windows\system32\dllcache\mrxsmb.sys
  2008-11-11 21:06 . 2008-09-04 18:16	1,106,944	-----c---	c:\windows\system32\dllcache\msxml3.dll
  2008-11-09 23:14 . 2008-11-09 23:18	3	--a------	c:\windows\sbacknt.bin
  2008-11-09 23:12 . 2008-11-09 23:18	<REP>	d--------	c:\documents and settings\satanas\Application Data\vghd
  2008-11-09 23:12 . 2008-11-09 23:12	152,904	--a------	c:\windows\system32\vghd.scr
  2008-11-05 06:32 . 2008-11-05 06:32	6,144	--ahs----	c:\windows\Thumbs.db
  2008-10-24 15:03 . 2008-10-29 18:51	<REP>	d--------	c:\program files\Everest Poker
  2008-10-23 19:04 . 2008-10-15 17:35	337,408	-----c---	c:\windows\system32\dllcache\netapi32.dll
  2008-10-20 08:13 . 2008-10-20 08:13	<REP>	d--------	c:\documents and settings\All Users\Application Data\Office Genuine Advantage
  2008-10-15 05:58 . 2008-09-08 11:41	333,824	-----c---	c:\windows\system32\dllcache\srv.sys
  2008-10-15 05:57 . 2008-08-14 14:23	2,191,232	-----c---	c:\windows\system32\dllcache\ntoskrnl.exe
  2008-10-15 05:57 . 2008-08-14 14:23	2,147,328	-----c---	c:\windows\system32\dllcache\ntkrnlmp.exe
  2008-10-15 05:57 . 2008-08-14 14:23	2,068,096	-----c---	c:\windows\system32\dllcache\ntkrnlpa.exe
  2008-10-15 05:57 . 2008-08-14 14:23	2,025,984	-----c---	c:\windows\system32\dllcache\ntkrpamp.exe
  2008-10-15 05:57 . 2008-09-15 16:26	1,846,528	-----c---	c:\windows\system32\dllcache\win32k.sys
  
  .
  ((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2008-11-11 20:12	---------	d-----w	c:\documents and settings\All Users\Application Data\Microsoft Help
  2008-11-11 15:03	---------	d-----w	c:\program files\eMule
  2008-11-10 19:08	---------	d-----w	c:\program files\Fichiers communs\Adobe
  2008-10-24 11:21	455,296	----a-w	c:\windows\system32\drivers\mrxsmb.sys
  2008-10-21 16:48	---------	d-----w	c:\program files\AviSynth 2.5
  2008-10-21 16:47	---------	d-----w	c:\program files\Ripp-it_AM
  2008-10-20 19:03	---------	d-----w	c:\program files\WordBiz
  2008-10-07 18:42	---------	d-----w	c:\documents and settings\satanas\Application Data\dvdcss
  2008-10-06 16:08	---------	d-----w	c:\program files\Microsoft Digital Image 10
  2008-09-23 19:50	---------	d-----w	c:\program files\Eidos Interactive
  2008-09-19 20:26	---------	d--h--w	c:\program files\InstallShield Installation Information
  2008-09-19 15:49	354,560	----a-w	c:\windows\system32\TuneUpDefragService.exe
  2008-09-19 15:49	---------	d-----w	c:\program files\TuneUp Utilities 2008
  2008-09-17 17:26	---------	d-----w	c:\program files\ma-config.com
  2008-09-17 17:26	---------	d-----w	c:\documents and settings\All Users\Application Data\ma-config.com
  2008-09-15 15:26	1,846,528	----a-w	c:\windows\system32\win32k.sys
  2008-09-10 01:15	1,307,648	----a-w	c:\windows\system32\msxml6.dll
  2008-09-07 07:49	91,744	----a-w	c:\windows\BPMNT.dll
  2008-09-07 07:49	71,749	----a-w	c:\windows\hcextoutput.dll
  2008-09-07 07:49	333,576	----a-w	c:\windows\tsc.exe
  2008-09-07 07:49	1,213,784	----a-w	c:\windows\vsapi32.dll
  2008-09-04 17:16	1,106,944	----a-w	c:\windows\system32\msxml3.dll
  2008-08-26 08:11	826,368	----a-w	c:\windows\system32\wininet.dll
  2006-05-24 15:38	233,472	----a-w	c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
  2006-05-18 16:00	204,895	----a-w	c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
  2005-09-29 13:41	77,824	----a-w	c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
  2006-05-18 15:59	426,081	----a-w	c:\program files\mozilla firefox\plugins\ctplayerobject.dll
  2005-02-02 11:19	458,752	----a-w	c:\program files\mozilla firefox\plugins\imagickrt.dll
  2006-04-10 17:35	139,264	----a-w	c:\program files\mozilla firefox\plugins\rlcontentclass.dll
  2005-11-09 10:10	204,800	----a-w	c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
  2005-11-09 10:42	106,496	----a-w	c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
  2006-01-04 10:22	212,992	----a-w	c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
  2006-01-04 10:21	167,936	----a-w	c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
  2008-07-21 17:15	32,768	--sha-w	c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008072120080722\index.dat
  .
  
  (((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
  REGEDIT4
  
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
  "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
  "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
  
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
  "VIDC.MJPG"= Pvmjpg21.dll
  "VIDC.PIM1"= pclepim1.dll
  
  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
  --a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
  
  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
  --a------ 2008-04-14 03:33 15360 c:\windows\system32\ctfmon.exe
  
  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
  --a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe
  
  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
  --a------ 2006-09-19 08:07 827392 c:\windows\vsnpstd3.exe
  
  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
  --a------ 2005-11-04 14:05 90112 c:\windows\tsnpstd3.exe
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "%windir%\system32\sessmgr.exe"=
  "c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
  "c:\Program Files\eMule\emule.exe"=
  
  R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-08-04 78416]
  R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-08-04 20560]
  R2 UxTuneUp;TuneUp Extension de thème;c:\windows\System32\svchost.exe -k netsvcs [2004-08-03 14336]
  R3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-09-19 354560]
  S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
  
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
  UxTuneUp
  .
  Contenu du dossier 'Tâches planifiées'
  
  2008-11-14 c:\windows\Tasks\Maintenance en 1 clic.job
  - c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-04-22 13:17]
  .
  - - - - ORPHELINS SUPPRIMES - - - -
  
  HKCU-Run-kebpmawt - c:\documents and settings\satanas\local settings\application data\kebpmawt.exe
  MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe
  
  
  .
  ------- Examen supplémentaire -------
  .
  FireFox -: Profile - c:\documents and settings\satanas\Application Data\Mozilla\Firefox\Profiles\d2gm6lii.default\
  FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
  FF -: plugin - c:\documents and settings\satanas\Application Data\Mozilla\Firefox\Profiles\d2gm6lii.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
  FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
  FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
  FF -: plugin - c:\program files\ma-config.com\nphardwaredetection.dll
  FF -: plugin - c:\program files\Mozilla Firefox\plugins\npRLCT4Player.dll
  .
  
  **************************************************************************
  
  catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2008-11-15 21:34:59
  Windows 5.1.2600 Service Pack 3 NTFS
  
  Recherche de processus cachés ...
  
  Recherche d'éléments en démarrage automatique cachés ...
  
  Recherche de fichiers cachés ...
  
  Scan terminé avec succès
  Fichiers cachés: 0
  
  **************************************************************************
  
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
  "ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
  .
  Heure de fin: 2008-11-15 21:36:46
  ComboFix-quarantined-files.txt  2008-11-15 20:36:32
  
  Avant-CF: 37 751 599 104 octets libres
  Après-CF: 37,748,252,672 octets libres
  
  WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
  [boot loader]
  timeout=2
  default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
  [operating systems]
  c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
  multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
  
  148	--- E O F ---	2008-11-11 20:12:01

Scan saved at 21:39:09, on 15/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\satanas\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.orange.fr
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202998429044
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 4304 bytes

Tu as encore des souci?

non merci de votre aide