start::
CreateRestorePoint:
cmd: Net stop wuauserv
cmd: Rd /s /q %windir%\SoftwareDistribution\.
CloseProcesses:
EmptyTemp:
EmptyEventLogs:
Hosts:
RemoveProxy:
C:\Windows\Temp\*.* 
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\*
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\*
C:\Users\CurrentUserName\Appdata\Local\Temp\*.*
C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\*.*
StartBatch:
rd /s /q "%userprofile%\AppData\Roaming\discord\Cache"
rd /s /q "%userprofile%\AppData\Roaming\discord\code cache"
rd /s /q "%userprofile%\AppData\Roaming\discord\gpucache"
Endbatch:
C:\Users\lknel\Documents\100 Lorenzo\01 Perso\09 TAXI\15 Année 2015\Documents - Raccourci.lnk
C:\Users\lknel\Documents\02 Basse\19 A LIRE\Apprendre le solfe&#768;ge - rythme 2b _ pratiquer - Raccourci.lnk
C:\Users\lknel\Documents\02 Basse\15 Drums\C Dom7 drums - Raccourci.lnk
C:\Users\lknel\Documents\02 Basse\15 Drums\C Maj7 drums - Raccourci.lnk
C:\Users\lknel\Documents\02 Basse\15 Drums\C Min7 drums - Raccourci.lnk
C:\Users\lknel\Documents\02 Basse\13 Walking Bass\Jazz -  Dm7   I   G7    I   Cmaj7   I   Cmaj7 - Raccourci.lnk
C:\Users\lknel\Documents\02 Basse\12 Ghost Notes\36-MET-B-042 - Raccourci.lnk
C:\Users\lknel\Documents\02 Basse\04 Groove\GC_groove 12 - Raccourci.lnk
C:\Users\lknel\Documents\02 Basse\04 Groove\PB - GC 05 - 105 bpm.mp3.lnk
C:\Users\lknel\Desktop\Free DD (E) - Raccourci.lnk
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
GroupPolicy-Firefox: Restriction <==== ATTENTION
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (Pas de fichier)
S3 EuGdiDrv; \SystemRoot\system32\EuGdiDrv.sys [X]
S3 netprotection_network_filter2; System32\drivers\netprotection_network_filter2.sys [X]
HKU\S-1-5-21-1512640311-1896974201-1484293858-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45882672 2025-04-09] (Gen Digital Inc. -> Gen Digital Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\135.0.7049.116\Installer\chrmstp.exe [2025-04-29] (Google LLC -> Google LLC)
Task: {49E9CDFF-6ABD-485E-8CC0-9CE126AA9570} - System32\Tasks\Avira_FallbackUpdater => C:\Windows\System32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> start AviraFallbackUpdater Delayed=false
Task: {14E5FA5F-C68B-423F-BA5B-E395B9EB7C82} - System32\Tasks\Avira_Security_Maintenance => Command(1): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> FallbackTelemetry
Task: {14E5FA5F-C68B-423F-BA5B-E395B9EB7C82} - System32\Tasks\Avira_Security_Maintenance => Command(2): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> ServiceWatchdog
Task: {14E5FA5F-C68B-423F-BA5B-E395B9EB7C82} - System32\Tasks\Avira_Security_Maintenance => Command(3): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> CrashCollector
Task: {ECA59EDE-CDC3-4323-9B05-F1F81FA7CC0F} - System32\Tasks\Avira_Security_Service_SCM_Watchdog => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe [266240 2025-01-21] () [Fichier non signé]
Task: {EB4FB281-87EA-4B3A-9793-6F4F6CD83247} - System32\Tasks\Avira_Security_Systray => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe [1791192 2025-01-13] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {C3409E04-63B0-4424-A34E-1BC22B8D0067} - System32\Tasks\Avira_Security_Update => C:\Windows\System32\net.exe [81920 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {36D705E3-7E03-40A0-9794-B397D7D11C33} - System32\Tasks\AviraSystemSpeedupVerify => C:\Program Files (x86)\Avira\System Speedup\setup\avira_speedup_setup.exe [36817136 2024-10-10] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {401C617F-8FA8-4BB9-91F2-63716140A499} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [3481600 2025-05-08] () [Fichier non signé]
Task: {C751FBF1-B465-4051-B7FA-FE8AD3901BDE} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [6139904 2025-05-08] () [Fichier non signé] -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "7cf6b6f0-7865-452d-92a0-526dace33402" --version "6.35.0.11488" --silent
Task: {10FD6519-6CF2-4A2C-BCED-6BEEDA750960} - System32\Tasks\CCleanerSkipUAC - lknel => C:\Program Files\CCleaner\CCleaner.exe [39624704 2025-05-08] () [Fichier non signé]
Task: {B06836DA-11BC-4875-83ED-E2F6F8E0282E} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem132.0.6833.0{6C64A6E1-5A57-4486-A6A3-3202FFEEAE98} => C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe [5595136 2025-01-11] () [Fichier non signé]
Task: {76DE2406-E6D0-4E26-ACC4-180BC36BB804} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem138.0.7156.0{17225093-DD2F-4A7B-81D0-377D9A24E142} => C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe [7096416 2025-05-02] (Google LLC -> Google LLC)
Task: {03B9847F-320B-4C1F-AF0C-0F9F0321D585} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29102296 2025-04-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {2D208EA1-E770-4A76-BA02-F5C64E7CCB62} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\opushutil.exe [68344 2025-05-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {4902BB25-A03E-499A-AB33-9ADE299329BA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29102296 2025-04-27] (Microsoft Corporation -> Microsoft Corporation)
Task: C:\windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Tcpip\..\Interfaces\{438f1222-19ce-4a99-a53b-875ba9355769}: [NameServer] 100.120.162.1
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [caiblelclndcckfafdaggpephhgfpoip]
Edge HKLM-x32\...\Edge\Extension: [emgfgdclgfeldebanedpihppahgngnle]
Edge Extension: (Avira Safe Shopping) - C:\Users\lknel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephhgfpoip [2025-03-10]
Edge Extension: (Avira Password Manager) - C:\Users\lknel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle [2025-03-10]
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
CHR Notifications: Default -> hxxps://calendar.google.com
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKU\S-1-5-21-1512640311-1896974201-1484293858-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
2025-04-14 10:31 - 2025-04-14 10:34 - 000000000 ____D C:\ProgramData\F-Secure
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
AV: McAfee (Enabled - Up to date) {0BE13B34-492A-21C0-AE43-C1742279CCB6}
FW: McAfee (Enabled) {33DABA11-0345-2098-851C-6841DCAA8BCD}
StartRegEdit:
Windows Registry Editor Version 5.00
[HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{438f1222-19ce-4a99-a53b-875ba9355769}:]
"NameServer"=""
EndRegEdit:
DeleteKey: HKCU\SOFTWARE\AvastAdSDK
DeleteKey: HKU\S-1-5-21-1512640311-1896974201-1484293858-1001\SOFTWARE\AvastAdSDK
C:\ProgramData\Avast Software
DeleteKey: HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\ContextMenu
DeleteKey: HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\ContextMenu
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Common Files\Privax\Icarus\privax-vpn\temp\asw-89e8100d-d9ab-45f3-b9ea-0fd20a1272e6\common1\icarus_ui.exe.FriendlyAppName
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Common Files\Privax\Icarus\privax-vpn\temp\asw-89e8100d-d9ab-45f3-b9ea-0fd20a1272e6\common1\icarus_ui.exe.ApplicationCompany
DeleteValue: HKU\S-1-5-21-1512640311-1896974201-1484293858-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Common Files\Privax\Icarus\privax-vpn\temp\asw-89e8100d-d9ab-45f3-b9ea-0fd20a1272e6\common1\icarus_ui.exe.FriendlyAppName
DeleteValue: HKU\S-1-5-21-1512640311-1896974201-1484293858-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Common Files\Privax\Icarus\privax-vpn\temp\asw-89e8100d-d9ab-45f3-b9ea-0fd20a1272e6\common1\icarus_ui.exe.ApplicationCompany
DeleteKey: HKCU\SOFTWARE\BitTorrent
DeleteKey: HKCU\SOFTWARE\BitTorrentPersist
DeleteKey: HKU\S-1-5-21-1512640311-1896974201-1484293858-1001\SOFTWARE\BitTorrent
DeleteKey: HKU\S-1-5-21-1512640311-1896974201-1484293858-1001\SOFTWARE\BitTorrentPersist
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
C:\Users\lknel\AppData\Roaming\bittorrent
C:\Users\lknel\AppData\Roaming\deluge
C:\Users\lknel\AppData\Local\BitTorrentHelper
C:\Users\lknel\AppData\LocalLow\BitTorrent.WebView2
DeleteKey: HKLM\SOFTWARE\Setup
DeleteKey: HKLM\SOFTWARE\WOW6432Node\KasperskyLab
DeleteKey: HKLM\SOFTWARE\WOW6432Node\WildTangent
DeleteKey: HKCU\SOFTWARE\Chromium
DeleteKey: HKU\S-1-5-21-1512640311-1896974201-1484293858-1001\SOFTWARE\Chromium
DeleteKey: HKCU\SOFTWARE\McAfee
DeleteKey: HKU\.DEFAULT\SOFTWARE\McAfee
DeleteKey: HKU\S-1-5-21-1512640311-1896974201-1484293858-1001\SOFTWARE\McAfee
C:\Program Files (x86)\WindowsApps\McAfeeWPSSparsePackage_16.117.0.27_neutral__0j6k21vdgrmfw - (.McAfee Inc..) 
C:\Users\lknel\AppData\Roaming\McAfee
C:\Users\lknel\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll
C:\Users\lknel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh
C:\Users\lknel\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
C:\Users\lknel\AppData\Local\Google\Chrome\User Data\Default\Extensions\caiblelclndcckfafdaggpephhgfpoip
C:\Users\lknel\AppData\Local\Google\Chrome\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle
C:\Program Files (x86)\Avira
C:\Users\lknel\AppData\Local\Avira
C:\Users\lknel\AppData\Local\AviraWebView2Cache
C:\ProgramData\F-Secure
C:\Users\lknel\AppData\Local\F-Secure
C:\ProgramData\Norton
C:\Users\lknel\AppData\Local\Backup
StartBatch:
del /s /q C:\Windows\prefetch\*.*
del /s /q "%userprofile%\AppData\Local\Temp\*.*"
del /s /q "%userprofile%\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*"
del /s /q "%userprofile%\AppData\LocalLow\Microsoft\CryptnetUrlCache\Metada\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Windows\History\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.*"
del /s /q "%userprofile%\AppData\Roaming\Microsoft\Windows\Recent\*.lnk"
For /D %%d In ("%userprofile%\AppData\Local\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\Cache2" Del /s /q "%%d\Cache2\*.*")
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Code Cache\Js\."
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\Js\."
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\."
For /D %%d In ("%userprofile%\AppData\Local\Thunderbird\Profiles\*") Do (If Exist "%%d\Cache2" Del /s /q "%%d\Cache2\*.*")
For /D %%d In ("%userprofile%\AppData\Roaming\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\cookies.sqlite" Del /s /q "%%d\cookies.sqlite")
For /D %%d In ("%userprofile%\AppData\Roaming\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\Places.Sqlite" Del /s /q "%%d\Places.Sqlite")
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\History"
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\History"
ipconfig /release
ipconfig /renew
ipconfig /flushdns
ipconfig /registerdns
netsh winsock reset
netsh advfirewall reset 
netsh advfirewall set allprofiles state on
netsh winhttp reset proxy
bitsadmin /reset /allusers
net start sdrsvc
net start vss
net start rpcss
net start eventsystem
net start winmgmt
net start msiserver
net start bfe
net start trustedinstaller
net start windefend
net start mpssvc
net start mpsdrv
Winmgmt /salvagerepository
Winmgmt /resetrepository
Winmgmt /resyncperf
Endbatch:
cmd: Net start wuauserv
Reboot:
end::