start:: closeprocesses: createrestorepoint: HKU\S-1-5-21-1588016913-3477302838-3754521115-1001\...\StartupApproved\Run: => "McAfeeSafeConnect" HKU\S-1-5-21-1588016913-3477302838-3754521115-1001\...\MountPoints2: {46747c15-46b4-11eb-a1e4-309c23459699} - "D:\OnePlus_setup.exe" /s Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2021-03-02] ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (Pas de fichier) BootExecute: autocheck autochk * sdnclean64.exe Task: {BAA34674-2692-4ACA-99E3-62E950059F13} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe C:\Program Files\Common Files\AVAST Software FF Extension: (Pas de nom) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [non trouvé(e)] C:\Program Files\McAfee FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [Pas de fichier] CHR DefaultSearchURL: Default -> hxxps://fr.search.yahoo.com/search?fr=mcafee&type=E210FR91082G0&p={searchTerms} CHR DefaultSearchKeyword: Default -> McAfee CHR DefaultSuggestURL: Default -> hxxps://fr.search.yahoo.com/sugg/gossip/gossip-fr-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms} R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [959752 2021-02-12] (McAfee, LLC -> McAfee, LLC) S3 mracsvc; C:\WINDOWS\System32\mracsvc.exe [20536992 2020-11-11] (Mail.Ru LLC -> LLC Mail.Ru) S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv1.sys [19767024 2020-11-11] (Mail.Ru LLC -> LLC Mail.Ru) 2021-02-28 23:53 - 2021-03-02 11:27 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2021-02-28 23:53 - 2021-03-02 11:26 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy 2021-02-28 23:53 - 2021-02-28 23:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\Safer-Networking 2021-02-28 23:33 - 2021-02-28 23:34 - 000000000 ____D C:\AdwCleaner FF Extension: (Avast Online Security) - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\pz0mvikn.default\Extensions\wrc@avast.com.xpi [2020-06-18] emptytemp: end::