start::
CreateRestorePoint:
cmd: Net stop wuauserv
CloseProcesses:
Hosts:
RemoveProxy:
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32
DeleteKey: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
DeleteKey: HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32
DeleteKey: HKCU\SOFTWARE\BitTorrent
DeleteKey: HKU\S-1-5-21-2634800380-2514914927-909846014-1001\SOFTWARE\BitTorrent
C:\Users\Alex\AppData\Local\BitTorrentHelper
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Applogon
DeleteValue: HKEY_USERS\S-1-5-21-2634800380-2514914927-909846014-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|GUDelayStartup
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Glarysoft
DeleteKey: HKCU\SOFTWARE\Glarysoft
DeleteKey: HKU\S-1-5-21-2634800380-2514914927-909846014-1001\SOFTWARE\Glarysoft
C:\Users\Alex\AppData\Roaming\GlarySoft
C:\ProgramData\Key-Base
DeleteKey: HKLM\SOFTWARE\WOW6432Node\IObit
C:\Program Files (x86)\IObit
C:\ProgramData\IObit
C:\Program Files (x86)\Common Files\IObit
C:\Users\Alex\AppData\Roaming\IObit
C:\Users\Alex\AppData\LocalLow\IObit
DeleteKey: HKCU\SOFTWARE\Adlice Software
DeleteKey: HKU\.DEFAULT\SOFTWARE\Adlice Software
DeleteKey: HKU\S-1-5-21-2634800380-2514914927-909846014-1001\SOFTWARE\Adlice Software
DeleteKey: HKCU\SOFTWARE\AvastAdSDK
DeleteKey: HKU\S-1-5-21-2634800380-2514914927-909846014-1001\SOFTWARE\AvastAdSDK
DeleteKey: HKCU\SOFTWARE\ZebHelpProcess Helper
DeleteKey: HKU\S-1-5-21-2634800380-2514914927-909846014-1001\SOFTWARE\ZebHelpProcess Helper
C:\Program Files (x86)\Lavasoft
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
C:\ProgramData\Lavasoft
C:\Users\Alex\AppData\Roaming\Lavasoft
C:\Users\Alex\AppData\Local\Lavasoft
HKU\S-1-5-21-2634800380-2514914927-909846014-1001\...\Run: [NoxMultiPlayer] => "C:\Nox\bin\MultiPlayerManager.exe" -startSource:auto_start (Pas de fichier)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {07477D43-F893-4EC7-9F99-BDFC460E373A} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe  do-task "308046B0AF4A39CB" (Pas de fichier)
Task: {1FB1E86F-87C5-4D3E-9D25-01184FC41580} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe  do-task "E7CF176E110C211B" (Pas de fichier)
S3 fiddrv64; pas de ImagePath
HKU\S-1-5-21-2634800380-2514914927-909846014-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [44529568 2023-11-21] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {773218BE-9938-456C-BBA7-2C4431F340BF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-11-21] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {D87379C4-8F5B-4D20-8432-B07DB9C5DD9F} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-11-21] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "bbcbb7b2-8f61-46ca-887f-98b3e5af5880" --version "6.18.10838" --silent
Task: {7B1798DD-A0E1-4C22-8143-78F6F7AFC808} - System32\Tasks\CCleanerSkipUAC - Alex => C:\Program Files\CCleaner\CCleaner.exe [37546912 2023-11-21] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {F073A24A-DF95-4E8A-970C-BA52FB79238D} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe  -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {4C9E61FD-5511-4DF4-B71B-FF7C9FE29E57} - System32\Tasks\Mozilla\Firefox Background Update 9388B6559483FD17 => C:\Mozilla Firefox\firefox.exe [609184 2023-11-21] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\9388B6559483FD17\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {07477D43-F893-4EC7-9F99-BDFC460E373A} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe  do-task "308046B0AF4A39CB" (Pas de fichier)
Task: {67512746-E7DB-4413-8926-C5D71DA04F37} - System32\Tasks\Mozilla\Firefox Default Browser Agent 9388B6559483FD17 => C:\Mozilla Firefox\default-browser-agent.exe [31648 2023-11-21] (Mozilla Corporation -> Mozilla Foundation)
Task: {1FB1E86F-87C5-4D3E-9D25-01184FC41580} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe  do-task "E7CF176E110C211B" (Pas de fichier)
Task: {6303F8F7-016F-4568-9A4B-888B4142D76B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-25] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {6A3BBB34-5154-4A8A-BB61-C5C4B6BB3FAF} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3341432 2022-05-06] (Nvidia Corporation -> NVIDIA Corporation)
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.1 -> C:\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.2 -> C:\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2023-10-19]
CHR HKU\S-1-5-21-2634800380-2514914927-909846014-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2023-10-19]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2023-10-19]
CustomCLSID: HKU\S-1-5-21-2634800380-2514914927-909846014-1001_Classes\CLSID\{B47B9FD4-9903-4E56-8129-F55AE9936D45}\InprocServer32 -> C:\Program Files (x86)\Mozilla Firefox\notificationserver.dll => Pas de fichier
FirewallRules: [{997D6D0B-DECF-45EB-B950-F62B46170AD8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => Pas de fichier
FirewallRules: [{B49DF2D4-C07E-47EB-AF35-A7D9FD79E1BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => Pas de fichier
FirewallRules: [TCP Query User{338B61FE-A4E9-4220-8FFF-3782A8ACE448}C:\users\alex\appdata\local\temp\rar$exa7568.47758\hitomi_downloader_gui.exe] => (Block) C:\users\alex\appdata\local\temp\rar$exa7568.47758\hitomi_downloader_gui.exe => Pas de fichier
FirewallRules: [UDP Query User{621A2D3A-DD50-41EA-930E-9A570A47D473}C:\users\alex\appdata\local\temp\rar$exa7568.47758\hitomi_downloader_gui.exe] => (Block) C:\users\alex\appdata\local\temp\rar$exa7568.47758\hitomi_downloader_gui.exe => Pas de fichier
FirewallRules: [{191E9C1A-9A79-45D5-8F92-7BEB79D1801E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => Pas de fichier
FirewallRules: [{153D373B-1C9B-4CB2-AF47-07C45D32EB0E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => Pas de fichier
FirewallRules: [{7253F7D2-799E-4712-9206-00A8A7B7B189}] => (Allow) C:\Nox\bin\Nox.exe => Pas de fichier
FirewallRules: [{5C3C02FE-2F6E-4C17-87EE-B5D0B755053B}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe => Pas de fichier
FirewallRules: [{D174A683-67CD-4E23-89F0-19FD63CB1011}] => (Allow) C:\BlueStacks X\BlueStacksWeb.exe => Pas de fichier
FirewallRules: [{FFC266A7-C59D-4829-8279-D251A40BEC62}] => (Allow) C:\BlueStacks X\Cloud Game.exe => Pas de fichier
FirewallRules: [{18AD0C72-15EE-4756-93D3-4D0AEC3A950D}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => Pas de fichier
FirewallRules: [{53509402-5025-49B6-9F7C-16BC215EC3BD}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe => Pas de fichier
FirewallRules: [{EF007C80-1A30-432B-8F5C-BC9894644D6D}] => (Allow) LPort=4482
FirewallRules: [{2995ED87-B54E-4082-B80D-B51AA6259461}] => (Allow) LPort=4482
FirewallRules: [{578253D2-4DF2-4BA5-BD6A-F9EFB88DBDD0}] => (Allow) LPort=4481
FirewallRules: [{C851BB3B-E56D-4B01-97C4-73516829EFFE}] => (Allow) LPort=4481
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigation privée de Firefox.lnk
C:\Users\Alex\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\WebCompanion\Web Companion.lnk
Comment: Les commandes suivantes supprimeront les fichiers temporaraires. 
C:\Windows\Temp\*.* 
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\*
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\*
C:\Users\CurrentUserName\Appdata\Local\Temp\*.*
C:\Windows\SoftwareDistribution\Download\*
C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\*.*
Comment: La commande suivante videra les caches et historiques.
StartBatch:
del /s /q "%userprofile%\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*"
del /s /q "%userprofile%\AppData\LocalLow\Microsoft\CryptnetUrlCache\Metada\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Windows\History\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.*"
del /s /q "%userprofile%\AppData\Roaming\Microsoft\Windows\Recent\*.lnk"
For /D %%d In ("%userprofile%\AppData\Local\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\Cache2" Del /s /q "%%d\Cache2\*.*")
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*"
For /D %%d In ("%userprofile%\AppData\Local\Thunderbird\Profiles\*") Do (If Exist "%%d\Cache2" Del /s /q "%%d\Cache2\*.*")
For /D %%d In ("%userprofile%\AppData\Roaming\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\Places.Sqlite" Del /s /q "%%d\Places.Sqlite")
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\History"
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\History"
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
ipconfig /release
ipconfig /renew
ipconfig /flushdns
ipconfig /registerdns
netsh winsock reset
netsh advfirewall reset 
netsh advfirewall set allprofiles state on
netsh winhttp reset proxy
dism.exe /online /cleanup-image /restorehealth
sfc /scannow
Endbatch:
EmptyTemp:
EmptyEventLogs:
cmd: Net start wuauserv
Reboot:
end::