start::
CreateRestorePoint:
cmd: Net stop wuauserv
cmd: Rd /s /q %windir%\SoftwareDistribution\.
CloseProcesses:
EmptyTemp:
EmptyEventLogs:
Hosts:
RemoveProxy:
C:\Windows\Temp\*.* 
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\*
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\*
C:\Users\CurrentUserName\Appdata\Local\Temp\*.*
C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\*.*
StartBatch:
rd /s /q "%userprofile%\AppData\Roaming\discord\Cache"
rd /s /q "%userprofile%\AppData\Roaming\discord\code cache"
rd /s /q "%userprofile%\AppData\Roaming\discord\gpucache"
Endbatch:
Unlock: HKCU\SOFTWARE\AvastAdSDK
DeleteKey: HKCU\SOFTWARE\AvastAdSDK
DeleteKey: HKU\S-1-5-21-3024573055-3625204592-536517642-1001\SOFTWARE\AvastAdSDK
DeleteKey: HKLM\SOFTWARE\Setup
C:\Users\Brees\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Unlock: HKLM\SOFTWARE\McAfee
DeleteKey: HKLM\SOFTWARE\McAfee
DeleteKey: HKU\.DEFAULT\SOFTWARE\McAfee
DeleteKey: HKLM\SOFTWARE\WOW6432Node\AVG
DeleteKey: HKCU\SOFTWARE\Chromium
DeleteKey: HKU\S-1-5-21-3024573055-3625204592-536517642-1001\SOFTWARE\Chromium
DeleteKey: HKCU\SOFTWARE\Opera Software
DeleteKey: HKU\S-1-5-21-3024573055-3625204592-536517642-1001\SOFTWARE\Opera Software
C:\Users\Brees\AppData\Roaming\Opera Software
C:\Users\Brees\AppData\Local\Opera Software
C:\Users\Brees\AppData\Local\Programs\Opera GX
C:\Users\Brees\AppData\Roaming\Antares
C:\Users\Brees\AppData\Local\Backup
C:\WINDOWS\System32\Config\systemprofile\AppData\Roaming\360safe
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Task: {EB895BDC-C319-4D5D-BA76-EE1E32665937} - System32\Tasks\0tybme\txmh4v\36hx1z\oph9d7\jl14v5\cyhl7j\16sw5m\sr3s5c\lh36mc\9s6hev\8nlq4n\wla0oo\v3k2xn\nt1yet\rmk070\10kax7\9pi96r => C:\Users\Brees\AppData\Local\Overtones.exe [48128 2025-01-02] () [Fichier non signé] <==== ATTENTION
Task: {F242117D-FA1D-4F49-A151-99D4CB53079E} - System32\Tasks\1vlho0\k5gyku\iacyew\cl32b8\061vvc\h9obpg\v6xcby\c3dexl\2xjrq9\q8q30t\6wfjaj\vcfmhu\adojgh\f6cchb\2g06ot\2hnfrc\gaqfe5 => %PROGRAMFILES(x86)%\Espace\bondage.exe  (Pas de fichier) <==== ATTENTION
Task: {7F2435B1-51B6-439E-AE46-1C238CEF69C0} - System32\Tasks\2orqw9\itdhjp\086arl\19mf0z\oorcyo\yo42bb\z5x30h\47jpd1\59xsr8\y47w1o\vq45fy\t7ibkt\uuwyim\zaxgwi\5ohu70\nsygf7\05spki => %PROGRAMFILES(x86)%\Espace\refinery.exe  (Pas de fichier) <==== ATTENTION
Task: {AA7DE8E9-218E-415F-8EE1-4A6C46F04024} - System32\Tasks\3gzjra\qoqley\8ci4l6\ir522d\9n8txq\afffbt\9z194s\cczhi7\pjiadh\ul6e69\n6t0xd\fosjre\m0am5a\fl0j9f\itg3t9\4cwo3d\hreyo3 => %PROGRAMFILES(x86)%\voyeur\Overtones.exe  "tgbnhyhtgbnhyttgbnhyttgbnhyptgbnhy:tgbnhy/tgbnhy/tgbnhywtgbnhywtgbnhywtgbnhy.tgbnhyttgbnhyotgbnhyptgbnhymtgbnhyotgbnhyutgbnhyntgbnhyttgbnhyitgbnhyntgbnhygtgbnhy.tgbnhyctgbnhyotgbnhymtgbnhy/tgbnhyf2d0d2d5d0tgbnhyb1b0f2fdastgbnhyp0c4BiapzktgbnhyfnbpSDyeW0tgbnhy1" (Pas de fichier) <==== ATTENTION
Task: {E8EBA90A-F3B4-45E1-A371-D0B4D40DABE4} - System32\Tasks\445gg7\va4cku\w6zhz3\wm9xxn\e8fn7z\77vlg0\tndtoe\pyjrhy\8yjpnp\v8vwtg\ox53m8\o0vtf2\47qjxe\8566kz\fznvm5\dfixxe\6p62t4 => %PROGRAMFILES(x86)%\Espace\Bloomberg.exe  "tgbnhyhtgbnhyttgbnhyttgbnhyptgbnhy:tgbnhy/tgbnhy/tgbnhywtgbnhywtgbnhywtgbnhy.tgbnhyttgbnhyotgbnhyptgbnhymtgbnhyotgbnhyutgbnhyntgbnhyttgbnhyitgbnhyntgbnhygtgbnhy.tgbnhyctgbnhyotgbnhymtgbnhy/tgbnhyf2d0d2d5d0tgbnhyb1b0f2fdastgbnhyp0c4BiapzktgbnhyfnbpSDyeW0tgbnhy1" (Pas de fichier) <==== ATTENTION
Task: {0EA493D4-CD7D-4189-B223-1FA62F5B7F1F} - System32\Tasks\56tx0r\kn1wb9\5ddf30\lsq4cm\la9f6e\g1jh7a\ejydlo\vnzoqz\o24qij\f5nmpa\xno7il\65gcqk\my9tkh\36e33f\ibtci1\1h6zxy\pa0wx3 => C:\Users\Brees\AppData\Local\Bloomberg.exe [48128 2025-01-02] () [Fichier non signé] <==== ATTENTION
Task: {F8A87373-AD4A-4452-AB8E-1070DDBFC644} - System32\Tasks\hly0wc\1cupue\rm4gne\goa4vf\gmfbfp\sc7t27\lnvqsa\gd869k\xetdci\6eh2rt\u1qpmm\i8zdfp\e7idku\b2mjfy\6jajoa\iegwqa\j3s8xc => %localappdata%\goel.exe  (Pas de fichier) <==== ATTENTION
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe  (Pas de fichier)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (Pas de fichier)
Task: {A63DF501-F759-44AA-8F68-684930EDA0FB} - System32\Tasks\Microsoft\Windows\WlanSvc\DNSSync => "C:\Program Files\nodejs\node.exe"  -> "C:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces\{0832466a-51e2-4110-8ad8-f3a8e80d1d1c}\d47ea30c-38f3-4754-9b55-cd1360e9e518" <==== ATTENTION
Task: {BE2539F7-7B78-4343-8F1D-E0BF3E447EFF} - System32\Tasks\mift3w\4agpqe\b0k6hu\w8kstn\444vlj\z3y3yj\89tj2x\wym1w9\eyd7iu\tgwzw1\0lr01r\49ngzo\xu6uet\2lqmpt\krmthw\h90oyp\7vzmki => %PROGRAMFILES(x86)%\voyeur\Overtones.exe  "tgbnhyhtgbnhyttgbnhyttgbnhyptgbnhy:tgbnhy/tgbnhy/tgbnhywtgbnhywtgbnhywtgbnhy.tgbnhyttgbnhyotgbnhyptgbnhymtgbnhyotgbnhyutgbnhyntgbnhyttgbnhyitgbnhyntgbnhygtgbnhy.tgbnhyctgbnhyotgbnhymtgbnhy/tgbnhyf2d0d2d5d0tgbnhyb1b0f2fdastgbnhyp0c4BiapzktgbnhyfnbpSDyeW0tgbnhy1" (Pas de fichier) <==== ATTENTION
Task: {0A416E62-8940-4BB3-B84B-7AD34A754A86} - System32\Tasks\Opera GX scheduled Autoupdate 1735807860 => C:\Users\Brees\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe  --scheduledtask --bypasslauncher $(Arg0) (Pas de fichier)
Task: {CFB8EEF4-3F84-464A-A94B-56E32D342324} - System32\Tasks\VideoPlayerUpdateTask => C:\Program Files\VideoPlayer\VideoPlayerUpdate.bat [89 2025-01-02] () [Fichier non signé] <==== ATTENTION
Task: {648C1BB0-29DC-4F65-9BB5-D0527EB3980E} - System32\Tasks\zjx29n\kkrxyf\o93w2z\1ptsz8\1yb9ad\et1j7g\drdb5d\q992l6\xgihl6\vd19y6\t3pvni\djfhio\q822eb\nx98bo\d1m1nm\pgsvah\5207yg => %PROGRAMFILES(x86)%\Folkman\Bloomberg.exe  "tgbnhyhtgbnhyttgbnhyttgbnhyptgbnhy:tgbnhy/tgbnhy/tgbnhywtgbnhywtgbnhywtgbnhy.tgbnhyttgbnhyotgbnhyptgbnhymtgbnhyotgbnhyutgbnhyntgbnhyttgbnhyitgbnhyntgbnhygtgbnhy.tgbnhyctgbnhyotgbnhymtgbnhy/tgbnhyf2d0d2d5d0tgbnhyb1b0f2fdastgbnhyp0c4BiapzktgbnhyfnbpSDyeW0tgbnhy1" (Pas de fichier) <==== ATTENTION
Task: {AE642BB8-3117-466A-80E2-043E4CE6729E} - System32\Tasks\zqt7jt\azgviq\7wj9j0\ppmvk5\vdc6it\y8awzt\87g874\057s9v\a2socn\5d9dca\yydm4m\jgaj14\1t8v7n\l2tjnx\7auokl\687xl3\z9jmoh => C:\Users\Brees\AppData\Local\Bloomberg.exe [48128 2025-01-02] () [Fichier non signé] <==== ATTENTION
Task: {65FB1C4D-47EA-416B-B50F-F6A01E876E2A} - System32\Tasks\zytgqb\79uux9\spk4i5\r5rshj\5c0q55\3u2cqn\3yqhd7\6m3qmq\oulejg\hkdc9n\akhso8\2nopsg\z7uy0f\nfitb6\y9h6o7\xd1az1\x4vtlq => %PROGRAMFILES(x86)%\Folkman\Overtones.exe  "tgbnhyhtgbnhyttgbnhyttgbnhyptgbnhy:tgbnhy/tgbnhy/tgbnhywtgbnhywtgbnhywtgbnhy.tgbnhyttgbnhyotgbnhyptgbnhymtgbnhyotgbnhyutgbnhyntgbnhyttgbnhyitgbnhyntgbnhygtgbnhy.tgbnhyctgbnhyotgbnhymtgbnhy/tgbnhyf2d0d2d5d0tgbnhyb1b0f2fdastgbnhyp0c4BiapzktgbnhyfnbpSDyeW0tgbnhy1" (Pas de fichier) <==== ATTENTION
HKU\S-1-5-21-3024573055-3625204592-536517642-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45381424 2024-12-04] (Gen Digital Inc. -> Piriform Software Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\131.0.6778.205\Installer\chrmstp.exe [2024-12-20] (Google LLC -> Google LLC)
Task: {10561CF0-FF71-463F-BA8D-A4F6CA2A12F6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [829408 2024-12-04] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {F10BCC34-B455-4887-828E-7B5DB9B33554} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5983536 2024-12-04] (Gen Digital Inc. -> Gen Digital Inc.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "402a6d6b-a6bc-47fc-bbc2-a968ad8eb78f" --version "6.31.11415" --silent
Task: {B4CD05BF-049D-4B6B-9FBC-90FE754192D5} - System32\Tasks\CCleanerSkipUAC - Brees => C:\Program Files\CCleaner\CCleaner.exe [39151920 2024-12-04] (Gen Digital Inc. -> Piriform Software Ltd)
Task: {F4A5F6B7-CA69-42DD-A361-ED68F3444FB8} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28707032 2024-12-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {2F1AE388-D34E-4BF6-B6B7-8E5817E6F53D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28707032 2024-12-12] (Microsoft Corporation -> Microsoft Corporation)
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\iGoAudioTaskSession.job => C:\WINDOWS\System32\DriverStore\FileRepository\igoaudioservice.inf_amd64_c020ee4ab15d7d26\iGoSwServer.exe
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
AlternateDataStreams: C:\Users\Brees\Downloads\FRST.exe:MBAM.Zone.Identifier [223]
AlternateDataStreams: C:\Users\Brees\Downloads\FRST64.exe:MBAM.Zone.Identifier [225]
SearchScopes: HKU\S-1-5-21-3024573055-3625204592-536517642-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
AV: McAfee (Enabled - Up to date) {0BE13B34-492A-21C0-AE43-C1742279CCB6}
FW: McAfee (Enabled) {33DABA11-0345-2098-851C-6841DCAA8BCD}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
StartBatch:
del /s /q C:\Windows\prefetch\*.*
del /s /q "%userprofile%\AppData\Local\Temp\*.*"
del /s /q "%userprofile%\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*"
del /s /q "%userprofile%\AppData\LocalLow\Microsoft\CryptnetUrlCache\Metada\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Windows\History\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.*"
del /s /q "%userprofile%\AppData\Roaming\Microsoft\Windows\Recent\*.lnk"
For /D %%d In ("%userprofile%\AppData\Local\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\Cache2" Del /s /q "%%d\Cache2\*.*")
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Code Cache\Js\."
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\Js\."
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\."
For /D %%d In ("%userprofile%\AppData\Local\Thunderbird\Profiles\*") Do (If Exist "%%d\Cache2" Del /s /q "%%d\Cache2\*.*")
For /D %%d In ("%userprofile%\AppData\Roaming\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\cookies.sqlite" Del /s /q "%%d\cookies.sqlite")
For /D %%d In ("%userprofile%\AppData\Roaming\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\Places.Sqlite" Del /s /q "%%d\Places.Sqlite")
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\History"
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\History"
ipconfig /release
ipconfig /renew
ipconfig /flushdns
ipconfig /registerdns
netsh winsock reset
netsh advfirewall reset 
netsh advfirewall set allprofiles state on
netsh winhttp reset proxy
bitsadmin /reset /allusers
net start sdrsvc
net start vss
net start rpcss
net start eventsystem
net start winmgmt
net start msiserver
net start bfe
net start trustedinstaller
net start windefend
net start mpssvc
net start mpsdrv
Winmgmt /salvagerepository
Winmgmt /resetrepository
Winmgmt /resyncperf
Endbatch:
cmd: Net start wuauserv
Reboot:
end::