start::
CreateRestorePoint:
cmd: Net stop wuauserv
cmd: Rd /s /q %windir%\SoftwareDistribution\.
CloseProcesses:
EmptyTemp:
EmptyEventLogs:
Hosts:
RemoveProxy:
C:\Windows\Temp\*.* 
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\*
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\*
C:\Users\CurrentUserName\Appdata\Local\Temp\*.*
C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\*.*
Unlock: HKCU\SOFTWARE\AvastAdSDK
DeleteKey: HKCU\SOFTWARE\AvastAdSDK
DeleteKey: HKU\S-1-5-21-4129506294-4085421929-2474275141-500\SOFTWARE\AvastAdSDK
DeleteKey: HKCU\SOFTWARE\3d0ba22d-e02b-5c6d-93a1-4e2a9af9c1f2
DeleteKey: HKU\S-1-5-21-4129506294-4085421929-2474275141-500\SOFTWARE\3d0ba22d-e02b-5c6d-93a1-4e2a9af9c1f2
C:\Users\ADMINI~1\AppData\Local\Temp\mat-debug-10692.log
C:\Users\ADMINI~1\AppData\Local\Temp\mat-debug-13948.log
C:\Users\ADMINI~1\AppData\Local\Temp\mat-debug-14616.log
C:\Users\ADMINI~1\AppData\Local\Temp\mat-debug-5724.log
C:\Users\ADMINI~1\AppData\Local\Temp\mat-debug-6244.log
C:\Users\ADMINI~1\AppData\Local\Temp\mat-debug-6984.log
C:\Users\ADMINI~1\AppData\Local\Temp\mat-debug-7868.log
C:\Users\ADMINI~1\AppData\Local\Temp\mat-debug-8960.log
C:\Users\ADMINI~1\AppData\Local\Temp\mat-debug-9940.log
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Administrateur\Downloads\SpotifySetup.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Administrateur\Downloads\SpotifySetup.exe.ApplicationCompany
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|D:\Start_Here_Win.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-4129506294-4085421929-2474275141-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Administrateur\Downloads\SpotifySetup.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-4129506294-4085421929-2474275141-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Administrateur\Downloads\SpotifySetup.exe.ApplicationCompany
DeleteValue: HKU\S-1-5-21-4129506294-4085421929-2474275141-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|D:\Start_Here_Win.exe.FriendlyAppName
DeleteKey: HKLM\SOFTWARE\Malwarebytes
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Malwarebytes
HKU\S-1-5-21-4129506294-4085421929-2474275141-500\...\Run: [MicrosoftEdgeAutoLaunch_9987CEAFA1939BF8A5BD47FB8E54B0C5] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4088384 2025-02-20] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4129506294-4085421929-2474275141-500\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45452080 2025-02-18] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {786CCB2C-9BB1-4709-ABC7-702610D45ED5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [3480504 2025-02-18] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {5F5FD0C4-295B-4B40-93E1-D4AC824E363C} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [6139696 2025-02-18] (Gen Digital Inc. -> Gen Digital Inc.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "d96dd657-2eb5-4ef1-8d9a-75433f238f61" --version "6.33.0.11465" --silent
Task: {E7D48E26-8622-43F3-B1A3-C16D7D6D06AB} - System32\Tasks\CCleanerSkipUAC - Administrateur => C:\Program Files\CCleaner\CCleaner.exe [39224624 2025-02-18] (Gen Digital Inc. -> Gen Digital Inc.)
Task: C:\windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Tcpip\..\Interfaces\{24b0c4a9-c3ae-4aaf-b1ef-3ed8924d4e05}: [DhcpNameServer] 1.1.1.3 1.0.0.3 8.8.8.8 1.1.1.1 172.16.70.1
Edge Notifications: Default -> hxxps://2ntrfi.sucemailagly.co.in; hxxps://ehbvqzxh.aharapsionsess.co.in; hxxps://rokinat.co.in; hxxps://sucemailagly.co.in
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Pas de fichier
C:\Users\Administrateur\Desktop\ZHPSuite.lnk
StartBatch:
del /s /q C:\Windows\prefetch\*.*
del /s /q "%userprofile%\AppData\Local\Temp\*.*"
del /s /q "%userprofile%\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*"
del /s /q "%userprofile%\AppData\LocalLow\Microsoft\CryptnetUrlCache\Metada\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Windows\History\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.*"
del /s /q "%userprofile%\AppData\Roaming\Microsoft\Windows\Recent\*.lnk"
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\Js\."
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\."
For /D %%d In ("%userprofile%\AppData\Local\Thunderbird\Profiles\*") Do (If Exist "%%d\Cache2" Del /s /q "%%d\Cache2\*.*")
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\History"
ipconfig /release
ipconfig /renew
ipconfig /flushdns
ipconfig /registerdns
netsh winsock reset
netsh advfirewall reset 
netsh advfirewall set allprofiles state on
netsh winhttp reset proxy
bitsadmin /reset /allusers
net start sdrsvc
net start vss
net start rpcss
net start eventsystem
net start winmgmt
net start msiserver
net start bfe
net start trustedinstaller
net start windefend
net start mpssvc
net start mpsdrv
Winmgmt /salvagerepository
Winmgmt /resetrepository
Winmgmt /resyncperf
Endbatch:
cmd: Net start wuauserv
Reboot:
end::