start::
closeprocesses:
createrestorepoint:
HKU\S-1-5-21-2164981609-3606140395-1070741645-1000\...\MountPoints2: {3f1c8400-6151-11e7-b0f8-60eb69c75fcb} - F:\LaunchU3.exe -a 
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi => non trouvé(e)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi => non trouvé(e) 
C:\Program Files\McAfee
FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-12-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-12-04] (Oracle America, Inc. -> Oracle Corporation) 
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] 
S2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [899640 2019-05-20] (McAfee, Inc. -> McAfee, Inc.) 
SearchScopes: HKU\S-1-5-21-2164981609-3606140395-1070741645-1000 -> DefaultScope {9CAAD324-4348-4E65-934E-4CE92FEF09AD} URL =
SearchScopes: HKU\S-1-5-21-2164981609-3606140395-1070741645-1000 -> {9CAAD324-4348-4E65-934E-4CE92FEF09AD} URL =
SearchScopes: HKU\S-1-5-21-2164981609-3606140395-1070741645-1000 -> {E2848A74-F2E8-4100-AABA-8C1628BD45E5} URL = hxxp://rover.ebay.com/rover/1/709-44555-9400-8/4?satitle={searchTerms}
MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_156_Plugin.exe -update plugin 
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" 
BHO-x32: Pas de nom -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> Pas de fichier 
BHO: Pas de nom -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> Pas de fichier 
emptytemp:
end::