start::
CreateRestorePoint:
cmd: Net stop wuauserv
CloseProcesses:
Hosts:
RemoveProxy:
DeleteValue: HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\StartupApproved\Run|OneDriveSetup
DeleteValue: HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\StartupApproved\Run|OneDriveSetup
DeleteKey: HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\ContextMenu
DeleteKey: HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\ContextMenu
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|H:\install.EXE.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|H:\install.EXE.ApplicationCompany
DeleteValue: HKU\S-1-5-21-3442082071-2219446132-1631456064-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|H:\install.EXE.FriendlyAppName
DeleteValue: HKU\S-1-5-21-3442082071-2219446132-1631456064-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|H:\install.EXE.ApplicationCompany
DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AvastUI.exe
DeleteKey: HKLM\SOFTWARE\Avast Software
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Avast Software
DeleteKey: HKCU\SOFTWARE\AvastAdSDK
DeleteKey: HKU\S-1-5-21-3442082071-2219446132-1631456064-1001\SOFTWARE\AvastAdSDK
C:\ProgramData\Avast Software
C:\Users\mec62\AppData\Local\Avast Software
DeleteKey: HKCU\SOFTWARE\BraveSoftware
DeleteKey: HKU\S-1-5-21-3442082071-2219446132-1631456064-1001\SOFTWARE\BraveSoftware
C:\Users\mec62\AppData\Local\BraveSoftware
DeleteKey: HKCU\SOFTWARE\Chromium
DeleteKey: HKU\S-1-5-21-3442082071-2219446132-1631456064-1001\SOFTWARE\Chromium
C:\Users\mec62\AppData\Local\Google\Chrome\User Data\Default\Extensions\caiblelclndcckfafdaggpephhgfpoip
C:\ProgramData\Avira
C:\Users\mec62\AppData\Local\Avira
C:\Users\mec62\AppData\Local\AviraWebView2Cache
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
GroupPolicy-Firefox: Restriction <==== ATTENTION
U3 aswbdisk; pas de ImagePath
S3 netprotection_network_filter2; System32\drivers\netprotection_network_filter2.sys [X]
HKU\S-1-5-21-3442082071-2219446132-1631456064-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [42727840 2023-10-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-3442082071-2219446132-1631456064-1001\...\MountPoints2: {a913e018-b722-11ec-8e4f-806e6f6e6963} - "H:\stub.exe" 
Task: {F62F09BE-3C5F-4EAC-9BED-D55EBAC4BB6F} - System32\Tasks\Avira_Security_Maintenance => Command(1): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> FallbackTelemetry
Task: {F62F09BE-3C5F-4EAC-9BED-D55EBAC4BB6F} - System32\Tasks\Avira_Security_Maintenance => Command(2): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> ServiceWatchdog
Task: {F62F09BE-3C5F-4EAC-9BED-D55EBAC4BB6F} - System32\Tasks\Avira_Security_Maintenance => Command(3): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> CrashCollector
Task: {4D3F7B57-ACB4-4B9A-982A-9C91E8A57686} - System32\Tasks\Avira_Security_Service_SCM_Watchdog => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe [260360 2023-10-31] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {E4EF145F-DCD1-4EBA-82AD-97A1D5746108} - System32\Tasks\Avira_Security_Systray => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe [1814008 2023-10-31] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {77EF13BB-DC44-4312-8228-1B961E71FB96} - System32\Tasks\Avira_Security_Update => C:\Windows\system32\net.exe [59904 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {FB2C10FB-DA9B-480D-AD2E-36DAC6FCD78C} - System32\Tasks\AviraSystemSpeedupVerify => C:\Program Files (x86)\Avira\System Speedup\setup\avira_speedup_setup.exe [37168176 2023-09-28] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {C22792E9-E235-472C-802A-141DB951621D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-10-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {781FB6EC-AD56-4DCD-A739-EA5E88CF443B} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-10-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "eb2b4fd6-6b0b-40a4-9883-cc669ab6e995" --version "6.17.10746" --silent
Task: {71C711F4-0CF7-49EF-998F-F441135FDD9D} - System32\Tasks\CCleanerSkipUAC - mec62 => C:\Program Files\CCleaner\CCleaner.exe [35664800 2023-10-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {C187DB69-5936-4600-8F47-A7CDB879C3F7} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [676256 2023-11-08] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {959DEB58-24CB-4DB4-A85E-08D96E1B2458} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [723872 2023-11-08] (Mozilla Corporation -> Mozilla Foundation)
Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\Windows\Tasks\EPSON XP-422 423 425 Series Update {E99B376F-A58C-4510-99CE-59DEC79BE834}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNDE.EXE:/EXE:{E99B376F-A58C-4510-99CE-59DEC79BE834} /F:UpdateWORKGROUP\PC-MOH$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Edge Notifications: Default -> hxxps://0wvghk.nonshobetates.com
Edge HKLM-x32\...\Edge\Extension: [caiblelclndcckfafdaggpephhgfpoip]
Edge HKLM-x32\...\Edge\Extension: [emgfgdclgfeldebanedpihppahgngnle]
Edge Extension: (Avira Safe Shopping) - C:\Users\mec62\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephhgfpoip [2022-05-05]
FF Notifications: Mozilla\Firefox\Profiles\i4qll4db.default-release -> hxxps://www.forum-des-portables-asus.fr
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Pas de fichier
AV: Avira Security (Enabled - Up to date) {61BC6DAC-476E-FFC1-65F3-835A40DFF674}
FW: Avira Security (Enabled) {BE55A40C-05CA-1096-36EB-CCA92DEAF539}
FW: Avira Security (Enabled) {877B141C-E73B-9A54-223E-108CC963426A}
FW: Avira Security (Enabled) {71EC0A3F-391C-0E33-A103-0C8A6DF0EBF0}
FW: Avira Security (Enabled) {4EFB3EBA-D5BC-D311-F570-D3065B48D523}
FW: Avira Security (Enabled) {12CE3622-C811-64DE-1773-AA1774F2B8E1}
Comment: Les commandes suivantes supprimeront les fichiers temporaraires. 
C:\Windows\Temp\*.* 
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\*
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\*
C:\Users\CurrentUserName\Appdata\Local\Temp\*.*
C:\Windows\SoftwareDistribution\Download\*
C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\*.*
Comment: La commande suivante videra les caches et historiques.
StartBatch:
For /D %%d In ("%userprofile%\AppData\Local\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\Cache2" Del /s /q "%%d\Cache2\*.*")
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*"
For /D %%d In ("%userprofile%\AppData\Local\Thunderbird\Profiles\*") Do (If Exist "%%d\Cache2" Del /s /q "%%d\Cache2\*.*")
For /D %%d In ("%userprofile%\AppData\Roaming\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\Places.Sqlite" Del /s /q "%%d\Places.Sqlite")
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\History"
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\History"
del /s /q "%userprofile%\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*"
del /s /q "%userprofile%\AppData\LocalLow\Microsoft\CryptnetUrlCache\Metada\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Windows\History\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.*"
del /s /q "%userprofile%\AppData\Roaming\Microsoft\Windows\Recent\*.lnk"
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
ipconfig /release
ipconfig /renew
ipconfig /flushdns
ipconfig /registerdns
netsh winsock reset
netsh advfirewall reset 
netsh advfirewall set allprofiles state on
netsh winhttp reset proxy
dism.exe /online /cleanup-image /restorehealth
sfc /scannow
Endbatch:
EmptyTemp:
EmptyEventLogs:
cmd: Net start wuauserv
Reboot:
end::