start::
CreateRestorePoint:
cmd: Net stop wuauserv
CloseProcesses:
Hosts:
RemoveProxy:
DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|CL-26-BBE60969-6705-4CCC-B5DE-2966A2AD37C1
DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Wondershare Helper Compact.exe
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|YKM
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|mnr.exe
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|XRJNZC
DeleteValue: HKU\S-1-5-21-3680562321-2050715208-4169210804-1001\\Software\Microsoft\Windows\CurrentVersion\Run|YKM]
DeleteValue: HKU\S-1-5-21-3680562321-2050715208-4169210804-1001\\Software\Microsoft\Windows\CurrentVersion\Run|mnr.exe]
DeleteValue: HKU\S-1-5-21-3680562321-2050715208-4169210804-1001\\Software\Microsoft\Windows\CurrentVersion\Run|XRJNZC]
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPWPD.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPWPD.exe.ApplicationCompany
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\tut\Downloads\adwcleaner_8.4.0.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\tut\Downloads\adwcleaner_8.4.0.exe.ApplicationCompany
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\tut\Downloads\filmora-idco_setup_full1901.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\tut\Downloads\shotcut-win64-230929.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\tut\Downloads\shotcut-win64-230929.exe.ApplicationCompany
DeleteValue: HKU\S-1-5-21-3680562321-2050715208-4169210804-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPWPD.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-3680562321-2050715208-4169210804-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPWPD.exe.ApplicationCompany
DeleteValue: HKU\S-1-5-21-3680562321-2050715208-4169210804-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\tut\Downloads\adwcleaner_8.4.0.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-3680562321-2050715208-4169210804-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\tut\Downloads\adwcleaner_8.4.0.exe.ApplicationCompany
DeleteValue: HKU\S-1-5-21-3680562321-2050715208-4169210804-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\tut\Downloads\filmora-idco_setup_full1901.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-3680562321-2050715208-4169210804-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\tut\Downloads\shotcut-win64-230929.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-3680562321-2050715208-4169210804-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\tut\Downloads\shotcut-win64-230929.exe.ApplicationCompany
DeleteKey: HKCU\SOFTWARE\BitTorrent
DeleteKey: HKCU\SOFTWARE\BitTorrentPersist
DeleteKey: HKU\S-1-5-21-3680562321-2050715208-4169210804-1001\SOFTWARE\BitTorrent
DeleteKey: HKU\S-1-5-21-3680562321-2050715208-4169210804-1001\SOFTWARE\BitTorrentPersist
C:\Users\tut\AppData\Roaming\utorrent
C:\Users\tut\AppData\Local\BitTorrentHelper
C:\Users\tut\AppData\LocalLow\uTorrent.WebView2
C:\Users\tut\AppData\Roaming\utorrent\bt_datachannel.dll
C:\Users\tut\AppData\Roaming\utorrent\updates\3.6.0_46922\utorrentie.exe   
C:\ProgramData\Key-Base
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriversCloud.com
C:\Users\tut\Desktop\DriversCloud_Install
C:\Users\tut\AppData\Local\Adaware
HKLM\...\Run: [CL-26-BBE60969-6705-4CCC-B5DE-2966A2AD37C1] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-26-BBE60969-6705-4CCC-B5DE-2966A2AD37C1\setuplauncher.exe" /run:Installer.exe /args:"/setup-folder:"CL-26-BBE60969-6705-4CCC-B5DE-2966A2A (l'élément de données a 7 caractères en plus). (Pas de fichier)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Pas de fichier)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-3680562321-2050715208-4169210804-1001\...\Run: [YKM] => C:\ProgramData\SMUCCI\YKM.exe\SMUCCI\YKM.exe (Pas de fichier)
HKU\S-1-5-21-3680562321-2050715208-4169210804-1001\...\Run: [mnr.exe] => C:\Users\tut\AppData\Local\Temp\1000035001\mnr.exe (Pas de fichier) <==== ATTENTION
HKU\S-1-5-21-3680562321-2050715208-4169210804-1001\...\Run: [CUTE] => C:\ProgramData\Mircosolt\CUTE.exe [825229312 2023-11-13] () [Fichier non signé] <==== ATTENTION
HKU\S-1-5-21-3680562321-2050715208-4169210804-1001\...\Run: [XRJNZC] => C:\ProgramData\pinterests\XRJNZC.exe\pinterests\XRJNZC.exe (Pas de fichier)
Task: {3A9B29AE-2535-4EBC-A5A7-4B89C6B1ECA3} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\27.0.1.250\WatchDog.exe  repair (Pas de fichier)
Task: {1CE948AF-473E-4818-8F3E-BF8A15CDBED4} - System32\Tasks\CUTE => C:\ProgramData\Mircosolt\CUTE.exe [825229312 2023-11-13] () [Fichier non signé] <==== ATTENTION
Task: {3FAF33C3-651A-4D14-B28E-18C010AB34D5} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem121.0.6116.0{1CDBF135-A6F9-41D3-8283-D7638DDE998E} => C:\Program Files (x86)\Google\GoogleUpdater\121.0.6116.0\updater.exe [4350240 2023-11-08] (Google LLC -> Google LLC) <==== ATTENTION
Task: {EC195B6C-E32B-40C9-BA7C-B4A0F0C3CCC4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe  /send (Pas de fichier)
Task: {1EB91C03-DB5D-4367-AD69-2390ECCAC768} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe  /f (Pas de fichier)
Task: {720F5D93-FF91-4060-8A15-7793D22F9CF4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater  Install HPSA => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe  /l (Pas de fichier)
Task: {FEDBD316-C3AC-4FF9-9382-EE50CC5E0772} - System32\Tasks\S0kd7p\DO0ML => "C:\Users\tut\AppData\Roaming\B7AD2F766AC7A428\srvrast.exe"  -> "C:\Users\tut\AppData\Roaming\B7AD2F766AC7A428\srvrast.chm" <==== ATTENTION
S2 bdredline_agent; "C:\Program Files\Bitdefender Agent\redline\bdredline.exe" [X]
S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]
S2 ProductAgentService; "C:\Program Files\Bitdefender Agent\ProductAgentService.exe" [X]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\119.0.6045.200\Installer\chrmstp.exe [2023-11-30] (Google LLC -> Google LLC)
Task: {59F55792-ABD1-47DF-B7DA-412630AF8910} - System32\Tasks\HPPSDrTelemetryWatch => C:\Program Files (x86)\HP\Diagnostics\TelemetryWatch\PSDrTelemetryWatch.exe [36440 2022-06-28] (HP Inc. -> )
Task: {79537386-CE7D-44AB-B368-D1FE84BF565F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27033280 2023-11-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {EA07A2C9-0FDD-4605-962E-176F68D3BB0C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27033280 2023-11-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {D4494EFF-E968-4355-A5DA-94FF8D6C68F2} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [218160 2023-11-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {B39DC8D4-1908-4EBD-90EF-8449685C8CF5} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [218160 2023-11-18] (Microsoft Corporation -> Microsoft Corporation)
CHR Notifications: Profile 2 -> hxxps://www.youtube.com
2023-05-11 19:23 - 2023-05-11 19:24 - 000024488 _____ () C:\Users\tut\AppData\Local\PlariumPlay.log
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3680562321-2050715208-4169210804-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
C:\ProgramData\Microsoft\Windows\Start Menu\SoftEther VPN Client Manager.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.10.24.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hola Browser.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare\UniConverter\Wondershare UniConverter.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windscribe\Désinstaller Windscribe.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windscribe\Windscribe.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\LedWallpaper.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\SoftEther VPN Client Manager Startup.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client\Manage Remote Computer's SoftEther VPN Client.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client\SoftEther VPN Client Manager.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client\SoftEther VPN Command Line Utility (vpncmd).lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client\Language Settings\Configure Display Language.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client\Configuration Tools\TCP Optimization Utility.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client\Configuration Tools\Uninstall SoftEther VPN Client.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client\Administrative Tools\Debugging Information Collecting Tool.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client\Administrative Tools\Easy Installer Creator.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client\Administrative Tools\Network Traffic Speed Test Tool.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client\Administrative Tools\Web Installer Creator.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2020\LayOut 2020.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2020\SketchUp 2020.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2020\Style Builder 2020.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Désinstaller Revo Uninstaller Pro.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RenaultAutomotive\Renault Media Nav Evolution Toolbox.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RenaultAutomotive\Uninstall.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer\PDF-Viewer License.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer\PDF-Viewer Users Manual.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer\PDF-Viewer.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer\Tracker Updater.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer\Uninstall.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse driver\Mouse driver.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse driver\Uninstall.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetry Dashboard for Office.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaHuman\Audio Converter\MediaHuman Audio Converter.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Recorder\Max Recorder.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Led\LedWallpaper\Aide.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Led\LedWallpaper\Désinstaller LedWallpaper.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Led\LedWallpaper\LedWallpaper.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GS Auto Clicker\GS Auto Clicker.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GS Auto Clicker\Uninstall GS Auto Clicker.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard\Désinstaller EaseUS Data Recovery Wizard.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard\EaseUS Data Recovery Wizard.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS\EaseUS PDF Editor\Désinstaller EaseUS PDF Editor.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS\EaseUS PDF Editor\EaseUS PDF Editor.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriversCloud.com\DriversCloud.html.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Phantom VPN.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Reset traffic counter.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Uninstall.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Partition Assistant\AOMEI Partition Assistant 9.6.1.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Partition Assistant\Uninstall AOMEI Partition Assistant.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper\AOMEI Backupper.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper\Désinstaller AOMEI Backupper.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper\Manuel de l'utilisateur (PDF).lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk\AnyDesk.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk\Uninstall AnyDesk.lnk
C:\Users\Public\Desktop\GS Auto Clicker.lnk
C:\Users\tut\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Tombstones\Shotcut.lnk
Comment: Les commandes suivantes supprimeront les fichiers temporaraires. 
C:\Windows\Temp\*.* 
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\*
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\*
C:\Users\CurrentUserName\Appdata\Local\Temp\*.*
C:\Windows\SoftwareDistribution\Download\*
C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\*.*
Comment: La commande suivante videra les caches et historiques.
StartBatch:
del /s /q "%userprofile%\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*"
del /s /q "%userprofile%\AppData\LocalLow\Microsoft\CryptnetUrlCache\Metada\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Windows\History\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.*"
del /s /q "%userprofile%\AppData\Roaming\Microsoft\Windows\Recent\*.lnk"
For /D %%d In ("%userprofile%\AppData\Local\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\Cache2" Del /s /q "%%d\Cache2\*.*")
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*"
For /D %%d In ("%userprofile%\AppData\Local\Thunderbird\Profiles\*") Do (If Exist "%%d\Cache2" Del /s /q "%%d\Cache2\*.*")
For /D %%d In ("%userprofile%\AppData\Roaming\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\Places.Sqlite" Del /s /q "%%d\Places.Sqlite")
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\History"
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\History"
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
ipconfig /release
ipconfig /renew
ipconfig /flushdns
ipconfig /registerdns
netsh winsock reset
netsh advfirewall reset 
netsh advfirewall set allprofiles state on
netsh winhttp reset proxy
dism.exe /online /cleanup-image /restorehealth
sfc /scannow
Endbatch:
EmptyTemp:
EmptyEventLogs:
cmd: Net start wuauserv
Reboot:
end::