start::
CreateRestorePoint:
cmd: Net stop wuauserv
CloseProcesses:
Hosts:
RemoveProxy:
StartRegEdit:
Windows Registry Editor Version 5.00
[HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9f8e6b2c-2463-4673-ab55-48a1da7296b3}:]
"DhcpNameServer"=""
EndRegEdit:
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{838F904D-30D9-40BE-AE52-9C5D46A0B4AE}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{838F904D-30D9-40BE-AE52-9C5D46A0B4AE}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{838F904D-30D9-40BE-AE52-9C5D46A0B4AE}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Maintenance\{838F904D-30D9-40BE-AE52-9C5D46A0B4AE}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{838F904D-30D9-40BE-AE52-9C5D46A0B4AE}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{838F904D-30D9-40BE-AE52-9C5D46A0B4AE}
C:\Windows\System32\Tasks\ASUS GIFTBOX Update Messenger
C:\Users\Bakrchampion\AppData\Local\ASUS GIFTBOX Update Messenger\UpdateMessenger.exe
C:\WINDOWS\System32\Tasks\ASUS GIFTBOX Update Messenger 
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|RingCentral
DeleteValue: HKU\S-1-5-21-3957000892-2833973652-2960825972-1001\\Software\Microsoft\Windows\CurrentVersion\Run|RingCentral]
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AvastBrowserAutoLaunch_57788F965E6A4E89A7C851C5BA1C0D39
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AvastBrowserAutoLaunch_19D5FD0D9D7EB18508A0CCDF354C150F
DeleteValue: HKEY_USERS\S-1-5-21-3957000892-2833973652-2960825972-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AvastBrowserAutoLaunch_57788F965E6A4E89A7C851C5BA1C0D39
DeleteValue: HKEY_USERS\S-1-5-21-3957000892-2833973652-2960825972-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AvastBrowserAutoLaunch_19D5FD0D9D7EB18508A0CCDF354C150F
DeleteKey: HKLM\SOFTWARE\POLICIES\Mozilla\Firefox
DeleteKey: HKLM\SOFTWARE\1D0EC6DE-4A80-4CC3-A335-E6E41C951198
DeleteKey: HKCU\SOFTWARE\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c
DeleteKey: HKU\S-1-5-21-3957000892-2833973652-2960825972-1001\SOFTWARE\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c
C:\Program Files\Scrivener3\Scrivener.exe
C:\Program Files\Scrivener3
C:\Users\tudor\AppData\Local\AdvinstAnalytics
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\AIMP
DeleteKey: HKLM\Software\Classes\CLSID\{1F77B17B-F531-44DB-ACA4-76ABB5010A28}
DeleteKey: HKLM\Software\Wow6432Node\Classes\CLSID\{1F77B17B-F531-44DB-ACA4-76ABB5010A28}
DeleteKey: HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\AIMP
C:\Users\tudor\AppData\Local\Google\Chrome\User Data\Default\File System\000
C:\Users\tudor\AppData\Local\Google\Chrome\User Data\Default\File System\001
C:\Users\tudor\AppData\Local\Google\Chrome\User Data\Default\File System\002
C:\Users\tudor\AppData\Local\Google\Chrome\User Data\Default\File System\003
C:\Users\tudor\AppData\Local\Google\Chrome\User Data\Default\File System\004
C:\Users\tudor\AppData\Local\Google\Chrome\User Data\Default\File System\005
C:\Users\tudor\AppData\Local\Google\Chrome\User Data\Default\File System\006
C:\Users\tudor\AppData\Local\Google\Chrome\User Data\Default\File System\007
C:\Users\tudor\AppData\Local\Google\Chrome\User Data\Default\File System\008
C:\Users\tudor\AppData\Local\Google\Chrome\User Data\Default\File System\009
C:\Users\tudor\AppData\Local\Google\Chrome\User Data\Default\File System\010
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\tudor\AppData\Local\Programs\RingCentral\RingCentral.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\tudor\AppData\Local\Programs\RingCentral\RingCentral.exe.ApplicationCompany
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\tudor\Downloads\Thunderbird Setup 115.3.0 (1).exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\tudor\Downloads\Thunderbird Setup 115.3.0 (1).exe.ApplicationCompany
DeleteValue: HKU\S-1-5-21-3957000892-2833973652-2960825972-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\tudor\AppData\Local\Programs\RingCentral\RingCentral.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-3957000892-2833973652-2960825972-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\tudor\AppData\Local\Programs\RingCentral\RingCentral.exe.ApplicationCompany
DeleteValue: HKU\S-1-5-21-3957000892-2833973652-2960825972-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\tudor\Downloads\Thunderbird Setup 115.3.0 (1).exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-3957000892-2833973652-2960825972-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\tudor\Downloads\Thunderbird Setup 115.3.0 (1).exe.ApplicationCompany
C:\Users\tudor\AppData\Roaming\uTorrent
C:\Users\tudor\AppData\Local\BitTorrentHelper
C:\Users\tudor\AppData\LocalLow\uTorrent
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{2EB0D685-1D55-48ED-91D6-2E2FA10FA6C4}C:\users\tudor\appdata\roaming\utorrent\updates\3.5.5_45231.exe"
C:\users\tudor\appdata\roaming\utorrent\updates\3.5.5_45231.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{305839D7-8B32-448F-8409-F34063BCA552}C:\users\tudor\appdata\roaming\utorrent\updates\3.5.5_45231.exe"
C:\Users\tudor\AppData\Roaming\Mozilla\Firefox\Profiles\mrg0nodh.default\extensions\sp@avast.com.xpi
DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AvastUI.exe
DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|AvastUI.exe
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19C3AB22-3718-4E4D-B203-242F5001565B}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
DeleteKey: HKLM\SOFTWARE\AVAST Software
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Avast
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Avast Software
DeleteKey: HKCU\SOFTWARE\Avast Software
DeleteKey: HKCU\SOFTWARE\AvastAdSDK
DeleteKey: HKCU\SOFTWARE\Browser Cleanup
DeleteKey: HKU\.DEFAULT\SOFTWARE\AVAST Software
DeleteKey: HKU\S-1-5-21-3957000892-2833973652-2960825972-1001\SOFTWARE\Avast Software
DeleteKey: HKU\S-1-5-21-3957000892-2833973652-2960825972-1001\SOFTWARE\AvastAdSDK
DeleteKey: HKU\S-1-5-21-3957000892-2833973652-2960825972-1001\SOFTWARE\Browser Cleanup
C:\Program Files\AVAST Software
C:\ProgramData\AVAST Software
C:\Users\tudor\AppData\Local\AVAST Software
C:\Users\tudor\AppData\Roaming\Mozilla\Firefox\Profiles\mrg0nodh.default\browser-extension-data\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} 
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} 
DeleteKey: HKLM\Software\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} 
DeleteKey: HKLM\SOFTWARE\McAfee
DeleteKey: HKLM\SOFTWARE\Nahimic
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-3957000892-2833973652-2960825972-1001\...\Run: [com.messenger] => "C:\Users\tudor\AppData\Local\Programs\Messenger\Messenger.exe" messenger://openAtLogin (Pas de fichier)
HKU\S-1-5-21-3957000892-2833973652-2960825972-1001\...\Run: [RingCentral] => "C:\Users\tudor\AppData\Local\Programs\RingCentral\RingCentral.exe" --autoLaunchOnSystemStart (Pas de fichier)
HKU\S-1-5-21-3957000892-2833973652-2960825972-1004\...\Run: [AvastBrowserAutoLaunch_BB69E43151E866B419F42253E91DE667] => "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --check-run=src=logon --auto-launch-at-startup --profile-directory="Default" (Pas de fichier)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {838F904D-30D9-40BE-AE52-9C5D46A0B4AE} - System32\Tasks\ASUS GIFTBOX Update Messenger => C:\Users\Bakrchampion\AppData\Local\ASUS GIFTBOX Update Messenger\UpdateMessenger.exe [13984624 2022-05-15] (SweetLabs Inc -> SweetLabs, Inc) <==== ATTENTION
S3 BraveElevationService; "C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\119.1.60.118\elevation_service.exe" [X]
HKU\S-1-5-21-3957000892-2833973652-2960825972-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [42727840 2023-10-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-3957000892-2833973652-2960825972-1001\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> "C:\Program Files (x86)\AVAST Software\Browser\Application\87.1.7549.89\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Task: {67D423F1-2952-4E33-8FB6-6F07C0017C16} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-06-06] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {9031243C-3501-45F6-BF8A-B850A39C3DE2} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-06-06] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {9713F8DC-54A6-48F8-A1DA-57D9719486F9} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-10-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {56F37A33-63D3-4FD3-84E7-7E042F7BBB86} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-10-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "c972dfea-9096-47f7-a1b7-e6da496f471a" --version "6.17.10746" --silent
Task: {4B5BB794-70E1-4695-9693-C70BC47BBEDC} - System32\Tasks\CCleanerSkipUAC - tudor => C:\Program Files\CCleaner\CCleaner.exe [35664800 2023-10-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {091F1B6A-59B1-4691-A1BD-E207D3E27C27} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-08-24] (Google Inc -> Google Inc.)
Task: {D9F59238-2F13-40E3-AC4E-A160B3766D58} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-08-24] (Google Inc -> Google Inc.)
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3957000892-2833973652-2960825972-1001.job => C:\Users\tudor\AppData\Local\GoToMeeting\19950\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3957000892-2833973652-2960825972-1001.job => C:\Users\tudor\AppData\Local\GoToMeeting\19950\g2mupload.exe
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
FF Extension: (Avast SafePrice | Comparaison, offres, coupons) - C:\Users\tudor\AppData\Roaming\Mozilla\Firefox\Profiles\mrg0nodh.default\Extensions\sp@avast.com.xpi [2019-02-10]
FF Extension: (Pas de nom) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [non trouvé(e)]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi => non trouvé(e)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi => non trouvé(e)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
CHR Notifications: Default -> hxxps://meet.google.com; hxxps://www.chess.com; hxxps://www.geev.com; hxxps://www.superprof.fr
CustomCLSID: HKU\S-1-5-21-3957000892-2833973652-2960825972-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\tudor\AppData\Local\GoToMeeting\19932\G2MOutlookAddin64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-3957000892-2833973652-2960825972-1001_Classes\CLSID\{b72e6f5e-f6e0-a9eb-461b-6118363bd15c}\localserver32 -> "C:\Users\tudor\AppData\Local\0install.net\implementations\sha256new_7ATQFYMYISD5LU42STURHNI33TRSMJBHVQPLEAO3EX4R5WPI6GTQ\DeepL.exe" -ToastActivated => Pas de fichier
CustomCLSID: HKU\S-1-5-21-3957000892-2833973652-2960825972-1001_Classes\CLSID\{D0E646DB-70D6-4D13-BF56-02CA96FACE5C}\InprocServer32 -> LptdS3.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-3957000892-2833973652-2960825972-1001_Classes\CLSID\{fcf0f353-0070-42e8-a043-e5b4f3de72a2}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll => Pas de fichier
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll -> Pas de fichier
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll -> Pas de fichier
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Pas de fichier
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll => Pas de fichier
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll => Pas de fichier
FirewallRules: [{2BE13747-CD1B-49E0-B105-8FD19AA5714C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe => Pas de fichier
FirewallRules: [UDP Query User{02EC2FAF-A4B3-4894-9640-961B4FB2D23F}C:\games\iw4x\iw4x.exe] => (Allow) C:\games\iw4x\iw4x.exe => Pas de fichier
FirewallRules: [TCP Query User{A4E4A75E-689F-446C-BAF9-F9A573C9D272}C:\games\iw4x\iw4x.exe] => (Allow) C:\games\iw4x\iw4x.exe => Pas de fichier
FirewallRules: [UDP Query User{D9788FDB-1F31-49D9-BF20-A0B8755E64C4}C:\program files (x86)\origin games\battlefield 1\bf1.exe] => (Allow) C:\program files (x86)\origin games\battlefield 1\bf1.exe => Pas de fichier
FirewallRules: [TCP Query User{3DF14A99-7A9C-4FBA-88C3-4177FF952CE5}C:\program files (x86)\origin games\battlefield 1\bf1.exe] => (Allow) C:\program files (x86)\origin games\battlefield 1\bf1.exe => Pas de fichier
FirewallRules: [TCP Query User{3CFE1197-4162-48DD-B1A0-5D9AE6C68071}C:\program files (x86)\hearthstone\hearthstone.exe] => (Block) C:\program files (x86)\hearthstone\hearthstone.exe => Pas de fichier
FirewallRules: [UDP Query User{56201214-9AD5-4ACF-932F-1047A9AF2C42}C:\program files (x86)\hearthstone\hearthstone.exe] => (Block) C:\program files (x86)\hearthstone\hearthstone.exe => Pas de fichier
FirewallRules: [TCP Query User{D4B83B0A-0B25-4D2A-970A-58355A0A9B6A}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe => Pas de fichier
FirewallRules: [UDP Query User{5DC5E37D-D56F-412C-8B52-73F34EA465ED}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe => Pas de fichier
FirewallRules: [{3A336F57-3DBF-41A5-B9C6-EFB3FE276334}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => Pas de fichier
FirewallRules: [{0ECAC3F7-68A3-4FAF-9C31-C57AD286FB4C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => Pas de fichier
FirewallRules: [{B398BF90-0431-445C-A16E-B7B0E3D0BB40}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => Pas de fichier
FirewallRules: [{49F22E98-D8BF-4934-9EE8-41E2188D8E7E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => Pas de fichier
FirewallRules: [TCP Query User{252D9C5E-D50D-49D0-B656-504940BFEB9F}C:\program files\epic games\alienisolation\ai.exe] => (Allow) C:\program files\epic games\alienisolation\ai.exe => Pas de fichier
FirewallRules: [UDP Query User{426B72BB-3514-4CB4-9AC5-83850D27CD3B}C:\program files\epic games\alienisolation\ai.exe] => (Allow) C:\program files\epic games\alienisolation\ai.exe => Pas de fichier
FirewallRules: [{514AE1D7-754A-47E0-85F2-C5ECC6FDE3D2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => Pas de fichier
FirewallRules: [{BD307E05-B3CC-486B-AF3E-1B1FA6101AF1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => Pas de fichier
FirewallRules: [TCP Query User{5F1D4A88-2830-476C-B282-B4B6B551AD7E}C:\users\tudor\appdata\local\programs\lelivrescolaire.fr\lelivrescolaire.fr.exe] => (Allow) C:\users\tudor\appdata\local\programs\lelivrescolaire.fr\lelivrescolaire.fr.exe => Pas de fichier
FirewallRules: [UDP Query User{E47A9B6E-6AE2-4BFC-BC26-F26BE3BADD81}C:\users\tudor\appdata\local\programs\lelivrescolaire.fr\lelivrescolaire.fr.exe] => (Allow) C:\users\tudor\appdata\local\programs\lelivrescolaire.fr\lelivrescolaire.fr.exe => Pas de fichier
FirewallRules: [TCP Query User{4E9C6761-E209-471D-9725-667FE0B2ADAD}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe => Pas de fichier
FirewallRules: [UDP Query User{6723995E-4816-409B-8EFA-B5A1C01ECEFF}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe => Pas de fichier
FirewallRules: [TCP Query User{D0CF07B4-6ACD-40FE-82AF-618CD9970CC8}C:\users\tudor\appdata\local\programs\ringcentral\ringcentral.exe] => (Allow) C:\users\tudor\appdata\local\programs\ringcentral\ringcentral.exe => Pas de fichier
FirewallRules: [UDP Query User{E4827551-9EE7-47C4-9BAF-33BDD6A8A7DB}C:\users\tudor\appdata\local\programs\ringcentral\ringcentral.exe] => (Allow) C:\users\tudor\appdata\local\programs\ringcentral\ringcentral.exe => Pas de fichier
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
HKU\S-1-5-21-3957000892-2833973652-2960825972-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
HKU\S-1-5-21-3957000892-2833973652-2960825972-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus17win10.msn.com/?pc=ASTE
HKU\S-1-5-21-3957000892-2833973652-2960825972-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
StartRegedit: 
Windows Registry Editor Version 5.00
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
@=""
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[-HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
@=""
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]
EndRegedit:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChessX\ChessX.lnk
C:\Users\Bakrchampion\Links\Desktop.lnk
C:\Users\Bakrchampion\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Avast Secure Browser.lnk
C:\Users\Bakrchampion\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Avast Secure Browser.lnk
C:\Users\tudor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7111c0ce965b7246\Battle.net.lnk
Comment: Les commandes suivantes supprimeront les fichiers temporaraires. 
C:\Windows\Temp\*.* 
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\*
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\*
C:\Users\CurrentUserName\Appdata\Local\Temp\*.*
C:\Windows\SoftwareDistribution\Download\*
C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\*.*
Comment: La commande suivante videra les caches et historiques.
StartBatch:
For /D %%d In ("%userprofile%\AppData\Local\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\Cache2" Del /s /q "%%d\Cache2\*.*")
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*"
del /s /q "%userprofile%\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\*.*"
For /D %%d In ("%userprofile%\AppData\Local\Thunderbird\Profiles\*") Do (If Exist "%%d\Cache2" Del /s /q "%%d\Cache2\*.*")
For /D %%d In ("%userprofile%\AppData\Roaming\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\Places.Sqlite" Del /s /q "%%d\Places.Sqlite")
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\History"
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\History"
del /s /q "%userprofile%\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\History"
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
ipconfig /release
ipconfig /renew
ipconfig /flushdns
ipconfig /registerdns
netsh winsock reset
netsh advfirewall reset 
netsh advfirewall set allprofiles state on
netsh winhttp reset proxy
dism.exe /online /cleanup-image /restorehealth
sfc /scannow
Endbatch:
EmptyTemp:
EmptyEventLogs:
cmd: Net start wuauserv
Reboot:
end::