Welcome Guest
« Go to Spyware Terminator Homepage Search | Active Topics | Members | Log In | Register
Est-ce des faux psitifs Options · View
GILDO
Posted: Tuesday, April 26, 2011 11:59:04 AM

Rank: Rookie
Groups: Member

Joined: 5/14/2008
Posts: 4
Location: france
Bonsoir,
Je viens de faire un deuxième essai d'analyse avec ST + ClamAV et voici ce qu'il trouve, 41 objets critiques:

Logfile of Spyware Terminator v2.8.2.192 (db:5.004.026.000)

Scan Time: 26/04/2011 14:43:44 length: 10265 s

Platform: WXP (5.1.0.2600)

User: Admin

Boot Mode: Normal

Scan type: %Custom_Scan%

Scanned Objects: 90948 (Critical:42)

Filter: No System items, No Safe items, No Invalid items


Running Processes

HPConfig.exe [Hewlett-Packard] : C:\WINDOWS\system32\HPConfig.exe

HPWirelessMgr.exe [Hewlett-Packard Co.] : C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe


Internet Settings

R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =

R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =


Toolbars

03 - Toolbar: PrivBar - {300BC64A-BF32-4cc8-8917-91148CEFE700} - : C:\DropMyRights\PrivBar.dll


StartUps

04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, srmclean : : C:\Cpqs\Scom\srmclean.exe

04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, QT4HPOT : [Dritek System Inc.] : C:\Program Files\HPQ\One-Touch\OneTouch.EXE

04 - Startup: : C:\Documents and Settings\mss\Menu Démarrer\Programmes\Démarrage\desktop.ini

04 - Startup: : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini


Shell Extensions

- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} - [The Document Foundation] : C:\Program Files\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll

- {087B3AE3-E237-4467-B8DB-5A38AB959AC9} - [The Document Foundation] : C:\Program Files\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll

- {63542C48-9552-494A-84F7-73AA6A7C99C1} - [The Document Foundation] : C:\Program Files\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll

- {3B092F0C-7696-40E3-A80F-68D74DA84210} - [The Document Foundation] : C:\Program Files\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll

UnlockerShellExtension - {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} - : C:\Program Files\Unlocker\UnlockerCOM.dll


Services

23 - [ATI Technologies Inc.] : C:\WINDOWS\system32\DRIVERS\atisgkaf.sys

23 - [Conexant Systems Inc.] : C:\WINDOWS\system32\drivers\caliaud.sys

23 - [Conexant Systems Inc.] : C:\WINDOWS\system32\drivers\calihal.sys

23 - [National Semiconductor Corp.] : C:\WINDOWS\system32\DRIVERS\DP83815.SYS

23 - [Hewlett-Packard] : C:\WINDOWS\system32\DRIVERS\hpci.sys

23 - [Hewlett-Packard] : C:\WINDOWS\system32\HPConfig.exe

23 - [Hewlett-Packard Co.] : C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

23 - [Crawler.com] : C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

23 - [Conexant Systems, Inc.] : C:\WINDOWS\system32\DRIVERS\strmdisp.sys

23 - [Synaptics Incorporated] : C:\WINDOWS\system32\DRIVERS\SynTP.sys


Threat Files

<GenericFF-1> : C:\Documents and Settings\mss\Menu Démarrer\Programmes\Accessoires\Divertissement\Lecteur Windows Media.lnk

<Trojan.GenericFF-1> : C:\Documents and Settings\mss\Menu Démarrer\Programmes\Accessoires\Divertissement\Lecteur Windows Media.lnk

<GenericFF-1> : C:\Documents and Settings\mss\Menu Démarrer\Programmes\Lecteur Windows Media.lnk

<Trojan.GenericFF-1> : C:\Documents and Settings\mss\Menu Démarrer\Programmes\Lecteur Windows Media.lnk

<GenericFF-1> : C:\Documents and Settings\mss\Bureau\Bureau non utilisés\Lecteur Windows Media.lnk

<Trojan.GenericFF-1> : C:\Documents and Settings\mss\Bureau\Bureau non utilisés\Lecteur Windows Media.lnk

<GenericFF-1> : C:\CanoScan\cmdcons\SFLOPPY.SY_

<Trojan.GenericFF-1> : C:\CanoScan\cmdcons\SFLOPPY.SY_

<GenericFF-1> : C:\CanoScan\cmdcons\SYSTEM32\SMSS.EXE

<Trojan.GenericFF-1> : C:\CanoScan\cmdcons\SYSTEM32\SMSS.EXE

<Heuristics.Broken.Executable> : C:\i386\MANAGER.CAB

<Heuristics.Broken.Executable> : C:\i386\MANAGER.CAB

<Heuristics.Broken.Executable> : C:\SwSetup\DVD\3rdPartyApp\DirectX81\DirectX.cab

<Heuristics.Broken.Executable> : C:\SwSetup\DVD\3rdPartyApp\DirectX81\DirectX.cab

<Heuristics.Broken.Executable> : C:\SwSetup\PHOTO\PHOTO.EXE

<Heuristics.Broken.Executable> : C:\SwSetup\PHOTO\PHOTO.EXE

<Heuristics.Broken.Executable> : C:\SwSetup\Word\WORDRET.MSI

<Heuristics.Broken.Executable> : C:\SwSetup\Word\WORDRET.MSI

<Heuristics.Broken.Executable> : C:\SwSetup\works7\PFILES\MSWORKS\wkwcemp4.cab

<Heuristics.Broken.Executable> : C:\SwSetup\works7\PFILES\MSWORKS\wkwcemp4.cab

<Heuristics.Broken.Executable> : C:\SwSetup\works7\PFILES\MSWORKS\wkwcesh3.cab

<Heuristics.Broken.Executable> : C:\SwSetup\works7\PFILES\MSWORKS\wkwcesh3.cab

<Fakesec-310> : C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP109\A0050055.dll

<Trojan.Fakesec-310> : C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP109\A0050055.dll

<Fakesec-310> : C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP109\A0050084.dll

<Trojan.Fakesec-310> : C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP109\A0050084.dll

<Fakesec-310> : C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP109\A0050111.dll

<Trojan.Fakesec-310> : C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP109\A0050111.dll

<Fakesec-310> : C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP109\A0050142.dll

<Trojan.Fakesec-310> : C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP109\A0050142.dll

<Fakesec-310> : C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP109\A0050187.dll

<Trojan.Fakesec-310> : C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP109\A0050187.dll

<Fakesec-310> : C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP109\A0050226.dll

<Trojan.Fakesec-310> : C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP109\A0050226.dll

<Fakesec-310> : C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP109\A0050257.dll

<Trojan.Fakesec-310> : C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP109\A0050257.dll

<Fakesec-310> : C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP109\A0050336.dll

<Trojan.Fakesec-310> : C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP109\A0050336.dll

<Fakesec-310> : C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP109\A0050396.dll

<Trojan.Fakesec-310> : C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP109\A0050396.dll

<Fakesec-310> : C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP109\A0050436.dll

<Trojan.Fakesec-310> : C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP109\A0050436.dll

<Fakesec-310> : C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP109\A0050476.dll

<Trojan.Fakesec-310> : C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP109\A0050476.dll

<Fakesec-310> : C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP109\A0050505.dll

<Trojan.Fakesec-310> : C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP109\A0050505.dll

<GenericFF-1> : C:\WINDOWS\$hf_mig$\KB2508429\SP3QFE\srv.sys

<Trojan.GenericFF-1> : C:\WINDOWS\$hf_mig$\KB2508429\SP3QFE\srv.sys

<GenericFF-1> : C:\WINDOWS\$hf_mig$\KB873333\SP2GDR\olecli32.dll

<Trojan.GenericFF-1> : C:\WINDOWS\$hf_mig$\KB873333\SP2GDR\olecli32.dll

<GenericFF-1> : C:\WINDOWS\$hf_mig$\KB873333\SP2QFE\olecli32.dll

<Trojan.GenericFF-1> : C:\WINDOWS\$hf_mig$\KB873333\SP2QFE\olecli32.dll

<GenericFF-1> : C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\olecli32.dll

<Trojan.GenericFF-1> : C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\olecli32.dll

<GenericFF-1> : C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\olecli32.dll

<Trojan.GenericFF-1> : C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\olecli32.dll

<Heuristics.Broken.Executable> : C:\WINDOWS\Driver Cache\i386\sp3.cab

<Heuristics.Broken.Executable> : C:\WINDOWS\Driver Cache\i386\sp3.cab

<GenericFF-1> : C:\WINDOWS\ERDNT\cache\explorer.exe

<Trojan.GenericFF-1> : C:\WINDOWS\ERDNT\cache\explorer.exe

<GenericFF-1> : C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmplayer.exe

<Trojan.GenericFF-1> : C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmplayer.exe

<Heuristics.Broken.Executable> : C:\WINDOWS\SoftwareDistribution\Download\c742e8deeeb458226ca00f3ef10fa8e0fb6427bd

<Heuristics.Broken.Executable> : C:\WINDOWS\SoftwareDistribution\Download\c742e8deeeb458226ca00f3ef10fa8e0fb6427bd

<GenericFF-1> : C:\WINDOWS\system32\dllcache\explorer.exe

<Trojan.GenericFF-1> : C:\WINDOWS\system32\dllcache\explorer.exe

<GenericFF-1> : C:\WINDOWS\system32\dllcache\fxswzrd.dll

<Trojan.GenericFF-1> : C:\WINDOWS\system32\dllcache\fxswzrd.dll

<GenericFF-1> : C:\WINDOWS\system32\dllcache\msident.dll

<Trojan.GenericFF-1> : C:\WINDOWS\system32\dllcache\msident.dll

<GenericFF-1> : C:\WINDOWS\system32\dllcache\msoobe.exe

<Trojan.GenericFF-1> : C:\WINDOWS\system32\dllcache\msoobe.exe

<GenericFF-1> : C:\WINDOWS\system32\dllcache\olecli32.dll

<Trojan.GenericFF-1> : C:\WINDOWS\system32\dllcache\olecli32.dll

<Heuristics.Broken.Executable> : C:\WINDOWS\system32\dllcache\update.sys

<Heuristics.Broken.Executable> : C:\WINDOWS\system32\dllcache\update.sys

<GenericFF-1> : C:\WINDOWS\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll

<Trojan.GenericFF-1> : C:\WINDOWS\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll


Advanced Files Report

%SYSDIR%\CNMLM5m.DLL [CANON INC.] [Canon BJ Raster Printer Driver for Microsoft Windows XP / Windows 2000] MD5=43F53A01D296529818240645D36AAE96 SIZE=105984

%SYSDIR%\CNMLM64.DLL [CANON INC.] [Canon BJ Raster Printer Driver for Microsoft Windows XP / Windows 2000] MD5=6CD9B4F273997E04EB548969C4AAEAA1 SIZE=116736

%SYSDIR%\spool\PRTPROCS\W32X86\CNMPD5m.DLL [CANON INC.] [Canon BJ Raster Printer Driver for Microsoft Windows XP / Windows 2000] MD5=9358265DEB33389CA6027F4381277C52 SIZE=16384

%SYSDIR%\spool\PRTPROCS\W32X86\CNMPD64.DLL [CANON INC.] [Canon BJ Raster Printer Driver for Microsoft Windows XP / Windows 2000] MD5=1B07F9455F2354120B5E0F7FD0DE21E7 SIZE=17920

%SYSDIR%\HPConfig.exe [Hewlett-Packard] [HPConfig Module] MD5=CD040AC1F1B10F5AE56A1F51D107AB9B SIZE=151552

%PROGRAMFILES%\HPQ\Notebook Utilities\HPWirelessMgr.exe [Hewlett-Packard Co.] [HPWirelessMgr Module] MD5=25B50908F4C033CA812E3AD898C942B8 SIZE=53248

%PROGRAMFILES%\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.FRA [ATI Technologies, Inc.] [ATI Desktop Component] MD5=9A7985B54A9BA2607B45FC4334C4E010 SIZE=102400

%PROGRAMFILES%\ATI Technologies\ATI Control Panel\atipdsxx.dll [ATI Technologies, Inc.] [ATI Desktop Component] MD5=579A37641F2133291EE5E4A03BA651E3 SIZE=213059

%SYSDIR%\SynTPFcs.dll [Synaptics, Inc.] [Progressive Touch] MD5=34DCCF38ABCC94895F5289DC28079D2E SIZE=65536

%STARTUP%\desktop.ini MD5=D6A6856702E3F0953E7246A9B4A9FE35 SIZE=84

%STARTUPALL%\desktop.ini MD5=D6A6856702E3F0953E7246A9B4A9FE35 SIZE=84

deskpan.dll

%PROGRAMFILES%\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll [The Document Foundation] MD5=B6AAFA727F715EF4E62B28C1CAD1E29F SIZE=431616

%PROGRAMFILES%\Unlocker\UnlockerCOM.dll MD5=49B6AF547ED4BA1FB07BF6F384FDA841 SIZE=10752

%SYSDIR%\svchost.exe -k netsvcs

%SYSDIR%\DRIVERS\atisgkaf.sys [ATI Technologies Inc.] [ATI Technologies Inc AGP driver] MD5=A310EDAB3A5C49CA045431A21FC5BC22 SIZE=23602

%SYSDIR%\drivers\caliaud.sys [Conexant Systems Inc.] [Conexant Audio Driver] MD5=ECDDE6089B366B7E6C8F3E7119C60040 SIZE=291328

%SYSDIR%\drivers\calihal.sys [Conexant Systems Inc.] [Conexant AmcHal Driver] MD5=FA2F5DBE2804803972052636693E80A1 SIZE=244608

%SYSDIR%\svchost -k DcomLaunch

%SYSDIR%\DRIVERS\DP83815.SYS [National Semiconductor Corp.] [National Semiconductor Corp. DP83815/816 10/100 MacPhyter PCI Adapter] MD5=F590B709660401E69F9BACE9860A397C SIZE=16512

%SYSDIR%\DRIVERS\hpci.sys [Hewlett-Packard] [HP Configuration Interface] MD5=708F5D243CE450BC937DEDABD39D3600 SIZE=14504

%SYSDIR%\svchost -k rpcss

%SYSDIR%\drivers\sp_rsdrv2.sys [Crawler.com] [Spyware Terminator] MD5=8831252BCF05FCFB5ABD116A22E552D8 SIZE=142592

%SYSDIR%\svchost.exe -k imgsvc

%SYSDIR%\DRIVERS\strmdisp.sys [Conexant Systems, Inc.] [SoftK56 Modem Driver] MD5=D69904A55AAACE06B244E33824DA89B7 SIZE=30592

%SYSDIR%\DRIVERS\SynTP.sys [Synaptics Incorporated] [Synaptics Pointing Device Driver] MD5=6BEF3ACD6EE22EEC55B68699E8AACE09 SIZE=228784


End of Report




Je suis étonné car d'autres anti ne trouvent rien!!!!!
Est-ce des faux positifs??
Merci pour votre réponse.
Bonne soirée.
Gildo
MacPeter
Posted: Thursday, October 04, 2012 8:35:51 PM

Rank: General
Groups: Beta, Member, Translator

Joined: 10/8/2006
Posts: 709
Location: Switzerland
Bonsoir Gildo,


Même si c'est avec un immense retard, je te réponds quand même.

Tu pourrais essayer la version 2012.

Windows 7 Home Premium SP1


WinPatrol 30.5.2014.0

Kaspersky Security Suite 2014

SUPERAntispyware

MBAM 2.01

Emco

Spyware Termainator 3.0.0.82

8 GB RAM
Users browsing this topic
Guest

Forum Jump

Main Forum Rss Feed : RSS

Powered by Yet Another Forum.net version 1.0.0 - 2/22/2006
Copyright © 2014 Yet Another Forum.net. All rights reserved.
This page was generated in 0.748 seconds.