start:: CreateRestorePoint: cmd: Net stop wuauserv cmd: Rd /s /q %windir%\SoftwareDistribution\. CloseProcesses: EmptyTemp: EmptyEventLogs: Hosts: RemoveProxy: C:\Windows\Temp\*.* C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\* C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\* C:\Users\CurrentUserName\Appdata\Local\Temp\*.* C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\*.* StartBatch: rd /s /q "%userprofile%\AppData\Roaming\discord\Cache" rd /s /q "%userprofile%\AppData\Roaming\discord\code cache" rd /s /q "%userprofile%\AppData\Roaming\discord\gpucache" Endbatch: StartRegEdit: Windows Registry Editor Version 5.00 [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bc10b380-aa03-4c75-ba9b-b7571906dacc}:] "DhcpNameServer"="" EndRegEdit: Unlock: HKCU\SOFTWARE\AvastAdSDK DeleteKey: HKCU\SOFTWARE\AvastAdSDK DeleteKey: HKU\S-1-5-21-191472196-2171759857-831586721-1001\SOFTWARE\AvastAdSDK DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C} DeleteKey: HKCU\SOFTWARE\9b08bea4-021c-5f9d-a74e-ac0ceb51fb28 DeleteKey: HKU\S-1-5-21-191472196-2171759857-831586721-1001\SOFTWARE\9b08bea4-021c-5f9d-a74e-ac0ceb51fb28 DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C} DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C} DeleteValue: HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|GoogleDriveFS DeleteValue: HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|GoogleDriveFS DeleteValue: HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|GoogleDriveFS DeleteValue: HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|GoogleDriveFS C:\Users\Bruno-PC]\Desktop\Discord.lnk DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\DriveFS 28 or later DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 DeleteKey: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} DeleteKey: HKLM\Software\Classes\lnkfile\shellex\ContextMenuHandlers\DriveFS 28 or later DeleteKey: HKLM\Software\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32 DeleteKey: HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\DriveFS 28 or later DeleteKey: HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\PowerISO DeleteKey: HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\DriveFS 28 or later DeleteKey: HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\PowerISO DeleteKey: HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\FormatFactory\FormatFactory.exe.FriendlyAppName DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\FormatFactory\FormatFactory.exe.ApplicationCompany DeleteValue: HKU\S-1-5-21-191472196-2171759857-831586721-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\FormatFactory\FormatFactory.exe.FriendlyAppName DeleteValue: HKU\S-1-5-21-191472196-2171759857-831586721-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\FormatFactory\FormatFactory.exe.ApplicationCompany C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge C:\Users\Bruno-PC\AppData\Roaming\deluge C:\Users\Bruno-PC\AppData\Local\BitTorrentHelper unlock: C:\WINDOWS\System32\DRIVERS\PSKMAD.sys DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\PSKMAD) C:\WINDOWS\System32\DRIVERS\PSKMAD.sys DeleteKey: HKLM\SOFTWARE\WOW6432Node\Panda Security DeleteKey: HKLM\SOFTWARE\WOW6432Node\Panda Software C:\Program Files (x86)\Panda Security C:\ProgramData\Panda Security unlock: C:\WINDOWS\System32\drivers\DasPtct.SYS C:\WINDOWS\System32\drivers\DasPtct.SYS C:\Users\Bruno-PC\AppData\Roaming\AnyDesk HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\83.0.2.0\GoogleDriveFS.exe --startup_mode (Pas de fichier) HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\83.0.2.0\GoogleDriveFS.exe --startup_mode (Pas de fichier) HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\83.0.2.0\GoogleDriveFS.exe --startup_mode (Pas de fichier) GroupPolicy: Restriction ? <==== ATTENTION GroupPolicy\User: Restriction - Edge <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION HKU\S-1-5-21-191472196-2171759857-831586721-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION S4 DFWSIDService; C:\Program Files (x86)\Wondershare\Dr.Fone - Sauvegarde de téléphone (iOS)\WsidService.exe [X] S4 ElevationService; C:\Program Files (x86)\Wondershare\Dr.Fone - Sauvegarde de téléphone (iOS)\Addins\Backup\ElevationService.exe [X] S4 WirelessBackupService; C:\Program Files (x86)\Wondershare\Dr.Fone - Sauvegarde de téléphone (iOS)\Addins\Backup\WirelessBackupService.exe [X] HKLM\Software\Policies\...\system: [EnableSmartScreen] 0 HKU\S-1-5-21-191472196-2171759857-831586721-1001\...\Run: [MicrosoftEdgeAutoLaunch_90787E1C53F19B549C0194705DAEAE1E] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4088384 2025-02-14] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-191472196-2171759857-831586721-1001\...\Policies\Explorer: [NoSaveSettings] 0 HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\127.0.6533.89\Installer\chrmstp.exe [2024-08-02] (Google LLC -> Google LLC) Task: {36D88AB0-B556-44CF-BEB0-31E92498A7DE} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-4RGM02B-Bruno-PC => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems Incorporated -> Adobe Systems, Incorporated) Task: {77164A81-5FE7-469A-BE41-C316F1625612} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem128.0.6597.0{7C26854F-81AE-4D0D-8C7C-C143654A0BB5} => C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe [4889704 2024-07-15] (Google LLC -> Google LLC) Task: {463C3242-8401-48BA-89C2-4730DD6037BD} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28752616 2025-02-08] (Microsoft Corporation -> Microsoft Corporation) Task: {E65ADEDF-C3EB-4ABC-A1EF-512A180E1919} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28752616 2025-02-08] (Microsoft Corporation -> Microsoft Corporation) Task: {EEC3964E-CB6B-43A0-BAAB-5861755EA05C} - System32\Tasks\VS Revo Group\RevoHelperFreeStartup => C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUninHelper.exe [4053672 2024-12-10] (VS REVO GROUP OOD -> VS Revo Group Ltd.) FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.19 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN) CHR HKU\S-1-5-21-191472196-2171759857-831586721-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [mfhcmdonhekjhfbjmeacdjbhlfgpjabp] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Psicraft\Line 6\Vyzex Pocket POD\Firmware Upgrade PDF.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Service Center\Native Instruments Homepage.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Guitar Rig 5\Native Instruments Homepage.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Controller Editor\Native Instruments Homepage.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge\Website.lnk C:\Users\Bruno-PC\Desktop\Penny Duo.lnk C:\Users\Bruno-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\FormatFactory.lnk C:\Users\Bruno-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk CustomCLSID: HKU\S-1-5-21-191472196-2171759857-831586721-1001_Classes\CLSID\{227C9E8F-71A1-4B23-9076-682A1A8EAAED}\localserver32 -> "c:\program files\macrium\common\reflectmonitor.exe" -ToastActivated => Pas de fichier CustomCLSID: HKU\S-1-5-21-191472196-2171759857-831586721-1001_Classes\CLSID\{B29F5F83-90DF-479A-BDE7-8A9F4412E394}\InprocServer32 -> C:\Users\Bruno-PC\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\psuser_64.dll => Pas de fichier ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> Pas de fichier ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> Pas de fichier ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> Pas de fichier ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> Pas de fichier ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> Pas de fichier AlternateDataStreams: C:\ProgramData\PACE:138D479B7284248C [217] BHO-x32: Pas de nom -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Pas de fichier HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" IE trusted site: HKU\S-1-5-21-191472196-2171759857-831586721-1001\...\line6.net -> line6.net IE trusted site: HKU\S-1-5-21-191472196-2171759857-831586721-1001\...\localhost -> localhost StartBatch: del /s /q C:\Windows\prefetch\*.* del /s /q "%userprofile%\AppData\Local\Temp\*.*" del /s /q "%userprofile%\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*" del /s /q "%userprofile%\AppData\LocalLow\Microsoft\CryptnetUrlCache\Metada\*.*" del /s /q "%userprofile%\AppData\Local\Microsoft\Windows\History\*.*" del /s /q "%userprofile%\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.*" del /s /q "%userprofile%\AppData\Roaming\Microsoft\Windows\Recent\*.lnk" For /D %%d In ("%userprofile%\AppData\Local\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\Cache2" Del /s /q "%%d\Cache2\*.*") del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Code Cache\Js\." del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*" del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\Js\." del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\." del /s /q "%userprofile%\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\*.*" del /s /q "%userprofile%\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\Js\." del /s /q "%userprofile%\AppData\Roaming\Opera Software\Opera Stable\Code Cache\Js\." del /s /q "%userprofile%\AppData\Roaming\Opera Software\*" del /s /q "%userprofile%\AppData\Local\Vivaldi\User Data\Default\Cache" For /D %%d In ("%userprofile%\AppData\Local\Thunderbird\Profiles\*") Do (If Exist "%%d\Cache2" Del /s /q "%%d\Cache2\*.*") For /D %%d In ("%userprofile%\AppData\Roaming\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\cookies.sqlite" Del /s /q "%%d\cookies.sqlite") For /D %%d In ("%userprofile%\AppData\Roaming\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\Places.Sqlite" Del /s /q "%%d\Places.Sqlite") del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\History" del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\History" del /s /q "%userprofile%\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\History" del /s /q "%userprofile%\AppData\Roaming\Opera Software\Opera Stable\History" del /s /q "%userprofile%\AppData\Roaming\Opera Software\Opera GX Stable\History" del /s /q "%userprofile%\AppData\Local\Vivaldi\User Data\Default\History" ipconfig /release ipconfig /renew ipconfig /flushdns ipconfig /registerdns netsh winsock reset netsh advfirewall reset netsh advfirewall set allprofiles state on netsh winhttp reset proxy bitsadmin /reset /allusers net start sdrsvc net start vss net start rpcss net start eventsystem net start winmgmt net start msiserver net start bfe net start trustedinstaller net start windefend net start mpssvc net start mpsdrv Winmgmt /salvagerepository Winmgmt /resetrepository Winmgmt /resyncperf Endbatch: cmd: Net start wuauserv Reboot: end::