start:: CreateRestorePoint: CloseProcesses: Hosts: RemoveProxy: HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Pas de fichier) HKLM\...\Run: [WSVCUUpdateHelper.exe] => C:\Program Files\Wondershare\UniConverter 14 for Windows\WSVCUUpdateHelper.exe (Pas de fichier) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Pas de fichier) HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION HKU\S-1-5-21-2120058573-845275958-319147610-1001\...\Run: [utweb] => "C:\Users\AMPY\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED (Pas de fichier) Task: {73B7EB53-3126-4C5D-A714-7FCA9ACE919A} - System32\Tasks\Nahimic2svc64Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2svc64.exe $(Arg0) $(Arg1) $(Arg2) $(Arg3) $(Arg4) $(Arg5) $(Arg6) $(Arg7) (Pas de fichier) Task: {D370A03C-B38C-4ED6-835B-F855DAC08722} - System32\Tasks\Nahimic2svc32Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2svc32.exe $(Arg0) $(Arg1) $(Arg2) $(Arg3) $(Arg4) $(Arg5) $(Arg6) $(Arg7) (Pas de fichier) Task: {E6394B88-5A4E-4A2D-81D1-3F95862E56AF} - System32\Tasks\Nahimic2UILauncherRun => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe $(Arg0) $(Arg1) $(Arg2) $(Arg3) $(Arg4) $(Arg5) $(Arg6) $(Arg7) (Pas de fichier) OPR Extension: (BetterTTV) - C:\Users\AMPY\AppData\Roaming\Opera Software\Opera Stable\Extensions\deofbbdfofnmppcjbhjibgodpcdchjii [2019-07-13] [UpdateUrl:hxxps://nightdev.com/betterttv/opera/update.xml] <==== ATTENTION HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3476184 2022-07-27] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1 HKU\S-1-5-21-2120058573-845275958-319147610-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4279208 2022-03-14] (Valve Corp. -> Valve Corporation) HKU\S-1-5-21-2120058573-845275958-319147610-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [38274576 2022-08-12] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-2120058573-845275958-319147610-1001\...\Run: [MicrosoftEdgeAutoLaunch_6342EF00F3E0BD643B35E0FF1CAB9706] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3827128 2022-08-18] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-2120058573-845275958-319147610-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.61\Installer\chrmstp.exe [2020-05-24] (Google LLC -> Google LLC) IFEO\EOSnotify.exe: [Debugger] IFEO\InstallAgent.exe: [Debugger] IFEO\MusNotification.exe: [Debugger] IFEO\MusNotificationUx.exe: [Debugger] IFEO\remsh.exe: [Debugger] IFEO\SihClient.exe: [Debugger] IFEO\UpdateAssistant.exe: [Debugger] IFEO\upfc.exe: [Debugger] IFEO\UsoClient.exe: [Debugger] IFEO\WaaSMedic.exe: [Debugger] IFEO\WaasMedicAgent.exe: [Debugger] IFEO\Windows10Upgrade.exe: [Debugger] IFEO\Windows10UpgraderApp.exe: [Debugger] Task: {009F7043-8AFA-4607-8B29-BE6AB555F19F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-10] (Google Inc -> Google Inc.) Task: {108711F7-6488-41AE-AF87-E64C12BA1006} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task Task: {3721E39A-D2CB-437F-B618-63CF67260D95} - System32\Tasks\ccleaner update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-08-12] (Piriform Software Ltd -> Piriform) Task: {762A1402-895C-40EC-BE4D-4DFFBA20EE72} - System32\Tasks\adobe flash player updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-05-12] (Adobe Inc. -> Adobe) Task: {783D2D44-0655-4530-8851-E0582C88EAAB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-10] (Google Inc -> Google Inc.) Task: {EB853945-2C12-4BB9-B003-C5C3D1B6E6EC} - System32\Tasks\CCleanerSkipUAC - AMPY => C:\Program Files\CCleaner\CCleaner.exe [31990800 2022-08-12] (Piriform Software Ltd -> Piriform Software Ltd) Task: {FB990B5A-2932-46C9-AB90-3F2135E011DD} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation) Task: {FC12D5C2-3B81-45BB-8C63-2297FE4BDC5B} - System32\Tasks\Opera scheduled assistant Autoupdate 1582795392 => C:\Program Files\Opera\launcher.exe [2527216 2022-08-03] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Program Files\Opera\assistant" $(Arg0) Task: C:\WINDOWS\Tasks\Intel PTT EK Recertification.job => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)] Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)] Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)] Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] OPR Extension: (Amazon Assistant Promotion) - C:\Users\AMPY\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-09-26] 2019-01-04 14:08 - 2019-01-04 14:08 - 000000410 _____ () C:\Users\AMPY\AppData\Local\oobelibMkey.log ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Pas de fichier ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Pas de fichier ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Pas de fichier ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Pas de fichier ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Pas de fichier ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Pas de fichier ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Pas de fichier ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Pas de fichier ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Pas de fichier ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Pas de fichier ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Pas de fichier ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Pas de fichier ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Pas de fichier ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Pas de fichier ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Pas de fichier AlternateDataStreams: C:\Users\Public\AppData:CSM [230] SearchScopes: HKU\S-1-5-21-2120058573-845275958-319147610-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FirewallRules: [{B21A6D8D-42DC-4DBE-B4A9-89AF5CF97C56}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => Pas de fichier FirewallRules: [{2AB88C04-9871-4BEC-9834-DF9B181125DC}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => Pas de fichier FirewallRules: [{605E970C-2756-432D-8F90-65595647ECC7}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => Pas de fichier FirewallRules: [{30976F8D-1036-45C4-AED5-F7E2200AE6F0}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => Pas de fichier FirewallRules: [UDP Query User{023D459F-17E2-4208-ACB4-640CF7B2AEBF}C:\users\ampy\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\ampy\appdata\local\microsoft\teams\current\teams.exe => Pas de fichier FirewallRules: [TCP Query User{D3C58989-DC5C-4E6E-852E-6820DE37F7A2}C:\users\ampy\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\ampy\appdata\local\microsoft\teams\current\teams.exe => Pas de fichier FirewallRules: [UDP Query User{209F82E5-D706-438B-A89A-5447BAEE52A8}C:\users\ampy\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\ampy\appdata\local\microsoft\teams\current\teams.exe => Pas de fichier FirewallRules: [TCP Query User{3BCAA3AA-73A4-4888-9782-80600A80E8FF}C:\users\ampy\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\ampy\appdata\local\microsoft\teams\current\teams.exe => Pas de fichier FirewallRules: [UDP Query User{318395FD-B78D-4AAC-AC48-A3A680AC417F}C:\users\ampy\appdata\local\popcorn-time\popcorn-time.exe] => (Block) C:\users\ampy\appdata\local\popcorn-time\popcorn-time.exe => Pas de fichier FirewallRules: [TCP Query User{2B720167-0082-493A-A12C-CFDAF30E8384}C:\users\ampy\appdata\local\popcorn-time\popcorn-time.exe] => (Block) C:\users\ampy\appdata\local\popcorn-time\popcorn-time.exe => Pas de fichier FirewallRules: [UDP Query User{58D752A3-FC0A-4330-88C6-AD2C7FF7B420}C:\users\ampy\appdata\local\popcorn-time\popcorn-time.exe] => (Allow) C:\users\ampy\appdata\local\popcorn-time\popcorn-time.exe => Pas de fichier FirewallRules: [TCP Query User{59A9BDCD-3E2C-493E-93D6-4157F72144A2}C:\users\ampy\appdata\local\popcorn-time\popcorn-time.exe] => (Allow) C:\users\ampy\appdata\local\popcorn-time\popcorn-time.exe => Pas de fichier FirewallRules: [TCP Query User{E8DE54D9-ED5D-4894-A061-F0B7244FB03E}C:\users\ampy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ampy\appdata\roaming\spotify\spotify.exe => Pas de fichier FirewallRules: [UDP Query User{B18992A2-3CC9-442B-BA54-0958A9FF7E38}C:\users\ampy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ampy\appdata\roaming\spotify\spotify.exe => Pas de fichier FirewallRules: [TCP Query User{A154A0BE-DDC9-4874-BD7C-9859A1F211D9}C:\users\ampy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ampy\appdata\roaming\spotify\spotify.exe => Pas de fichier FirewallRules: [UDP Query User{F60C04A9-F6A2-4862-8DD2-18DC98693F1F}C:\users\ampy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ampy\appdata\roaming\spotify\spotify.exe => Pas de fichier HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" StartRegedit: Windows Registry Editor Version 5.00 [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains] @="" [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains] [-HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains] @="" [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P] EndRegedit: C:\Users\AMPY\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\76f9e4d33b60b312\Popcorn-Time.lnk C:\Users\AMPY\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\215586e65750b976\Popcorn-Time.lnk C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk StartRegEdit: Windows Registry Editor Version 5.00 [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7b9bcc1c-42ad-4f9b-a956-0a1ccd2a1c53}:] "NameServer"="" EndRegEdit: DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Wondershare Helper Compact.exe DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WSVCUUpdateHelper.exe DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|utweb DeleteValue: HKU\S-1-5-21-2120058573-845275958-319147610-1001\\Software\Microsoft\Windows\CurrentVersion\Run|utweb] C:\Users\AMPY\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AceStream DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Discord DeleteValue: HKEY_USERS\S-1-5-21-2120058573-845275958-319147610-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AceStream DeleteValue: HKEY_USERS\S-1-5-21-2120058573-845275958-319147610-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Discord C:\Users\AMPY\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fjnbnpbmkenffdnngjfgmeleoegfcffe DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|UDP Query User{318395FD-B78D-4AAC-AC48-A3A680AC417F}C:\users\ampy\appdata\local\popcorn-time\popcorn-time.exe DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|TCP Query User{2B720167-0082-493A-A12C-CFDAF30E8384}C:\users\ampy\appdata\local\popcorn-time\popcorn-time.exe DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|UDP Query User{58D752A3-FC0A-4330-88C6-AD2C7FF7B420}C:\users\ampy\appdata\local\popcorn-time\popcorn-time.exe DeleteValue: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules|TCP Query User{59A9BDCD-3E2C-493E-93D6-4157F72144A2}C:\users\ampy\appdata\local\popcorn-time\popcorn-time.exe DeleteValue: HKU\S-1-5-21-2120058573-845275958-319147610-1001\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings|fjnbnpbmkenffdnngjfgmeleoegfcffe DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|uTorrent DeleteValue: HKEY_USERS\S-1-5-21-2120058573-845275958-319147610-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|uTorrent C:\Users\AMPY\AppData\Local\BitTorrentHelper C:\Users\AMPY\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck C:\Users\AMPY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AvastUI.exe DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|AvastUI.exe DeleteKey: HKLM\SOFTWARE\AVAST Software DeleteKey: HKCU\SOFTWARE\Avast Software DeleteKey: HKCU\SOFTWARE\AvastAdSDK DeleteKey: HKCU\SOFTWARE\Browser Cleanup DeleteKey: HKU\.DEFAULT\SOFTWARE\Avast Software DeleteKey: HKU\.DEFAULT\SOFTWARE\Browser Cleanup DeleteKey: HKU\S-1-5-21-2120058573-845275958-319147610-1001\SOFTWARE\Avast Software DeleteKey: HKU\S-1-5-21-2120058573-845275958-319147610-1001\SOFTWARE\AvastAdSDK DeleteKey: HKU\S-1-5-21-2120058573-845275958-319147610-1001\SOFTWARE\Browser Cleanup C:\ProgramData\AVAST Software C:\Users\AMPY\AppData\Local\AVAST Software unlock: C:\WINDOWS\System32\drivers\aswMonFlt.sys C:\WINDOWS\System32\drivers\aswMonFlt.sys unlock: C:\WINDOWS\System32\drivers\aswStm.sys C:\WINDOWS\System32\drivers\aswStm.sys DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Nahimic2UILauncher DeleteKey: HKLM\SOFTWARE\Nahimic DeleteKey: HKCU\SOFTWARE\Nahimic DeleteKey: HKU\.DEFAULT\SOFTWARE\Nahimic DeleteKey: HKU\S-1-5-21-2120058573-845275958-319147610-1001\SOFTWARE\Nahimic C:\ProgramData\Nahimic22.5.24 C:\ProgramData\Nahimic2Profiles C:\Users\AMPY\AppData\Local\Nahimic22.5.24 DeleteKey: HKLM\SOFTWARE\Wondershare DeleteKey: HKLM\SOFTWARE\WOW6432Node\Wondershare DeleteKey: HKCU\SOFTWARE\Wondershare DeleteKey: HKU\S-1-5-21-2120058573-845275958-319147610-1001\SOFTWARE\Wondershare C:\Program Files\Wondershare C:\Program Files (x86)\WondershareUpdate C:\ProgramData\Wondershare C:\Users\AMPY\AppData\Roaming\Wondershare C:\Users\AMPY\AppData\Local\Wondershare DeleteKey: HKCU\SOFTWARE\Chromium DeleteKey: HKU\S-1-5-21-2120058573-845275958-319147610-1001\SOFTWARE\Chromium C:\Users\AMPY\AppData\Local\Chromium cmd: ipconfig /flushdns cmd: netsh winsock reset cmd: netsh advfirewall reset cmd: netsh advfirewall set allprofiles state on C:\Windows\Temp\*.* C:\Users\CurrentUserName\Appdata\Local\Temp\*.* C:\Program Files (x86)\Temp\*.tmp StartBatch: del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*" del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*" Endbatch: EmptyTemp: C:\Windows\SoftwareDistribution\Download\ * cmd: dism.exe /online /cleanup-image /restorehealth cmd: sfc /scannow Reboot: end::