HKLM\...\Run: [msrtn32] => "C:\Program Files\msrtn32\msrtn32.exe" -startup=smartcpx -check=60 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_mdaffmarmarie_16_20¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyDyE0EyE0B0DyBtC0E0CtByB0C0AyDyCtN0D0Tzu0StCyCtDtCtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDzzyE0EtDyC0A0AtGtC0B0CtCtGzytAyCtAtGtByEyD0DtG0A0A0DyEyB0Czz0D0EzztByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0DtDzyyCtA0B0AtG0CtByC0EtGyEzytDyCtG0A0C0D0BtGtCyB0FtD0C0Azy0B0Azz0F0A2QtN0A0LzuyE%26cr%3D1286597090%26a%3Dwnf_mdaffmarmarie_16_20%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BConnected SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_mdaffmarmarie_16_20¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyDyE0EyE0B0DyBtC0E0CtByB0C0AyDyCtN0D0Tzu0StCyCtDtCtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDzzyE0EtDyC0A0AtGtC0B0CtCtGzytAyCtAtGtByEyD0DtG0A0A0DyEyB0Czz0D0EzztByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0DtDzyyCtA0B0AtG0CtByC0EtGyEzytDyCtG0A0C0D0BtGtCyB0FtD0C0Azy0B0Azz0F0A2QtN0A0LzuyE%26cr%3D1286597090%26a%3Dwnf_mdaffmarmarie_16_20%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BConnected&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_mdaffmarmarie_16_20¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyDyE0EyE0B0DyBtC0E0CtByB0C0AyDyCtN0D0Tzu0StCyCtDtCtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDzzyE0EtDyC0A0AtGtC0B0CtCtGzytAyCtAtGtByEyD0DtG0A0A0DyEyB0Czz0D0EzztByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0DtDzyyCtA0B0AtG0CtByC0EtGyEzytDyCtG0A0C0D0BtGtCyB0FtD0C0Azy0B0Azz0F0A2QtN0A0LzuyE%26cr%3D1286597090%26a%3Dwnf_mdaffmarmarie_16_20%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BConnected&p={searchTerms} Task: {46AC6983-FACE-4ECF-B4D1-9D362097D25C} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION Task: {7326C0A7-CEF1-4F3A-A363-F7951D907369} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION Task: {884E689F-F832-44D6-BCC8-DB8CFDCD75A9} - \{35EB43BE-DCF4-0D78-59EB-0D17D864E85D} -> No File <==== ATTENTION Task: {8AE5DF43-BC2F-4F54-A660-AB34A2603981} - \Optimize Start Menu Cache Files-S-1-5-21-3520924193-2044853642-1748884499-500 -> No File <==== ATTENTION Task: {AA6AEB79-7250-4A35-92D3-9F1E9A6F9AE2} - System32\Tasks\2ae877468b564e445daaea9ec08b3cf1 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File C:\WINDOWS\2ae877468b564e445daaea9ec08b3cf1.ps1 <==== ATTENTION C:\WINDOWS\2ae877468b564e445daaea9ec08b3cf1.ps1 Task: {AE0B7FCB-3B2B-4E78-9EB5-7A6DDFFD4C51} - \Microsoft OneDrive Auto Update Task-S-1-5-21-3520924193-2044853642-1748884499-1001 -> No File <==== ATTENTION HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bsdp32.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bsdp32.sys => ""="Driver" CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state on Hosts: EmptyTemp: