start::
CreateRestorePoint:
cmd: Net stop wuauserv
cmd: Rd /s /q %windir%\SoftwareDistribution\.
CloseProcesses:
EmptyTemp:
EmptyEventLogs:
Hosts:
RemoveProxy:
C:\Windows\Temp\*.*
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\*
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\*
C:\Users\CurrentUserName\Appdata\Local\Temp\*.*
C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\*.*
DeleteKey: HKCU\SOFTWARE\13767fb8-1090-5f10-9b1e-b497b7aff594
DeleteKey: HKCU\SOFTWARE\3a7b72c3-feff-552b-ab36-a4bfabbea3cf
DeleteKey: HKCU\SOFTWARE\46cf01d6-a405-5b47-a44f-4dd61ad5f7c2
DeleteKey: HKCU\SOFTWARE\71445fac-d6ef-5436-9da7-5a323762d7f5
DeleteKey: HKCU\SOFTWARE\a378d6fe-4c23-572a-919a-80a393fb5bec
DeleteKey: HKCU\SOFTWARE\ac655633-dd06-5673-af5b-dc3d30a5f9ed
DeleteKey: HKCU\SOFTWARE\fbd30ee5-8150-549e-9aed-fd9d444364fb
DeleteKey: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\SOFTWARE\13767fb8-1090-5f10-9b1e-b497b7aff594
DeleteKey: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\SOFTWARE\3a7b72c3-feff-552b-ab36-a4bfabbea3cf
DeleteKey: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\SOFTWARE\46cf01d6-a405-5b47-a44f-4dd61ad5f7c2
DeleteKey: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\SOFTWARE\71445fac-d6ef-5436-9da7-5a323762d7f5
DeleteKey: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\SOFTWARE\a378d6fe-4c23-572a-919a-80a393fb5bec
DeleteKey: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\SOFTWARE\ac655633-dd06-5673-af5b-dc3d30a5f9ed
DeleteKey: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\SOFTWARE\fbd30ee5-8150-549e-9aed-fd9d444364fb
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\DesktopDockShellExt
DeleteKey: HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\DesktopDockShellExt
DeleteKey: HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\DesktopDockShellExt
DeleteKey: HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\VMDiskMenuHandler
DeleteKey: HKLM\Software\Classes\CLSID\{271DC252-6FE1-4D59-9053-E4CF50AB99DE}
C:\Users\dd\AppData\Local\Google\Chrome\User Data\Default\File System\004
C:\Users\dd\AppData\Local\Google\Chrome\User Data\Default\File System\031
C:\Users\dd\AppData\Local\Google\Chrome\User Data\Default\File System\032
C:\Users\dd\AppData\Local\Google\Chrome\User Data\Default\File System\033
C:\Users\dd\AppData\Local\Google\Chrome\User Data\Default\File System\034
C:\Users\dd\AppData\Local\Google\Chrome\User Data\Default\File System\035
C:\Users\dd\AppData\Local\Google\Chrome\User Data\Default\File System\036
C:\Users\dd\AppData\Local\Google\Chrome\User Data\Default\File System\037
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\FormatFactory\FormatFactory.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\FormatFactory\FormatFactory.exe.ApplicationCompany
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\63adf8d6-ecce-41e5-8701-6d7176ced497_Lexar-Recovery-Tool-for-Windows-EN.zip.497\lexarrecoverytool-1.1.2-setup.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\63adf8d6-ecce-41e5-8701-6d7176ced497_Lexar-Recovery-Tool-for-Windows-EN.zip.497\lexarrecoverytool-1.1.2-setup.exe.ApplicationCompany
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\{FA81CFF6-71DD-4157-A90B-5E4AE3E599EB}\.cr\disk-drill-win.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\{FA81CFF6-71DD-4157-A90B-5E4AE3E599EB}\.cr\disk-drill-win.exe.ApplicationCompany
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\{298BC50E-FA15-4F61-8129-C43DCB00BCC0}\.cr\disk-drill-win.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\{298BC50E-FA15-4F61-8129-C43DCB00BCC0}\.cr\disk-drill-win.exe.ApplicationCompany
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\4b390600-1eaa-428e-88a3-082d144f4dae_Lexar Recovery Tool for Windows (EN).zip.dae\lexarrecoverytool-1.1.3.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\4b390600-1eaa-428e-88a3-082d144f4dae_Lexar Recovery Tool for Windows (EN).zip.dae\lexarrecoverytool-1.1.3.exe.ApplicationCompany
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\WinGet\BlueStack.BlueStacks.5.22.0.1102\BlueStacksFullInstaller_5.22.0.1102_amd64_native.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\WinGet\BlueStack.BlueStacks.5.22.0.1102\BlueStacksFullInstaller_5.22.0.1102_amd64_native.exe.ApplicationCompany
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\7zSC1B8F7D4\BlueStacks-Installer_5.22.0.1102_amd64_native.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\7zSC1B8F7D4\BlueStacks-Installer_5.22.0.1102_amd64_native.exe.ApplicationCompany
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\7zS81D03FC6\BlueStacksInstaller.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\7zS81D03FC6\BlueStacksInstaller.exe.ApplicationCompany
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\7zSC1B8F7D4\BSX-Setup_10.42.0.1016.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\7zSC1B8F7D4\BSX-Setup_10.42.0.1016.exe.ApplicationCompany
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\7zS81D03FC6\HD-GLCheck.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\7zS81D03FC6\HD-GLCheck.exe.ApplicationCompany
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\WinGet\CyberGhost.CyberGhost.8.4.11.14569\WebInstaller.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\WinGet\CyberGhost.CyberGhost.8.4.11.14569\WebInstaller.exe.ApplicationCompany
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\WinGet\Microsoft.WindowsAppRuntime.1.5.1.5.8\windowsappruntimeinstall-x64.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\WinGet\Microsoft.WindowsAppRuntime.1.5.1.5.8\windowsappruntimeinstall-x64.exe.ApplicationCompany
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Dropbox\Client_221.3.5229\Dropbox.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Dropbox\Client_221.3.5229\Dropbox.exe.ApplicationCompany
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|H:\scriptinstallprog.bat.FriendlyAppName
DeleteValue: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\FormatFactory\FormatFactory.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\FormatFactory\FormatFactory.exe.ApplicationCompany
DeleteValue: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\63adf8d6-ecce-41e5-8701-6d7176ced497_Lexar-Recovery-Tool-for-Windows-EN.zip.497\lexarrecoverytool-1.1.2-setup.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\63adf8d6-ecce-41e5-8701-6d7176ced497_Lexar-Recovery-Tool-for-Windows-EN.zip.497\lexarrecoverytool-1.1.2-setup.exe.ApplicationCompany
DeleteValue: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\{FA81CFF6-71DD-4157-A90B-5E4AE3E599EB}\.cr\disk-drill-win.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\{FA81CFF6-71DD-4157-A90B-5E4AE3E599EB}\.cr\disk-drill-win.exe.ApplicationCompany
DeleteValue: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\{298BC50E-FA15-4F61-8129-C43DCB00BCC0}\.cr\disk-drill-win.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\{298BC50E-FA15-4F61-8129-C43DCB00BCC0}\.cr\disk-drill-win.exe.ApplicationCompany
DeleteValue: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\4b390600-1eaa-428e-88a3-082d144f4dae_Lexar Recovery Tool for Windows (EN).zip.dae\lexarrecoverytool-1.1.3.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\4b390600-1eaa-428e-88a3-082d144f4dae_Lexar Recovery Tool for Windows (EN).zip.dae\lexarrecoverytool-1.1.3.exe.ApplicationCompany
DeleteValue: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\WinGet\BlueStack.BlueStacks.5.22.0.1102\BlueStacksFullInstaller_5.22.0.1102_amd64_native.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\WinGet\BlueStack.BlueStacks.5.22.0.1102\BlueStacksFullInstaller_5.22.0.1102_amd64_native.exe.ApplicationCompany
DeleteValue: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\7zSC1B8F7D4\BlueStacks-Installer_5.22.0.1102_amd64_native.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\7zSC1B8F7D4\BlueStacks-Installer_5.22.0.1102_amd64_native.exe.ApplicationCompany
DeleteValue: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\7zS81D03FC6\BlueStacksInstaller.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\7zS81D03FC6\BlueStacksInstaller.exe.ApplicationCompany
DeleteValue: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\7zSC1B8F7D4\BSX-Setup_10.42.0.1016.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\7zSC1B8F7D4\BSX-Setup_10.42.0.1016.exe.ApplicationCompany
DeleteValue: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\7zS81D03FC6\HD-GLCheck.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\7zS81D03FC6\HD-GLCheck.exe.ApplicationCompany
DeleteValue: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\WinGet\CyberGhost.CyberGhost.8.4.11.14569\WebInstaller.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\WinGet\CyberGhost.CyberGhost.8.4.11.14569\WebInstaller.exe.ApplicationCompany
DeleteValue: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\WinGet\Microsoft.WindowsAppRuntime.1.5.1.5.8\windowsappruntimeinstall-x64.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\WinGet\Microsoft.WindowsAppRuntime.1.5.1.5.8\windowsappruntimeinstall-x64.exe.ApplicationCompany
DeleteValue: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Dropbox\Client_221.3.5229\Dropbox.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\Dropbox\Client_221.3.5229\Dropbox.exe.ApplicationCompany
DeleteValue: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Users\dd\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|H:\scriptinstallprog.bat.FriendlyAppName
C:\Users\dd]\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
C:\Users\Public\Desktop\Vuze.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8461-7759-5462-8226
DeleteKey: HKLM\SOFTWARE\Azureus
DeleteKey: HKCU\SOFTWARE\Azureus
DeleteKey: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\SOFTWARE\Azureus
C:\Program Files\Vuze
C:\Users\dd\AppData\Roaming\Azureus
DeleteKey: HKLM\SOFTWARE\Setup
DeleteKey: HKCU\SOFTWARE\Software
DeleteKey: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\SOFTWARE\Software
C:\Users\dd\Desktop\LAUNCHER
DeleteKey: HKLM\SOFTWARE\JavaSoft
DeleteKey: HKCU\SOFTWARE\JavaSoft
DeleteKey: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\SOFTWARE\JavaSoft
C:\ProgramData\IObit
C:\Users\dd\AppData\Roaming\AnyDesk
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{780BAC3B-1BF7-45E5-9147-88208983121A}C:\users\dd\downloads\anydesk (2).exe"
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{2961673C-0976-492B-98CD-B261017F941E}C:\users\dd\downloads\anydesk (2).exe"
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{E8E14D27-0C83-4919-9752-4A6C8C5A61E9}C:\users\dd\downloads\anydesk.exe"
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{F92CD77A-0CAC-480F-8DE8-76D91CFD3493}C:\users\dd\downloads\anydesk.exe"
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{CE8CAFFD-9D1E-4BA2-AF07-C4D97DAAA13B}C:\users\dd\downloads\anydesk (1).exe"
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{41466BB1-DF37-4238-AD04-F2593D5B6A7C}C:\users\dd\downloads\anydesk (1).exe"
CustomCLSID: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\dd\AppData\Local\CyberghostBrowser\CyberghostBrowserUpdater\90.0.4430.93\updater.exe" --server => Pas de fichier
CustomCLSID: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001_Classes\CLSID\{7FB5B887-6EFB-4673-AD24-08DF7DA0DA35}\localserver32 -> "C:\Users\dd\AppData\Local\Vivaldi\Application\6.2.3105.48\notification_helper.exe" => Pas de fichier
CustomCLSID: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001_Classes\CLSID\{879AEA55-D3C1-5381-B8CD-E4EA1F3E9C55}\localserver32 -> "C:\Users\dd\AppData\Local\CyberghostBrowser\CyberghostBrowserUpdater\90.0.4430.93\updater.exe" --server => Pas de fichier
CustomCLSID: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001_Classes\CLSID\{A5981BD9-137A-5D52-B19B-3A95196AB854}\localserver32 -> "C:\Users\dd\AppData\Local\CyberghostBrowser\CyberghostBrowserUpdater\90.0.4430.93\updater.exe" --server => Pas de fichier
CustomCLSID: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001_Classes\CLSID\{A73498B1-4608-4D18-882B-8EB75DCBAC1A}\localserver32 -> "C:\Users\dd\AppData\Local\CyberghostBrowser\Application\90.0.4430.93\notification_helper.exe" => Pas de fichier
CustomCLSID: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -> "C:\Users\dd\AppData\Local\Vivaldi\Application\5.3.2679.70\notification_helper.exe" => Pas de fichier
CustomCLSID: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001_Classes\CLSID\{c1fc922a-c2f4-4e7e-e59b-36e80c0a4f4a}\localserver32 -> "C:\Program Files\WingetUI\WingetUI.exe" -ToastActivated => Pas de fichier
AlternateDataStreams: C:\ProgramData\TEMP:4FB9487F [422]
AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [352]
FirewallRules: [{309F7628-47C8-4A40-9020-3D39A685DAF7}] => (Allow) C:\Program Files\Tailscale\tailscaled.exe => Pas de fichier
FirewallRules: [{5C91781E-9A2C-41F4-8CCF-64D1C1AEF059}] => (Allow) C:\Steam\steamapps\common\Demolish & Build 3 Excavator Playground\Demolish & Build 3 Excavator Playground.exe => Pas de fichier
FirewallRules: [{0E739997-A5F8-4825-9FE4-7D91CC64B713}] => (Allow) C:\Steam\steamapps\common\Demolish & Build 3 Excavator Playground\Demolish & Build 3 Excavator Playground.exe => Pas de fichier
FirewallRules: [UDP Query User{C2292594-E876-437D-8572-9F5ED91612CE}C:\program files (x86)\hdd regenerator\hdd regenerator.exe] => (Allow) C:\program files (x86)\hdd regenerator\hdd regenerator.exe => Pas de fichier
FirewallRules: [TCP Query User{4D7B9672-EF8B-484F-A8B8-4AAAB46B8F68}C:\program files (x86)\hdd regenerator\hdd regenerator.exe] => (Allow) C:\program files (x86)\hdd regenerator\hdd regenerator.exe => Pas de fichier
FirewallRules: [{5BCC3A1A-78BC-4882-9531-06B1FD69238F}] => (Allow) F:\SteamLibrary\steamapps\common\The Constructors Demo\The Constructors.exe => Pas de fichier
FirewallRules: [{076636D9-26DA-428D-80D2-67359F8FA750}] => (Allow) F:\SteamLibrary\steamapps\common\The Constructors Demo\The Constructors.exe => Pas de fichier
FirewallRules: [{A17E1C20-D29E-4F06-8129-BAA472A47874}] => (Allow) C:\Program Files (x86)\AOMEI\ABService.exe => Pas de fichier
FirewallRules: [{B2E3682D-4C23-4C04-97BA-12EAFB406B12}] => (Allow) C:\Program Files (x86)\AOMEI\ABService.exe => Pas de fichier
FirewallRules: [{5E1818EA-0A66-43A4-A9D2-DD869C3CA554}] => (Allow) F:\SteamLibrary\steamapps\common\EmergeNYC\EMERGENYC.exe => Pas de fichier
FirewallRules: [{90AD43A9-1380-42A6-9C2B-BCD08C50E3C0}] => (Allow) F:\SteamLibrary\steamapps\common\EmergeNYC\EMERGENYC.exe => Pas de fichier
FirewallRules: [{7525E5DC-636A-44D4-970B-F669F9A7A81A}] => (Allow) C:\Program Files\Euro Truck Simulator 2bin\win_x64\eurotrucks2.exe => Pas de fichier
FirewallRules: [{FF8CC7E8-88E0-4CE8-AE58-431D6759C065}] => (Allow) C:\Program Files\Euro Truck Simulator 2bin\win_x86\eurotrucks2.exe => Pas de fichier
FirewallRules: [UDP Query User{F1C7DB2E-3D44-4E09-B658-62DB6282393B}C:\program files\dslrbooth\dslrbooth.exe] => (Allow) C:\program files\dslrbooth\dslrbooth.exe => Pas de fichier
FirewallRules: [TCP Query User{543484C9-26C4-4A1E-976F-349306C4BC19}C:\program files\dslrbooth\dslrbooth.exe] => (Allow) C:\program files\dslrbooth\dslrbooth.exe => Pas de fichier
FirewallRules: [{82A96D9D-FA04-4896-AEE3-27683EC3CAB3}] => (Allow) C:\Program Files (x86)\AOMEI\ABService.exe => Pas de fichier
FirewallRules: [{107C4278-5104-4D46-BAD6-0D97025CBEE5}] => (Allow) C:\Program Files (x86)\AOMEI\ABService.exe => Pas de fichier
FirewallRules: [{EB4A3067-06FB-48EC-9E28-47DD6D2B77E8}] => (Allow) C:\Program Files\Euro Truck Simulator 2bin\win_x64\eurotrucks2.exe => Pas de fichier
FirewallRules: [{CF5A0256-07BC-4A2F-96B8-5744F12E540B}] => (Allow) C:\Program Files\Euro Truck Simulator 2bin\win_x86\eurotrucks2.exe => Pas de fichier
FirewallRules: [{2D3F2683-4727-4523-8B98-7940BB3ECE9C}] => (Allow) C:\Steam\steamapps\common\Construction Simulator\ConSim.exe => Pas de fichier
FirewallRules: [{1FFA636E-260E-4145-AF59-E9D8D4466587}] => (Allow) C:\Steam\steamapps\common\Construction Simulator\ConSim.exe => Pas de fichier
FirewallRules: [{D188FEE1-DD45-4A12-922C-241C3C09FEDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Construction Simulator\ConSim.exe => Pas de fichier
FirewallRules: [{20A8563E-58FE-4C08-81C8-0EE7D8C99784}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Construction Simulator\ConSim.exe => Pas de fichier
FirewallRules: [UDP Query User{1C7D3646-E7A9-4C6B-A9E8-60BB076C01DB}C:\users\dd\downloads\launcher (2)\app\responding\binaries\win64\responding.exe] => (Allow) C:\users\dd\downloads\launcher (2)\app\responding\binaries\win64\responding.exe => Pas de fichier
FirewallRules: [TCP Query User{5302C3DC-2DC2-43E1-8582-DECCAF33FECF}C:\users\dd\downloads\launcher (2)\app\responding\binaries\win64\responding.exe] => (Allow) C:\users\dd\downloads\launcher (2)\app\responding\binaries\win64\responding.exe => Pas de fichier
FirewallRules: [UDP Query User{CF376F30-7390-4994-BDF3-43E5AD27A9CD}C:\users\dd\downloads\launcher\app\responding\binaries\win64\responding.exe] => (Allow) C:\users\dd\downloads\launcher\app\responding\binaries\win64\responding.exe => Pas de fichier
FirewallRules: [TCP Query User{6C45AE00-0100-45FF-9C2F-2140A8F9DC5F}C:\users\dd\downloads\launcher\app\responding\binaries\win64\responding.exe] => (Allow) C:\users\dd\downloads\launcher\app\responding\binaries\win64\responding.exe => Pas de fichier
FirewallRules: [{4D3EEE5F-BBAD-4B01-A533-7C7FBB51473B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fire Rescue Simulator\FireRescueSimulator.exe => Pas de fichier
FirewallRules: [{515B4D07-6BCA-4EB3-AAD7-8E042A9D7A0F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fire Rescue Simulator\FireRescueSimulator.exe => Pas de fichier
FirewallRules: [UDP Query User{FB396CC2-15CA-4B79-81CE-06EBB5E9598B}C:\program files\cast software\wysiwyg release 49 demo and viewer\bin64\wygdemo.exe] => (Allow) C:\program files\cast software\wysiwyg release 49 demo and viewer\bin64\wygdemo.exe => Pas de fichier
FirewallRules: [TCP Query User{D52EAB74-F821-42BB-AB31-46A8C32CB206}C:\program files\cast software\wysiwyg release 49 demo and viewer\bin64\wygdemo.exe] => (Allow) C:\program files\cast software\wysiwyg release 49 demo and viewer\bin64\wygdemo.exe => Pas de fichier
FirewallRules: [UDP Query User{A42FC575-ED77-4626-BF6A-14503542BC54}C:\program files\cast software\wysiwyg release 49 demo and viewer\bin64\wygviewer.exe] => (Allow) C:\program files\cast software\wysiwyg release 49 demo and viewer\bin64\wygviewer.exe => Pas de fichier
FirewallRules: [TCP Query User{71D51377-0BD5-4F23-9BAE-3F00EF315D6D}C:\program files\cast software\wysiwyg release 49 demo and viewer\bin64\wygviewer.exe] => (Allow) C:\program files\cast software\wysiwyg release 49 demo and viewer\bin64\wygviewer.exe => Pas de fichier
FirewallRules: [UDP Query User{8C829E00-E748-453E-A931-9488548E952C}C:\sunlitesuite3\ss3\suite3.exe] => (Allow) C:\sunlitesuite3\ss3\suite3.exe => Pas de fichier
FirewallRules: [TCP Query User{BBAED9C8-F4E7-45A0-9EEB-7E33587AF897}C:\sunlitesuite3\ss3\suite3.exe] => (Allow) C:\sunlitesuite3\ss3\suite3.exe => Pas de fichier
FirewallRules: [UDP Query User{1E9117A7-593C-412F-9B05-110D74E505AE}C:\program files\vision 2023\vision 2023.exe] => (Allow) C:\program files\vision 2023\vision 2023.exe => Pas de fichier
FirewallRules: [TCP Query User{6A12277D-AAFF-471E-9A3A-27CB44EE7FB5}C:\program files\vision 2023\vision 2023.exe] => (Allow) C:\program files\vision 2023\vision 2023.exe => Pas de fichier
FirewallRules: [UDP Query User{6C708190-F053-4552-9C1B-192640BD8796}C:\program files\capture 2022\capture 2022.exe] => (Allow) C:\program files\capture 2022\capture 2022.exe => Pas de fichier
FirewallRules: [TCP Query User{056106DA-A760-4B37-94E7-D38036E6F276}C:\program files\capture 2022\capture 2022.exe] => (Allow) C:\program files\capture 2022\capture 2022.exe => Pas de fichier
FirewallRules: [{04563641-191C-4801-BA18-2DDE1301C7CA}] => (Allow) C:\Program Files\MALightingTechnology\gma3_1.8.1\bin\app_terminal.exe => Pas de fichier
FirewallRules: [{CE4AA4EA-EF39-4637-956A-D41F77B461D4}] => (Allow) C:\Program Files\MALightingTechnology\gma3_1.8.1\bin\app_updater.exe => Pas de fichier
FirewallRules: [{17EFE77D-9BB4-4BE7-A785-BE5AADA9B675}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_21253.510.996.1465_x64__8wekyb3d8bbwe\msteams.exe => Pas de fichier
FirewallRules: [{B2860D58-2015-49D3-8683-993CD30B91C8}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_21253.510.996.1465_x64__8wekyb3d8bbwe\msteams.exe => Pas de fichier
FirewallRules: [{0648CB0F-B5CC-4C12-A3F0-3581F5704FF3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Pas de fichier
FirewallRules: [{F2F668F5-7DD7-4809-8282-B637488776F7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Pas de fichier
FirewallRules: [{28000B34-7BF2-474D-9D5D-A15578AE25B1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Pas de fichier
FirewallRules: [{D03073F4-7644-49B9-9D67-B9781FBF580B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Pas de fichier
FirewallRules: [{595A2A0E-B673-4860-BB47-CEB9F815ADAD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => Pas de fichier
FirewallRules: [{FE415751-0B01-43B2-AECA-AEBCD9F2B1E8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => Pas de fichier
FirewallRules: [{6D3E06DC-03D3-49AC-BF13-FF5AE7082F3D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => Pas de fichier
FirewallRules: [{2AA818ED-D7E9-4866-A2D5-0CE427703813}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => Pas de fichier
FirewallRules: [{C26D88E7-1F4B-4551-BE85-CCF5205A538D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EMERGENCY 20\bin\em5_launcher.exe => Pas de fichier
FirewallRules: [{86A26935-2D0B-44CA-9335-B69869154980}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EMERGENCY 20\bin\em5_launcher.exe => Pas de fichier
FirewallRules: [{E89DBC10-864B-4B26-8D4B-A698EFFF50AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EmergeNYC\EMERGENYC.exe => Pas de fichier
FirewallRules: [{873E999C-1538-46CC-AB72-C3F302664ACE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EmergeNYC\EMERGENYC.exe => Pas de fichier
FirewallRules: [TCP Query User{98FAD359-CE54-4C3F-A670-D1266DBFB83E}H:\program files\cisco packet tracer 8.0\bin\packettracer.exe] => (Allow) H:\program files\cisco packet tracer 8.0\bin\packettracer.exe => Pas de fichier
FirewallRules: [UDP Query User{37D37C3E-230F-4FE3-881F-20311916F407}H:\program files\cisco packet tracer 8.0\bin\packettracer.exe] => (Allow) H:\program files\cisco packet tracer 8.0\bin\packettracer.exe => Pas de fichier
FirewallRules: [{39A1CE2B-1009-4DAF-8B83-9F0AAD2DF4C3}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe => Pas de fichier
FirewallRules: [{7F6E2A6E-6C5F-4B30-8CF4-4D24651B85D4}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\6.9.2\ABService.exe => Pas de fichier
FirewallRules: [{92BC4B50-FEA8-4BA1-AD7F-76880BC3EF15}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\6.9.2\ABService.exe => Pas de fichier
FirewallRules: [{7D47E208-6D7F-4C69-8A35-A1F98E0D5A1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Bus\TheBus\Binaries\Win64\TheBus.exe => Pas de fichier
FirewallRules: [{FF654BD7-B070-4CD5-8888-B237C5284209}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Bus\TheBus\Binaries\Win64\TheBus.exe => Pas de fichier
FirewallRules: [TCP Query User{AA96CFCC-358E-4D2D-80FD-3A53E9B79451}C:\program files (x86)\steam\steamapps\common\emergency 20\bin\x64r\emergency5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\emergency 20\bin\x64r\emergency5.exe => Pas de fichier
FirewallRules: [UDP Query User{04BE48EB-52B2-4DF8-9907-8F039659302F}C:\program files (x86)\steam\steamapps\common\emergency 20\bin\x64r\emergency5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\emergency 20\bin\x64r\emergency5.exe => Pas de fichier
FirewallRules: [{259D1316-6101-4055-ACF5-2349B1F23D9A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe => Pas de fichier
FirewallRules: [{8484882E-1970-4E4A-B8CF-21FD2A857461}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe => Pas de fichier
FirewallRules: [{72D59E32-2684-48AB-BD2F-95806A65BD3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe => Pas de fichier
FirewallRules: [{46279168-9BA6-42DD-88F8-2796212B641C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe => Pas de fichier
FirewallRules: [{C4531B3F-28D2-413F-B7E5-02F4C1D26A43}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Notruf2\notruf2019.exe => Pas de fichier
FirewallRules: [{DC05A14F-13FF-41FB-83D4-C1F57DA66415}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Notruf2\notruf2019.exe => Pas de fichier
FirewallRules: [{688241E8-F465-4F9B-9ECB-7E1063C38D97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Demolish & Build 3 Excavator Playground\Demolish & Build 3 Excavator Playground.exe => Pas de fichier
FirewallRules: [{715559A2-E6DA-4F27-B09D-26FCCDDD65BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Demolish & Build 3 Excavator Playground\Demolish & Build 3 Excavator Playground.exe => Pas de fichier
FirewallRules: [{C63E641F-4608-4806-BFED-0BD4261C4397}] => (Allow) C:\Program Files\Euro Truck Simulator 2bin\win_x86\eurotrucks2.exe => Pas de fichier
FirewallRules: [{32B46B27-4CDB-4953-A1FC-C4D7917F8FB0}] => (Allow) C:\Program Files\Euro Truck Simulator 2bin\win_x64\eurotrucks2.exe => Pas de fichier
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
IE trusted site: HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\...\sharepoint.com -> hxxps://risfrance-files.sharepoint.com
FirewallRules: [{745A5FAE-5DC9-482A-AB5B-DB7D19E85840}] => (Allow) LPort=1688
FirewallRules: [{A5AF1614-6C3E-4F49-8FC4-88C6C47D2FA0}] => (Allow) LPort=5357
FirewallRules: [{2D36AB9E-8703-4D52-BE1D-B56062B99D4E}] => (Allow) LPort=32683
FirewallRules: [{80CF3CF8-F010-42BA-93AC-03DE5752F743}] => (Allow) LPort=26822
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper\AOMEI Backupper.lnk
C:\Users\dd\Links\Creative Cloud Files.lnk
C:\Users\dd\Documents\Adobe\After Effects CC 2018\User Presets\(Adobe).lnk
C:\Users\dd\Desktop\Dashlane.lnk
C:\Users\dd\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\KMSpico\KMSpico\AutoPico.lnk
C:\Users\dd\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\KMSpico\KMSpico\KMSpico.lnk
C:\Users\dd\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\KMSpico\KMSpico\Log KMSpico.lnk
C:\Users\dd\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\KMSpico\KMSpico\Uninstall KMSpico.lnk
C:\Users\dd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\FormatFactory.lnk
C:\Users\dd\AppData\Local\Wondershare\Wondershare Filmora\12.5.7.3767\resources\wfx_effect\plugin\ChromaKey\ChromaKeyMorphology\ChromaKey - 捷徑.lnk
C:\Users\Public\Desktop\AOMEI Backupper.lnk
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\SYSTEM\...\Terminal Server: [fDenyTSConnections] = 0 <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {4D9198BF-5D47-48BA-BB0A-E64B18D4BCA0} - System32\Tasks\CliWa => C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe [454656 2025-03-07] (Microsoft Windows -> Microsoft Corporation) -> -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\Users\dd\AppData\Local\Temp\CliWa.ps1" <==== ATTENTION
Task: {A2308C8F-F635-44E8-A829-89A0587BE76A} - System32\Tasks\lecteur reseau => C:\Users\dd\Desktop\connexion lecteur reseau.bat [87 2024-01-29] () [Fichier non signé] <==== ATTENTION
Task: {1A84F06F-FC5B-484B-8DE7-B18736004E37} - System32\Tasks\Microsoft\Windows\Bluetooth\Sys => C:\ProgramData\Sys.exe (Pas de fichier) <==== ATTENTION
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (Pas de fichier)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (Pas de fichier)
Task: {F0294B84-F49F-43AC-BC5F-CB49C097012C} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (Pas de fichier)
Task: {C925E9C3-790F-4A84-AED7-2A1D8456C4D2} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (Pas de fichier)
Task: {78D0AE89-9318-4740-86AF-6A3DF77F72EF} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (Pas de fichier)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Pas de fichier)
Task: {8D091D8C-0201-43F6-BA7B-06B5C6CA37FD} - System32\Tasks\VivaldiUpdateCheck-4233ccb750e0b871 => C:\Users\dd\AppData\Local\Vivaldi\Application\update_notifier.exe [3845520 2023-09-21] () [Fichier non signé] -> C:\Users\dd\AppData\Local\Vivaldi\Application\--from-scheduler <==== ATTENTION
Edge Extension: (Google Sheets) - C:\Extension\6.8.1._0 [2025-03-31] [UpdateUrl:0] <==== ATTENTION
CHR Extension: (Google Sheets) - C:\Extension\4.2.3._0 [2025-03-31] [UpdateUrl:0] <==== ATTENTION
U2 014e3f46-f291-4478-a0e6-d869dba82b2e; C:\WINDOWS\System32\nssm\nssm.exe [331264 2014-08-31] () [Fichier non signé] <==== ATTENTION
C:\Users\dd\AppData\Local\Temp\CliWa.ps1
Task: {6361AB43-66C0-4405-887F-9B5C9373F6F6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29106392 2025-04-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {E44BB1FA-8324-4814-81D5-9F40BDC6510E} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\opushutil.exe [68304 2025-04-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {4FABF3CA-C98E-48B8-AB62-A7E147D74631} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29106392 2025-04-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {99751864-C3D9-4849-BA48-20A8E4C9AA89} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [682560 2025-03-30] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (l'élément de données a 6 caractères en plus).
Task: {D9C609FF-8F57-43AA-B48E-16DB24DE2A3F} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-1364386836-1329441500-3906013301-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [682560 2025-03-30] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (l'élément de données a 6 caractères en plus).
Task: {1420E495-96FF-4CAE-8F9B-0CCCAD41091F} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34880 2025-03-30] (Mozilla Corporation -> Mozilla Foundation)
Task: C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com
Edge HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [kagpabjoboikccfdghpdlaaopmgpgfdc]
FF Notifications: Mozilla\Firefox\Profiles\0dme27hn.default-release -> hxxps://tinder.com
CHR Notifications: Default -> hxxps://casinozer.com; hxxps://tinder.com; hxxps://web.telegram.org; hxxps://www.facebook.com
CHR HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-1364386836-1329441500-3906013301-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ljglajjnnkapghbckkcmodicjhacbfhk]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
VIV Notifications: Default -> hxxps://www.youtube.com
StartBatch:
del /s /q C:\Windows\prefetch\*.*
del /s /q "%userprofile%\AppData\Local\Temp\*.*"
del /s /q "%userprofile%\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*"
del /s /q "%userprofile%\AppData\LocalLow\Microsoft\CryptnetUrlCache\Metada\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Windows\History\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.*"
del /s /q "%userprofile%\AppData\Roaming\Microsoft\Windows\Recent\*.lnk"
For /D %%d In ("%userprofile%\AppData\Local\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\Cache2" Del /s /q "%%d\Cache2\*.*")
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Code Cache\Js\."
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\Js\."
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\."
del /s /q "%userprofile%\AppData\Local\Vivaldi\User Data\Default\Cache"
For /D %%d In ("%userprofile%\AppData\Local\Thunderbird\Profiles\*") Do (If Exist "%%d\Cache2" Del /s /q "%%d\Cache2\*.*")
For /D %%d In ("%userprofile%\AppData\Roaming\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\cookies.sqlite" Del /s /q "%%d\cookies.sqlite")
For /D %%d In ("%userprofile%\AppData\Roaming\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\Places.Sqlite" Del /s /q "%%d\Places.Sqlite")
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\History"
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\History"
del /s /q "%userprofile%\AppData\Local\Vivaldi\User Data\Default\History"
ipconfig /release
ipconfig /renew
ipconfig /flushdns
ipconfig /registerdns
netsh winsock reset
netsh advfirewall reset
netsh advfirewall set allprofiles state on
netsh winhttp reset proxy
bitsadmin /reset /allusers
net start sdrsvc
net start vss
net start rpcss
net start eventsystem
net start winmgmt
net start msiserver
net start bfe
net start trustedinstaller
net start windefend
net start mpssvc
net start mpsdrv
Winmgmt /salvagerepository
Winmgmt /resetrepository
Winmgmt /resyncperf
Endbatch:
cmd: Net start wuauserv
Reboot:
end::