virus : pptp32.dll , impossible à supprimer

virus : pptp32.dll , impossible à supprimer - Sécurité - Windows & Software

Marsh Posté le 19-04-2006 à 22:06:52    

Voilà ma copine à un virus detecté par Trend Micro, impossible à supprimer, il est dans Windows\system32\pptp32.dll, pareil à la main, impossible.
Voici le rapport avec hijack, une idée ?
 
Logfile of HijackThis v1.99.1
Scan saved at 3:24:38 PM, on 4/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\AOL\1144237139\ee\AOLSoftware.exe
C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Documents and Settings\Herve.LAPTOP\Desktop\hijackthis_199\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =  
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =  
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =  
http://www.aimtoday.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =  
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R3 - URLSearchHook: AOLTBSearch Class -  
{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar  
3.0\aoltb.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -  
C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -  
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -  
C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  
C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE  
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet  
Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet  
Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet  
Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]  
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program  
Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP  
Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe  
TaskBarIcon.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program  
Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program  
Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common  
Files\AOL\1144237139\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe  
appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program  
Files\Plaxo\2.6.2.9\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe"  
/background
O4 - Global Startup: D-Link AirPlus.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol  
toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel -  
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} -  
C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no  
file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -  
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -  
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program  
Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} -  
http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -  
http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -  
http://ak.imgfarm.com/images/nocac [...] 0.0.15.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -  
http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader  
Control) - http://upload.facebook.com/control [...] loader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient  
Class) -  
http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class)  
- http://messenger.zone.msn.com/bina [...] b31267.cab
O17 -  
HKLM\System\CCS\Services\Tcpip\..\{0C24A8F2-8EB9-4135-A2D9-4D8918E0E2FD}:  
NameServer = 204.117.214.10,199.2.252.10
O17 -  
HKLM\System\CCS\Services\Tcpip\..\{490E1BA5-49FF-4568-8722-D2B10714C430}:  
NameServer = 204.117.214.10,199.2.252.10
O17 -  
HKLM\System\CS1\Services\Tcpip\..\{0C24A8F2-8EB9-4135-A2D9-4D8918E0E2FD}:  
NameServer = 204.117.214.10,199.2.252.10
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: pptp32 - C:\WINDOWS\SYSTEM32\pptp32.dll
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France  
Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -  
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro  
Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro  
Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro  
Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel -  
C:\Program Files\Inventel\Gateway\wlancfg.exe
 
 

Reply

Marsh Posté le 19-04-2006 à 22:06:52   

Reply

Marsh Posté le 19-04-2006 à 22:25:08    

Télécharge "Testor",  
 
Choisis "Désinfecter Winlogon", "Accélérer XP", ne supprime PAS les BHO's, ne répare pas de "Desktop Hijacking", accepte les modifications de la BDR, "télécharger Cleanup"...
 
Dans "msconfig", décoche tous les services qui ne sont pas signés Microsoft ou HP et que tu ne connais pas...
 
Arrête les processus suivants (si présents) : CTRL+ALT+DEL :
FTRTSVC.exe  
wlancfg.exe  
PlaxoHelper.exe  
ALERTM~1.EXE  
 
Relance HijackThis et fixe les lignes suivantes :
 
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -  
 
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
 
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe -a  
 
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol  
 
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -  
 
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  
 
O20 - Winlogon Notify: pptp32 - C:\WINDOWS\SYSTEM32\pptp32.dll  (si toujours présent)
 
 
Après la création d'un point de restauration et la sauvegarde de ton papier peint dans un autre dossier, exécute "Cleanup"
 
Re-démarre et poste un nouveau log Hijackthis
 
 

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed