start::
CreateRestorePoint:
cmd: Net stop wuauserv
cmd: Rd /s /q %windir%\SoftwareDistribution\.
CloseProcesses:
EmptyTemp:
EmptyEventLogs:
Hosts:
RemoveProxy:
C:\Windows\Temp\*.* 
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\*
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\*
C:\Users\CurrentUserName\Appdata\Local\Temp\*.*
C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\*.*
StartBatch:
rd /s /q "%userprofile%\AppData\Roaming\discord\Cache"
rd /s /q "%userprofile%\AppData\Roaming\discord\code cache"
rd /s /q "%userprofile%\AppData\Roaming\discord\gpucache"
Endbatch:
Unlock: HKCU\SOFTWARE\AvastAdSDK
DeleteKey: HKCU\SOFTWARE\AvastAdSDK
C:\Users\sebab]\Desktop\Discord.lnk
C:\Users\TEST]\Desktop\Discord.lnk
DeleteKey: HKLM\SOFTWARE\POLICIES\Mozilla\Firefox
DeleteKey: HKLM\SOFTWARE\ea53c16d-4ef5-533f-83dc-5b0c5bb40cb2
DeleteKey: HKCU\SOFTWARE\574e4d1e-05f6-5376-9898-b829d00eef2e
DeleteKey: HKCU\SOFTWARE\Discord
C:\Users\sebab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
C:\Users\sebab\AppData\Local\Discord\app-1.0.9190\Discord.exe
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Common Files\AVG\Icarus\avg-vpn\icarus_ui.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Common Files\AVG\Icarus\avg-vpn\icarus_ui.exe.ApplicationCompany
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Common Files\AVG\Icarus\avg-av\icarus_ui.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Common Files\AVG\Icarus\avg-av\icarus_ui.exe.ApplicationCompany
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Common Files\AVG\Icarus\avg-tu\icarus_ui.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Common Files\AVG\Icarus\avg-tu\icarus_ui.exe.ApplicationCompany
DeleteKey: HKLM\SOFTWARE\Setup
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Applogon
DeleteKey: HKCU\SOFTWARE\roamingdevice
C:\ProgramData\Key-Base
DeleteKey: HKLM\SOFTWARE\WOW6432Node\adaware
C:\Users\sebab\AppData\Local\AdAwareDesktop
unlock: C:\WINDOWS\System32\drivers\avgWintun.sys
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\avgWintun)
C:\WINDOWS\System32\drivers\avgWintun.sys
unlock: C:\WINDOWS\System32\drivers\netfilter2.sys
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\netfilter2)
C:\WINDOWS\System32\drivers\netfilter2.sys
DeleteKey: HKLM\SOFTWARE\WOW6432Node\AVG
DeleteKey: HKU\.DEFAULT\SOFTWARE\AVG
C:\Program Files (x86)\AVG
C:\ProgramData\AVG
C:\Users\sebab\AppData\Local\AVG
C:\Users\sebab\AppData\Local\AVGAntiTrack
unlock: C:\WINDOWS\System32\DRIVERS\PSKMAD.sys
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\PSKMAD)
C:\WINDOWS\System32\DRIVERS\PSKMAD.sys
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Panda Software
unlock: C:\WINDOWS\System32\drivers\DasPtct.SYS
C:\WINDOWS\System32\drivers\DasPtct.SYS
C:\ProgramData\WinZip
C:\ProgramData\F-Secure
C:\Users\sebab\AppData\Local\F-Secure
HKU\S-1-5-21-2478212277-2468189313-151185323-1004\...\Run: [MicrosoftEdgeAutoLaunch_3F5C4E0A0D54A337925B66BD149C9198] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4045880 2025-05-01] (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe  (Pas de fichier)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (Pas de fichier)
U3 avgArDisk; pas de ImagePath
HKU\S-1-5-21-2478212277-2468189313-151185323-1004\...\Run: [Discord] => C:\Users\sebab\AppData\Local\Discord\Update.exe [1525016 2022-10-21] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2478212277-2468189313-151185323-1004\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45882672 2025-04-09] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {DB9584AD-A5BF-4817-A5DF-F3CB1295FDB6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [3480504 2025-04-09] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {E98029E1-126B-433E-9CC4-27D03FF1C27E} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [6139696 2025-04-09] (Gen Digital Inc. -> Gen Digital Inc.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "1540f997-a737-4291-ab4b-2f0ae71ef724" --version "6.35.0.11488" --silent
Task: {1339E898-EA22-48F5-90EE-A4E5DF12D69D} - System32\Tasks\CCleanerSkipUAC - sebab => C:\Program Files\CCleaner\CCleaner.exe [39622960 2025-04-09] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {3D609CD7-507D-4D89-AEA5-BB638A6E828B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29102296 2025-04-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {8A47900D-6B48-4209-A8E6-C519DC0E8915} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29102296 2025-04-27] (Microsoft Corporation -> Microsoft Corporation)
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
AlternateDataStreams: C:\Users\sebab\Downloads\HP Smart Installer (3).exe:MBAM.Zone.Identifier [63]
FirewallRules: [{F64C0564-4F02-4F63-BF05-E679D48F868C}] => (Allow) C:\Program Files (x86)\Overwolf\0.273.1.4\OverwolfBrowser.exe => Pas de fichier
FirewallRules: [{686B46D6-A260-4D4C-B819-59AEF641FE35}] => (Allow) C:\Program Files (x86)\Overwolf\0.273.1.4\OverwolfBrowser.exe => Pas de fichier
FirewallRules: [{2634D4BF-6524-4164-9A4C-8C983C9AA4BF}] => (Block) C:\Program Files (x86)\Overwolf\0.273.1.4\OverwolfBrowser.exe => Pas de fichier
FirewallRules: [{54779A1F-D5E5-4221-B3FE-43E2CA6A888B}] => (Block) C:\Program Files (x86)\Overwolf\0.273.1.4\OverwolfBrowser.exe => Pas de fichier
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
FirewallRules: [{2DB466EF-DDA0-4835-8D4C-B9A6458C5FE1}] => (Allow) C:\Program Files (x86)\AVG\AntiTrack\CefSharp.BrowserSubprocess.exe (AVG Technologies USA, LLC -> The CefSharp Authors)
FirewallRules: [{74B5BEFE-5088-4967-91F4-036F9066327A}] => (Allow) C:\Program Files (x86)\AVG\AntiTrack\CefSharp.BrowserSubprocess.exe (AVG Technologies USA, LLC -> The CefSharp Authors)
C:\Users\sebab\AppData\Roaming\Microsoft\Word\CV%20Varet%20Celyan311671413100502409\CV%20Varet%20Celyan.docx.lnk 
StartBatch:
del /s /q C:\Windows\prefetch\*.*
del /s /q "%userprofile%\AppData\Local\Temp\*.*"
del /s /q "%userprofile%\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*"
del /s /q "%userprofile%\AppData\LocalLow\Microsoft\CryptnetUrlCache\Metada\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Windows\History\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.*"
del /s /q "%userprofile%\AppData\Roaming\Microsoft\Windows\Recent\*.lnk"
For /D %%d In ("%userprofile%\AppData\Local\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\Cache2" Del /s /q "%%d\Cache2\*.*")
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Code Cache\Js\."
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\Js\."
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\."
For /D %%d In ("%userprofile%\AppData\Local\Thunderbird\Profiles\*") Do (If Exist "%%d\Cache2" Del /s /q "%%d\Cache2\*.*")
For /D %%d In ("%userprofile%\AppData\Roaming\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\cookies.sqlite" Del /s /q "%%d\cookies.sqlite")
For /D %%d In ("%userprofile%\AppData\Roaming\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\Places.Sqlite" Del /s /q "%%d\Places.Sqlite")
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\History"
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\History"
ipconfig /release
ipconfig /renew
ipconfig /flushdns
ipconfig /registerdns
netsh winsock reset
netsh advfirewall reset 
netsh advfirewall set allprofiles state on
netsh winhttp reset proxy
bitsadmin /reset /allusers
net start sdrsvc
net start vss
net start rpcss
net start eventsystem
net start winmgmt
net start msiserver
net start bfe
net start trustedinstaller
net start windefend
net start mpssvc
net start mpsdrv
Winmgmt /salvagerepository
Winmgmt /resetrepository
Winmgmt /resyncperf
Endbatch:
cmd: Net start wuauserv
Reboot:
end::