Infection SpybotDeletingAXXXX et autres
Kisscool
-
leader.75 Messages postés 230 Statut Membre -
leader.75 Messages postés 230 Statut Membre -
Bonjour/bonsoir à tous.
Je suis maintenant désespéré au point de poster sur ce forum et je dois dire qu'un peu d'aide m'aiderait enormément.
Voila mon cas :
inscription automatique de nouvelles lignes dans la base de registre au doux nom de SpybotDeletingXXXXX (une lettre en majuscule et 4 chiffres, le tout aléatoire)
Ralentissement pas énorme, mais attente de 30 sec à 1 min sur la page de démarrage windows (choix du profil^^)
Une fois chargé, fenêtres noires qui disparaissent 2 secondes après apparition, bureau qui clignote de temps en temps, et plantage rares mais présents.
Bon, passons au fameux rapport HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38:32, on 29/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Utilitaires\Securité\a-squared Free\a2service.exe
D:\Utilitaires\Securité\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Utilitaires\Securité\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\Explorer.exe
D:\Utilitaires\Securité\Malwarebytes' Anti-Malware\mbam.exe
D:\ancien disque E\Spybot - Search & Destroy\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
D:\ancien disque E\totalcmd\TOTALCMD.EXE
D:\Utilitaires\Securité\eden.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/offres-numericable.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\UTILIT~1\flashget\FLASHG~1\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\ANCIEN~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Utilitaires\flashget\Flashget Pack 2008 (6in1)\FlashGet\getflash.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\Utilitaires\flashget\Flashget Pack 2008 (6in1)\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Utilitaires\Securité\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BMc3551b06] Rundll32.exe "C:\WINDOWS\system32\nmhqgaff.dll",s
O4 - HKLM\..\RunOnce: [SpybotDeletingA1784] command /c del "C:\WINDOWS\system32\hgGwWOEX.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6421] cmd /c del "C:\WINDOWS\system32\hgGwWOEX.dll_old"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\ancien disque E\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Hamachi.lnk = D:\Utilitaires\reseau\Hamachi\hamachi.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\UTILIT~1\flashget\FLASHG~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\UTILIT~1\flashget\FLASHG~1\FlashGet\jc_link.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\UTILIT~1\flashget\FLASHG~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\UTILIT~1\flashget\FLASHG~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ANCIEN~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ANCIEN~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Utilitaires\Securité\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Utilitaires\Securité\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
Je suis maintenant désespéré au point de poster sur ce forum et je dois dire qu'un peu d'aide m'aiderait enormément.
Voila mon cas :
inscription automatique de nouvelles lignes dans la base de registre au doux nom de SpybotDeletingXXXXX (une lettre en majuscule et 4 chiffres, le tout aléatoire)
Ralentissement pas énorme, mais attente de 30 sec à 1 min sur la page de démarrage windows (choix du profil^^)
Une fois chargé, fenêtres noires qui disparaissent 2 secondes après apparition, bureau qui clignote de temps en temps, et plantage rares mais présents.
Bon, passons au fameux rapport HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38:32, on 29/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Utilitaires\Securité\a-squared Free\a2service.exe
D:\Utilitaires\Securité\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Utilitaires\Securité\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\Explorer.exe
D:\Utilitaires\Securité\Malwarebytes' Anti-Malware\mbam.exe
D:\ancien disque E\Spybot - Search & Destroy\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
D:\ancien disque E\totalcmd\TOTALCMD.EXE
D:\Utilitaires\Securité\eden.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/offres-numericable.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\UTILIT~1\flashget\FLASHG~1\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\ANCIEN~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Utilitaires\flashget\Flashget Pack 2008 (6in1)\FlashGet\getflash.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\Utilitaires\flashget\Flashget Pack 2008 (6in1)\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Utilitaires\Securité\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BMc3551b06] Rundll32.exe "C:\WINDOWS\system32\nmhqgaff.dll",s
O4 - HKLM\..\RunOnce: [SpybotDeletingA1784] command /c del "C:\WINDOWS\system32\hgGwWOEX.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6421] cmd /c del "C:\WINDOWS\system32\hgGwWOEX.dll_old"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\ancien disque E\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Hamachi.lnk = D:\Utilitaires\reseau\Hamachi\hamachi.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\UTILIT~1\flashget\FLASHG~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\UTILIT~1\flashget\FLASHG~1\FlashGet\jc_link.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\UTILIT~1\flashget\FLASHG~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\UTILIT~1\flashget\FLASHG~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ANCIEN~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ANCIEN~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Utilitaires\Securité\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Utilitaires\Securité\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
A voir également:
- Infection SpybotDeletingAXXXX et autres
- Infection ad.doubleclick.net ✓ - Forum Virus
- Infection FileRepMetagen - Forum Virus
- Infection WonderShare ✓ - Forum Virus
- Infection winrmsrv ✓ - Forum Virus
- Infection fahcore_a8 ✓ - Forum Virus
3 réponses
bonjour,
Click sur ce lien.
Télécharges "SPYWARE TERMINATOR",
Instales-le sur ton PC,
Fais la mise à jour,
instales L'antivir,
Mise à jour,
Scan...
Bye
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/41933.html
Click sur ce lien.
Télécharges "SPYWARE TERMINATOR",
Instales-le sur ton PC,
Fais la mise à jour,
instales L'antivir,
Mise à jour,
Scan...
Bye
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/41933.html
C'est fait (enfin il reste l'installation de l'antivirus mais j'ai pas trouvé dans spyware terminator, a moin que tu parlais de Antivir?)
enfin bref, voici le rapport
Logfile of Spyware Terminator v2.2.0.411 (db:2.004.029.000)
Scan Time: 29/04/2008 21:59:52 length: 1296 s
Platform: WXP (5.1.0.2600)
User: Admin
Boot Mode: Normal
Scan type: %Custom_Scan%
Scanned Objects: 188856 (Critical:4)
Filter: No System items, No Safe items, No Invalid items
Running Processes
Ati2evxx.exe [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.exe
Ati2evxx.exe [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.exe
aswUpdSv.exe [ALWIL Software] : C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
ashServ.exe [ALWIL Software] : C:\Program Files\Alwil Software\Avast4\ashServ.exe
a2service.exe [Emsi Software GmbH] : D:\Utilitaires\Securité\a-squared Free\a2service.exe
LSSrvc.exe [Hewlett-Packard Company] : C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
avgas.exe [GRISOFT s.r.o.] : D:\Utilitaires\Securité\AVG Anti-Spyware 7.5\avgas.exe
NMIndexStoreSvr.exe [Nero AG] : C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
TOTALCMD.EXE [C. Ghisler & Co.] : D:\ancien disque E\totalcmd\TOTALCMD.EXE
Internet Settings
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
R - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, ProxyOverride = 127.0.0.1
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =
BHO
02 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - [AOL LLC] : C:\Program Files\Winamp Toolbar\winamptb.dll
02 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - [www.flashget.com] : D:\Utilitaires\flashget\Flashget Pack 2008 (6in1)\FlashGet\jccatch.dll
02 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - [Safer Networking Limited] : D:\ancien disque E\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll
02 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - : D:\Utilitaires\flashget\Flashget Pack 2008 (6in1)\FlashGet\getflash.dll
Toolbars
03 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - [AOL LLC] : C:\Program Files\Winamp Toolbar\winamptb.dll
03 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - [Amaze Soft] : D:\Utilitaires\flashget\Flashget Pack 2008 (6in1)\FlashGet\fgiebar.dll
StartUps
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SpybotSD TeaTimer : [Safer Networking Limited] : D:\ancien disque E\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cmaudio : [C-Media Corporation] : C:\WINDOWS\system\cmicnfg.cpl
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NeroFilterCheck : [Nero AG] : C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, !AVG Anti-Spyware : [GRISOFT s.r.o.] : D:\Utilitaires\Securité\AVG Anti-Spyware 7.5\avgas.exe
04 - Startup: %START_PROGRAMS%\Démarrage\Hamachi.lnk [LogMeIn Inc.] : D:\Utilitaires\reseau\Hamachi\hamachi.exe
Shell Extensions
avast - {472083B0-C522-11CF-8763-00608CC02F24} - [ALWIL Software] : C:\Program Files\Alwil Software\Avast4\ashShell.dll
WinAceContext Menu Extension - {8FF88D21-7BD0-11D1-BFB7-00AA00262A11} - [e-merge GmbH] : E:\ancien disque D\Program Files\WinAce\arcext.dll
WinAceDrag-Drop Extension - {8FF88D25-7BD0-11D1-BFB7-00AA00262A11} - [e-merge GmbH] : E:\ancien disque D\Program Files\WinAce\arcext.dll
WinAceContext Menu (Add) Extension - {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} - [e-merge GmbH] : E:\ancien disque D\Program Files\WinAce\arcext.dll
WinAceProperty Sheet Extension - {8FF88D23-7BD0-11D1-BFB7-00AA00262A11} - [e-merge GmbH] : E:\ancien disque D\Program Files\WinAce\arcext.dll
- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} - [Sun Microsystems, Inc.] : C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll
- {087B3AE3-E237-4467-B8DB-5A38AB959AC9} - [Sun Microsystems, Inc.] : C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll
- {63542C48-9552-494A-84F7-73AA6A7C99C1} - [Sun Microsystems, Inc.] : C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll
- {3B092F0C-7696-40E3-A80F-68D74DA84210} - [Sun Microsystems, Inc.] : C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll
a-squared Free Shell Extension - {A155339D-CCCD-4714-85EB-3754B804C9DF} - [Emsi Software GmbH] : D:\Utilitaires\Securité\a-squared Free\a2freecontmenu.dll
Shell Extecute Hooks
CShellExecuteHookImpl Object - {{57B86673-276A-48B2-BAE7-C6DBB3020EB8}} - [GRISOFT s.r.o.] : D:\Utilitaires\Securité\AVG Anti-Spyware 7.5\shellexecutehook.dll
Services
23 - [Emsi Software GmbH] : D:\Utilitaires\Securité\a-squared Free\a2service.exe
23 - [ALWIL Software] : C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
23 - [ALWIL Software] : C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
23 - [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.exe
23 - : C:\WINDOWS\system32\DRIVERS\ATITool.sys
23 - [ALWIL Software] : C:\Program Files\Alwil Software\Avast4\ashServ.exe
23 - : D:\Utilitaires\Securité\AVG Anti-Spyware 7.5\guard.sys
23 - [GRISOFT, s.r.o.] : C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys
23 - [C-Media Inc] : C:\WINDOWS\system32\drivers\cmuda.sys
23 - [LogMeIn, Inc.] : C:\WINDOWS\system32\DRIVERS\hamachi.sys
23 - [Hewlett-Packard Company] : C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
23 - : C:\WINDOWS\system32\Drivers\sptd.sys
Winlogon Notify
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent, DLLName : [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.dll
Threat Files
<Trojan.Generic.17171> : k:\Séries\South park\Saison 5\Bonus\Codec OGM\XviD_Install.exe
Advanced Files Report
%SYSDIR%\Ati2evxx.dll [ATI Technologies Inc.] [ATI External Event Utility for Windows] MD5=7FB5C6AD0C3E7818DC87F199E225ED25 SIZE=122880
%SYSDIR%\Ati2evxx.exe [ATI Technologies Inc.] [ATI External Event Utility for Windows] MD5=666E4E583A7CF1233C6425DA16ECDC89 SIZE=483328
%SYSDIR%\Ati2edxx.dll [ATI Technologies, Inc.] [ATI External Device Utility] MD5=1B55AADA26FB54ED88C7E9BD113AFC06 SIZE=43520
%SYSDIR%\atipdlxx.dll [ATI Technologies, Inc.] [ATI Desktop Component] MD5=EBD18D3B25D9F11769C63723B0DB53DB SIZE=143360
%PROGRAMFILES%\Alwil Software\Avast4\aswUpdSv.exe [ALWIL Software] [avast! Antivirus] MD5=3CA72CEA90DF8DA569D35CEC89676749 SIZE=17272
%PROGRAMFILES%\Alwil Software\Avast4\aswCmnS.dll [ALWIL Software] [avast! Antivirus] MD5=8E8CDBD061A3706A43DFC9167552446C SIZE=192512
%PROGRAMFILES%\Alwil Software\Avast4\aswCmnOS.dll [ALWIL Software] [avast! Antivirus] MD5=A8FECB2B0959ADB867BC9BB181A2692E SIZE=86016
%PROGRAMFILES%\Alwil Software\Avast4\aswCmnB.dll [ALWIL Software] [avast! Antivirus] MD5=94C24A7479241CF3A529B5CE2C041273 SIZE=126976
%PROGRAMFILES%\Alwil Software\Avast4\ashServ.exe [ALWIL Software] [avast! Antivirus] MD5=6A0A14F60654DF588F55160CB1B6DA8D SIZE=144760
%PROGRAMFILES%\Alwil Software\Avast4\aswAux.dll [ALWIL Software] [avast! Antivirus] MD5=F2C4C61959450FFDDC97FA7622C3B98F SIZE=659456
%PROGRAMFILES%\Alwil Software\Avast4\aswEngin.dll [ALWIL Software] [avast! Antivirus] MD5=FFF631E22CBB3476ABB55845472CCA16 SIZE=1224704
%PROGRAMFILES%\Alwil Software\Avast4\aswScan.dll [ALWIL Software] [avast! Antivirus] MD5=6EA6E65AF6E4E8EC917C6E59A148CC45 SIZE=81920
%PROGRAMFILES%\Alwil Software\Avast4\ashBase.dll [ALWIL Software] [avast! Antivirus] MD5=834BEB7644F95BF8C949AD4DCA0794A3 SIZE=225280
%PROGRAMFILES%\Alwil Software\Avast4\ashTask.dll [ALWIL Software] [avast! Antivirus] MD5=63E8362908FCDD99ED46D04E662968D8 SIZE=114688
%PROGRAMFILES%\Alwil Software\Avast4\aswInteg.dll [ALWIL Software] [avast! Antivirus] MD5=CD01CCBF9DAB74704FE7FCF7188B70B2 SIZE=22528
%PROGRAMFILES%\Alwil Software\Avast4\aswIdle.dll [ALWIL Software] [avast! Antivirus] MD5=4BDA42ABFBFB80592D063567E2D69074 SIZE=10104
%PROGRAMFILES%\Alwil Software\Avast4\Aavm4h.dll [ALWIL Software] [avast! Antivirus] MD5=AC64A27497266FDEA8D5C11D427FE932 SIZE=212992
%PROGRAMFILES%\Alwil Software\Avast4\French\Base.dll [ALWIL Software] [avast! Antivirus] MD5=04B6A8E4692086F58FF04844D946A707 SIZE=98304
%PROGRAMFILES%\Alwil Software\Avast4\AhResMai.dll [ALWIL Software] [avast! Antivirus] MD5=73E29E045C178783E1A70C5A5F199DC0 SIZE=35840
%PROGRAMFILES%\Alwil Software\Avast4\ahResMes.dll [ALWIL Software] [avast! Antivirus] MD5=4F6F570036B80CBA232D9690F05B9480 SIZE=32768
%PROGRAMFILES%\Alwil Software\Avast4\AhResNS.dll [ALWIL Software] [avast! Antivirus] MD5=20DC464DAF3E2BC3BC2DF53ECB910236 SIZE=31744
%PROGRAMFILES%\Alwil Software\Avast4\AhResOut.dll [ALWIL Software] [avast! Antivirus] MD5=67D9BA5625C581E5388CACD5CC21C6AB SIZE=29696
%PROGRAMFILES%\Alwil Software\Avast4\ahResP2P.dll [ALWIL Software] [avast! Antivirus] MD5=C1D1B4C9F5EE38824ACE8882BED255DB SIZE=32768
%PROGRAMFILES%\Alwil Software\Avast4\AhResStd.dll [ALWIL Software] [avast! Antivirus] MD5=81CBD442714E8EF04F90A5E39972D98F SIZE=43008
%PROGRAMFILES%\Alwil Software\Avast4\AhResWS.dll [ALWIL Software] [avast! Antivirus] MD5=2C224641FED631A4F9ACCD2D315C7166 SIZE=53248
%PROGRAMFILES%\Alwil Software\Avast4\ashSSqlt.dll [ALWIL Software] [avast! Antivirus] MD5=2CCA65B7B88839257B71F37B1B1C0352 SIZE=233472
%PROGRAMFILES%\Alwil Software\Avast4\aswRes.dll [ALWIL Software] [avast! Antivirus] MD5=652AAB7E654497D0D4A34C37D2EA97E5 SIZE=143360
D:\Utilitaires\Securité\a-squared Free\a2service.exe [Emsi Software GmbH] [a-squared] MD5=4F87E68E1F5B1C45F2EC10A2AFFB745E SIZE=369272
%COMMONFILES%\LightScribe\LSSrvc.exe [Hewlett-Packard Company] [LightScribe] MD5=6E5DAC168D1FF9843E84A59D51D31107 SIZE=61440
%COMMONFILES%\LightScribe\LSSProxy.dll [Hewlett-Packard Company] [LightScribe] MD5=F3918787F9D5F5FF2DA57CDEFB858EC5 SIZE=81920
%COMMONFILES%\LightScribe\LSLog.dll [Hewlett-Packard Company] [LightScribe] MD5=C1A3AF85DBFC67988FB71CE5E8F3B570 SIZE=32256
%PROGRAMFILES%\Alwil Software\Avast4\French\Lang.dll [ALWIL Software] [avast! Antivirus] MD5=48CEC5D615FCAAE0CC554D0777854D17 SIZE=2564096
%PROGRAMFILES%\Alwil Software\Avast4\French\langmai.dll [ALWIL Software] [avast! Antivirus] MD5=948F40920BABDA01A1ED2214B14CDDC2 SIZE=61440
%PROGRAMFILES%\Alwil Software\Avast4\ashWsFtr.dll [ALWIL Software] [avast! Antivirus] MD5=DE190D08E6416AD4708A63BD53755F51 SIZE=61440
%PROGRAMFILES%\Alwil Software\Avast4\AavmRpch.dll [ALWIL Software] [avast! Antivirus] MD5=48D8145FD48471F5007BC16AE335B8B7 SIZE=20480
%PROGRAMFILES%\alwil software\avast4\ahruimai.dll [ALWIL Software] [avast! Antivirus] MD5=18A94EF6221B9CC1B9EA275F4AF3774B SIZE=65536
%PROGRAMFILES%\Alwil Software\Avast4\ashUInt.dll [ALWIL Software] [avast! Antivirus] MD5=79D96D53F3258505515BB49CDCE33A7A SIZE=315392
%PROGRAMFILES%\Alwil Software\Avast4\XT1922.dll [Codejock Software] [XTToolkit Dynamic Link Library] MD5=1B407E7D97D1F6C5F0EA81CDF9887D30 SIZE=917504
%PROGRAMFILES%\alwil software\avast4\ahruimes.dll [ALWIL Software] [avast! Antivirus] MD5=E87D46A761D30BF0194D5A856C2FC81C SIZE=36864
%PROGRAMFILES%\alwil software\avast4\ahruins.dll [ALWIL Software] [avast! Antivirus] MD5=120FF0CC0EC3079F80DF752DF86272A1 SIZE=36864
%PROGRAMFILES%\alwil software\avast4\ahruiout.dll [ALWIL Software] [avast! Antivirus] MD5=9F3D7133C08BA4359D97EAC948A0178F SIZE=90112
%PROGRAMFILES%\alwil software\avast4\ahruip2p.dll [ALWIL Software] [avast! Antivirus] MD5=6C4B6BF2B6F3B589ACCF224FDE2CA335 SIZE=22016
%PROGRAMFILES%\alwil software\avast4\ahruistd.dll [ALWIL Software] [avast! Antivirus] MD5=F9A39F156D3222BB73426EDB249C584D SIZE=57344
%PROGRAMFILES%\alwil software\avast4\ahruiws.dll [ALWIL Software] [avast! Antivirus] MD5=51A49FD7EEBAB2A3D65459525C7CBF86 SIZE=49152
D:\Utilitaires\flashget\Flashget Pack 2008 (6in1)\FlashGet\fgmgr.dll [www.flashget.com] MD5=3C8EC93DF9CBA83062933A25BB47CEC2 SIZE=32768
%COMMONFILES%\Ahead\Lib\AdvrCntr2.dll [Nero AG] [AdvrCntr Module] MD5=D29F2DAC35633793E7256A54B81CB714 SIZE=2859008
%COMMONFILES%\Ahead\Lib\NMIndexStoreSvrPS.dll [Nero AG] [Nero Home] MD5=7157B4ED863CDEDD405E07786CB632C9 SIZE=15360
%COMMONFILES%\Ahead\Lib\NMDataServices.dll [Nero AG] [Nero Home] MD5=27FA2BCB4D397305AF0A1891F875A91D SIZE=1294336
%COMMONFILES%\Ahead\Lib\NMIndexStoreSvr.exe [Nero AG] [Nero Home] MD5=1E55333843B8398B2EB60EA8C39569FA SIZE=884736
%COMMONFILES%\Ahead\Lib\NMSQLDB.dll [Nero AG] [Nero Home] MD5=193DD6FB64D5626DD589698B3568AA81 SIZE=286720
%COMMONFILES%\Ahead\Lib\NMLogCxx.dll [Nero AG] [Nero Home] MD5=CE6CE5B27B9EE425F79D246FFACB4442 SIZE=65536
%COMMONFILES%\Ahead\Lib\NMCoFoundation.dll [Nero AG] [Nero Home] MD5=90F435A7D1B0627906079ED6F5C86999 SIZE=499712
%COMMONFILES%\Ahead\Lib\NMPluginBase.dll [Nero AG] [Nero Home] MD5=1317A02A628E8A271BEC3B27EB91817B SIZE=102400
%COMMONFILES%\Ahead\Lib\NMFullTextExtraction.dll [Nero AG] [Nero Home] MD5=703823CF46B56B746827E48968CF2D6B SIZE=155648
%COMMONFILES%\Ahead\Lib\NMSearchPluginSimilarImages.dll [Nero AG] [Nero Home] MD5=6D352B04256E96CA57F13414D4C3CC76 SIZE=172032
%COMMONFILES%\Ahead\Lib\NeroIPP.dll [Nero AG] [Nero Suite] MD5=6D6D8C61D844CB4FDC7DFE534E9235D0 SIZE=3371008
%COMMONFILES%\Ahead\Lib\NMSlideShow.dll [Nero AG] [Nero Home] MD5=0805B7A48E00CC2310AAAF3D768412F7 SIZE=290816
D:\Utilitaires\Securité\AVG Anti-Spyware 7.5\shellexecutehook.dll [GRISOFT s.r.o.] [AVG Anti-Spyware] MD5=3FD0B984601D65C6DA8E891A0D5905D1 SIZE=79408
D:\ancien disque E\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll [Safer Networking Limited] [Spybot - Search & Destroy] MD5=5248E02EFBCB64D328647CD00E384B85 SIZE=1554256
%PROGRAMFILES%\OpenOffice.org 2.3\program\shlxthdl.dll [Sun Microsystems, Inc.] MD5=DD6B269A3F5ABEAF526CB760DF8F3074 SIZE=335872
%PROGRAMFILES%\OpenOffice.org 2.3\program\uwinapi.dll [Sun Microsystems, Inc.] MD5=448C4676C44B18399969392C1BB0462E SIZE=98304
%PROGRAMFILES%\OpenOffice.org 2.3\program\stlport_vc7145.dll [STLport Consulting, Inc.] [STLport Standard ANSI C++ Libarary] MD5=73B98B3754998AEA0985B409B156908B SIZE=577536
%PROGRAMFILES%\Mozilla Firefox\plugins\NPSWF32.dll [Adobe Systems, Inc.] [Shockwave Flash] MD5=40D0B608BBF9A19F681CCF976D4CA5B9 SIZE=2884992
D:\ancien disque E\totalcmd\TOTALCMD.EXE [C. Ghisler & Co.] [Total Commander] MD5=C903BC99C31CF90592890924119A885D SIZE=826916
nwiz.exe \install
%SYSDIR%\nmhqgaff.dll
command \c del "%SYSDIR%\hgGwWOEX.dll_old"
D:\Utilitaires\reseau\Hamachi\hamachi.exe [LogMeIn Inc.] MD5=2B132EF3B8D7815198D1B5BC9C72C26C SIZE=624416
D:\Utilitaires\flashget\Flashget Pack 2008 (6in1)\FlashGet\fgiebar.dll [Amaze Soft] [fgiebar Module] MD5=FB73CACEA454749F21BE4F2BB8AFE098 SIZE=98304
deskpan.dll
%PROGRAMFILES%\Alwil Software\Avast4\ashShell.dll [ALWIL Software] [avast! Antivirus] MD5=9870BD3840E3A6FF53F62C166E6F4755 SIZE=75128
E:\ancien disque D\Program Files\WinAce\arcext.dll [e-merge GmbH] [WinAce-Archiver] MD5=F2B3B1F7694E8261B8AEE7D22B264873 SIZE=165888
D:\Utilitaires\Securité\a-squared Free\a2freecontmenu.dll [Emsi Software GmbH] [a-squared Free] MD5=FD8ED176A58621F1AABBDD7FE42174C5 SIZE=216208
%SYSDIR%\DRIVERS\aswFsBlk.sys [ALWIL Software] [avast! Antivirus System] MD5=838255D6EF1CA0A4F6B076F6D3425850 SIZE=20560
%SYSDIR%\DRIVERS\ATITool.sys [Low-Level Driver] MD5=0E4BB35C5305099AC82053AC992E3E0E SIZE=24064
%SYSDIR%\svchost.exe -k netsvcs
D:\Utilitaires\Securité\AVG Anti-Spyware 7.5\guard.sys MD5=D6F4C1450699901048818B0C3AAF7A17 SIZE=11000
%SYSDIR%\DRIVERS\AvgAsCln.sys [GRISOFT, s.r.o.] [AVG7 Clean Driver] MD5=856B0CEE009946BF2D327E6B24FE7E3F SIZE=10872
%SYSDIR%\drivers\cmuda.sys [C-Media Inc] [C-Media Audio Driver (WDM)] MD5=53F4CC55F3C255439C5973E31F0ADCE7 SIZE=1373120
%SYSDIR%\svchost -k DcomLaunch
%SYSDIR%\svchost.exe -k NetworkService
%SYSDIR%\DRIVERS\hamachi.sys [LogMeIn, Inc.] [Hamachi Virtual Network Interface Driver] MD5=7929A161F9951D173CA9900FE7067391 SIZE=25280
%SYSDIR%\svchost.exe -k HTTPFilter
%SYSDIR%\svchost.exe -k LocalService
%SYSDIR%\svchost -k rpcss
%SYSDIR%\Drivers\sptd.sys SIZE=682232
%SYSDIR%\svchost.exe -k imgsvc
End of Report
enfin bref, voici le rapport
Logfile of Spyware Terminator v2.2.0.411 (db:2.004.029.000)
Scan Time: 29/04/2008 21:59:52 length: 1296 s
Platform: WXP (5.1.0.2600)
User: Admin
Boot Mode: Normal
Scan type: %Custom_Scan%
Scanned Objects: 188856 (Critical:4)
Filter: No System items, No Safe items, No Invalid items
Running Processes
Ati2evxx.exe [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.exe
Ati2evxx.exe [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.exe
aswUpdSv.exe [ALWIL Software] : C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
ashServ.exe [ALWIL Software] : C:\Program Files\Alwil Software\Avast4\ashServ.exe
a2service.exe [Emsi Software GmbH] : D:\Utilitaires\Securité\a-squared Free\a2service.exe
LSSrvc.exe [Hewlett-Packard Company] : C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
avgas.exe [GRISOFT s.r.o.] : D:\Utilitaires\Securité\AVG Anti-Spyware 7.5\avgas.exe
NMIndexStoreSvr.exe [Nero AG] : C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
TOTALCMD.EXE [C. Ghisler & Co.] : D:\ancien disque E\totalcmd\TOTALCMD.EXE
Internet Settings
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
R - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, ProxyOverride = 127.0.0.1
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =
BHO
02 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - [AOL LLC] : C:\Program Files\Winamp Toolbar\winamptb.dll
02 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - [www.flashget.com] : D:\Utilitaires\flashget\Flashget Pack 2008 (6in1)\FlashGet\jccatch.dll
02 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - [Safer Networking Limited] : D:\ancien disque E\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll
02 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - : D:\Utilitaires\flashget\Flashget Pack 2008 (6in1)\FlashGet\getflash.dll
Toolbars
03 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - [AOL LLC] : C:\Program Files\Winamp Toolbar\winamptb.dll
03 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - [Amaze Soft] : D:\Utilitaires\flashget\Flashget Pack 2008 (6in1)\FlashGet\fgiebar.dll
StartUps
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SpybotSD TeaTimer : [Safer Networking Limited] : D:\ancien disque E\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cmaudio : [C-Media Corporation] : C:\WINDOWS\system\cmicnfg.cpl
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NeroFilterCheck : [Nero AG] : C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, !AVG Anti-Spyware : [GRISOFT s.r.o.] : D:\Utilitaires\Securité\AVG Anti-Spyware 7.5\avgas.exe
04 - Startup: %START_PROGRAMS%\Démarrage\Hamachi.lnk [LogMeIn Inc.] : D:\Utilitaires\reseau\Hamachi\hamachi.exe
Shell Extensions
avast - {472083B0-C522-11CF-8763-00608CC02F24} - [ALWIL Software] : C:\Program Files\Alwil Software\Avast4\ashShell.dll
WinAceContext Menu Extension - {8FF88D21-7BD0-11D1-BFB7-00AA00262A11} - [e-merge GmbH] : E:\ancien disque D\Program Files\WinAce\arcext.dll
WinAceDrag-Drop Extension - {8FF88D25-7BD0-11D1-BFB7-00AA00262A11} - [e-merge GmbH] : E:\ancien disque D\Program Files\WinAce\arcext.dll
WinAceContext Menu (Add) Extension - {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} - [e-merge GmbH] : E:\ancien disque D\Program Files\WinAce\arcext.dll
WinAceProperty Sheet Extension - {8FF88D23-7BD0-11D1-BFB7-00AA00262A11} - [e-merge GmbH] : E:\ancien disque D\Program Files\WinAce\arcext.dll
- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} - [Sun Microsystems, Inc.] : C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll
- {087B3AE3-E237-4467-B8DB-5A38AB959AC9} - [Sun Microsystems, Inc.] : C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll
- {63542C48-9552-494A-84F7-73AA6A7C99C1} - [Sun Microsystems, Inc.] : C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll
- {3B092F0C-7696-40E3-A80F-68D74DA84210} - [Sun Microsystems, Inc.] : C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll
a-squared Free Shell Extension - {A155339D-CCCD-4714-85EB-3754B804C9DF} - [Emsi Software GmbH] : D:\Utilitaires\Securité\a-squared Free\a2freecontmenu.dll
Shell Extecute Hooks
CShellExecuteHookImpl Object - {{57B86673-276A-48B2-BAE7-C6DBB3020EB8}} - [GRISOFT s.r.o.] : D:\Utilitaires\Securité\AVG Anti-Spyware 7.5\shellexecutehook.dll
Services
23 - [Emsi Software GmbH] : D:\Utilitaires\Securité\a-squared Free\a2service.exe
23 - [ALWIL Software] : C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
23 - [ALWIL Software] : C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
23 - [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.exe
23 - : C:\WINDOWS\system32\DRIVERS\ATITool.sys
23 - [ALWIL Software] : C:\Program Files\Alwil Software\Avast4\ashServ.exe
23 - : D:\Utilitaires\Securité\AVG Anti-Spyware 7.5\guard.sys
23 - [GRISOFT, s.r.o.] : C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys
23 - [C-Media Inc] : C:\WINDOWS\system32\drivers\cmuda.sys
23 - [LogMeIn, Inc.] : C:\WINDOWS\system32\DRIVERS\hamachi.sys
23 - [Hewlett-Packard Company] : C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
23 - : C:\WINDOWS\system32\Drivers\sptd.sys
Winlogon Notify
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent, DLLName : [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.dll
Threat Files
<Trojan.Generic.17171> : k:\Séries\South park\Saison 5\Bonus\Codec OGM\XviD_Install.exe
Advanced Files Report
%SYSDIR%\Ati2evxx.dll [ATI Technologies Inc.] [ATI External Event Utility for Windows] MD5=7FB5C6AD0C3E7818DC87F199E225ED25 SIZE=122880
%SYSDIR%\Ati2evxx.exe [ATI Technologies Inc.] [ATI External Event Utility for Windows] MD5=666E4E583A7CF1233C6425DA16ECDC89 SIZE=483328
%SYSDIR%\Ati2edxx.dll [ATI Technologies, Inc.] [ATI External Device Utility] MD5=1B55AADA26FB54ED88C7E9BD113AFC06 SIZE=43520
%SYSDIR%\atipdlxx.dll [ATI Technologies, Inc.] [ATI Desktop Component] MD5=EBD18D3B25D9F11769C63723B0DB53DB SIZE=143360
%PROGRAMFILES%\Alwil Software\Avast4\aswUpdSv.exe [ALWIL Software] [avast! Antivirus] MD5=3CA72CEA90DF8DA569D35CEC89676749 SIZE=17272
%PROGRAMFILES%\Alwil Software\Avast4\aswCmnS.dll [ALWIL Software] [avast! Antivirus] MD5=8E8CDBD061A3706A43DFC9167552446C SIZE=192512
%PROGRAMFILES%\Alwil Software\Avast4\aswCmnOS.dll [ALWIL Software] [avast! Antivirus] MD5=A8FECB2B0959ADB867BC9BB181A2692E SIZE=86016
%PROGRAMFILES%\Alwil Software\Avast4\aswCmnB.dll [ALWIL Software] [avast! Antivirus] MD5=94C24A7479241CF3A529B5CE2C041273 SIZE=126976
%PROGRAMFILES%\Alwil Software\Avast4\ashServ.exe [ALWIL Software] [avast! Antivirus] MD5=6A0A14F60654DF588F55160CB1B6DA8D SIZE=144760
%PROGRAMFILES%\Alwil Software\Avast4\aswAux.dll [ALWIL Software] [avast! Antivirus] MD5=F2C4C61959450FFDDC97FA7622C3B98F SIZE=659456
%PROGRAMFILES%\Alwil Software\Avast4\aswEngin.dll [ALWIL Software] [avast! Antivirus] MD5=FFF631E22CBB3476ABB55845472CCA16 SIZE=1224704
%PROGRAMFILES%\Alwil Software\Avast4\aswScan.dll [ALWIL Software] [avast! Antivirus] MD5=6EA6E65AF6E4E8EC917C6E59A148CC45 SIZE=81920
%PROGRAMFILES%\Alwil Software\Avast4\ashBase.dll [ALWIL Software] [avast! Antivirus] MD5=834BEB7644F95BF8C949AD4DCA0794A3 SIZE=225280
%PROGRAMFILES%\Alwil Software\Avast4\ashTask.dll [ALWIL Software] [avast! Antivirus] MD5=63E8362908FCDD99ED46D04E662968D8 SIZE=114688
%PROGRAMFILES%\Alwil Software\Avast4\aswInteg.dll [ALWIL Software] [avast! Antivirus] MD5=CD01CCBF9DAB74704FE7FCF7188B70B2 SIZE=22528
%PROGRAMFILES%\Alwil Software\Avast4\aswIdle.dll [ALWIL Software] [avast! Antivirus] MD5=4BDA42ABFBFB80592D063567E2D69074 SIZE=10104
%PROGRAMFILES%\Alwil Software\Avast4\Aavm4h.dll [ALWIL Software] [avast! Antivirus] MD5=AC64A27497266FDEA8D5C11D427FE932 SIZE=212992
%PROGRAMFILES%\Alwil Software\Avast4\French\Base.dll [ALWIL Software] [avast! Antivirus] MD5=04B6A8E4692086F58FF04844D946A707 SIZE=98304
%PROGRAMFILES%\Alwil Software\Avast4\AhResMai.dll [ALWIL Software] [avast! Antivirus] MD5=73E29E045C178783E1A70C5A5F199DC0 SIZE=35840
%PROGRAMFILES%\Alwil Software\Avast4\ahResMes.dll [ALWIL Software] [avast! Antivirus] MD5=4F6F570036B80CBA232D9690F05B9480 SIZE=32768
%PROGRAMFILES%\Alwil Software\Avast4\AhResNS.dll [ALWIL Software] [avast! Antivirus] MD5=20DC464DAF3E2BC3BC2DF53ECB910236 SIZE=31744
%PROGRAMFILES%\Alwil Software\Avast4\AhResOut.dll [ALWIL Software] [avast! Antivirus] MD5=67D9BA5625C581E5388CACD5CC21C6AB SIZE=29696
%PROGRAMFILES%\Alwil Software\Avast4\ahResP2P.dll [ALWIL Software] [avast! Antivirus] MD5=C1D1B4C9F5EE38824ACE8882BED255DB SIZE=32768
%PROGRAMFILES%\Alwil Software\Avast4\AhResStd.dll [ALWIL Software] [avast! Antivirus] MD5=81CBD442714E8EF04F90A5E39972D98F SIZE=43008
%PROGRAMFILES%\Alwil Software\Avast4\AhResWS.dll [ALWIL Software] [avast! Antivirus] MD5=2C224641FED631A4F9ACCD2D315C7166 SIZE=53248
%PROGRAMFILES%\Alwil Software\Avast4\ashSSqlt.dll [ALWIL Software] [avast! Antivirus] MD5=2CCA65B7B88839257B71F37B1B1C0352 SIZE=233472
%PROGRAMFILES%\Alwil Software\Avast4\aswRes.dll [ALWIL Software] [avast! Antivirus] MD5=652AAB7E654497D0D4A34C37D2EA97E5 SIZE=143360
D:\Utilitaires\Securité\a-squared Free\a2service.exe [Emsi Software GmbH] [a-squared] MD5=4F87E68E1F5B1C45F2EC10A2AFFB745E SIZE=369272
%COMMONFILES%\LightScribe\LSSrvc.exe [Hewlett-Packard Company] [LightScribe] MD5=6E5DAC168D1FF9843E84A59D51D31107 SIZE=61440
%COMMONFILES%\LightScribe\LSSProxy.dll [Hewlett-Packard Company] [LightScribe] MD5=F3918787F9D5F5FF2DA57CDEFB858EC5 SIZE=81920
%COMMONFILES%\LightScribe\LSLog.dll [Hewlett-Packard Company] [LightScribe] MD5=C1A3AF85DBFC67988FB71CE5E8F3B570 SIZE=32256
%PROGRAMFILES%\Alwil Software\Avast4\French\Lang.dll [ALWIL Software] [avast! Antivirus] MD5=48CEC5D615FCAAE0CC554D0777854D17 SIZE=2564096
%PROGRAMFILES%\Alwil Software\Avast4\French\langmai.dll [ALWIL Software] [avast! Antivirus] MD5=948F40920BABDA01A1ED2214B14CDDC2 SIZE=61440
%PROGRAMFILES%\Alwil Software\Avast4\ashWsFtr.dll [ALWIL Software] [avast! Antivirus] MD5=DE190D08E6416AD4708A63BD53755F51 SIZE=61440
%PROGRAMFILES%\Alwil Software\Avast4\AavmRpch.dll [ALWIL Software] [avast! Antivirus] MD5=48D8145FD48471F5007BC16AE335B8B7 SIZE=20480
%PROGRAMFILES%\alwil software\avast4\ahruimai.dll [ALWIL Software] [avast! Antivirus] MD5=18A94EF6221B9CC1B9EA275F4AF3774B SIZE=65536
%PROGRAMFILES%\Alwil Software\Avast4\ashUInt.dll [ALWIL Software] [avast! Antivirus] MD5=79D96D53F3258505515BB49CDCE33A7A SIZE=315392
%PROGRAMFILES%\Alwil Software\Avast4\XT1922.dll [Codejock Software] [XTToolkit Dynamic Link Library] MD5=1B407E7D97D1F6C5F0EA81CDF9887D30 SIZE=917504
%PROGRAMFILES%\alwil software\avast4\ahruimes.dll [ALWIL Software] [avast! Antivirus] MD5=E87D46A761D30BF0194D5A856C2FC81C SIZE=36864
%PROGRAMFILES%\alwil software\avast4\ahruins.dll [ALWIL Software] [avast! Antivirus] MD5=120FF0CC0EC3079F80DF752DF86272A1 SIZE=36864
%PROGRAMFILES%\alwil software\avast4\ahruiout.dll [ALWIL Software] [avast! Antivirus] MD5=9F3D7133C08BA4359D97EAC948A0178F SIZE=90112
%PROGRAMFILES%\alwil software\avast4\ahruip2p.dll [ALWIL Software] [avast! Antivirus] MD5=6C4B6BF2B6F3B589ACCF224FDE2CA335 SIZE=22016
%PROGRAMFILES%\alwil software\avast4\ahruistd.dll [ALWIL Software] [avast! Antivirus] MD5=F9A39F156D3222BB73426EDB249C584D SIZE=57344
%PROGRAMFILES%\alwil software\avast4\ahruiws.dll [ALWIL Software] [avast! Antivirus] MD5=51A49FD7EEBAB2A3D65459525C7CBF86 SIZE=49152
D:\Utilitaires\flashget\Flashget Pack 2008 (6in1)\FlashGet\fgmgr.dll [www.flashget.com] MD5=3C8EC93DF9CBA83062933A25BB47CEC2 SIZE=32768
%COMMONFILES%\Ahead\Lib\AdvrCntr2.dll [Nero AG] [AdvrCntr Module] MD5=D29F2DAC35633793E7256A54B81CB714 SIZE=2859008
%COMMONFILES%\Ahead\Lib\NMIndexStoreSvrPS.dll [Nero AG] [Nero Home] MD5=7157B4ED863CDEDD405E07786CB632C9 SIZE=15360
%COMMONFILES%\Ahead\Lib\NMDataServices.dll [Nero AG] [Nero Home] MD5=27FA2BCB4D397305AF0A1891F875A91D SIZE=1294336
%COMMONFILES%\Ahead\Lib\NMIndexStoreSvr.exe [Nero AG] [Nero Home] MD5=1E55333843B8398B2EB60EA8C39569FA SIZE=884736
%COMMONFILES%\Ahead\Lib\NMSQLDB.dll [Nero AG] [Nero Home] MD5=193DD6FB64D5626DD589698B3568AA81 SIZE=286720
%COMMONFILES%\Ahead\Lib\NMLogCxx.dll [Nero AG] [Nero Home] MD5=CE6CE5B27B9EE425F79D246FFACB4442 SIZE=65536
%COMMONFILES%\Ahead\Lib\NMCoFoundation.dll [Nero AG] [Nero Home] MD5=90F435A7D1B0627906079ED6F5C86999 SIZE=499712
%COMMONFILES%\Ahead\Lib\NMPluginBase.dll [Nero AG] [Nero Home] MD5=1317A02A628E8A271BEC3B27EB91817B SIZE=102400
%COMMONFILES%\Ahead\Lib\NMFullTextExtraction.dll [Nero AG] [Nero Home] MD5=703823CF46B56B746827E48968CF2D6B SIZE=155648
%COMMONFILES%\Ahead\Lib\NMSearchPluginSimilarImages.dll [Nero AG] [Nero Home] MD5=6D352B04256E96CA57F13414D4C3CC76 SIZE=172032
%COMMONFILES%\Ahead\Lib\NeroIPP.dll [Nero AG] [Nero Suite] MD5=6D6D8C61D844CB4FDC7DFE534E9235D0 SIZE=3371008
%COMMONFILES%\Ahead\Lib\NMSlideShow.dll [Nero AG] [Nero Home] MD5=0805B7A48E00CC2310AAAF3D768412F7 SIZE=290816
D:\Utilitaires\Securité\AVG Anti-Spyware 7.5\shellexecutehook.dll [GRISOFT s.r.o.] [AVG Anti-Spyware] MD5=3FD0B984601D65C6DA8E891A0D5905D1 SIZE=79408
D:\ancien disque E\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll [Safer Networking Limited] [Spybot - Search & Destroy] MD5=5248E02EFBCB64D328647CD00E384B85 SIZE=1554256
%PROGRAMFILES%\OpenOffice.org 2.3\program\shlxthdl.dll [Sun Microsystems, Inc.] MD5=DD6B269A3F5ABEAF526CB760DF8F3074 SIZE=335872
%PROGRAMFILES%\OpenOffice.org 2.3\program\uwinapi.dll [Sun Microsystems, Inc.] MD5=448C4676C44B18399969392C1BB0462E SIZE=98304
%PROGRAMFILES%\OpenOffice.org 2.3\program\stlport_vc7145.dll [STLport Consulting, Inc.] [STLport Standard ANSI C++ Libarary] MD5=73B98B3754998AEA0985B409B156908B SIZE=577536
%PROGRAMFILES%\Mozilla Firefox\plugins\NPSWF32.dll [Adobe Systems, Inc.] [Shockwave Flash] MD5=40D0B608BBF9A19F681CCF976D4CA5B9 SIZE=2884992
D:\ancien disque E\totalcmd\TOTALCMD.EXE [C. Ghisler & Co.] [Total Commander] MD5=C903BC99C31CF90592890924119A885D SIZE=826916
nwiz.exe \install
%SYSDIR%\nmhqgaff.dll
command \c del "%SYSDIR%\hgGwWOEX.dll_old"
D:\Utilitaires\reseau\Hamachi\hamachi.exe [LogMeIn Inc.] MD5=2B132EF3B8D7815198D1B5BC9C72C26C SIZE=624416
D:\Utilitaires\flashget\Flashget Pack 2008 (6in1)\FlashGet\fgiebar.dll [Amaze Soft] [fgiebar Module] MD5=FB73CACEA454749F21BE4F2BB8AFE098 SIZE=98304
deskpan.dll
%PROGRAMFILES%\Alwil Software\Avast4\ashShell.dll [ALWIL Software] [avast! Antivirus] MD5=9870BD3840E3A6FF53F62C166E6F4755 SIZE=75128
E:\ancien disque D\Program Files\WinAce\arcext.dll [e-merge GmbH] [WinAce-Archiver] MD5=F2B3B1F7694E8261B8AEE7D22B264873 SIZE=165888
D:\Utilitaires\Securité\a-squared Free\a2freecontmenu.dll [Emsi Software GmbH] [a-squared Free] MD5=FD8ED176A58621F1AABBDD7FE42174C5 SIZE=216208
%SYSDIR%\DRIVERS\aswFsBlk.sys [ALWIL Software] [avast! Antivirus System] MD5=838255D6EF1CA0A4F6B076F6D3425850 SIZE=20560
%SYSDIR%\DRIVERS\ATITool.sys [Low-Level Driver] MD5=0E4BB35C5305099AC82053AC992E3E0E SIZE=24064
%SYSDIR%\svchost.exe -k netsvcs
D:\Utilitaires\Securité\AVG Anti-Spyware 7.5\guard.sys MD5=D6F4C1450699901048818B0C3AAF7A17 SIZE=11000
%SYSDIR%\DRIVERS\AvgAsCln.sys [GRISOFT, s.r.o.] [AVG7 Clean Driver] MD5=856B0CEE009946BF2D327E6B24FE7E3F SIZE=10872
%SYSDIR%\drivers\cmuda.sys [C-Media Inc] [C-Media Audio Driver (WDM)] MD5=53F4CC55F3C255439C5973E31F0ADCE7 SIZE=1373120
%SYSDIR%\svchost -k DcomLaunch
%SYSDIR%\svchost.exe -k NetworkService
%SYSDIR%\DRIVERS\hamachi.sys [LogMeIn, Inc.] [Hamachi Virtual Network Interface Driver] MD5=7929A161F9951D173CA9900FE7067391 SIZE=25280
%SYSDIR%\svchost.exe -k HTTPFilter
%SYSDIR%\svchost.exe -k LocalService
%SYSDIR%\svchost -k rpcss
%SYSDIR%\Drivers\sptd.sys SIZE=682232
%SYSDIR%\svchost.exe -k imgsvc
End of Report
bonjour,
Sans vouloir te dire de bétises,
il me semble que ton prob se trouvait là:
O4 - HKLM\..\Run: [BMc3551b06] Rundll32.exe "C:\WINDOWS\system32\nmhqgaff.dll",s
O4 - HKLM\..\RunOnce: [SpybotDeletingA1784] command /c del "C:\WINDOWS\system32\hgGwWOEX.dll_old"
Pour spyware, je ne disais pas d'instaler antivir mais d'instaler l'antivirus de spyware terminator qui s'appel "CLAM"
Tu le télécharges dirrectement dans et avec spyware terminator.
Lis bien partout tu vas trouver.
aprés configures bien tout ce qu'il faut dedans et si tu as un doute ou une question
dis le moi je vais boire un cawa
Sans vouloir te dire de bétises,
il me semble que ton prob se trouvait là:
O4 - HKLM\..\Run: [BMc3551b06] Rundll32.exe "C:\WINDOWS\system32\nmhqgaff.dll",s
O4 - HKLM\..\RunOnce: [SpybotDeletingA1784] command /c del "C:\WINDOWS\system32\hgGwWOEX.dll_old"
Pour spyware, je ne disais pas d'instaler antivir mais d'instaler l'antivirus de spyware terminator qui s'appel "CLAM"
Tu le télécharges dirrectement dans et avec spyware terminator.
Lis bien partout tu vas trouver.
aprés configures bien tout ce qu'il faut dedans et si tu as un doute ou une question
dis le moi je vais boire un cawa
