start::
CreateRestorePoint:
cmd: Net stop wuauserv
cmd: Rd /s /q %windir%\SoftwareDistribution\.
CloseProcesses:
EmptyTemp:
EmptyEventLogs:
Hosts:
RemoveProxy:
C:\Windows\Temp\*.* 
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\*
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\*
C:\Users\CurrentUserName\Appdata\Local\Temp\*.*
C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\*.*
Unlock: HKCU\SOFTWARE\AvastAdSDK
DeleteKey: HKCU\SOFTWARE\AvastAdSDK
DeleteKey: HKU\S-1-5-21-4258229114-741658218-2972187628-1000\SOFTWARE\AvastAdSDK
C:\Users\PC-POR~1.NET\AppData\Local\Temp\mat-debug-*.log
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|D:\snappy\SDI_x64_R2201.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|D:\snappy\SDI_x64_R2201.exe.ApplicationCompany
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Pc-Portable.net\AppData\Local\Temp\7zS09954AB5\setup-stub.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Pc-Portable.net\AppData\Local\Temp\7zS09954AB5\setup-stub.exe.ApplicationCompany
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Pc-Portable.net\AppData\Local\Temp\7zSCDA77058\setup-stub.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Pc-Portable.net\AppData\Local\Temp\7zSCDA77058\setup-stub.exe.ApplicationCompany
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe.ApplicationCompany
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Pc-Portable.net\AppData\Local\Temp\~nsuA.tmp\Un_A.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-4258229114-741658218-2972187628-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|D:\snappy\SDI_x64_R2201.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-4258229114-741658218-2972187628-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|D:\snappy\SDI_x64_R2201.exe.ApplicationCompany
DeleteValue: HKU\S-1-5-21-4258229114-741658218-2972187628-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Pc-Portable.net\AppData\Local\Temp\7zS09954AB5\setup-stub.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-4258229114-741658218-2972187628-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Pc-Portable.net\AppData\Local\Temp\7zS09954AB5\setup-stub.exe.ApplicationCompany
DeleteValue: HKU\S-1-5-21-4258229114-741658218-2972187628-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Pc-Portable.net\AppData\Local\Temp\7zSCDA77058\setup-stub.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-4258229114-741658218-2972187628-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Pc-Portable.net\AppData\Local\Temp\7zSCDA77058\setup-stub.exe.ApplicationCompany
DeleteValue: HKU\S-1-5-21-4258229114-741658218-2972187628-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-4258229114-741658218-2972187628-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Proton\VPN\v3.2.11\ProtonDrive.Downloader.exe.ApplicationCompany
DeleteValue: HKU\S-1-5-21-4258229114-741658218-2972187628-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\Pc-Portable.net\AppData\Local\Temp\~nsuA.tmp\Un_A.exe.FriendlyAppName
DeleteKey: HKLM\SOFTWARE\Setup
Task: {0A20D7B9-9625-4E5B-A234-58D1526A8F50} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe  (Pas de fichier)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (Pas de fichier)
Task: {E6BA4FAB-5997-4845-B4B1-2ACDDF12414D} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-4258229114-741658218-2972187628-1000 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [682560 2025-03-19] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (l'Ã©lÃ©ment de donnÃ©es a 6 caractÃ¨res en plus).
Task: {DEF174F9-64AB-4727-AD14-271C16649108} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34880 2025-03-19] (Mozilla Corporation -> Mozilla Foundation)
Edge Extension: (Google Docs hors connexion) - C:\Users\Pc-Portable.net\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-11-13]hxxps://clients2.google.com/service/update2/crx
Edge Extension: (Edge relevant text changes) - C:\Users\Pc-Portable.net\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-07-21]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Pas de fichier
FirewallRules: [TCP Query User{5DD64E73-EAFD-47FE-A849-1CA742A09FAA}D:\snappy\sdi_x64_r2201.exe] => (Allow) D:\snappy\sdi_x64_r2201.exe => Pas de fichier
FirewallRules: [UDP Query User{CC30ED71-E00C-4E88-BCC5-9B741DE46F7A}D:\snappy\sdi_x64_r2201.exe] => (Allow) D:\snappy\sdi_x64_r2201.exe => Pas de fichier
StartBatch:
del /s /q C:\Windows\prefetch\*.*
del /s /q "%userprofile%\AppData\Local\Temp\*.*"
del /s /q "%userprofile%\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*"
del /s /q "%userprofile%\AppData\LocalLow\Microsoft\CryptnetUrlCache\Metada\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Windows\History\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.*"
del /s /q "%userprofile%\AppData\Roaming\Microsoft\Windows\Recent\*.lnk"
For /D %%d In ("%userprofile%\AppData\Local\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\Cache2" Del /s /q "%%d\Cache2\*.*")
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\Js\."
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\."
For /D %%d In ("%userprofile%\AppData\Local\Thunderbird\Profiles\*") Do (If Exist "%%d\Cache2" Del /s /q "%%d\Cache2\*.*")
For /D %%d In ("%userprofile%\AppData\Roaming\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\cookies.sqlite" Del /s /q "%%d\cookies.sqlite")
For /D %%d In ("%userprofile%\AppData\Roaming\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\Places.Sqlite" Del /s /q "%%d\Places.Sqlite")
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\History"
ipconfig /release
ipconfig /renew
ipconfig /flushdns
ipconfig /registerdns
netsh winsock reset
netsh advfirewall reset 
netsh advfirewall set allprofiles state on
netsh winhttp reset proxy
bitsadmin /reset /allusers
net start sdrsvc
net start vss
net start rpcss
net start eventsystem
net start winmgmt
net start msiserver
net start bfe
net start trustedinstaller
net start windefend
net start mpssvc
net start mpsdrv
Winmgmt /salvagerepository
Winmgmt /resetrepository
Winmgmt /resyncperf
Endbatch:
cmd: Net start wuauserv
Reboot:
end::