start:: CreateRestorePoint: cmd: Net stop wuauserv cmd: Rd /s /q %windir%\SoftwareDistribution\. CloseProcesses: EmptyTemp: EmptyEventLogs: Hosts: RemoveProxy: C:\Windows\Temp\*.* C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\* C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\* C:\Users\CurrentUserName\Appdata\Local\Temp\*.* C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\*.* StartBatch: rd /s /q "%userprofile%\AppData\Roaming\discord\Cache" rd /s /q "%userprofile%\AppData\Roaming\discord\code cache" rd /s /q "%userprofile%\AppData\Roaming\discord\gpucache" Endbatch: HKU\S-1-5-21-2288617496-1674908155-242909765-1001\...\Run: [vidnotifier.exe] => C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\vidnotifier\vidnotifier.exe (Pas de fichier) GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION Task: {1FC10422-AD57-4FF1-AC72-0EEA0F6EF1E0} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (Pas de fichier) Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Pas de fichier) R2 bcef68c6-c429-4f1c-b0ee-04c3e976b82c; C:\Windows\System32\nssm\nssm.exe [331264 2014-08-31] () [Fichier non signé] <==== ATTENTION S2 DigitalWave.Update.Service; "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe" [X] S3 cpuz157; C:\Windows\temp\cpuz157\cpuz157_x64.sys [43568 2024-10-25] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION S3 cpuz154; \??\C:\Windows\temp\cpuz154\cpuz154_x64.sys [X] <==== ATTENTION S3 cpuz158; \??\C:\Windows\temp\cpuz158\cpuz158_x64.sys [X] <==== ATTENTION S3 EuGdiDrv; \SystemRoot\system32\EuGdiDrv.sys [X] S4 NvModuleTracker; \SystemRoot\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_ea6cec41fc5b2a8b\NvModuleTracker.sys [X] HKU\S-1-5-21-2288617496-1674908155-242909765-1001\...\MountPoints2: {29ec6496-8d26-11ee-9724-806e6f6e6963} - "E:\Launcher.exe" HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\131.0.6778.109\Installer\chrmstp.exe [2024-12-06] (Google LLC -> Google LLC) HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\131.1.73.97\Installer\chrmstp.exe [2024-12-04] (Brave Software, Inc. -> Brave Software, Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{C6CB981E-DB30-4876-8639-109F8933582C}] -> C:\Program Files\BraveSoftware\Brave-Browser-Nightly\Application\132.1.75.76\Installer\chrmstp.exe [2024-12-05] (Brave Software, Inc. -> Brave Software, Inc.) Task: {D85876E6-D479-476A-8C23-B7FC7621C5A2} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{87A2AE36-A46B-4790-914D-0692D83EFEAB} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [175424 2023-11-30] (Brave Software, Inc. -> BraveSoftware Inc.) Task: {14B6E98C-D718-498D-BC2C-1EB8BA11EA52} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{0D76B7ED-F364-4441-B727-2C6EB18CCDA4} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [175424 2023-11-30] (Brave Software, Inc. -> BraveSoftware Inc.) Task: {7F53EE29-B47F-4683-88D4-626574F501B0} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem132.0.6833.0{9F145D9B-D331-4808-A9BF-EB2EBA07BB36} => C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe [5591136 2024-11-11] (Google LLC -> Google LLC) Task: C:\Windows\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee CHR Notifications: Default -> hxxps://epargnant.amundi-ee.com; hxxps://www.zone-telechargement.al CustomCLSID: HKU\S-1-5-21-2288617496-1674908155-242909765-1001_Classes\CLSID\{2ef44377-6b87-da1d-4667-d19e0c702a4a}\localserver32 -> "\\Ds1821\sources_w\U\Text Grab_Reconnaissance de caractères\Text-Grab_20240903\Text-Grab_20240903.exe" -ToastActivated => Pas de fichier CustomCLSID: HKU\S-1-5-21-2288617496-1674908155-242909765-1001_Classes\CLSID\{cb0e036c-ec97-e075-0f71-577f2d15844b}\localserver32 -> "\\Ds1821\sources_w\U\Fan Control\Dézippé\FanControl.exe" -ToastActivated => Pas de fichier CustomCLSID: HKU\S-1-5-21-2288617496-1674908155-242909765-1001_Classes\CLSID\{d345354f-7883-4fee-9631-2b8c5be222b1}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll => Pas de fichier CustomCLSID: HKU\S-1-5-21-2288617496-1674908155-242909765-1001_Classes\CLSID\{db6691bf-6364-b5aa-5d1f-b56d879fc1c7}\localserver32 -> "\\192.168.1.38\sources_w\U\Text Grab_Reconnaissance de caractères\Text-Grab_20240427\Text-Grab.exe" -ToastActivated => Pas de fichier CustomCLSID: HKU\S-1-5-21-2288617496-1674908155-242909765-1001_Classes\CLSID\{f342559f-1401-1717-f43c-eb07e5d1e631}\localserver32 -> "\\Ds1821\sources_w\U\Text Grab_Reconnaissance de caractères\Text-Grab_20240427\Text-Grab.exe" -ToastActivated => Pas de fichier HKLM\...\.reg: Regedit.Document => c:\Winnt\Regedit.exe %1 <==== ATTENTION HKLM\...\.scr: => <==== ATTENTION C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Log Report.lnk C:\Users\ordic\Desktop\7-Zip.lnk C:\Users\ordic\Desktop\QuickPanel.lnk C:\Users\ordic\Desktop\U_WEB\TELECHARGEURS VIDEOS\YouTube Telecharger.lnk C:\Users\ordic\Desktop\U_VIDEO\QuickTime Player.lnk C:\Users\ordic\Desktop\U_SYSTEME\CPUID CPU-Z.lnk C:\Users\ordic\Desktop\U_SYSTEME\Backups et ISO\Rufus-Créer un media bootable.lnk C:\Users\ordic\Desktop\U_ELECTRONIQUE\QuickPanel équivalent FrontDesign.lnk C:\Users\ordic\Desktop\U_ELECTRONIQUE\UTILITAIRES\Front Design - Faces avant.lnk C:\Users\ordic\Desktop\U_BUREAUTIQUE\Scanner Menu complet.lnk C:\Users\ordic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SyncBackFree.lnk C:\Users\ordic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPanel\QuickPanel.lnk C:\Users\ordic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPanel\Uninstall.lnk C:\Users\ordic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\FormatFactory.lnk DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|vidnotifier.exe DeleteValue: HKU\S-1-5-21-2288617496-1674908155-242909765-1001\\Software\Microsoft\Windows\CurrentVersion\Run|vidnotifier.exe] DeleteKey: HKCU\SOFTWARE\8ac9d89fab2fed8bba3ab2cdde0488dd DeleteKey: HKU\S-1-5-21-2288617496-1674908155-242909765-1001\SOFTWARE\8ac9d89fab2fed8bba3ab2cdde0488dd DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\FormatFactory\FormatFactory.exe.FriendlyAppName DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\FormatFactory\FormatFactory.exe.ApplicationCompany DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\ordic\AppData\Local\Temp\~nsuA.tmp\Un_A.exe.FriendlyAppName DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\QuickPanel\QuickPanel.exe.FriendlyAppName DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\SOURCES_W\7-Zip_Portable\7-ZipPortable_23.01.paf.exe.FriendlyAppName DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\SOURCES_W\7-Zip_Portable\7-ZipPortable_23.01.paf.exe.ApplicationCompany DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\7-Zip\7zFM.exe.FriendlyAppName DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\7-Zip\7zFM.exe.ApplicationCompany DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\7-ZipPortable\7-ZipPortable.exe.FriendlyAppName DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\7-ZipPortable\7-ZipPortable.exe.ApplicationCompany DeleteValue: HKU\S-1-5-21-2288617496-1674908155-242909765-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\FormatFactory\FormatFactory.exe.FriendlyAppName DeleteValue: HKU\S-1-5-21-2288617496-1674908155-242909765-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\FormatFactory\FormatFactory.exe.ApplicationCompany DeleteValue: HKU\S-1-5-21-2288617496-1674908155-242909765-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\ordic\AppData\Local\Temp\~nsuA.tmp\Un_A.exe.FriendlyAppName DeleteValue: HKU\S-1-5-21-2288617496-1674908155-242909765-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\QuickPanel\QuickPanel.exe.FriendlyAppName DeleteValue: HKU\S-1-5-21-2288617496-1674908155-242909765-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\SOURCES_W\7-Zip_Portable\7-ZipPortable_23.01.paf.exe.FriendlyAppName DeleteValue: HKU\S-1-5-21-2288617496-1674908155-242909765-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\SOURCES_W\7-Zip_Portable\7-ZipPortable_23.01.paf.exe.ApplicationCompany DeleteValue: HKU\S-1-5-21-2288617496-1674908155-242909765-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\7-Zip\7zFM.exe.FriendlyAppName DeleteValue: HKU\S-1-5-21-2288617496-1674908155-242909765-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\7-Zip\7zFM.exe.ApplicationCompany DeleteValue: HKU\S-1-5-21-2288617496-1674908155-242909765-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\7-ZipPortable\7-ZipPortable.exe.FriendlyAppName DeleteValue: HKU\S-1-5-21-2288617496-1674908155-242909765-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\7-ZipPortable\7-ZipPortable.exe.ApplicationCompany C:\Users\ordic\AppData\Roaming\tixati C:\Users\ordic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati DeleteKey: HKLM\SOFTWARE\Setup C:\ProgramData\Glarysoft C:\Users\ordic\AppData\Roaming\GlarySoft StartBatch: del /s /q C:\Windows\prefetch\*.* del /s /q "%userprofile%\AppData\Local\Temp\*.*" del /s /q "%userprofile%\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*" del /s /q "%userprofile%\AppData\LocalLow\Microsoft\CryptnetUrlCache\Metada\*.*" del /s /q "%userprofile%\AppData\Local\Microsoft\Windows\History\*.*" del /s /q "%userprofile%\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.*" del /s /q "%userprofile%\AppData\Roaming\Microsoft\Windows\Recent\*.lnk" For /D %%d In ("%userprofile%\AppData\Local\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\Cache2" Del /s /q "%%d\Cache2\*.*") del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Code Cache\Js\." del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*" del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\Js\." del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\." del /s /q "%userprofile%\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\*.*" del /s /q "%userprofile%\AppData\Roaming\Opera Software\Opera GX Stable\Code Cache\Js\." del /s /q "%userprofile%\AppData\Roaming\Opera Software\Opera Stable\Code Cache\Js\." del /s /q "%userprofile%\AppData\Roaming\Opera Software\*" For /D %%d In ("%userprofile%\AppData\Local\Thunderbird\Profiles\*") Do (If Exist "%%d\Cache2" Del /s /q "%%d\Cache2\*.*") For /D %%d In ("%userprofile%\AppData\Roaming\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\Places.Sqlite" Del /s /q "%%d\Places.Sqlite") del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\History" del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\History" del /s /q "%userprofile%\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\History" del /s /q "%userprofile%\AppData\Roaming\Opera Software\Opera Stable\History" del /s /q "%userprofile%\AppData\Roaming\Opera Software\Opera GX Stable\History" ipconfig /release ipconfig /renew ipconfig /flushdns ipconfig /registerdns netsh winsock reset netsh advfirewall reset netsh advfirewall set allprofiles state on netsh winhttp reset proxy bitsadmin /reset /allusers net start sdrsvc net start vss net start rpcss net start eventsystem net start winmgmt net start msiserver net start bfe net start trustedinstaller net start windefend net start mpssvc net start mpsdrv Winmgmt /salvagerepository Winmgmt /resetrepository Winmgmt /resyncperf Endbatch: cmd: Net start wuauserv Reboot: end::