Logfile of HijackThis v1.99.1
Scan saved at 12:47:47, on 10/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\TClock\TClock.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {CA7DD11D-7F27-4B84-87CF-45BA42ABE097} - C:\WINDOWS\system32\pmnkj.dll (file missing)
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVRemote] C:\Program Files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [sysmngr32] sys64mnger.exe
O4 - HKLM\..\Run: [SERV PacK2] nure.exe
O4 - HKLM\..\Run: [MS Unix Binary] msnq3insller.exe
O4 - HKLM\..\Run: [Microsoft Windows Update2] wuamwin.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [faa35821] RUNDLL32.EXE w1de0865.dll,n 0023581f0000000a1de0865
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\RunServices: [sysmngr32] sys64mnger.exe
O4 - HKLM\..\RunServices: [SERV PacK2] nure.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] msnq3insller.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update2] wuamwin.exe
O4 - HKCU\..\Run: [sysmngr32] sys64mnger.exe
O4 - HKCU\..\Run: [MS Unix Binary] msnq3insller.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE" -turbo
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [wzko] C:\PROGRA~1\FICHIE~1\wzko\wzkom.exe
O4 - HKCU\..\RunServices: [sysmngr32] sys64mnger.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ [...] ge-c11.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 4723878759
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yaz [...] refid=1123
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JA [...] anager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A0F3652-CC80-4168-A67E-CBB96657C45F}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: pmnkj - C:\WINDOWS\system32\pmnkj.dll (file missing)
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\i2240cfqef2e0.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

C:\WINDOWS\System32\wpa.dbl -->11/08/2006 16:08:31
C:\WINDOWS\System32\faa35821.ini -->09/08/2006 00:46:42
C:\WINDOWS\System32\faa35821.sys -->08/08/2006 23:44:44
C:\WINDOWS\System32\jknmp.ini2 -->08/08/2006 18:34:26
C:\WINDOWS\System32\mapisvc.inf -->08/08/2006 18:09:38
C:\WINDOWS\System32\faa35821.dll -->07/08/2006 00:34:55
C:\WINDOWS\System32\mcrh.tmp -->04/08/2006 15:31:27
C:\WINDOWS\System32\jknmp.tmp -->03/08/2006 13:06:44
C:\WINDOWS\System32\jknmp.ini -->03/08/2006 13:06:37
C:\WINDOWS\System32\BASSMOD.dll -->03/08/2006 01:21:23
C:\WINDOWS\System32\wintsvit.exe -->02/08/2006 11:18:09
C:\WINDOWS\System32\jknmp.bak2 -->01/08/2006 20:33:42
C:\WINDOWS\System32\jknmp.bak1 -->28/07/2006 22:37:24
C:\WINDOWS\System32\yayawuu.dll -->28/07/2006 22:16:38
C:\WINDOWS\System32\qtsq.dll -->28/07/2006 16:47:28
C:\WINDOWS\System32\hfilt.pdb -->28/07/2006 16:43:42
C:\WINDOWS\System32\kcfg.xml -->28/07/2006 16:37:44
C:\WINDOWS\System32\tsuninst.exe -->21/07/2006 18:55:38
C:\WINDOWS\System32\netapi32.dll -->14/07/2006 17:41:05
C:\WINDOWS\System32\MRT.exe -->07/07/2006 03:21:46
C:\WINDOWS\System32\jgpl400.dll -->01/06/2006 20:48:44
C:\WINDOWS\System32\jgdw400.dll -->01/06/2006 20:48:44
C:\WINDOWS\System32\shdocvw.dll -->29/05/2006 17:29:14
C:\WINDOWS\System32\mshtml.dll -->19/05/2006 17:09:50
C:\WINDOWS\System32\iphlpapi.dll -->19/05/2006 15:23:35

C:\WINDOWS\QTFont.qfn -->11/08/2006 17:10:27
C:\WINDOWS\QTFont.for -->11/08/2006 17:10:27
C:\WINDOWS\wiadebug.log -->11/08/2006 16:41:27
C:\WINDOWS\WindowsUpdate.log -->11/08/2006 16:16:23
C:\WINDOWS\0.log -->11/08/2006 16:08:52
C:\WINDOWS\wiaservc.log -->11/08/2006 16:08:37
C:\WINDOWS\bootstat.dat -->11/08/2006 16:08:30
C:\WINDOWS\SchedLgU.Txt -->10/08/2006 18:11:38
C:\WINDOWS\tsoc.log -->09/08/2006 20:18:18
C:\WINDOWS\tabletoc.log -->09/08/2006 20:18:18
C:\WINDOWS\ocmsn.log -->09/08/2006 20:18:18
C:\WINDOWS\ntdtcsetup.log -->09/08/2006 20:18:18
C:\WINDOWS\KB921883.log -->09/08/2006 20:18:18
C:\WINDOWS\imsins.log -->09/08/2006 20:18:18
C:\WINDOWS\iis6.log -->09/08/2006 20:18:18


Le volume dans le lecteur C s'appelle cwikos
Le numéro de série du volume est 8858-5B0D

Répertoire de C:\WINDOWS\system

14/08/2002 15:03 4 672 WOWPOST.EXE
1 fichier(s) 4 672 octets
0 Rép(s) 10 462 195 712 octets libres
Le volume dans le lecteur C s'appelle cwikos
Le numéro de série du volume est 8858-5B0D

Répertoire de C:\WINDOWS\system32

20/08/2004 01:09 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 10 462 195 712 octets libres

Le volume dans le lecteur C s'appelle cwikos
Le numéro de série du volume est 8858-5B0D

Répertoire de C:\Program Files

09/08/2006 00:33 <REP> .
09/08/2006 00:33 <REP> ..
23/05/2006 19:01 <REP> 3D Live Pool
23/05/2006 19:33 <REP> 3D Online Pool
28/07/2006 22:22 <REP> Adobe
28/08/2005 22:42 <REP> Adobe After Effects 6.5
18/09/2005 23:27 <REP> Ahead
10/10/2005 22:23 <REP> AMSN
08/08/2006 18:57 <REP> Antipub
22/08/2005 18:01 <REP> ATI Technologies
03/08/2006 13:38 17 344 752 avg71free_394a763.exe
09/08/2006 00:33 <REP> CCleaner
11/09/2005 00:03 <REP> CDBurnerXP Pro 3
21/07/2006 17:37 <REP> chercher
08/06/2005 22:01 <REP> ComPlus Applications
24/08/2005 19:39 <REP> CyberLink
22/08/2005 17:13 <REP> D-Link
12/12/2005 22:57 <REP> directx
27/02/2006 17:43 <REP> DivX
08/12/2005 00:23 <REP> DVD Decrypter
11/03/2006 16:16 <REP> EasyPHP1-8
11/03/2006 15:17 8 085 245 easyphp1-8_setup.exe
01/09/2005 00:24 <REP> Eicon
12/12/2005 18:16 <REP> Eidos Interactive
08/08/2006 18:02 <REP> Elaborate Bytes
11/08/2006 16:39 <REP> eMule
22/02/2006 20:20 4 677 596 eMule0.47a-Installer.exe
08/08/2006 18:15 <REP> Eset
11/08/2006 16:10 <REP> ewido anti-spyware 4.0
28/07/2006 22:28 <REP> Fichiers communs
03/10/2005 19:17 <REP> FileZilla
04/04/2006 08:17 5 239 328 Firefox Setup 1.5.0.1.exe
12/12/2005 19:16 <REP> GIMP-2.0
07/12/2005 21:28 7 909 725 gimp-2.2.9-i586-setup.zip
07/12/2005 21:32 3 639 340 gtk+-2.6.9-setup.zip
24/08/2005 18:42 <REP> Hewlett-Packard
22/08/2005 18:47 <REP> Intel
14/06/2006 20:53 <REP> Internet Explorer
04/04/2006 08:23 <REP> Java
24/08/2005 18:37 <REP> K!TV
08/08/2006 18:24 <REP> Kaspersky Lab
29/07/2006 00:22 <REP> Kazaa
24/08/2005 19:33 <REP> Macromedia
10/10/2005 22:25 <REP> Messenger
08/06/2005 22:12 <REP> microsoft frontpage
20/12/2005 22:38 <REP> Microsoft Office
18/09/2005 21:23 <REP> Movie Maker
10/08/2006 14:38 <REP> Mozilla Firefox
28/08/2005 23:34 <REP> mozilla.org
08/11/2005 01:09 12 754 672 MP10Setup.exe
22/10/2005 14:25 13 951 112 MPSetup.exe
10/10/2005 20:16 <REP> MSN
08/06/2005 22:00 <REP> MSN Gaming Zone
10/10/2005 23:42 <REP> MSN Messenger
10/10/2005 23:42 1 656 MSN Messenger 7.5.lnk
18/09/2005 21:18 <REP> NetMeeting
17/05/2006 22:23 <REP> OpenOffice.org 2.0
17/04/2006 01:43 <REP> Outlook Express
24/08/2005 16:31 <REP> Pinnacle
22/08/2005 19:00 <REP> Pinnacle Systems
12/10/2005 19:52 <REP> PowerPoint Viewer
27/08/2005 18:23 <REP> PowerQuest
12/10/2005 19:50 2 855 552 PPView97.exe
28/08/2005 22:16 <REP> QuickTime
03/10/2005 22:38 <REP> Real
22/08/2005 18:49 <REP> Realtek Sound Manager
08/06/2005 22:11 <REP> Services en ligne
28/08/2005 21:42 1 218 927 SetupAnyDVD5411.exe
08/12/2005 00:23 899 414 SetupDVDDecrypter_3.5.4.0.exe
28/08/2005 21:43 <REP> SlySoft
09/08/2006 00:56 <REP> SmitfraudFix
24/08/2005 19:42 <REP> Sony Setup
08/08/2006 18:03 <REP> Spybot - Search & Destroy
08/08/2006 18:07 <REP> Symantec
28/07/2006 22:19 <REP> TClock
17/11/2005 22:22 647 129 088 ubuntu-5.10-install-i386.iso
03/08/2006 12:45 <REP> Ultimate Defender
11/10/2005 00:27 <REP> viewer
03/10/2005 20:06 <REP> Visicom Media
02/08/2006 11:35 <REP> WebCopier
29/12/2005 20:50 <REP> Winamp
29/12/2005 17:57 10 733 704 winamp512_full_kornbundle_emusic-7plus.exe
22/03/2006 20:13 <REP> Windows Media Player
26/10/2005 20:41 <REP> Windows NT
31/03/2006 12:19 1 638 232 Windows-KB890830-V1.14.exe
03/08/2006 13:11 5 763 072 WindowsDefender.msi
22/08/2005 17:52 <REP> WinRAR
17/05/2006 21:58 <REP> WinZip
12/10/2005 22:34 <REP> WordView
08/06/2005 22:12 <REP> xerox
20/12/2005 22:31 10 420 936 xlviewer.exe
17 fichier(s) 754 262 351 octets
74 Rép(s) 10 462 191 616 octets libres
Le volume dans le lecteur C s'appelle cwikos
Le numéro de série du volume est 8858-5B0D

Répertoire de C:\Program Files\fichiers communs

28/07/2006 22:28 <REP> .
28/07/2006 22:28 <REP> ..
28/07/2006 22:24 <REP> Adobe
24/09/2005 14:46 <REP> Adobe Systems Shared
18/09/2005 23:27 <REP> Ahead
24/08/2005 18:43 <REP> Hewlett-Packard
22/08/2005 18:01 <REP> InstallShield
04/04/2006 08:22 <REP> Java
24/08/2005 19:31 <REP> Macromedia
24/08/2005 19:28 <REP> Macromedia Shared
20/12/2005 22:38 <REP> Microsoft Shared
28/08/2005 23:34 <REP> mozilla.org
08/06/2005 22:02 <REP> MSSoap
08/09/2005 21:50 <REP> ODBC
03/10/2005 22:38 <REP> Real
08/06/2005 22:02 <REP> Services
08/09/2005 21:50 <REP> SpeechEngines
08/08/2006 18:16 <REP> Symantec Shared
17/04/2006 01:43 <REP> System
28/07/2006 22:24 <REP> Vbox
08/08/2006 22:48 <REP> wzko
03/10/2005 22:38 <REP> xing shared
09/08/2006 00:50 <REP> {88585B0D-096B-1036-1230-020306160021}
0 fichier(s) 0 octets
23 Rép(s) 10 462 187 520 octets libres
Le volume dans le lecteur C s'appelle cwikos
Le numéro de série du volume est 8858-5B0D

Répertoire de C:\

16/02/2005 11:06 218 112 HijackThis.exe
07/08/2006 00:00 61 440 kybrdfg_8.exe
2 fichier(s) 279 552 octets
0 Rép(s) 10 462 187 520 octets libres
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\aspiinst.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe
c:\Documents and Settings\cwikos\Bureau\antipub.exe
c:\Documents and Settings\cwikos\Bureau\ccleaner-crap-cleaner_ccleaner_crap_cleaner_1.31.325_francais_14492.exe
c:\Documents and Settings\cwikos\Bureau\ewido-setup_4.0.0.172c.exe
c:\Documents and Settings\cwikos\Bureau\rangements\Adobe_Illustrator_CS2_F_TryOut.exe
c:\Documents and Settings\cwikos\Bureau\rangements\ffce.exe
c:\Documents and Settings\cwikos\Bureau\rangements\pol(2).exe
c:\Documents and Settings\cwikos\Bureau\rangements\Sans nom-2.exe
c:\Documents and Settings\cwikos\Bureau\rangements\SetupAnyDVD5961.exe
c:\Documents and Settings\cwikos\Bureau\rangements\wcopier.exe
c:\Documents and Settings\cwikos\Mes documents\DivXPlay.exe
c:\Documents and Settings\All Users\Application Data\Adobe\AWSCommonUI.dll
c:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Bases\avcmhk4.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\cwikos\Application Data\Adobe\AWSCommonUI.dll
c:\Documents and Settings\cwikos\Application Data\Macromedia\Dreamweaver MX 2004\Configuration\Flash Player\FlashPlayerW.dll
c:\Documents and Settings\cwikos\Application Data\Macromedia\Dreamweaver MX 2004\Configuration\Flash Player\NPSWF32.dll
c:\Documents and Settings\cwikos\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\cwikos\Local Settings\Application Data\Macromedia\Flash MX 2004\fr\Configuration\authplay.dll
c:\Documents and Settings\cwikos\Local Settings\Application Data\Macromedia\Flash MX 2004\fr\Configuration\Importers\AI_EPS_PDF_Import.dll
c:\Documents and Settings\cwikos\Local Settings\Application Data\Macromedia\Flash MX 2004\fr\Configuration\Importers\AIImport.dll
c:\Documents and Settings\cwikos\Local Settings\Application Data\Macromedia\Flash MX 2004\fr\Configuration\Importers\FhDbRdr.dll
c:\Documents and Settings\cwikos\Local Settings\Application Data\Macromedia\Flash MX 2004\fr\Configuration\Importers\Fireworks Library.dll

Vérifications de quelques clefs
Recherche de clefs EGDACCESS

HKLM\SOFTWARE\Microsoft\Windows\explorer\SharedTaskScheduler