CreateRestorePoint:
CloseProcesses:
cmd:  icacls "C:\Program Files\Windows Photo Viewer" /q /c /t
HKLM-x32\...\Run: [Genshin Impact Beta_Launcher] => [X]
HKLM-x32\...\Run: [Genshin Impact_Launcher] => [X]
HKLM-x32\...\Run: [Genshin Impact_launcher__1_1] => [X]
HKLM-x32\...\Run: [Genshin Impact_launcher_mihoyo_1_0] => [X]
HKU\S-1-5-21-2096851420-2732745945-4271049708-1001\...\Run: [Opera GX Browser Assistant] => C:\Users\Madii\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {2AC85BD9-7BC3-42F7-8230-699B11895B54} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat (Pas de fichier)
Task: {57C36ADB-AFCD-459A-BA11-9EC849181A4C} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [220816 2019-09-30] (Tweaking LLC -> Tweaking.com)
Task: {59B759DE-001D-450C-BC3E-603A979CE5F3} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1625851025 => C:\Users\Madii\AppData\Local\Programs\Opera GX\launcher.exe [2637208 2023-03-23] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Madii\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
Task: {5C63AAEE-FA07-4C19-8252-D0B6268D7449} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (Pas de fichier)
Task: {6DD79373-5578-471A-A6F8-3C7DC4E1B072} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task (Pas de fichier)
Task: {FC0F6B07-4E46-45AB-9461-6157C460042A} - System32\Tasks\Opera GX scheduled Autoupdate 1624642173 => C:\Users\Madii\AppData\Local\Programs\Opera GX\launcher.exe [2637208 2023-03-23] (Opera Norway AS -> Opera Software)
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
Edge DefaultProfile: Default
StartMenuInternet: (HKU\S-1-5-21-2096851420-2732745945-4271049708-1001) Opera GXStable - "C:\Users\Madii\AppData\Local\Programs\Opera GX\Launcher.exe"
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
Shortcut: C:\Users\Madii\Documents\TERA\TeraProxy - Raccourci.lnk -> C:\Users\Madii\AppData\Local\Programs\CaaliTeraProxy\TeraProxy.bat (Pas de fichier)
AlternateDataStreams: C:\Users\Madii\Application Data:a71eda622791298bf432424e2ed8fdad [394]
AlternateDataStreams: C:\Users\Madii\AppData\Roaming:a71eda622791298bf432424e2ed8fdad [394]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [490]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
Shortcut: C:\Users\Madii\Documents\TERA\TeraProxy - Raccourci.lnk -> C:\Users\Madii\AppData\Local\Programs\CaaliTeraProxy\TeraProxy.bat (Pas de fichier)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visionneuse Microsoft PowerPoint .lnk -> C:\Windows\Installer\{95140000-00AF-040C-0000-0000000FF1CE}\ppvwicon.exe ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Madii\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Pas de fichier)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> D:\TeamViewer.exe (Pas de fichier)
Shortcut: C:\Users\Madii\Documents\Genshin Impact.lnk -> C:\Program Files\Genshin Impact\launcher.exe (Pas de fichier)
Shortcut: C:\Users\Madii\Documents\League Displays.lnk -> C:\Riot Games\LeagueDisplays\browser\LeagueDisplays.exe (Pas de fichier)
Shortcut: C:\Users\Madii\Documents\UtHelper 1.3\UtHelper 1.3\UtHelper - Raccourci.lnk -> C:\Users\Madii\Desktop\UtHelper 1.3\UtHelper 1.3\UtHelper.exe (Pas de fichier)
Shortcut: C:\Users\Madii\Documents\TERA\ShinraMeter - Raccourci.lnk -> C:\Users\Public\Games\ShinraMeterV2.73\ShinraMeter.exe (Pas de fichier)
Shortcut: C:\Users\Madii\Documents\TERA\_Packages - Raccourci EU.lnk -> D:\TERA\Client\S1Game\CookedPC\Art_Data\_Packages (Pas de fichier)
Shortcut: C:\Users\Madii\Documents\TERA\_Packages - Raccourci NA.lnk -> C:\Users\Madii\Desktop\TERA\_Packages (Pas de fichier)
Shortcut: C:\Users\Madii\Documents\TERA\mods\S1UI_CharacterWindow.gpk.lnk -> C:\Users\Public\Games\En Masse Entertainment\TERA\Client\S1Game\CookedPC\Art_Data\Packages\S1UI\S1UI_CharacterWindow.gpk (Pas de fichier)
Shortcut: C:\Users\Madii\Documents\dofus-windows-fr\Dofus - Raccourci.lnk -> C:\Users\Madii\Desktop\dofus-windows-fr\Dofus.exe (Pas de fichier)
Shortcut: C:\Users\Madii\Documents\CrystalDiskInfo7_6_0Shizuku\DiskInfo64S - Raccourci.lnk -> C:\Users\Madii\Desktop\CrystalDiskInfo7_6_0Shizuku\DiskInfo64S.exe (Pas de fichier)
Shortcut: C:\Users\Madii\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> D:\TeamViewer.exe (Pas de fichier)
REG: REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 5 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /V SmartScreenEnabled /T REG_SZ /D RequireAdmin /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction" /V Enable /T REG_SZ /D n /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction" /V OptimizeComplete /T REG_SZ /D no /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /V PowerdownAfterShutdown /T REG_SZ /D 1 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /V ClearPageFileAtShutdown /T REG_DWORD /D 0 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /V LargeSystemCache /T REG_DWORD /D 1 /f
Reg: REG ADD "HKEY_CURRENT_USER\Control Panel\Desktop" /V MenuShowDelay /T REG_SZ /D 20 /f
Reg: REG ADD "HKEY_CURRENT_USER\Control Panel\Desktop" /V WaitToKillAppTimeout /T REG_SZ /D 1000 /f
Reg: REG ADD "HKEY_CURRENT_USER\Control Panel\Desktop" /V HungAppTimeout /T REG_SZ /D 1000 /f
Reg: REG ADD "HKEY_CURRENT_USER\Control Panel\Desktop" /V AutoEndTasks /T REG_SZ /D 1 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control" /V WaitToKillServiceTimeout /T REG_SZ /D 1000 /f
Reg: REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control" /V WaitToKillAppTimeout /T REG_SZ /D 1000 /f
CMD: takeown /A /R /F "C:\Program Files\Windows Photo Viewer"
CMD: icacls "C:\Program Files\Windows Photo Viewer" /q /c /t /grant Users:F
 CMD: icacls "C:\Program Files\Windows Photo Viewer" /q /c /t
CMD: vssadmin resize shadowstorage /For=C: /On=C: /MaxSize=3%
Hosts: 
File: C:\Program Files\Windows Photo Viewer\PhotoViewer.dll
Folder: C:\Program Files\Windows Photo Viewer
StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Applications\photoviewer.dll]

[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell]

[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\open]
"MuiVerb"="@photoviewer.dll,-3043"

[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
00,31,00,00,00

[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\open\DropTarget]
"Clsid"="{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\print]

[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\print\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
00,31,00,00,00

[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\print\DropTarget]
"Clsid"="{60fd46de-f830-4894-a628-6fa81bc0190d}"
EndRegedit:

C:\windows\temp\*.*
C:\Users\CurrentUserName\AppData\Local\Temp\*.*  
C:\Windows\SoftwareDistribution\Download\*
cmd: del /s /q "%localappdata%\Google\Chrome\User Data\Default\Cache\*.*"
cmd: del /s /q "%localappdata%\Microsoft\Edge\User Data\Default\Cache\*.*"
cmd: del /s /q "%localappdata%\Microsoft\Windows\INetCache\IE\*.*"
EmptyTemp: