start CloseProcesses: CreateRestorePoint: HKLM-x32\...\Run: [fst_fr_105] => [X] HKLM-x32\...\Run: [fst_fr_170] => [X] ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Pas de fichier GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_39_ssg08¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0F0D0Bzy0CyEyByCtC0FtCzy0DyBtN0D0Tzu0StCyBtAyEtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyByCyCyBtD0CtBzytGtDyC0BtAtGyCzyyBtDtGtB0CtBtDtG0A0CyC0FtCzytD0DtC0EtAtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtA0AtD0AtC0D0CtGtD0DtByBtGyEtAyDzytGzytByByCtGyEyBtAyD0Fzy0ByByCyB0Azz2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDyEtCtC%26cr%3D1928225444%26a%3Dwbf_popjar_16_39_ssg08%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_39_ssg08¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0F0D0Bzy0CyEyByCtC0FtCzy0DyBtN0D0Tzu0StCyBtAyEtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyByCyCyBtD0CtBzytGtDyC0BtAtGyCzyyBtDtGtB0CtBtDtG0A0CyC0FtCzytD0DtC0EtAtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtA0AtD0AtC0D0CtGtD0DtByBtGyEtAyDzytGzytByByCtGyEyBtAyD0Fzy0ByByCyB0Azz2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDyEtCtC%26cr%3D1928225444%26a%3Dwbf_popjar_16_39_ssg08%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome HKU\S-1-5-21-2950831876-2088724787-3088863540-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK2q0U14moCf-ET1EM4uw4GigvFB13oDdKkPmeiaEounjkyvBmjdrDok9HgOibCTpvjDaljl7BA1AkJ9yBbepxixQN6rmyqJ0vLQEcnPIKyRvBwxYMBu3ayPSZYbIqbpUC8vqkBoq5ueDRvqlieE8WLJSfgdpQFvFgSXC6gmIH8sFfNgGoL1DoXPYPZuyTN7e0cL2bL3buJy95Q,,&q={searchTerms} SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_39_ssg08¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0F0D0Bzy0CyEyByCtC0FtCzy0DyBtN0D0Tzu0StCyBtAyEtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyByCyCyBtD0CtBzytGtDyC0BtAtGyCzyyBtDtGtB0CtBtDtG0A0CyC0FtCzytD0DtC0EtAtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtA0AtD0AtC0D0CtGtD0DtByBtGyEtAyDzytGzytByByCtGyEyBtAyD0Fzy0ByByCyB0Azz2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDyEtCtC%26cr%3D1928225444%26a%3Dwbf_popjar_16_39_ssg08%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_39_ssg08¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0F0D0Bzy0CyEyByCtC0FtCzy0DyBtN0D0Tzu0StCyBtAyEtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyByCyCyBtD0CtBzytGtDyC0BtAtGyCzyyBtDtGtB0CtBtDtG0A0CyC0FtCzytD0DtC0EtAtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtA0AtD0AtC0D0CtGtD0DtByBtGyEtAyDzytGzytByByCtGyEyBtAyD0Fzy0ByByCyB0Azz2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDyEtCtC%26cr%3D1928225444%26a%3Dwbf_popjar_16_39_ssg08%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_39_ssg08¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0F0D0Bzy0CyEyByCtC0FtCzy0DyBtN0D0Tzu0StCyBtAyEtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyByCyCyBtD0CtBzytGtDyC0BtAtGyCzyyBtDtGtB0CtBtDtG0A0CyC0FtCzytD0DtC0EtAtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtA0AtD0AtC0D0CtGtD0DtByBtGyEtAyDzytGzytByByCtGyEyBtAyD0Fzy0ByByCyB0Azz2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDyEtCtC%26cr%3D1928225444%26a%3Dwbf_popjar_16_39_ssg08%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_39_ssg08¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0F0D0Bzy0CyEyByCtC0FtCzy0DyBtN0D0Tzu0StCyBtAyEtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyByCyCyBtD0CtBzytGtDyC0BtAtGyCzyyBtDtGtB0CtBtDtG0A0CyC0FtCzytD0DtC0EtAtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtA0AtD0AtC0D0CtGtD0DtByBtGyEtAyDzytGzytByByCtGyEyBtAyD0Fzy0ByByCyB0Azz2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDyEtCtC%26cr%3D1928225444%26a%3Dwbf_popjar_16_39_ssg08%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-21-2950831876-2088724787-3088863540-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2950831876-2088724787-3088863540-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = Toolbar: HKU\S-1-5-21-2950831876-2088724787-3088863540-1001 -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Pas de fichier Toolbar: HKU\S-1-5-21-2950831876-2088724787-3088863540-1001 -> Pas de nom - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - Pas de fichier FF DefaultSearchEngine: Yahoo! Powered FF SelectedSearchEngine: Yahoo! Powered FF Homepage: hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_39_ssg08¶m1=1¶m2=f%3D1%26b%3DFirefox%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0F0D0Bzy0CyEyByCtC0FtCzy0DyBtN0D0Tzu0StCyBtAyEtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyByCyCyBtD0CtBzytGtDyC0BtAtGyCzyyBtDtGtB0CtBtDtG0A0CyC0FtCzytD0DtC0EtAtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtA0AtD0AtC0D0CtGtD0DtByBtGyEtAyDzytGzytByByCtGyEyBtAyD0Fzy0ByByCyB0Azz2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtDyEtCtC%26cr%3D1928225444%26a%3Dwbf_popjar_16_39_ssg08%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome FF Extension: (Nouvel onglet de Yahoo) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2015-11-24] [non signé] FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => non trouvé(e) FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => non trouvé(e) S3 Boonty Games; C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe [69120 2012-07-16] (BOONTY) [Fichier non signé] U3 idsvc; pas de ImagePath C:\Users\Public\AlexaNSISPlugin.1148.dll C:\Users\Public\AlexaNSISPlugin.5596.dll C:\Windows\Tasks\{261DB5F0-87D0-A675-D399-6B3B4475FE51}.job Task: {26766878-4D3B-4DAD-9890-89F1A3B4A8AC} - System32\Tasks\{261DB5F0-87D0-A675-D399-6B3B4475FE51} => C:\Users\DOMINI~1\AppData\Roaming\{261DB~1\Sync.exe <==== ATTENTION Task: {73DB3486-B6DE-4866-87FE-F031FD3C2233} - System32\Tasks\{D9173B73-5CD3-4C4D-B591-D5F5ADFEDA2A} => pcalua.exe -a "C:\Users\Dominique VEY\AppData\Roaming\qone8\UninstallManager.exe" -c -ptid=adks Task: {C6D990DA-1E29-482D-81FA-ABA6AA5C3F16} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Pas de fichier <==== ATTENTION Task: {EE9F6F48-85D5-4120-829B-05E9E8580360} - System32\Tasks\Dominique VEYBanquetsAcetifyingV2 => Rundll32.exe CrabsOveruses.dll,main 7 1 <==== ATTENTION Task: C:\WINDOWS\Tasks\{261DB5F0-87D0-A675-D399-6B3B4475FE51}.job => AlternateDataStreams: C:\ProgramData\TEMP:03DF8432 [145] AlternateDataStreams: C:\ProgramData\TEMP:041C0562 [256] AlternateDataStreams: C:\ProgramData\TEMP:04BC9A2C [128] AlternateDataStreams: C:\ProgramData\TEMP:09AEED56 [134] AlternateDataStreams: C:\ProgramData\TEMP:0B79AB8D [138] AlternateDataStreams: C:\ProgramData\TEMP:0C9E06A2 [235] AlternateDataStreams: C:\ProgramData\TEMP:0D060666 [135] AlternateDataStreams: C:\ProgramData\TEMP:0E22C5DB [454] AlternateDataStreams: C:\ProgramData\TEMP:0EC7A545 [131] AlternateDataStreams: C:\ProgramData\TEMP:109734F6 [402] AlternateDataStreams: C:\ProgramData\TEMP:10CB85CA [153] AlternateDataStreams: C:\ProgramData\TEMP:10EC2087 [140] AlternateDataStreams: C:\ProgramData\TEMP:11590865 [126] AlternateDataStreams: C:\ProgramData\TEMP:1181620C [119] AlternateDataStreams: C:\ProgramData\TEMP:12383CAE [140] AlternateDataStreams: C:\ProgramData\TEMP:124B94C0 [101] AlternateDataStreams: C:\ProgramData\TEMP:12D21A9A [268] AlternateDataStreams: C:\ProgramData\TEMP:13019F4B [123] AlternateDataStreams: C:\ProgramData\TEMP:1392F09D [135] AlternateDataStreams: C:\ProgramData\TEMP:1416AAA6 [274] AlternateDataStreams: C:\ProgramData\TEMP:14B00291 [127] AlternateDataStreams: C:\ProgramData\TEMP:15381DB9 [266] AlternateDataStreams: C:\ProgramData\TEMP:177313FB [244] AlternateDataStreams: C:\ProgramData\TEMP:1A14B3AF [288] AlternateDataStreams: C:\ProgramData\TEMP:1A8FDBA3 [118] AlternateDataStreams: C:\ProgramData\TEMP:1DEE6B65 [195] AlternateDataStreams: C:\ProgramData\TEMP:1EC13383 [137] AlternateDataStreams: C:\ProgramData\TEMP:1ECED34B [217] AlternateDataStreams: C:\ProgramData\TEMP:206470A5 [241] AlternateDataStreams: C:\ProgramData\TEMP:2163E78C [145] AlternateDataStreams: C:\ProgramData\TEMP:2187A2BB [492] AlternateDataStreams: C:\ProgramData\TEMP:229564F1 [239] AlternateDataStreams: C:\ProgramData\TEMP:236FF5C6 [141] AlternateDataStreams: C:\ProgramData\TEMP:23834E1E [146] AlternateDataStreams: C:\ProgramData\TEMP:26499772 [0] AlternateDataStreams: C:\ProgramData\TEMP:268BA8AB [123] AlternateDataStreams: C:\ProgramData\TEMP:2701CA70 [246] AlternateDataStreams: C:\ProgramData\TEMP:275AA066 [97] AlternateDataStreams: C:\ProgramData\TEMP:282A4C88 [133] AlternateDataStreams: C:\ProgramData\TEMP:2AC146B9 [118] AlternateDataStreams: C:\ProgramData\TEMP:2AD33723 [133] AlternateDataStreams: C:\ProgramData\TEMP:2AE74FF9 [488] AlternateDataStreams: C:\ProgramData\TEMP:2B1EA607 [219] AlternateDataStreams: C:\ProgramData\TEMP:2B40A7DB [137] AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134] AlternateDataStreams: C:\ProgramData\TEMP:2E33E4A6 [145] AlternateDataStreams: C:\ProgramData\TEMP:2F1D743F [135] AlternateDataStreams: C:\ProgramData\TEMP:2F474C84 [134] AlternateDataStreams: C:\ProgramData\TEMP:30A9192A [140] AlternateDataStreams: C:\ProgramData\TEMP:32289BE8 [486] AlternateDataStreams: C:\ProgramData\TEMP:32A82570 [225] AlternateDataStreams: C:\ProgramData\TEMP:35501BA4 [145] AlternateDataStreams: C:\ProgramData\TEMP:36A39835 [112] AlternateDataStreams: C:\ProgramData\TEMP:36AAD0E5 [122] AlternateDataStreams: C:\ProgramData\TEMP:371060CE [236] AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [238] AlternateDataStreams: C:\ProgramData\TEMP:38534D53 [128] AlternateDataStreams: C:\ProgramData\TEMP:39DC8D60 [130] AlternateDataStreams: C:\ProgramData\TEMP:3ADE134E [136] AlternateDataStreams: C:\ProgramData\TEMP:3B454A5C [454] AlternateDataStreams: C:\ProgramData\TEMP:3B622E21 [125] AlternateDataStreams: C:\ProgramData\TEMP:3C4BD225 [139] AlternateDataStreams: C:\ProgramData\TEMP:3D36932D [206] AlternateDataStreams: C:\ProgramData\TEMP:3D922890 [129] AlternateDataStreams: C:\ProgramData\TEMP:3E06C78F [119] AlternateDataStreams: C:\ProgramData\TEMP:3E8A3E87 [124] AlternateDataStreams: C:\ProgramData\TEMP:40EE25BB [239] AlternateDataStreams: C:\ProgramData\TEMP:415E77AB [141] AlternateDataStreams: C:\ProgramData\TEMP:42A3BDD7 [137] AlternateDataStreams: C:\ProgramData\TEMP:44712999 [127] AlternateDataStreams: C:\ProgramData\TEMP:45351004 [254] AlternateDataStreams: C:\ProgramData\TEMP:45912F61 [213] AlternateDataStreams: C:\ProgramData\TEMP:469B47D8 [135] AlternateDataStreams: C:\ProgramData\TEMP:46EF121E [126] AlternateDataStreams: C:\ProgramData\TEMP:48862C37 [141] AlternateDataStreams: C:\ProgramData\TEMP:48977386 [130] AlternateDataStreams: C:\ProgramData\TEMP:490B67EC [148] AlternateDataStreams: C:\ProgramData\TEMP:49EA4410 [294] AlternateDataStreams: C:\ProgramData\TEMP:4CF61E54 [131] AlternateDataStreams: C:\ProgramData\TEMP:4DDE401B [132] AlternateDataStreams: C:\ProgramData\TEMP:506698B2 [121] AlternateDataStreams: C:\ProgramData\TEMP:50B79A31 [135] AlternateDataStreams: C:\ProgramData\TEMP:512E1728 [126] AlternateDataStreams: C:\ProgramData\TEMP:5167543E [135] AlternateDataStreams: C:\ProgramData\TEMP:52CA4081 [237] AlternateDataStreams: C:\ProgramData\TEMP:53BA2DF6 [276] AlternateDataStreams: C:\ProgramData\TEMP:5430D891 [140] AlternateDataStreams: C:\ProgramData\TEMP:54403233 [149] AlternateDataStreams: C:\ProgramData\TEMP:5539129F [127] AlternateDataStreams: C:\ProgramData\TEMP:55E82CAF [127] AlternateDataStreams: C:\ProgramData\TEMP:55F44B88 [143] AlternateDataStreams: C:\ProgramData\TEMP:56699AAF [130] AlternateDataStreams: C:\ProgramData\TEMP:569CEE83 [123] AlternateDataStreams: C:\ProgramData\TEMP:570ED58C [240] AlternateDataStreams: C:\ProgramData\TEMP:58515F92 [143] AlternateDataStreams: C:\ProgramData\TEMP:59540531 [133] AlternateDataStreams: C:\ProgramData\TEMP:59A6876B [131] AlternateDataStreams: C:\ProgramData\TEMP:59CBF899 [242] AlternateDataStreams: C:\ProgramData\TEMP:5AF17798 [125] AlternateDataStreams: C:\ProgramData\TEMP:5E73E1C2 [118] AlternateDataStreams: C:\ProgramData\TEMP:5E9B629B [228] AlternateDataStreams: C:\ProgramData\TEMP:5FEBCE9C [136] AlternateDataStreams: C:\ProgramData\TEMP:61AF2B29 [137] AlternateDataStreams: C:\ProgramData\TEMP:6212DF7A [136] AlternateDataStreams: C:\ProgramData\TEMP:629F8518 [296] AlternateDataStreams: C:\ProgramData\TEMP:63C48B80 [126] AlternateDataStreams: C:\ProgramData\TEMP:641A21EA [248] AlternateDataStreams: C:\ProgramData\TEMP:65877B83 [136] AlternateDataStreams: C:\ProgramData\TEMP:660BDAE1 [251] AlternateDataStreams: C:\ProgramData\TEMP:697DDE2B [122] AlternateDataStreams: C:\ProgramData\TEMP:699EFEED [144] AlternateDataStreams: C:\ProgramData\TEMP:69BEF06A [139] AlternateDataStreams: C:\ProgramData\TEMP:69F562A6 [304] AlternateDataStreams: C:\ProgramData\TEMP:6AF6BB0E [259] AlternateDataStreams: C:\ProgramData\TEMP:6BEADDC0 [127] AlternateDataStreams: C:\ProgramData\TEMP:6DD124E2 [122] AlternateDataStreams: C:\ProgramData\TEMP:6E65510A [263] AlternateDataStreams: C:\ProgramData\TEMP:6EFFF8B9 [152] AlternateDataStreams: C:\ProgramData\TEMP:709E81D4 [125] AlternateDataStreams: C:\ProgramData\TEMP:71612023 [494] AlternateDataStreams: C:\ProgramData\TEMP:754E278B [244] AlternateDataStreams: C:\ProgramData\TEMP:759B7D6F [134] AlternateDataStreams: C:\ProgramData\TEMP:75CF6AF0 [152] AlternateDataStreams: C:\ProgramData\TEMP:7881FECE [116] AlternateDataStreams: C:\ProgramData\TEMP:78E0DF72 [234] AlternateDataStreams: C:\ProgramData\TEMP:7A0EFE63 [126] AlternateDataStreams: C:\ProgramData\TEMP:7AE124EF [144] AlternateDataStreams: C:\ProgramData\TEMP:7E47A57F [125] AlternateDataStreams: C:\ProgramData\TEMP:7FD60FAD [145] AlternateDataStreams: C:\ProgramData\TEMP:80F63EC3 [123] AlternateDataStreams: C:\ProgramData\TEMP:80FA23CA [284] AlternateDataStreams: C:\ProgramData\TEMP:82CF625D [133] AlternateDataStreams: C:\ProgramData\TEMP:830725A7 [124] AlternateDataStreams: C:\ProgramData\TEMP:848CC150 [113] AlternateDataStreams: C:\ProgramData\TEMP:84C34762 [132] AlternateDataStreams: C:\ProgramData\TEMP:864881BF [444] AlternateDataStreams: C:\ProgramData\TEMP:865F21BF [129] AlternateDataStreams: C:\ProgramData\TEMP:869C6B4A [130] AlternateDataStreams: C:\ProgramData\TEMP:8751B175 [258] AlternateDataStreams: C:\ProgramData\TEMP:89B7A4D9 [129] AlternateDataStreams: C:\ProgramData\TEMP:89CF6F9C [120] AlternateDataStreams: C:\ProgramData\TEMP:8AE92FD3 [148] AlternateDataStreams: C:\ProgramData\TEMP:8B480195 [121] AlternateDataStreams: C:\ProgramData\TEMP:8C84E358 [118] AlternateDataStreams: C:\ProgramData\TEMP:8E7F155B [129] AlternateDataStreams: C:\ProgramData\TEMP:900EBAFA [239] AlternateDataStreams: C:\ProgramData\TEMP:9195103F [145] AlternateDataStreams: C:\ProgramData\TEMP:919D5A07 [122] AlternateDataStreams: C:\ProgramData\TEMP:91DEEE71 [252] AlternateDataStreams: C:\ProgramData\TEMP:9338F136 [143] AlternateDataStreams: C:\ProgramData\TEMP:95079543 [234] AlternateDataStreams: C:\ProgramData\TEMP:95198126 [111] AlternateDataStreams: C:\ProgramData\TEMP:96AFAB10 [117] AlternateDataStreams: C:\ProgramData\TEMP:98982C88 [130] AlternateDataStreams: C:\ProgramData\TEMP:98CD9221 [143] AlternateDataStreams: C:\ProgramData\TEMP:9A4D81ED [147] AlternateDataStreams: C:\ProgramData\TEMP:9A7BF72D [256] AlternateDataStreams: C:\ProgramData\TEMP:9BCE3C0A [130] AlternateDataStreams: C:\ProgramData\TEMP:9C3AAD57 [124] AlternateDataStreams: C:\ProgramData\TEMP:9C732DB0 [149] AlternateDataStreams: C:\ProgramData\TEMP:9C7A32BB [121] AlternateDataStreams: C:\ProgramData\TEMP:9CABFF2E [125] AlternateDataStreams: C:\ProgramData\TEMP:9E5EA7A3 [150] AlternateDataStreams: C:\ProgramData\TEMP:9E76E7F3 [120] AlternateDataStreams: C:\ProgramData\TEMP:9EBE8380 [138] AlternateDataStreams: C:\ProgramData\TEMP:9F38BF31 [124] AlternateDataStreams: C:\ProgramData\TEMP:9FC58CBB [252] AlternateDataStreams: C:\ProgramData\TEMP:A02025CE [130] AlternateDataStreams: C:\ProgramData\TEMP:A103830F [131] AlternateDataStreams: C:\ProgramData\TEMP:A2D9DC83 [119] AlternateDataStreams: C:\ProgramData\TEMP:A2FF94DF [126] AlternateDataStreams: C:\ProgramData\TEMP:A3B8F70C [240] AlternateDataStreams: C:\ProgramData\TEMP:A3F7C8F8 [149] AlternateDataStreams: C:\ProgramData\TEMP:A4241298 [264] AlternateDataStreams: C:\ProgramData\TEMP:A4CDE823 [113] AlternateDataStreams: C:\ProgramData\TEMP:A4E7D25F [141] AlternateDataStreams: C:\ProgramData\TEMP:A5584049 [228] AlternateDataStreams: C:\ProgramData\TEMP:A58B27C9 [143] AlternateDataStreams: C:\ProgramData\TEMP:A6345BDA [132] AlternateDataStreams: C:\ProgramData\TEMP:A774141A [470] AlternateDataStreams: C:\ProgramData\TEMP:A88BE334 [118] AlternateDataStreams: C:\ProgramData\TEMP:A9562832 [146] AlternateDataStreams: C:\ProgramData\TEMP:A9F13D2D [119] AlternateDataStreams: C:\ProgramData\TEMP:AA0BC725 [123] AlternateDataStreams: C:\ProgramData\TEMP:AEC59117 [124] AlternateDataStreams: C:\ProgramData\TEMP:AECF4772 [288] AlternateDataStreams: C:\ProgramData\TEMP:B0456F0C [114] AlternateDataStreams: C:\ProgramData\TEMP:B1381B34 [121] AlternateDataStreams: C:\ProgramData\TEMP:B1786630 [134] AlternateDataStreams: C:\ProgramData\TEMP:B21F2857 [125] AlternateDataStreams: C:\ProgramData\TEMP:B3A5945E [138] AlternateDataStreams: C:\ProgramData\TEMP:B504E4C2 [244] AlternateDataStreams: C:\ProgramData\TEMP:B53339FE [280] AlternateDataStreams: C:\ProgramData\TEMP:B61767F5 [134] AlternateDataStreams: C:\ProgramData\TEMP:B9A99598 [251] AlternateDataStreams: C:\ProgramData\TEMP:BACC4A79 [136] AlternateDataStreams: C:\ProgramData\TEMP:BBC9C1EB [132] AlternateDataStreams: C:\ProgramData\TEMP:BCF55336 [147] AlternateDataStreams: C:\ProgramData\TEMP:BE40C8A2 [125] AlternateDataStreams: C:\ProgramData\TEMP:BEE39E9B [114] AlternateDataStreams: C:\ProgramData\TEMP:BF6C4AAC [131] AlternateDataStreams: C:\ProgramData\TEMP:BF6C81B2 [286] AlternateDataStreams: C:\ProgramData\TEMP:C0A9D0E7 [105] AlternateDataStreams: C:\ProgramData\TEMP:C55217E2 [131] AlternateDataStreams: C:\ProgramData\TEMP:C6275D37 [282] AlternateDataStreams: C:\ProgramData\TEMP:C64957DF [144] AlternateDataStreams: C:\ProgramData\TEMP:C82CA1C0 [147] AlternateDataStreams: C:\ProgramData\TEMP:C9CDDE5E [286] AlternateDataStreams: C:\ProgramData\TEMP:CF61CE5A [226] AlternateDataStreams: C:\ProgramData\TEMP:CF82DADF [137] AlternateDataStreams: C:\ProgramData\TEMP:D03C606E [127] AlternateDataStreams: C:\ProgramData\TEMP:D1FE35E7 [146] AlternateDataStreams: C:\ProgramData\TEMP:D2C9E7E6 [154] AlternateDataStreams: C:\ProgramData\TEMP:D48500F8 [206] AlternateDataStreams: C:\ProgramData\TEMP:D5E3E8C4 [243] AlternateDataStreams: C:\ProgramData\TEMP:D6D084A5 [446] AlternateDataStreams: C:\ProgramData\TEMP:D8A1AC56 [138] AlternateDataStreams: C:\ProgramData\TEMP:D987CB43 [308] AlternateDataStreams: C:\ProgramData\TEMP:DB77E2C4 [139] AlternateDataStreams: C:\ProgramData\TEMP:DC7EDF41 [241] AlternateDataStreams: C:\ProgramData\TEMP:DC9915D2 [265] AlternateDataStreams: C:\ProgramData\TEMP:DE47A3DA [119] AlternateDataStreams: C:\ProgramData\TEMP:DF7A2D3E [242] AlternateDataStreams: C:\ProgramData\TEMP:E03F9932 [138] AlternateDataStreams: C:\ProgramData\TEMP:E265ED33 [130] AlternateDataStreams: C:\ProgramData\TEMP:E271A26A [132] AlternateDataStreams: C:\ProgramData\TEMP:E32966C0 [105] AlternateDataStreams: C:\ProgramData\TEMP:E402E439 [510] AlternateDataStreams: C:\ProgramData\TEMP:E40AB54F [132] AlternateDataStreams: C:\ProgramData\TEMP:E411AA0D [146] AlternateDataStreams: C:\ProgramData\TEMP:E446CB48 [126] AlternateDataStreams: C:\ProgramData\TEMP:E6B95E40 [288] AlternateDataStreams: C:\ProgramData\TEMP:E6E684D5 [120] AlternateDataStreams: C:\ProgramData\TEMP:E71BB809 [228] AlternateDataStreams: C:\ProgramData\TEMP:E87AB4E3 [138] AlternateDataStreams: C:\ProgramData\TEMP:E9013C62 [123] AlternateDataStreams: C:\ProgramData\TEMP:E91ADC66 [127] AlternateDataStreams: C:\ProgramData\TEMP:EA10407C [148] AlternateDataStreams: C:\ProgramData\TEMP:EA2D3047 [150] AlternateDataStreams: C:\ProgramData\TEMP:EAF954B6 [262] AlternateDataStreams: C:\ProgramData\TEMP:EBCF5924 [120] AlternateDataStreams: C:\ProgramData\TEMP:EC6FC3F6 [132] AlternateDataStreams: C:\ProgramData\TEMP:ED4272E5 [148] AlternateDataStreams: C:\ProgramData\TEMP:EF0C5444 [286] AlternateDataStreams: C:\ProgramData\TEMP:EF123AF6 [129] AlternateDataStreams: C:\ProgramData\TEMP:EF2442B1 [113] AlternateDataStreams: C:\ProgramData\TEMP:EF53A5CA [125] AlternateDataStreams: C:\ProgramData\TEMP:F039D9FE [133] AlternateDataStreams: C:\ProgramData\TEMP:F08ADFA2 [245] AlternateDataStreams: C:\ProgramData\TEMP:F135A76C [255] AlternateDataStreams: C:\ProgramData\TEMP:F68CB1A4 [498] AlternateDataStreams: C:\ProgramData\TEMP:F83E8359 [308] AlternateDataStreams: C:\ProgramData\TEMP:F84B8DB5 [232] AlternateDataStreams: C:\ProgramData\TEMP:F8F070C2 [245] AlternateDataStreams: C:\ProgramData\TEMP:F9F58B80 [140] AlternateDataStreams: C:\ProgramData\TEMP:FBD274CF [146] AlternateDataStreams: C:\ProgramData\TEMP:FC70A22A [131] AlternateDataStreams: C:\ProgramData\TEMP:FCBEDCFD [128] AlternateDataStreams: C:\ProgramData\TEMP:FE61B3F6 [286] AlternateDataStreams: C:\ProgramData\TEMP:FFC3922F [253] AlternateDataStreams: C:\Users\Dominique VEY\Downloads\cacaoweb.exe:BDU [0] FirewallRules: [{CF829956-C708-4A22-883D-2DCC84612615}] => (Allow) C:\Users\Dominique VEY\AppData\Local\Akamai\netsession_win.exe FirewallRules: [{1DCC4DEB-6E44-403B-8718-D72A807D9C6A}] => (Allow) C:\Users\Dominique VEY\AppData\Local\Akamai\netsession_win.exe EmptyTemp: end