start::
CreateRestorePoint:
CloseProcesses:
oolbar: HKU\S-1-5-21-661017812-2834634373-543123969-1001 -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  Pas de fichier
U3 idsvc; pas de ImagePath
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx
DeleteKey: HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip
DeleteKey: HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64
DeleteKey: HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu
DeleteKey: HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}
DeleteKey: HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx
DeleteKey: HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}
DeleteKey: HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip
DeleteKey: HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}
DeleteKey: HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets
DeleteKey: HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC}
DeleteKey: HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu
DeleteKey: HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu
DeleteKey: HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}
DeleteKey: HKLM\Software\Wow6432Node\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}
DeleteKey: HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx
DeleteKey: HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip
DeleteKey: HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets
DeleteKey: HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu
DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|QuickTime Task
DeleteKey: HKLM\Software\Classes\Installer\Products\01CFF726A0ECF794ABB202C8CA360801
DeleteKey: HKLM\Software\Classes\Installer\Features\01CFF726A0ECF794ABB202C8CA360801
DeleteKey: HKCU\Software\Microsoft\Installer\Products\01CFF726A0ECF794ABB202C8CA360801
DeleteKey: HKCU\Software\Microsoft\Installer\Features\01CFF726A0ECF794ABB202C8CA360801
C:\Windows\Installer\{627FFC10-CE0A-497F-BA2B-208CAC638010}\Installer.ico
C:\ProgramData\24733d74-5026-4fe4-be0d-c58b37e80bfc
C:\ProgramData\d4fd5ef5-40c7-4843-96ea-db2608e951a6
C:\Windows\System32\btwdi.dll
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> Pas de fichier
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> Pas de fichier
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> Pas de fichier
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> Pas de fichier
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> Pas de fichier
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> Pas de fichier
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Pas de fichier
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> Pas de fichier
Task: {04EBD33D-F83E-4DD9-9700-C72094B5C3CB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Pas de fichier
Task: {205C621D-A010-4575-910A-CF9FD940824A} - \PCDEventLauncher -> Pas de fichier
Task: {21BA7CE7-A1DD-4E66-84AE-CA0EBDEEE376} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Pas de fichier
Task: {3A349AF3-A9F4-4DA7-85B2-C48D6BDD2007} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Pas de fichier
Task: {49716E7A-2F49-4528-871D-D522BAC1616F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Pas de fichier
Task: {543F7BF6-7A0E-4AF2-BED6-2661E07AD03C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Pas de fichier
Task: {74238AF1-6821-4C79-9B05-575891FEA4B0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Pas de fichier
Task: {7E919E92-3B62-4F7A-8AF6-5F5E503F0E0E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Pas de fichier
Task: {811F77AA-4E6E-4531-B18C-89A96CA4F7BE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Pas de fichier
Task: {81E2D2B5-EF4A-4D03-8983-4C82EAB00ADC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Pas de fichier
Task: {91D08D47-793E-40C0-8047-0A4064135DAB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Pas de fichier
Task: {EFBCD947-0C19-4B00-90A4-F798396E3289} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Pas de fichier
AlternateDataStreams: C:\ProgramData\TEMP:0574215C [243]
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [358]
AlternateDataStreams: C:\ProgramData\TEMP:A303874F [217]
EmptyTemp:
end::