start CloseProcesses: CreateRestorePoint: () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe (PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe (AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe HKU\S-1-5-21-2680941182-924487306-1447265962-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-2680941182-924487306-1447265962-1000\...\Run: [VarihImuje] => regsvr32.exe "C:\ProgramData\VarihImuje\LamutEzerp.jan" HKU\S-1-5-21-2680941182-924487306-1447265962-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = SearchScopes: HKU\S-1-5-21-2680941182-924487306-1447265962-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...fr&d=2015-05-0718:53:47&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms} BHO: No Name -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> No File BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll [2015-06-09] (AVG) FF DefaultSearchEngine: AVG Secure Search FF SelectedSearchEngine: AVG Secure Search FF Homepage: https://mysearch.avg...fr&d=2015-05-0718:53:47&v=4.1.0.411&pid=wtu&sg=&sap=hp FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\ psitesafety.dll No File FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF SearchPlugin: C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\w7dd9gw4.default\searchplugins\avg-secure-search.xml [2015-06-09] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-06-09] FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK CHR HKU\S-1-5-21-2680941182-924487306-1447265962-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed] R2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-05-07] (AVG Secure Search) Task: {0887A2E6-BACD-4A11-A0F1-17300B0DB373} - System32\Tasks\Open Chrome => Chrome.exe --new-window http://toolbar.avg.c...ard&lang=en Task: C:\Windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exeF--new-window http:/toolbar.avg.com/ HKLM\...\Policies\Explorer: [NoControlPanel] 0 AlternateDataStreams: C:\Users\Yvonne\Cookies:0Zy52loBTbmGuAzjPMZllK AlternateDataStreams: C:\Users\Yvonne\Local Settings:WBO7yPmWULzqzMlNjH4WYx1 AlternateDataStreams: C:\Users\Yvonne\AppData\Local:WBO7yPmWULzqzMlNjH4WYx1 AlternateDataStreams: C:\Users\Yvonne\AppData\Local\Application Data:WBO7yPmWULzqzMlNjH4WYx1 AlternateDataStreams: C:\Users\Yvonne\AppData\Local\iUtO0dWRByUywA:cBoXbkA0eiXwo9vkaRRNc9w Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F cmd: netsh advfirewall reset cmd: netsh advfirewall set allprofiles state on C:\ProgramData\VarihImuje Hosts: RemoveProxy: CMD: ipconfig /flushdns EmptyTemp: CMD: bitsadmin /reset /allusers end