Artemis !

martinem2 -  
 martinem2 -
Bonjour,

Mcafee à détecté ARTEMIS ! dans un fichier ou une adresse BAFE1C90D179

Je ne pense pas qu'il aie fait le ménage...

J'ai fait rouler RSIT.

Que dois-je faire ensuite ?

Merci !

Martinem2
Configuration: Windows Vista Internet Explorer 8.0

1 réponse

  1. toptitbal Messages postés 5341 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
     
    Bonjour

    "J'ai fait rouler RSIT.

    Que dois-je faire ensuite ?


    Ben, poster les rapports pour commencer ;-)
    0
    1. martinem2
       
      De quelle façon ?

      Je ne vois pas comment joindre des fichiers à ce message...
      0
      1. toptitbal Messages postés 5341 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232 > martinem2
         
        Tu sélectionnes ton rapport, tu cliques droit, copier.
        Tu ouvres un nouveau message à la suite de celui-ci, clic droit, coller.
        0
      2. martinem2 > toptitbal Messages postés 5341 Date d'inscription   Statut Contributeur sécurité Dernière intervention  
         
        Je ne pensais pas faire ça, car les fichiers sont très GROS !!!
        Mais si vous voulez, alors voici :
        info.txt logfile of random's system information tool 1.06 2009-05-03 09:22:51

        ======Uninstall list======

        -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
        ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
        Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
        Adobe Reader 8.1.4 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
        Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
        Apple Mobile Device Support-->MsiExec.exe /I{162B71B8-8464-4680-A086-601D555B331D}
        Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
        Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
        Assistant Personnalisation du systéme Dell-->MsiExec.exe /I{9954484F-6EE4-4040-94E3-4B380646F867}
        Barbie(R) idesign(TM) Ultimate Stylist(TM)-->MsiExec.exe /I{3EDF07A0-0362-4881-A772-ED4E66D3084A}
        Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
        Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
        Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
        Dell AIO Printer 946-->C:\Program Files\Dell AIO Printer 946\Install\x86\Uninst.exe
        Dell Fax PC-->C:\Program Files\Dell Fax Solutions\Install\x86\Uninst.exe /R:faxunst
        DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
        Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
        Free PDF to Word Doc Converter v1.1-->"C:\Program Files\Free PDF to Word Doc Converter\unins000.exe"
        Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
        Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
        Google Earth-->MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
        HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
        Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
        Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
        Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
        Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
        InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
        Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
        Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
        La barre d'outils AIR MILES 1.438-->C:\Program Files\La barre d'outils AIR MILES\Uninst.exe
        Les Sims Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\Setup.exe" -l040c
        McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
        Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
        Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
        Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
        Microsoft Office Word Viewer 2003-->MsiExec.exe /I{9085040C-6000-11D3-8CFE-0150048383C9}
        Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
        Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
        Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
        Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
        Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
        Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
        Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
        Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
        MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
        MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
        MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
        MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
        MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
        My Scene(TM) STARS D' Hollywood-->C:\Program Files\Common Files\Vivendi Universal Games\Uninstall\MySceneHWFrUn.exe
        NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
        OpenOffice.org 2.2-->MsiExec.exe /I{3B7E7EF8-1680-4894-9D35-86BAB9EEB6AC}
        Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
        Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
        Print to Fax-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BF2B19D-9C79-492A-8969-F059F06A627F}\setup.exe" -l0x40c ControlPanel
        QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
        RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
        Roll-->C:\Windows\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
        Safari-->MsiExec.exe /I{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}
        Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
        StarOffice 8-->MsiExec.exe /I{91AC855F-9553-4158-8AFB-46384DBB776E}
        Surligneur (Windows Live Toolbar)-->MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
        The KMPlayer v2.9.4.1434 FR-->"C:\Program Files\The KMPlayer FR\unins000.exe"
        URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
        Vérification Internet-->C:\Program Files\BellCanada\bcunwise.exe
        Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
        Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
        Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}
        Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
        Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
        Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
        Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
        Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
        Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}

        ======System event log======

        Computer Name: PC-Grantham-Marcoux
        Event Code: 51
        Message: Une erreur a été détectée sur le périphérique \Device\CdRom0 lors d'une opération de pagination.
        Record Number: 423303
        Source Name: cdrom
        Time Written: 20090503111552.785321-000
        Event Type: Avertissement
        User:

        Computer Name: PC-Grantham-Marcoux
        Event Code: 51
        Message: Une erreur a été détectée sur le périphérique \Device\CdRom0 lors d'une opération de pagination.
        Record Number: 423305
        Source Name: cdrom
        Time Written: 20090503111553.409321-000
        Event Type: Avertissement
        User:

        Computer Name: PC-Grantham-Marcoux
        Event Code: 51
        Message: Une erreur a été détectée sur le périphérique \Device\CdRom0 lors d'une opération de pagination.
        Record Number: 423306
        Source Name: cdrom
        Time Written: 20090503111554.438921-000
        Event Type: Avertissement
        User:

        Computer Name: PC-Grantham-Marcoux
        Event Code: 51
        Message: Une erreur a été détectée sur le périphérique \Device\CdRom0 lors d'une opération de pagination.
        Record Number: 423501
        Source Name: cdrom
        Time Written: 20090503111557.106521-000
        Event Type: Avertissement
        User:

        Computer Name: PC-Grantham-Marcoux
        Event Code: 51
        Message: Une erreur a été détectée sur le périphérique \Device\CdRom0 lors d'une opération de pagination.
        Record Number: 423502
        Source Name: cdrom
        Time Written: 20090503111557.184521-000
        Event Type: Avertissement
        User:

        =====Application event log=====

        Computer Name: PC-Grantham-Marcoux
        Event Code: 0
        Message: IDCRL login failed (second attempt). Error Code: 80048869
        Username: 'martinem2@sympatico.ca'
        Proxy: '(null)'
        Proxy Bypass: '(null)'
        Environment: 'Production'
        Record Number: 66399
        Source Name: Family Safety Service
        Time Written: 20090503110652.000000-000
        Event Type: Erreur
        User:

        Computer Name: PC-Grantham-Marcoux
        Event Code: 0
        Message: IDCRL login failed. Error Code: 80048869
        Username: 'martinem2@sympatico.ca'
        Proxy: '(null)'
        Proxy Bypass: '(null)'
        Environment: 'Production'
        Record Number: 66400
        Source Name: Family Safety Service
        Time Written: 20090503110658.000000-000
        Event Type: Erreur
        User:

        Computer Name: PC-Grantham-Marcoux
        Event Code: 0
        Message: IDCRL login failed (second attempt). Error Code: 80048869
        Username: 'martinem2@sympatico.ca'
        Proxy: '(null)'
        Proxy Bypass: '(null)'
        Environment: 'Production'
        Record Number: 66401
        Source Name: Family Safety Service
        Time Written: 20090503110701.000000-000
        Event Type: Erreur
        User:

        Computer Name: PC-Grantham-Marcoux
        Event Code: 0
        Message: IDCRL login failed. Error Code: 80048869
        Username: 'martinem2@sympatico.ca'
        Proxy: '(null)'
        Proxy Bypass: '(null)'
        Environment: 'Production'
        Record Number: 66419
        Source Name: Family Safety Service
        Time Written: 20090503112043.000000-000
        Event Type: Erreur
        User:

        Computer Name: PC-Grantham-Marcoux
        Event Code: 0
        Message: IDCRL login failed (second attempt). Error Code: 80048869
        Username: 'martinem2@sympatico.ca'
        Proxy: '(null)'
        Proxy Bypass: '(null)'
        Environment: 'Production'
        Record Number: 66420
        Source Name: Family Safety Service
        Time Written: 20090503112048.000000-000
        Event Type: Erreur
        User:

        =====Security event log=====

        Computer Name: PC-Grantham-Marcoux
        Event Code: 5032
        Message: Le Pare-feu Windows n’a pas pu notifier l’utilisateur qu’il a empêché une application d’accepter des connexions entrantes sur le réseau.

        Code d’erreur : 2
        Record Number: 76576
        Source Name: Microsoft-Windows-Security-Auditing
        Time Written: 20090107003552.510000-000
        Event Type: Échec de l'audit
        User:

        Computer Name: PC-Grantham-Marcoux
        Event Code: 5032
        Message: Le Pare-feu Windows n’a pas pu notifier l’utilisateur qu’il a empêché une application d’accepter des connexions entrantes sur le réseau.

        Code d’erreur : 2
        Record Number: 76577
        Source Name: Microsoft-Windows-Security-Auditing
        Time Written: 20090107003552.516000-000
        Event Type: Échec de l'audit
        User:

        Computer Name: PC-Grantham-Marcoux
        Event Code: 5032
        Message: Le Pare-feu Windows n’a pas pu notifier l’utilisateur qu’il a empêché une application d’accepter des connexions entrantes sur le réseau.

        Code d’erreur : 2
        Record Number: 76578
        Source Name: Microsoft-Windows-Security-Auditing
        Time Written: 20090107003552.529000-000
        Event Type: Échec de l'audit
        User:

        Computer Name: PC-Grantham-Marcoux
        Event Code: 5032
        Message: Le Pare-feu Windows n’a pas pu notifier l’utilisateur qu’il a empêché une application d’accepter des connexions entrantes sur le réseau.

        Code d’erreur : 2
        Record Number: 76579
        Source Name: Microsoft-Windows-Security-Auditing
        Time Written: 20090107012130.537000-000
        Event Type: Échec de l'audit
        User:

        Computer Name: PC-Grantham-Marcoux
        Event Code: 5032
        Message: Le Pare-feu Windows n’a pas pu notifier l’utilisateur qu’il a empêché une application d’accepter des connexions entrantes sur le réseau.

        Code d’erreur : 2
        Record Number: 76580
        Source Name: Microsoft-Windows-Security-Auditing
        Time Written: 20090107012130.537000-000
        Event Type: Échec de l'audit
        User:

        ======Environment variables======

        "ComSpec"=%SystemRoot%\system32\cmd.exe
        "FP_NO_HOST_CHECK"=NO
        "OS"=Windows_NT
        "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
        "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
        "PROCESSOR_ARCHITECTURE"=x86
        "TEMP"=%SystemRoot%\TEMP
        "TMP"=%SystemRoot%\TEMP
        "USERNAME"=SYSTEM
        "windir"=%SystemRoot%
        "PROCESSOR_LEVEL"=15
        "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
        "PROCESSOR_REVISION"=6b01
        "NUMBER_OF_PROCESSORS"=2
        "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
        "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

        -----------------EOF-----------------


        Logfile of random's system information tool 1.06 (written by random/random)
        Run by Martine at 2009-05-03 09:21:52
        Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
        System drive C: has 173 GB (76%) free of 228 GB
        Total RAM: 958 MB (24% free)

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 09:22:42, on 2009-05-03
        Platform: Windows Vista SP1 (WinNT 6.00.1905)
        MSIE: Internet Explorer v8.00 (8.00.6001.18702)
        Boot mode: Normal

        Running processes:
        C:\Windows\system32\Dwm.exe
        C:\Windows\system32\taskeng.exe
        C:\Windows\Explorer.EXE
        C:\Program Files\Windows Defender\MSASCui.exe
        C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
        C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
        C:\Program Files\Dell AIO Printer 946\DLCImon.exe
        C:\Windows\System32\wpcumi.exe
        C:\Program Files\Windows Live\Family Safety\fsui.exe
        C:\Program Files\BellCanada\McciTrayApp.exe
        C:\Program Files\McAfee.com\Agent\mcagent.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\QuickTime\QTTask.exe
        C:\Program Files\Java\jre6\bin\jusched.exe
        C:\Program Files\Windows Sidebar\sidebar.exe
        C:\Windows\ehome\ehtray.exe
        C:\Program Files\Windows Media Player\wmpnscfg.exe
        C:\Program Files\Windows Live\Messenger\msnmsgr.exe
        C:\Windows\System32\rundll32.exe
        C:\Windows\ehome\ehmsas.exe
        C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
        C:\Program Files\Windows Live\Contacts\wlcomm.exe
        C:\Program Files\Windows Mail\WinMail.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
        C:\Users\Martine\Desktop\RSIT.exe
        C:\Program Files\trend micro\Martine.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
        R3 - URLSearchHook: FCToolbarURLSearchHook Class - {85c1dd6e-1181-41f2-9ab2-79d5f46f491b} - C:\Program Files\La barre d'outils AIR MILES\Helper.dll
        R3 - URLSearchHook: (no name) - - (no file)
        O1 - Hosts: ::1 localhost
        O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
        O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
        O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
        O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - (no file)
        O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
        O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
        O2 - BHO: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
        O2 - BHO: FCTBPos00Pos - {76A20DB7-AAD4-4EFD-AE21-57811E5E49E4} - C:\Program Files\La barre d'outils AIR MILES\Toolbar.dll
        O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
        O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
        O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
        O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
        O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
        O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
        O3 - Toolbar: La barre d'outils AIR MILES - {DC7A75BF-581D-4675-BDCB-D1B35116EB49} - C:\Program Files\La barre d'outils AIR MILES\Toolbar.dll
        O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
        O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
        O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
        O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
        O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
        O4 - HKLM\..\Run: [DLCICATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16
        O4 - HKLM\..\Run: [dlcimon.exe] "C:\Program Files\Dell AIO Printer 946\dlcimon.exe"
        O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell Fax Solutions\fm3032.exe" /s
        O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
        O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
        O4 - HKLM\..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe
        O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
        O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
        O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
        O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
        O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
        O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"https://www.miniclip.com/games/cab-driver/en/"
        O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
        O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
        O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
        O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
        O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Martine\AppData\Local\Temp\Low\HSPERF~1.SH! C:\Users\Martine\AppData\Local\Temp\HSPERF~1.SH! (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
        O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Martine\AppData\Local\Temp\Low\HSPERF~1.SH! C:\Users\Martine\AppData\Local\Temp\HSPERF~1.SH! (User 'Default user')
        O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
        O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - (no file)
        O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - (no file)
        O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Martine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
        O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
        O13 - Gopher Prefix:
        O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Nanny%20Mania%202%20-%20Hollywood/Images/stg_drm.ocx
        O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fr/win/QuickTimeInstaller.exe
        O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Baby%20Luv/Images/armhelper.ocx
        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
        O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
        O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
        O23 - Service: dlci_device - - C:\Windows\system32\dlcicoms.exe
        O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
        O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
        O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
        O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
        O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
        O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
        O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
        O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
        O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
        O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
        O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
        O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
        0