Format du document : text/plain
Prévisualisation
start::
cmd: Enable-ComputerRestore -Drive "C:"
CreateRestorePoint:
cmd: Net stop wuauserv
cmd: schtasks /DISABLE /TN "\Microsoft\Windows\Defrag\ScheduledDefrag" /F
CloseProcesses:
Hosts:
RemoveProxy:
StartRegedit:
Windows Registry Editor Version 5.00
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
@=""
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[-HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
@=""
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]
EndRegedit:
DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|CamserviceExchange
DeleteValue: HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|GoogleDriveFS
DeleteValue: HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|GoogleDriveFS
DeleteValue: HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|GoogleDriveFS
DeleteValue: HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|GoogleDriveFS
C:\Users\Rilès\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafijghppfhdpldihckdcadbcobikaca
C:\Users\Rilès]\Desktop\Discord.lnk
C:\Users\seghi]\Desktop\Discord.lnk
C:\Users\thann]\Desktop\Discord.lnk
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Discord
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AceStream
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|GoogleChromeAutoLaunch_570CA8AFF72802604CE3D68E4CD2DB74
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|GoogleChromeAutoLaunch_2EA3E892DD7D7C80DC29E88DC1A63707
DeleteValue: HKEY_USERS\S-1-5-21-2458640716-594864508-1525184721-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Discord
DeleteValue: HKEY_USERS\S-1-5-21-2458640716-594864508-1525184721-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AceStream
DeleteValue: HKEY_USERS\S-1-5-21-2458640716-594864508-1525184721-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|GoogleChromeAutoLaunch_570CA8AFF72802604CE3D68E4CD2DB74
DeleteValue: HKEY_USERS\S-1-5-21-2458640716-594864508-1525184721-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|GoogleChromeAutoLaunch_2EA3E892DD7D7C80DC29E88DC1A63707
DeleteKey: HKCU\SOFTWARE\661f0cc6-343a-59cb-a5e8-8f6324cc6998
DeleteKey: HKCU\SOFTWARE\e254751a-2537-5636-8393-c4573034c5f6
DeleteKey: HKCU\SOFTWARE\fcdf0d7f-424b-5f10-a1c7-a8f643f21adf
DeleteKey: HKCU\SOFTWARE\fee38e36-bd5c-5f8c-a4c4-29d7f942a22c
DeleteKey: HKU\S-1-5-21-2458640716-594864508-1525184721-1001\SOFTWARE\661f0cc6-343a-59cb-a5e8-8f6324cc6998
DeleteKey: HKU\S-1-5-21-2458640716-594864508-1525184721-1001\SOFTWARE\e254751a-2537-5636-8393-c4573034c5f6
DeleteKey: HKU\S-1-5-21-2458640716-594864508-1525184721-1001\SOFTWARE\fcdf0d7f-424b-5f10-a1c7-a8f643f21adf
DeleteKey: HKU\S-1-5-21-2458640716-594864508-1525184721-1001\SOFTWARE\fee38e36-bd5c-5f8c-a4c4-29d7f942a22c
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\DriveFS 28 or later
DeleteKey: HKLM\Software\Classes\lnkfile\shellex\ContextMenuHandlers\DriveFS 28 or later
DeleteKey: HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\DriveFS 28 or later
DeleteKey: HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\DriveFS 28 or later
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\WinRAR\WinRAR.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\WinRAR\WinRAR.exe.ApplicationCompany
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe.ApplicationCompany
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\CPUID\HWMonitor\HWMonitor.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\CPUID\HWMonitor\HWMonitor.exe.ApplicationCompany
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\KeePassXC\KeePassXC.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\KeePassXC\KeePassXC.exe.ApplicationCompany
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Trend Micro\Titanium\ShorcutLauncher.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Trend Micro\Titanium\ShorcutLauncher.exe.ApplicationCompany
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Cleaner One Pro\Cleaner One Pro.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Cleaner One Pro\Cleaner One Pro.exe.ApplicationCompany
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\qBittorrent\qbittorrent.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\qBittorrent\qbittorrent.exe.ApplicationCompany
DeleteValue: HKU\S-1-5-21-2458640716-594864508-1525184721-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\WinRAR\WinRAR.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-2458640716-594864508-1525184721-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\WinRAR\WinRAR.exe.ApplicationCompany
DeleteValue: HKU\S-1-5-21-2458640716-594864508-1525184721-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-2458640716-594864508-1525184721-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe.ApplicationCompany
DeleteValue: HKU\S-1-5-21-2458640716-594864508-1525184721-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\CPUID\HWMonitor\HWMonitor.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-2458640716-594864508-1525184721-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\CPUID\HWMonitor\HWMonitor.exe.ApplicationCompany
DeleteValue: HKU\S-1-5-21-2458640716-594864508-1525184721-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\KeePassXC\KeePassXC.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-2458640716-594864508-1525184721-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\KeePassXC\KeePassXC.exe.ApplicationCompany
DeleteValue: HKU\S-1-5-21-2458640716-594864508-1525184721-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Trend Micro\Titanium\ShorcutLauncher.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-2458640716-594864508-1525184721-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Trend Micro\Titanium\ShorcutLauncher.exe.ApplicationCompany
DeleteValue: HKU\S-1-5-21-2458640716-594864508-1525184721-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Cleaner One Pro\Cleaner One Pro.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-2458640716-594864508-1525184721-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Cleaner One Pro\Cleaner One Pro.exe.ApplicationCompany
DeleteValue: HKU\S-1-5-21-2458640716-594864508-1525184721-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\qBittorrent\qbittorrent.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-2458640716-594864508-1525184721-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\qBittorrent\qbittorrent.exe.ApplicationCompany
DeleteKey: HKCU\SOFTWARE\BitTorrentPersist
DeleteKey: HKU\S-1-5-21-2458640716-594864508-1525184721-1001\SOFTWARE\BitTorrentPersist
C:\Users\Rilès\AppData\Roaming\qBittorrent
C:\Users\Rilès\AppData\Roaming\uTorrent
C:\Users\Rilès\AppData\Local\BitTorrentHelper
C:\Users\Rilès\AppData\Local\qBittorrent
DeleteKey: HKLM\SOFTWARE\WOW6432Node\JavaSoft
DeleteKey: HKCU\SOFTWARE\AvastAdSDK
DeleteKey: HKU\S-1-5-21-2458640716-594864508-1525184721-1001\SOFTWARE\AvastAdSDK
DeleteKey: HKCU\SOFTWARE\Adlice Software
DeleteKey: HKU\.DEFAULT\SOFTWARE\Adlice Software
DeleteKey: HKU\S-1-5-21-2458640716-594864508-1525184721-1001\SOFTWARE\Adlice Software
C:\Program Files (x86)\WindowsApps\18411IObit.121073B4FE2A6_2.8.77.0_x64__8nkkvw7c6ghbg - (.Both Talent International Limited.)
C:\WINDOWS\System32\Config\systemprofile\AppData\Roaming\IObit
HKLM\...\Run: [CamserviceExchange] => C:\Program Files (x86)\Hercules\Dualpix Exchange\XtrCtrlEx.exe /startup (Pas de fichier)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\84.0.11.0\GoogleDriveFS.exe --startup_mode (Pas de fichier)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\84.0.11.0\GoogleDriveFS.exe --startup_mode (Pas de fichier)
HKU\S-1-5-21-2458640716-594864508-1525184721-1002\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\84.0.11.0\GoogleDriveFS.exe --startup_mode (Pas de fichier)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\84.0.11.0\GoogleDriveFS.exe --startup_mode (Pas de fichier)
Task: {8740BC05-550C-4063-9146-B984F1F6379D} - \NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> Pas de fichier <==== ATTENTION
Task: {0215DD52-9D2B-495F-BE01-B5A0D912205E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (Pas de fichier)
Task: {FE28D310-AF54-47BE-9206-86EB7C1B3E18} - System32\Tasks\Réparation du service de mise à jour de navigateur Yandex => C:\Program Files (x86)\Yandex\YandexBrowser\22.3.4.731\service_update.exe --repair (Pas de fichier)
FF Plugin HKU\S-1-5-21-2458640716-594864508-1525184721-1001: @acestream.net/acestreamplugin,version=3.1.32 -> C:\Users\Rilès\AppData\Roaming\ACEStream\player\npace_plugin.dll [Pas de fichier]
BRA Extension: (Social Blade) - C:\Users\Rilès\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\cfidkbgamfhdgmedldkagjopnbobdmdn [2022-09-06] [UpdateUrl:hxxps://addon.socialblade.com/updates.json] <==== ATTENTION
S0 avgArDisk; system32\drivers\avgArDisk.sys [X]
S1 avgArPot; system32\drivers\avgArPot.sys [X]
S1 avgbidsdriver; system32\drivers\avgbidsdriver.sys [X]
S0 avgbidsh; system32\drivers\avgbidsh.sys [X]
S0 avgbuniv; system32\drivers\avgbuniv.sys [X]
S0 avgElam; system32\drivers\avgElam.sys [X]
S1 avgKbd; system32\drivers\avgKbd.sys [X]
S1 avgMonFlt; system32\drivers\avgMonFlt.sys [X]
S1 avgNetHub; system32\drivers\avgNetHub.sys [X]
S1 avgRdr; system32\drivers\avgRdr2.sys [X]
S0 avgRvrt; system32\drivers\avgRvrt.sys [X]
S1 avgSnx; system32\drivers\avgSnx.sys [X]
S1 avgSP; system32\drivers\avgSP.sys [X]
S2 avgStm; system32\drivers\avgStm.sys [X]
S0 avgVmm; system32\drivers\avgVmm.sys [X]
S3 cpuz145; \??\C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [X]
U2 TMAgent; pas de ImagePath
S3 WacHidRouterPro; \SystemRoot\System32\drivers\wachidrouter.sys [X]
S3 wacomrouterfilter; \SystemRoot\System32\drivers\wacomrouterfilter.sys [X]
HKLM-x32\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32822736 2023-07-06] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-2458640716-594864508-1525184721-1001\...\Run: [Cleaner One Pro] => C:\Program Files (x86)\Cleaner One Pro\Cleaner One Pro.exe [109899744 2022-03-26] (Trend Micro, Inc. -> Trend Micro, Inc.)
HKU\S-1-5-21-2458640716-594864508-1525184721-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [42727840 2023-10-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-2458640716-594864508-1525184721-1001\...\RunOnce: [Application Restart #0] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe [2746392 2023-11-29] (Brave Software, Inc. -> Brave Software, Inc.)
HKU\S-1-5-21-2458640716-594864508-1525184721-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2458640716-594864508-1525184721-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2458640716-594864508-1525184721-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\119.0.6045.200\Installer\chrmstp.exe [2023-12-01] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\119.1.60.125\Installer\chrmstp.exe [2023-11-29] (Brave Software, Inc. -> Brave Software, Inc.)
Task: {1B4EC74F-A460-4C33-BCE9-2E4B5CD2406A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-10-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {6538ACE3-0204-4477-A2CA-104CB9609024} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-10-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "d8f157cb-34a8-426e-8874-c0a41f48cd3d" --version "6.17.10746" --silent
Task: {E11D104C-65CD-4EAF-8158-121BEF5553B3} - System32\Tasks\CCleanerSkipUAC - Rilès => C:\Program Files\CCleaner\CCleaner.exe [35664800 2023-10-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {3041DD93-1949-4894-B65B-D0D1313A80DA} - System32\Tasks\Clean System Memory => C:\Windows\syswow64\CleanMem.exe [61440 2014-08-20] (PcWinTech.com) [Fichier non signé]
Task: {ADDA0325-9DCF-4928-936E-DE0CFC917317} - System32\Tasks\CleanerOneProAutoUAC => C:\Program Files (x86)\Cleaner One Pro\Cleaner One Pro.exe [109899744 2022-03-26] (Trend Micro, Inc. -> Trend Micro, Inc.)
Task: {CAEC8F38-E613-4067-931F-BD70E7314A8B} - System32\Tasks\CleanMem Mini Monitor => C:\Users\Rilès\Desktop\cleanmem\mini_monitor.exe [1421312 2014-08-20] (PcWinTech.com) [Fichier non signé]
Task: {7BCFE2EB-AEA2-43FF-ABF1-686430FA04F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2019-12-15] (Google LLC -> Google LLC)
Task: {6F75AF43-E890-4531-AC1C-C46E6D4F6244} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2019-12-15] (Google LLC -> Google LLC)
Task: {0A27853D-AEA6-482A-9C01-749623F85A5C} - System32\Tasks\Mise à jour du navigateur Yandex => C:\Users\Rilès\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [4971672 2023-11-21] (YANDEX LLC -> YANDEX LLC)
Task: {66F7E1A2-D120-4AE5-9BF9-F79713B0790F} - System32\Tasks\Mise à jour système du Navigateur Yandex => C:\Program Files (x86)\Yandex\YandexBrowser\23.11.0.2383\service_update.exe [3416728 2023-11-29] (YANDEX LLC -> YANDEX LLC)
Task: {5733E5DE-BD9C-4332-8786-320CC613F7B8} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-01] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {54504E59-FBE2-4B2D-9769-B669C0E2A335} - System32\Tasks\Réparation du service de mise à jour du navigateur Yandex => C:\Program Files (x86)\Yandex\YandexBrowser\23.11.0.2383\service_update.exe [3416728 2023-11-29] (YANDEX LLC -> YANDEX LLC)
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\Mise à jour du navigateur Yandex.job => C:\Users\Rilès\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
Task: C:\WINDOWS\Tasks\Mise à jour système du Navigateur Yandex.job => C:\Program Files (x86)\Yandex\YandexBrowser\23.11.0.2383\service_update.exe
Task: C:\WINDOWS\Tasks\Réparation du service de mise à jour de navigateur Yandex.job => C:\Program Files (x86)\Yandex\YandexBrowser\22.3.4.731\service_update.exe
Task: C:\WINDOWS\Tasks\Réparation du service de mise à jour du navigateur Yandex.job => C:\Program Files (x86)\Yandex\YandexBrowser\23.11.0.2383\service_update.exe
Tcpip\..\Interfaces\{c6a303a4-0e66-45a7-b297-d21ad6427b9c}: [NameServer] 103.86.99.99,103.86.96.96
Tcpip\..\Interfaces\{fc01fcd5-2b9d-2fd8-78d8-cb78b313e2b2}: [NameServer] 103.86.99.99,103.86.96.96
Edge HKU\S-1-5-21-2458640716-594864508-1525184721-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx
CHR HKU\S-1-5-21-2458640716-594864508-1525184721-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKU\S-1-5-21-2458640716-594864508-1525184721-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo]
2023-09-15 19:35 - 2023-09-15 19:35 - 000000000 _____ () C:\Users\Rilès\AppData\Local\{D6EEBE50-1BCB-4D6D-A4F1-62A8FCF338E7}
CustomCLSID: HKU\S-1-5-21-2458640716-594864508-1525184721-1001_Classes\CLSID\{A12A9CAB-1C75-4AA3-A980-74F25AB94C8E}\localserver32 -> "C:\Program Files\Druide\Connectix 11\Application\Bin64\AgentConnectix.exe" -activex => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2458640716-594864508-1525184721-1001_Classes\CLSID\{A12A9CAB-1C75-4AA3-A980-74F25AB94C8F}\localserver32 -> "C:\Program Files\Druide\Connectix 11\Application\Bin64\AgentConnectix.exe" -activex => Pas de fichier
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> Pas de fichier
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> Pas de fichier
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> Pas de fichier
HKU\S-1-5-21-2458640716-594864508-1525184721-1001\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-2458640716-594864508-1525184721-1001\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-2458640716-594864508-1525184721-1001\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-2458640716-594864508-1525184721-1001\Software\Classes\.cmd: => <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
AV: Trend Micro Maximum Security (Enabled - Up to date) {EA76EF9A-3837-6858-9C08-EF031F849204}
AV: Trend Micro Maximum Security (Enabled - Up to date) {15FC6637-7CC8-91CB-3CED-EE04794124FD}
HKU\S-1-5-21-2458640716-594864508-1525184721-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.es/
C:\Users\Default\Desktop\Google Docs.lnk
C:\Users\Default\Desktop\Google Sheets.lnk
C:\Users\Default\Desktop\Google Slides.lnk
C:\Users\thann\OneDrive\Bureau\Google Docs.lnk
C:\Users\thann\OneDrive\Bureau\Google Sheets.lnk
C:\Users\thann\OneDrive\Bureau\Google Slides.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall Screaming Frog SEO Spider.lnk
C:\Users\Rilès\Desktop\ZHPSuite.lnk
C:\Users\Rilès\Desktop\AUTRES\Cours\Antidote 10.lnk
C:\Users\Rilès\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FiveM - Cfx.re Development Kit (FxDK).lnk
C:\Users\Rilès\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navigation privée de Firefox.lnk
C:\Users\Rilès\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stremio\Stremio web.lnk
C:\Users\Rilès\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Tombstones\Firefox.lnk
C:\Users\Rilès\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk
C:\Users\thann\Links\Desktop.lnk
C:\Users\thann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navigation privée de Firefox.lnk
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Opera Browser Assistant
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Opera GX Browser Assistant
DeleteValue: HKEY_USERS\S-1-5-21-2458640716-594864508-1525184721-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Opera Browser Assistant
DeleteValue: HKEY_USERS\S-1-5-21-2458640716-594864508-1525184721-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Opera GX Browser Assistant
DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|Opera Browser Assistant
DeleteKey: HKCU\SOFTWARE\Opera Software
DeleteKey: HKCU\SOFTWARE\Opera Stable Offer
DeleteKey: HKU\S-1-5-21-2458640716-594864508-1525184721-1001\SOFTWARE\Opera Software
DeleteKey: HKU\S-1-5-21-2458640716-594864508-1525184721-1001\SOFTWARE\Opera Stable Offer
C:\Users\Rilès\AppData\Roaming\Opera Software
C:\Users\Rilès\AppData\Local\Opera Software
C:\Users\Rilès\AppData\Local\Programs\Opera GX
Comment: Les commandes suivantes supprimeront les fichiers temporaraires.
C:\Windows\Temp\*.*
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\*
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\*
C:\Users\CurrentUserName\Appdata\Local\Temp\*.*
C:\Windows\SoftwareDistribution\Download\*
C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\*.*
Comment: La commande suivante videra les caches et historiques.
StartBatch:
del /s /q "%userprofile%\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*"
del /s /q "%userprofile%\AppData\LocalLow\Microsoft\CryptnetUrlCache\Metada\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Windows\History\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.*"
del /s /q "%userprofile%\AppData\Roaming\Microsoft\Windows\Recent\*.lnk"
For /D %%d In ("%userprofile%\AppData\Local\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\Cache2" Del /s /q "%%d\Cache2\*.*")
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*"
del /s /q "%userprofile%\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\*.*"
del /s /q "%userprofile%\AppData\Local\Opera Software\*"
del /s /q "%userprofile%\AppData\Local\Vivaldi\User Data\Default\Cache"
del /s /q "%userprofile%\AppData\Local\Yandex\User Data\Default\Cache"
For /D %%d In ("%userprofile%\AppData\Local\Thunderbird\Profiles\*") Do (If Exist "%%d\Cache2" Del /s /q "%%d\Cache2\*.*")
For /D %%d In ("%userprofile%\AppData\Roaming\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\Places.Sqlite" Del /s /q "%%d\Places.Sqlite")
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\History"
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\History"
del /s /q "%userprofile%\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\History"
del /s /q "%userprofile%\AppData\Roaming\Opera Software\Opera Stable\History"
del /s /q "%userprofile%\AppData\Local\Vivaldi\User Data\Default\History"
del /s /q "%userprofile%\AppData\Local\Yandex\User Data\Default\History"
ipconfig /release
ipconfig /renew
ipconfig /flushdns
ipconfig /registerdns
netsh winsock reset
netsh advfirewall reset
netsh advfirewall set allprofiles state on
netsh winhttp reset proxy
dism.exe /online /cleanup-image /restorehealth
sfc /scannow
Endbatch:
EmptyTemp:
EmptyEventLogs:
cmd: Net start wuauserv
Reboot:
end::