Infection par exoclick

[incal32]

Bonjour,

 

J'ai un pb, a chaque fois, que j'ai un résultat sur google, je clique dessus et suit rediriger sur un lien exoclick, S'agit t'il d'un détournement DNS.

Je poste le rapport de hijackthis

 

Merci pour votre aide

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:46:23, on 12/01/2010

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

E:\Windows\system32\Dwm.exe

E:\Windows\Explorer.EXE

E:\Windows\system32\taskhost.exe

E:\Windows\System32\igfxtray.exe

E:\Windows\system32\igfxsrvc.exe

E:\Windows\System32\hkcmd.exe

E:\Windows\System32\igfxpers.exe

E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

E:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

E:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

E:\Program Files\iTunes\iTunesHelper.exe

E:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe

E:\Windows\system32\wuauclt.exe

E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

E:\Program Files\Internet Explorer\iexplore.exe

E:\Program Files\Internet Explorer\iexplore.exe

E:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

E:\Windows\system32\taskeng.exe

E:\Program Files\Internet Explorer\iexplore.exe

E:\Users\Denver\Documents\UseNeXT\wizard\Xfloodx - Alias S04e07 DVDRip XviD - WAT - aliass0\HiJackThis.exe

E:\Windows\system32\SearchFilterHost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - E:\Program Files\Norton AntiVirus\Engine\17.1.0.19\IPSBHO.DLL

O4 - HKLM\..\Run: [igfxTray] E:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] E:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] E:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [RtHDVCpl] E:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Corel Photo Downloader] "E:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup

O4 - HKLM\..\Run: [Corel File Shell Monitor] E:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [Google Update] "E:\Users\Denver\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://E:\Windows\system32\GPhotos.scr/200

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - E:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - E:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - E:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - E:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - E:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

 

--

End of file - 5457 bytes

 

 

Malwarebyte a trouvé en plus une infection par Bitrose Trace ?

mais cela se poursuit tout de même après supression des fichiers.