start::
CreateRestorePoint:
cmd: Net stop wuauserv
CloseProcesses:
Hosts:
RemoveProxy:
StartRegEdit:
Windows Registry Editor Version 5.00
[HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7ccb217d-1f66-437e-9504-3e65fe773bf1}:]
"NameServer"=""
EndRegEdit:
DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|UniConverterUpdateHelper
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\CLVDShellExt
DeleteKey: HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\CLVDShellExt
DeleteKey: HKCU\SOFTWARE\roamingdevice
DeleteKey: HKU\S-1-5-21-3954851323-185838848-2436664330-1002\SOFTWARE\roamingdevice
DeleteKey: HKLM\SOFTWARE\PDF Architect 7
DeleteKey: HKCU\SOFTWARE\PDF Architect 7
DeleteKey: HKU\.DEFAULT\SOFTWARE\PDF Architect 7
DeleteKey: HKU\S-1-5-21-3954851323-185838848-2436664330-1002\SOFTWARE\PDF Architect 7
DeleteKey: HKLM\SOFTWARE\Wondershare
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Wondershare
DeleteKey: HKCU\SOFTWARE\Wondershare
DeleteKey: HKU\S-1-5-21-3954851323-185838848-2436664330-1002\SOFTWARE\Wondershare
C:\Program Files (x86)\Wondershare
C:\ProgramData\Wondershare
C:\Users\BRUNO\AppData\Roaming\Wondershare
C:\Users\BRUNO\AppData\Local\Wondershare
DeleteKey: HKLM\SOFTWARE\Opera Software
DeleteKey: HKCU\SOFTWARE\Opera Software
DeleteKey: HKCU\SOFTWARE\Opera Stable Offer
DeleteKey: HKU\.DEFAULT\SOFTWARE\Opera Software
DeleteKey: HKU\S-1-5-21-3954851323-185838848-2436664330-1002\SOFTWARE\Opera Software
DeleteKey: HKU\S-1-5-21-3954851323-185838848-2436664330-1002\SOFTWARE\Opera Stable Offer
C:\Program Files (x86)\Tweaking.com
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
C:\ProgramData\WinZip
C:\Users\BRUNO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinZip 21.5
C:\ProgramData\360safe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Centre 360 Security
C:\Users\BRUNO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Centre 360 Security
HKLM\...\Run: [UniConverterUpdateHelper] => C:\Program Files (x86)\Wondershare\Wondershare UniConverter 15 for Windows (French)\WSVCUUpdateHelper.exe (Pas de fichier)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {B937BA8C-48F4-4928-A886-B5AD73F23954} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe  (Pas de fichier)
Task: {3CC07828-2BFE-4743-B4C0-9A4A6D285EB4} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => "%ProgramFiles%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe"  (Pas de fichier)
Task: {E8A9D062-524E-444F-AEAE-3CD256BF71AA} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe  UpdateStatus (Pas de fichier)
Task: {204083A1-755E-4D5A-99D8-93187A7A734A} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe  /show (Pas de fichier)
Task: {937756C9-A226-4387-978D-D4B1BEDC299F} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => "C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe"  -diag HWScan (Pas de fichier)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe  join (Pas de fichier)
Task: {343CAE6D-526E-4FEF-9F96-9B198551ACB5} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE  (Pas de fichier)
Task: {A8C8F446-FE68-4166-B91A-4D829ADB3874} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe  (Pas de fichier)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2022-08-17] <==== ATTENTION (Pointe vers un fichier *.cfg)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2022-08-17] <==== ATTENTION
BootExecute: autocheck autochk *  
Task: {C44EADF8-ABE8-4842-9AEF-EF39C0AAF975} - System32\Tasks\{9D267DDF-2BAD-4CBD-A0C5-D02E41B0C59B} => C:\WINDOWS\system32\pcalua.exe [53760 2023-11-18] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\Program Files (x86)\The Mighty Quest For Epic Loot\LauncherData\unins000.exe"
Task: {8C14C56C-9001-47A3-8BEC-552E5BBA5DC9} - System32\Tasks\GUSkipUAC => C:\Program Files (x86)\Glary Utilities\Integrator.exe [920984 2023-11-20] (Glarysoft Ltd -> Glarysoft Ltd)
Task: {386FF7CF-5534-4EA5-9BB5-E75F1503B255} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [35232 2023-11-21] (Mozilla Corporation -> Mozilla Foundation)
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
Edge HKU\S-1-5-21-3954851323-185838848-2436664330-1002\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]
FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.3\FFExt\light_plugin_firefox\addon.xpi => non trouvé(e)
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.3\FFExt\light_plugin_firefox\addon.xpi => non trouvé(e)
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
2018-08-14 10:41 - 2020-06-08 23:23 - 007018808 _____ () C:\Users\BRUNO\AppData\Local\BTServer.log
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} =>  -> Pas de fichier
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL -> Pas de fichier
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} =>  -> Pas de fichier
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 [123]
SearchScopes: HKU\S-1-5-21-3954851323-185838848-2436664330-1002 -> DefaultScope {4D6B899F-BC12-4CE6-841D-A35D8F2C2E65} URL = 
SearchScopes: HKU\S-1-5-21-3954851323-185838848-2436664330-1002 -> {4D6B899F-BC12-4CE6-841D-A35D8F2C2E65} URL = 
Toolbar: HKU\S-1-5-21-3954851323-185838848-2436664330-1002 -> Pas de nom - {EF293C5A-9F37-49FD-91C4-2B867063FC54} -  Pas de fichier
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
C:\Users\BRUNO\AppData\Local\Microsoft\Windows\Application Shortcuts\34791E63.CanonInkjetPrintUtility_6e5tt8cgb93ep\App.lnk 

Comment: Les commandes suivantes supprimeront les fichiers temporaraires. 
C:\Windows\Temp\*.* 
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\*
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\*
C:\Users\CurrentUserName\Appdata\Local\Temp\*.*
C:\Windows\SoftwareDistribution\Download\*
C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\*.*
Comment: La commande suivante videra les caches et historiques.
StartBatch:
del /s /q "%userprofile%\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*"
del /s /q "%userprofile%\AppData\LocalLow\Microsoft\CryptnetUrlCache\Metada\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Windows\History\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.*"
del /s /q "%userprofile%\AppData\Roaming\Microsoft\Windows\Recent\*.lnk"
For /D %%d In ("%userprofile%\AppData\Local\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\Cache2" Del /s /q "%%d\Cache2\*.*")
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*"
For /D %%d In ("%userprofile%\AppData\Local\Thunderbird\Profiles\*") Do (If Exist "%%d\Cache2" Del /s /q "%%d\Cache2\*.*")
For /D %%d In ("%userprofile%\AppData\Roaming\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\Places.Sqlite" Del /s /q "%%d\Places.Sqlite")
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\History"
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\History"
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
ipconfig /release
ipconfig /renew
ipconfig /flushdns
ipconfig /registerdns
netsh winsock reset
netsh advfirewall reset 
netsh advfirewall set allprofiles state on
netsh winhttp reset proxy
dism.exe /online /cleanup-image /restorehealth
sfc /scannow
Endbatch:
EmptyTemp:
EmptyEventLogs:
cmd: Net start wuauserv
Reboot:
end::