CreateRestorePoint:
CloseProcesses:
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Task: {19E05F2C-0572-4B68-A89D-E4726976B634} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\winrmsrv => C:\Windows\system32\winrmsrv.exe [731136 2020-11-15] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
Task: {90AF4B49-5B0F-4D95-9679-B049C0AADB39} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
Task: {E4F7536B-8703-4945-A14E-390ABFC5C6B4} - System32\Tasks\Microsoft\Windows\Wininet\Winlogui => C:\Windows\system32\winlogui.exe [750592 2020-11-15] (Microsoft Corporation) [Fichier non signé] <==== ATTENTION
Edge HomePage: Default -> hxxps://fr.yahoo.com?fr=hp-avast&type=avastbcl
CHR Notifications: Profile 1 -> hxxps://foxholestats.com; hxxps://www.messenger.com
CHR HomePage: Profile 1 -> hxxps://fr.yahoo.com?fr=hp-avast&type=avastbcl
CHR StartupUrls: Profile 1 -> "hxxps://fr.yahoo.com?fr=hp-avast&type=avastbcl"
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CMD: sc config wuauserv start= auto
CMD: net start wuauserv 
File: C:\Windows\system32\winrmsrv.exe;C:\Windows\system32\winlogui.exe
VirusTotal: C:\Windows\system32\winrmsrv.exe;C:\Windows\system32\winlogui.exe

StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000000
"DisableBehaviorMonitoring"=dword:00000000
"DisableOnAccessProtection"=dword:00000000
"DisableScanOnRealtimeEnable"=dword:00000000
"DisableAntiVirus"=dword:00000000

[HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
"SubmitSamplesConsent"=-
"SpyNetReporting"=-

[-HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection]
"DisableRealtimeMonitoring"=-
 EndRegedit:

FirewallRules: [TCP Query User{4B71D64B-D215-432D-8C2B-F083658AA19A}C:\users\jules\appdata\local\programs\lnv\stremio-4\node.exe] => (Allow) C:\users\jules\appdata\local\programs\lnv\stremio-4\node.exe => Pas de fichier
FirewallRules: [UDP Query User{F90081D3-5365-4C9F-9198-5ABFF44501C3}C:\users\jules\appdata\local\programs\lnv\stremio-4\node.exe] => (Allow) C:\users\jules\appdata\local\programs\lnv\stremio-4\node.exe => Pas de fichier
FirewallRules: [{0CA846C2-E6F1-4939-A69F-B7C126EE4989}] => (Block) C:\users\jules\appdata\local\programs\lnv\stremio-4\node.exe => Pas de fichier
FirewallRules: [{4424EBB7-F12A-47DC-9FDC-ED1C97347DC8}] => (Block) C:\users\jules\appdata\local\programs\lnv\stremio-4\node.exe => Pas de fichier
FirewallRules: [TCP Query User{4CCDBF17-1F0B-4BE7-8BDB-6EFA829DE585}C:\program files\epic games\theescapists2\theescapists2.exe] => (Allow) C:\program files\epic games\theescapists2\theescapists2.exe => Pas de fichier
FirewallRules: [UDP Query User{1DED9E57-5062-4F6D-98D2-F0AA48B27444}C:\program files\epic games\theescapists2\theescapists2.exe] => (Allow) C:\program files\epic games\theescapists2\theescapists2.exe => Pas de fichier
FirewallRules: [{99E8F6F9-DBF8-4722-97CE-7E6B10FA3F28}] => (Block) C:\program files\epic games\theescapists2\theescapists2.exe => Pas de fichier
FirewallRules: [{FEF22473-BCAB-48FB-AD8E-D363C7592FD9}] => (Block) C:\program files\epic games\theescapists2\theescapists2.exe => Pas de fichier
FirewallRules: [TCP Query User{87FCEBD1-46E7-4D60-BF27-BE38F96BE595}C:\program files\epic games\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi_dx12.exe] => (Allow) C:\program files\epic games\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi_dx12.exe => Pas de fichier
FirewallRules: [UDP Query User{B8016227-4EB2-40C1-88BF-2EA542EBC83E}C:\program files\epic games\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi_dx12.exe] => (Allow) C:\program files\epic games\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi_dx12.exe => Pas de fichier
FirewallRules: [{CFBFC6E6-346A-41E9-AB4F-1F1F27943EAD}] => (Block) C:\program files\epic games\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi_dx12.exe => Pas de fichier
FirewallRules: [{EAE3750C-FF02-4055-A7AC-736C8BAF9496}] => (Block) C:\program files\epic games\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi_dx12.exe => Pas de fichier
FirewallRules: [{BB0B42B8-0541-44E4-8D04-23E6DD5241C9}] => (Allow) C:\Users\jules\AppData\Roaming\Zoom\bin\airhost.exe => Pas de fichier
FirewallRules: [{E162C285-527F-4219-B2AD-71D3D32DA37C}] => (Allow) C:\Users\jules\AppData\Roaming\Zoom\bin\airhost.exe => Pas de fichier
FirewallRules: [TCP Query User{840CEF03-DBF9-442F-A583-6193E62C4A2A}C:\users\jules\jeux\eco\jeu\eco\eco.exe] => (Allow) C:\users\jules\jeux\eco\jeu\eco\eco.exe => Pas de fichier
FirewallRules: [UDP Query User{6418B26A-167E-46DD-A3C6-6C3FDD5CEA16}C:\users\jules\jeux\eco\jeu\eco\eco.exe] => (Allow) C:\users\jules\jeux\eco\jeu\eco\eco.exe => Pas de fichier
FirewallRules: [TCP Query User{68124A4B-17FD-4227-8F98-F58CD4C056D6}C:\users\jules\jeux\eco\jeu\eco\eco_data\server\ecoserver32.exe] => (Allow) C:\users\jules\jeux\eco\jeu\eco\eco_data\server\ecoserver32.exe => Pas de fichier
FirewallRules: [UDP Query User{17602DC9-AFBB-4552-8633-C883994E761F}C:\users\jules\jeux\eco\jeu\eco\eco_data\server\ecoserver32.exe] => (Allow) C:\users\jules\jeux\eco\jeu\eco\eco_data\server\ecoserver32.exe => Pas de fichier
FirewallRules: [TCP Query User{DDAAB350-4734-4B71-A3D7-5B06BAFF3C08}C:\users\jules\jeux\overcrowd.a.commute.em.up.v1.0.9\overcrowd.a.commute.em.up.v1.0.9\overcrowd\overcrowd.exe] => (Allow) C:\users\jules\jeux\overcrowd.a.commute.em.up.v1.0.9\overcrowd.a.commute.em.up.v1.0.9\overcrowd\overcrowd.exe => Pas de fichier
FirewallRules: [UDP Query User{6213F1B7-E0D0-4613-8545-AC827350CF11}C:\users\jules\jeux\overcrowd.a.commute.em.up.v1.0.9\overcrowd.a.commute.em.up.v1.0.9\overcrowd\overcrowd.exe] => (Allow) C:\users\jules\jeux\overcrowd.a.commute.em.up.v1.0.9\overcrowd.a.commute.em.up.v1.0.9\overcrowd\overcrowd.exe => Pas de fichier
FirewallRules: [TCP Query User{73504663-6B72-4EB8-B0A7-4DBFFBDBC6D5}C:\users\jules\jeux\rdr2\red.dead.redemption.2.ultimate.edition.v1.0.1311.23.multi13-empress\red dead redemption 2\rdr2.exe] => (Allow) C:\users\jules\jeux\rdr2\red.dead.redemption.2.ultimate.edition.v1.0.1311.23.multi13-empress\red dead redemption 2\rdr2.exe => Pas de fichier
FirewallRules: [UDP Query User{311514C3-8050-43AB-9F8A-5614155CC546}C:\users\jules\jeux\rdr2\red.dead.redemption.2.ultimate.edition.v1.0.1311.23.multi13-empress\red dead redemption 2\rdr2.exe] => (Allow) C:\users\jules\jeux\rdr2\red.dead.redemption.2.ultimate.edition.v1.0.1311.23.multi13-empress\red dead redemption 2\rdr2.exe => Pas de fichier
FirewallRules: [TCP Query User{28A1C3CC-1EBA-4928-9833-987B3D22390D}C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe] => (Allow) C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe => Pas de fichier
FirewallRules: [UDP Query User{B40C02D2-E2EA-4733-9077-75F4EC79F59F}C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe] => (Allow) C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe => Pas de fichier
FirewallRules: [TCP Query User{E32EF9CE-C1C6-4061-B606-C798A4BFA3CA}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe => Pas de fichier
FirewallRules: [UDP Query User{32FED6B1-99A4-4D54-827F-4A6C047AF4B9}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe => Pas de fichier
FirewallRules: [TCP Query User{7B03F9EB-E466-4E49-B236-F1EF759EA59A}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_271\bin\javaw.exe => Pas de fichier
FirewallRules: [UDP Query User{6FB393FC-6C04-42D5-B116-DBC12C74DAF8}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_271\bin\javaw.exe => Pas de fichier
FirewallRules: [TCP Query User{5EBB2B95-FF95-4CE5-8CCC-4ADADCFDFE27}C:\program files\az-launcher\az-launcher.exe] => (Allow) C:\program files\az-launcher\az-launcher.exe => Pas de fichier
FirewallRules: [UDP Query User{E95FDC4D-33FC-47FF-AE2B-20B235A57E95}C:\program files\az-launcher\az-launcher.exe] => (Allow) C:\program files\az-launcher\az-launcher.exe => Pas de fichier
FirewallRules: [{8B8CBDA2-8C9B-4820-8120-871FCC745D9F}] => (Allow) C:\Users\jules\AppData\Roaming\uTorrent Web\utweb.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{948F4ECE-6895-48D4-A375-5C390925E7EF}] => (Allow) C:\Users\jules\AppData\Roaming\uTorrent Web\utweb.exe (BitTorrent Inc -> BitTorrent Inc.)
Shortcut: C:\Users\jules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stremio\Stremio web.lnk -> C:\Users\jules\AppData\Local\Programs\LNV\Stremio-4\stremio web.bat (Pas de fichier)
CMD: cscript %windir%\System32\slmgr.vbs /dli
CMD: netsh advfirewall reset 
CMD: netsh int ipv4 reset all
CMD: netsh int ipv6 reset all
CMD: netsh int portproxy reset all
CMD: netsh int tcp reset all
CMD: netsh int ip reset all
Reg: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /V SmartScreenEnabled /T REG_SZ /D RequireAdmin /f
cmd: sc config diagtrack start= disabled
cmd: sc config dmwappushservice start= disabled
Reg: REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /V AllowTelemetry /T REG_DWORD /D 0 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /V SmartScreenEnabled /T REG_SZ /D RequireAdmin /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction" /V Enable /T REG_SZ /D n /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction" /V OptimizeComplete /T REG_SZ /D no /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /V PowerdownAfterShutdown /T REG_SZ /D 1 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /V ClearPageFileAtShutdown /T REG_DWORD /D 0 /f
Reg: REG ADD "HKEY_CURRENT_USER\Control Panel\Desktop" /V MenuShowDelay /T REG_SZ /D 400 /f
Reg: REG ADD "HKEY_CURRENT_USER\Control Panel\Desktop" /V WaitToKillAppTimeout /T REG_SZ /D 1200 /f
Reg: REG ADD "HKEY_CURRENT_USER\Control Panel\Desktop" /V HungAppTimeout /T REG_SZ /D 1200 /f
Reg: REG ADD "HKEY_CURRENT_USER\Control Panel\Desktop" /V AutoEndTasks /T REG_SZ /D 1 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control" /V WaitToKillServiceTimeout /T REG_SZ /D 1200 /f
c:\windows\temp\*.*
C:\Users\CurrentUserName\AppData\Local\Temp\*.*
C:\Windows\SoftwareDistribution\Download\*
EmptyTemp: