Du Chinois a droite ds barre adresse de IE

Bonjour
Merci pour ton aide.

J'ai aussi fait un Scan en ligne avec Windows Live On Care et je crois que les fautifs sont : CNNIC et KOOWO.

J'ai effectué le nettoyage et le scan Ewido que tu m'a indiqué.

Je poste les logs Hijackthis et Ewido ci-dessous.

Merci encore, c'est vraiment sympa.

Logfile of HijackThis v1.99.1
Scan saved at 10:27:14, on 02/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\927up.exe
C:\DOCUME~1\Victor\LOCALS~1\Temp\RarSFX1\csrss.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCSVR.EXE
E:\Program Files\Thunderbird\thunderbird.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Archives\Divers\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = home.free.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=' target='_blank' rel='nofollow'>go.microsoft.com{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = client.jogo.cn/cdn/browser/sidesearch/sidesearch-en.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = client.jogo.cn/cdn/browser/customsearch/customsearch-en.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BHOImp Class - {70AFF2CB-9DA2-499C-8D15-900729FCE83D} - C:\WINDOWS\system32\YHBO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [rundll] C:\Program Files\Common Files\rundll.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} - www.pixaco.fr/static/download/pixacodndupload.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37480.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab40641.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 00:24:21 02/10/2006

+ Scan result:



HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : No action taken.
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : No action taken.
C:\Documents and Settings\Night Hawk\Local Settings\Temp\RarSFX0\csrss.exe -> Downloader.Agent.awi : No action taken.
C:\Documents and Settings\Night Hawk\Local Settings\Temp\RarSFX1\csrss.exe -> Downloader.Agent.awi : No action taken.
C:\Documents and Settings\Night Hawk\Local Settings\Temporary Internet Files\Content.IE5\VNTZNXOW\927up[1].exe/csrss.exe -> Downloader.Agent.awi : No action taken.
C:\WINDOWS\~tmp1095.exe -> Downloader.Delf.ayf : No action taken.
C:\WINDOWS\~tmp1339.exe -> Downloader.Delf.ayf : No action taken.
C:\WINDOWS\~tmp2107.exe -> Downloader.Delf.ayf : No action taken.
C:\WINDOWS\~tmp2290.exe -> Downloader.Delf.ayf : No action taken.
C:\WINDOWS\~tmp308.exe -> Downloader.Delf.ayf : No action taken.
C:\WINDOWS\~tmp441.exe -> Downloader.Delf.ayf : No action taken.
C:\WINDOWS\~tmp4901.exe -> Downloader.Delf.ayf : No action taken.
C:\WINDOWS\~tmp5110.exe -> Downloader.Delf.ayf : No action taken.
C:\WINDOWS\~tmp5146.exe -> Downloader.Delf.ayf : No action taken.
C:\WINDOWS\~tmp5366.exe -> Downloader.Delf.ayf : No action taken.
C:\WINDOWS\~tmp5603.exe -> Downloader.Delf.ayf : No action taken.
C:\WINDOWS\~tmp6999.exe -> Downloader.Delf.ayf : No action taken.
C:\WINDOWS\~tmp7344.exe -> Downloader.Delf.ayf : No action taken.
C:\WINDOWS\~tmp7582.exe -> Downloader.Delf.ayf : No action taken.
C:\WINDOWS\~tmp8162.exe -> Downloader.Delf.ayf : No action taken.
C:\WINDOWS\~tmp8640.exe -> Downloader.Delf.ayf : No action taken.
E:\Archives\Grabit\Download\alt.binaries.dvd.music\¤¤¤ chaines tv gratuites ¤¤¤.rar/Crack Eurobarre v2.exe -> Not-A-Virus.HackTool.Win32.Agent.an : No action taken.
C:\Documents and Settings\Night Hawk\Local Settings\Temp\46exmodul32c.2.exe -> Proxy.Horst.iz : No action taken.
C:\Documents and Settings\Night Hawk\Local Settings\Temp\36exssd32.6.exe -> Proxy.Horst.jc : No action taken.
:mozilla.47:C:\Documents and Settings\Night Hawk\Application Data\Mozilla\Firefox\Profiles\9jwdaud9.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\Night Hawk\Cookies\night hawk@247realmedia[2].txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\Night Hawk\Cookies\night hawk@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Night Hawk\Cookies\night hawk@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
:mozilla.19:C:\Documents and Settings\Night Hawk\Application Data\Mozilla\Firefox\Profiles\9jwdaud9.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Night Hawk\Cookies\night hawk@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.65:C:\Documents and Settings\Night Hawk\Application Data\Mozilla\Firefox\Profiles\9jwdaud9.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.66:C:\Documents and Settings\Night Hawk\Application Data\Mozilla\Firefox\Profiles\9jwdaud9.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.67:C:\Documents and Settings\Night Hawk\Application Data\Mozilla\Firefox\Profiles\9jwdaud9.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.68:C:\Documents and Settings\Night Hawk\Application Data\Mozilla\Firefox\Profiles\9jwdaud9.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Night Hawk\Cookies\night hawk@as-eu.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
:mozilla.57:C:\Documents and Settings\Night Hawk\Application Data\Mozilla\Firefox\Profiles\9jwdaud9.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.58:C:\Documents and Settings\Night Hawk\Application Data\Mozilla\Firefox\Profiles\9jwdaud9.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.63:C:\Documents and Settings\Night Hawk\Application Data\Mozilla\Firefox\Profiles\9jwdaud9.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.64:C:\Documents and Settings\Night Hawk\Application Data\Mozilla\Firefox\Profiles\9jwdaud9.default\cookies.txt -> TrackingCookie.Planetactive : No action taken.
C:\Documents and Settings\Night Hawk\Cookies\night hawk@ads.pointroll[1].txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.60:C:\Documents and Settings\Night Hawk\Application Data\Mozilla\Firefox\Profiles\9jwdaud9.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.61:C:\Documents and Settings\Night Hawk\Application Data\Mozilla\Firefox\Profiles\9jwdaud9.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.62:C:\Documents and Settings\Night Hawk\Application Data\Mozilla\Firefox\Profiles\9jwdaud9.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\Night Hawk\Cookies\night hawk@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\Night Hawk\Cookies\night hawk@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Night Hawk\Cookies\night hawk@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.11:C:\Documents and Settings\Night Hawk\Application Data\Mozilla\Firefox\Profiles\9jwdaud9.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\Night Hawk\Cookies\night hawk@weborama[2].txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\Victor\Cookies\victor@weborama[1].txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\Night Hawk\Cookies\night hawk@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\WINDOWS\system32\trupd.trb -> Trojan.Small : No action taken.


::Report end

Lis bien ce que je te maque STP .

Ton scan d'ewido ne vaut rien le no action taken que tu peux voir dans ton rapport signifie que tun'as rien nettoyé du tout il faut que tu le reffasses et que tu "delete" tout ce qu'il te trouve . (cf premier indiqué..) et colle le rapport et ensuite un log hijack.

A+ ***** Have a good day *****