start::
CreateRestorePoint:
CloseProcesses:
Hosts:
RemoveProxy:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKU\S-1-5-21-196411022-341848384-2109630097-1001\...\Run: [uTorrent] => C:\Users\omar8\AppData\Roaming\uTorrent\uTorrent.exe
HKU\S-1-5-21-196411022-341848384-2109630097-1001\...\Run: [Prun] => C:\WINDOWS\PublicGaming\prun.exe [705460736 2021-05-18] (DearMob, Inc.) [Fichier non signé] 
HKU\S-1-5-21-196411022-341848384-2109630097-1001\...\Run: [WinFlow] => "C:\ProgramData\WinFlow.exe"
IFEO\osppsvc.exe: [Debugger] rundll32.exe SppExtComObjHook.dll,PatcherMain
Task: {0D20E09F-CC80-4B3D-B005-8D14A3055348} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe 
Task: {1BA26897-60FF-4AAF-A2AF-2E3EBA0EADB1} - System32\Tasks\Firefox Default Browser Agent 09A8CBEBAD271A8B => C:\Users\omar8\AppData\Roaming\wddiuvi.exe
Task: {CEF5DF8F-4B0B-4B43-8219-57BC54FEB76B} - System32\Tasks\UpdateWindows => C:\Users\omar8\AppData\Roaming\WinHost\svchost.exe
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
CHR HKLM\...\Chrome\Extension: [miockbgloklamfiklogjaohlgekodeok]
CHR HKLM\...\Chrome\Extension: [obhdbhpjhfncnelcpknkffpdmpdcjpep]
CHR HKU\S-1-5-21-196411022-341848384-2109630097-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [miockbgloklamfiklogjaohlgekodeok]
CHR HKU\S-1-5-21-196411022-341848384-2109630097-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [obhdbhpjhfncnelcpknkffpdmpdcjpep]
CHR HKLM-x32\...\Chrome\Extension: [miockbgloklamfiklogjaohlgekodeok]
CHR HKLM-x32\...\Chrome\Extension: [obhdbhpjhfncnelcpknkffpdmpdcjpep]
S2 IAStorDataMgrSvc; "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" [X]
S2 MSIREGISTER_MR; C:\MSI\MSIRegister\MSIRegisterService.exe [X]
S2 TriDefSmartCamService; "c:\program files (x86)\tridef\smartcam\tridefsmartcamservice64.exe" [X]
2021-05-18 17:58 - 2021-05-18 17:58 - 000000000 ____D C:\ProgramData\UT5XUV40M0B50ELLDEMOG0Q9A
2021-05-18 17:57 - 2021-05-18 17:57 - 000043520 _____ C:\Users\omar8\AppData\Roaming\LYEDgFPjFmEi3fKCAZGGT5iO.exe
2021-05-18 17:57 - 2021-05-18 17:57 - 000000000 ____D C:\ProgramData\92OPYHCW0Y205BTYS6UC0GW49
2021-05-10 20:21 - 2021-05-10 20:42 - 000000298 _____ C:\Users\omar8\d4ac4633ebd6440fa397b84f1bc94a3c.7z
2021-05-18 17:57 - 2021-05-18 17:57 - 000043520 _____ () C:\Users\omar8\AppData\Roaming\LYEDgFPjFmEi3fKCAZGGT5iO.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
AlternateDataStreams: C:\Users\Public\AppData:CSM [472]
SearchScopes: HKU\S-1-5-21-196411022-341848384-2109630097-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-196411022-341848384-2109630097-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q=
BHO: Pas de nom -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> Pas de fichier
BHO-x32: Pas de nom -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> Pas de fichier
Toolbar: HKLM - Smart Backup - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\WINDOWS\system32\mscoree.dll
HKU\S-1-5-21-196411022-341848384-2109630097-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-196411022-341848384-2109630097-1001\...\StartupApproved\Run: => "Application Restart #1"
HKU\S-1-5-21-196411022-341848384-2109630097-1001\...\StartupApproved\Run: => "Application Restart #3"
HKU\S-1-5-21-196411022-341848384-2109630097-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-196411022-341848384-2109630097-1001\...\StartupApproved\Run: => "Delete Cached Standalone Update Binary"
HKU\S-1-5-21-196411022-341848384-2109630097-1001\...\StartupApproved\Run: => "Delete Cached Update Binary"
EmptyTemp:
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh winsock reset 
cmd: sfc /scannow
end::