CloseProcesses: CreateRestorePoint: EmptyTemp: BootExecute: autocheck autochk * icarus_rvrt.exe HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION Task: {297F47F6-1CF3-4B47-96BD-398E37C3F209} - System32\Tasks\{5D02DB6C-196D-413A-B973-273B30C34515} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -c -uninstall Tcpip\..\Interfaces\{3D28A540-DE70-4AD8-A5FA-AB68B12559DA}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{CC941C63-55A5-4C8E-B977-DB0799908BBE}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{EC6AF4C4-D1A2-4EF3-99F0-319BA952D092}: [NameServer] 100.120.126.1 Edge HomePage: Default -> hxxp://www.gazeta.pl/0,0.html?p=190 FF Homepage: Mozilla\Firefox\Profiles\c0zeawoi.default-1421700341266 -> hxxp://www.gazeta.pl/0,0.html?p=190 CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx McAfee® Central for Toshiba -> C:\Program Files\WindowsApps\McAfeeInc.04.McAfeeSecurityAdvisorforToshiba_5.0.170.1_x64__m0mgz90br52t0 [2018-04-03] (McAfee_Incorporated) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-2615146530-3253038631-3002819462-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gazeta.pl/0,0.html?p=190 SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2615146530-3253038631-3002819462-1002 -> {13801E64-9F33-40F0-B5D5-18ED9327EC96} URL = SearchScopes: HKU\S-1-5-21-2615146530-3253038631-3002819462-1002 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKU\S-1-5-21-2615146530-3253038631-3002819462-1002 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}