start::
CreateRestorePoint:
CloseProcesses:
Hosts:
RemoveProxy:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe 
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% 
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% 
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction
HKLM-x32\...\Run: [CheckNDISPort54ac93] => C:\Program Files (x86)\Hostless Modem\inwi 4G MF833T\CheckNDISPort_df.exe [476368 2017-03-13] (ZTE CORPORATION -> )
HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\Hostless Modem\inwi 4G MF833T\CancelAutoPlay_df.exe 
HKU\S-1-5-21-2918345655-137521828-4056766407-1001\...\MountPoints2: {53be36cf-c931-11ea-b9c9-76dfbf963883} - "D:\AutoRun.exe"
HKU\S-1-5-21-2918345655-137521828-4056766407-1001\...\MountPoints2: {d2e4da1d-f1fa-11eb-ba0e-d8c0a64ab740} - "D:\AutoRun.exe"
HKU\S-1-5-21-2918345655-137521828-4056766407-1028\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe
HKU\S-1-5-21-2918345655-137521828-4056766407-1028\...\MountPoints2: {5c6bd37d-3afa-11ea-b99a-a08cfd35ae32} - "G:\Setup.exe" /s
HKU\S-1-5-21-2918345655-137521828-4056766407-1028\...\MountPoints2: {dedd604a-f485-11ea-b9d5-74dfbf963884} - "G:\HiSuiteDownLoader.exe"
Task: {64DFCAE0-D0B3-4CF2-AABE-97E4D80C9286} - \Microsoft\Windows\UNP\RunCampaignManager -> Pas de fichier
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKU\S-1-5-21-2918345655-137521828-4056766407-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\moham\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <non trouvé(e)>
CHR HKU\S-1-5-21-2918345655-137521828-4056766407-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKU\S-1-5-21-2918345655-137521828-4056766407-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [moihledlmchhofenpacbhphnbnpakgmo]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys
2022-07-08 19:51 - 2022-07-08 19:51 - 000003966 _____ C:\WINDOWS\system32\Tasks\Update Checker
2022-07-08 21:30 - 2018-08-02 21:50 - 000000000 ____D C:\Users\moham\AppData\Local\AVAST Software
2022-07-08 21:30 - 2017-10-06 17:56 - 000000000 ____D C:\ProgramData\AVAST Software
2022-07-08 21:30 - 2017-06-25 18:25 - 000000000 ____D C:\Users\moham\AppData\Roaming\AVAST Software
2022-07-08 20:15 - 2017-10-30 18:47 - 000000000 ____D C:\Users\moham\AppData\Roaming\TunnelBear
2022-07-08 20:12 - 2019-05-06 21:16 - 000000000 ____D C:\Program Files (x86)\EduAnatomist
2022-07-05 21:49 - 2020-06-18 17:03 - 000000000 ____D C:\ProgramData\Origin
2022-07-05 13:57 - 2020-06-18 17:03 - 000000000 ____D C:\Users\myria.LAPTOP-7T205PQF.000.001\AppData\Local\Origin
2018-12-14 14:24 - 2018-12-14 14:24 - 000000000 ____H () C:\Users\moham\AppData\Local\BITBFC1.tmp
2017-07-15 17:22 - 2017-07-15 17:22 - 000000000 ____H () C:\Users\moham\AppData\Local\BITE7D0.tmp
2017-06-25 18:24 - 2022-07-08 21:32 - 001067258 _____ () C:\Users\moham\AppData\Local\BTServer.log
2018-12-14 14:24 - 2018-12-14 14:24 - 000000000 _____ () C:\Users\moham\AppData\Local\{49F6B695-29B7-45C5-B448-5A058CDD52AC}
2017-07-15 17:22 - 2017-07-15 17:23 - 000000000 _____ () C:\Users\moham\AppData\Local\{E8695700-84D6-4522-8F4A-317C3178E04A}
SearchScopes: HKLM-x32 -> {93D9F63D-246F-480F-8A39-352D8D65271A} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2918345655-137521828-4056766407-1001 -> {93D9F63D-246F-480F-8A39-352D8D65271A} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=
BHO-x32: Pas de nom -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> Pas de fichier
Shortcut: C:\Users\moham\Desktop\Google Drive.lnk -> C:\Program Files\Google\Drive File Stream\launch.bat ()
ShortcutWithArgument: C:\Users\Public\Desktop\inwi 4G MF833T.lnk -> C:\Program Files (x86)\Hostless Modem\inwi 4G MF833T\LaunchWebUI.exe () -> hxxp://192.168.0.1
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - Pas de fichier
HKU\S-1-5-21-2918345655-137521828-4056766407-1001\...\StartupApproved\Run: => "OneDrive"
EmptyTemp:
cmd: netsh advfirewall reset
cmd: ipconfig /flushdns
cmd: sfc /scannow
end::