start::
closeprocesses:
createrestorepoint:
cmd: type C:\ProgramData\NTUSER.pol
AV: G DATA ANTIVIRUS (Disabled - Up to date) {A9C56A9B-ECCD-57EA-78F6-92511DA1C885} 
CustomCLSID: HKU\S-1-5-21-410557936-1760047363-263782572-1001_Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InprocServer32 -> 0xB1A9B58DB2F7D401F67FEB783A30D5010B0000001800000000000000 => Pas de fichier 
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> Pas de fichier
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Pas de fichier
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Pas de fichier 
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Pas de fichier 
Toolbar: HKU\S-1-5-21-410557936-1760047363-263782572-1001 -> Pas de nom - {C500C267-63BF-451F-8797-4D720C9A2ED9} - Pas de fichier 
IE trusted site: HKU\S-1-5-21-410557936-1760047363-263782572-1001\...\download.microsoft.com -> hxxp://download.microsoft.com
IE trusted site: HKU\S-1-5-21-410557936-1760047363-263782572-1001\...\download.windowsupdate.com -> hxxp://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-410557936-1760047363-263782572-1001\...\download.windowsupdate.com -> hxxps://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-410557936-1760047363-263782572-1001\...\microsoft.com -> hxxp://ntservicepack.microsoft.com
IE trusted site: HKU\S-1-5-21-410557936-1760047363-263782572-1001\...\ntservicepack.microsoft.com -> hxxp://ntservicepack.microsoft.com
IE trusted site: HKU\S-1-5-21-410557936-1760047363-263782572-1001\...\update.microsoft.com -> hxxp://update.microsoft.com
IE trusted site: HKU\S-1-5-21-410557936-1760047363-263782572-1001\...\update.microsoft.com -> hxxps://update.microsoft.com
IE trusted site: HKU\S-1-5-21-410557936-1760047363-263782572-1001\...\windows.com -> hxxp://wustat.windows.com
IE trusted site: HKU\S-1-5-21-410557936-1760047363-263782572-1001\...\windowsupdate.com -> hxxp://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-410557936-1760047363-263782572-1001\...\windowsupdate.com -> hxxps://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-410557936-1760047363-263782572-1001\...\windowsupdate.microsoft.com -> hxxp://windowsupdate.microsoft.com
IE trusted site: HKU\S-1-5-21-410557936-1760047363-263782572-1001\...\ws.microsoft.com -> hxxp://ws.microsoft.com
IE trusted site: HKU\S-1-5-21-410557936-1760047363-263782572-1001\...\ws.microsoft.com -> hxxps://ws.microsoft.com
IE trusted site: HKU\S-1-5-21-410557936-1760047363-263782572-1001\...\wustat.windows.com -> hxxp://wustat.windows.com 
HKLM-x32\...\Run: [Genshin Impact_Launcher] => [X] 
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION 
Task: {B54881AF-7D45-4E8D-85ED-2C95059C7F0E} - System32\Tasks\GMHSkipUAC => C:\Program Files (x86)\Glarysoft\Malware Hunter\MalwareHunter.exe 
Edge Extension: (G DATA WebProtection) -> EdgeExtension_GDataSoftwareAGGDATAWebProtection_mkd7srqxnyzpm => C:\Program Files\WindowsApps\GDataSoftwareAG.GDATAWebProtection_1.8.1.0_x86__mkd7srqxnyzpm [2020-10-13] 
R2 EPOSGamingSuiteService; "C:\Program Files (x86)\EPOS\Gaming Suite\EPOSGamingSuiteService" /start EPOSGamingSuiteService [X] 
C:\Program Files (x86)\Glarysoft
C:\ProgramData\NTUSER.pol
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-image /Restorehealth
emptytemp:
end::