wklejto.pl

Dodane przez: ~Anonim (2019-12-05 00:12) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
245.
246.
247.
248.
249.
250.
251.
252.
253.
254.
255.
256.
257.
258.
259.
260.
261.
262.
263.
264.
265.
266.
267.
268.
269.
270.
271.
272.
273.
274.
275.
276.
277.
278.
279.
280.
281.
282.
283.
284.
285.
286.
287.
288.
289.
290.
291.
292.
293.
294.
295.
296.
297.
298.
299.
300.
301.
302.
303.
304.
305.
306.
307.
308.
309.
310.
311.
312.
313.
314.
315.
316.
317.
318.
319.
320.
321.
322.
323.
324.
325.
326.
327.
328.
329.
330.
331.
332.
333.
334.
335.
336.
337.
338.
339.
340.
341.
342.
343.
344.
345.
346.
347.
348.
349.
350.
351.
352.
353.
354.
355.
356.
357.
358.
359.
360.
361.
362.
363.
364.
365.
366.
367.
368.
369.
370.
371.
372.
373.
374.
375.
376.
377.
378.
379.
380.
381.
382.
383.
384.
385.
386.
387.
388.
389.
390.
391.
392.
393.
394.
395.
396.
397.
398.
399.
400.
401.
402.
403.
404.
405.
406.
407.
408.
409.
410.
411.
412.
413.
414.
415.
416.
417.
418.
419.
420.
421.
422.
423.
424.
425.
426.
427.
428.
429.
430.
431.
432.
433.
434.
435.
436.
437.
438.
439.
440.
441.
442.
443.
444.
445.
446.
447.
448.
449.
450.
451.
452.
453.
454.
455.
456.
457.
458.
459.
460.
461.
462.
463.
464.
465.
466.
467.
468.
469.
470.
471.
472.
473.
474.
475.
476.
477.
478.
479.
480.
481.
482.
483.
484.
485.
486.
487.
488.
489.
490.
491.
492.
493.
494.
495.
496.
497.
498.
499.
500.
501.
502.
503.
504.
505.
506.
507.
508.
509.
510.
511.
512.
513.
514.
515.
516.
517.
518.
519.
520.
521.
522.
523.
524.
525.
526.
527.
528.
529.
530.
531.
532.
533.
534.
535.
536.
537.
538.
539.
540.
541.
542.
543.
544.
545.
546.
547.
548.
549.
550.
551.
552.
553.
554.
555.
556.
557.
558.
559.
560.
561.
562.
563.
564.
565.
566.
567.
568.
569.
570.
571.
572.
573.
574.
575.
576.
577.
578.
579.
580.
581.
582.
583.
584.
585.
586.
587.
588.
589.
590.
591.
592.
593.
594.
595.
596.
597.
598.
599.
600.
601.
602.
603.
604.
605.
606.
607.
608.
609.
610.
611.
612.
613.
614.
615.
616.
617.
618.
619.
620.
621.
622.
623.
624.
625.
626.
627.
628.
629.
630.
631.
632.
633.
634.
635.
636.
637.
638.
639.
640.
641.
642.
643.
644.
645.
646.
647.
648.
649.
650.
651.
652.
653.
654.
655.
656.
657.
658.
659.
660.
661.
662.
663.
664.
665.
666.
667.
668.
669.
670.
671.
672.
673.
674.
675.
676.
677.
678.
679.
680.
681.
682.
683.
684.
685.
686.
687.
688.
689.
690.
691.
692.
693.
694.
695.
696.
697.
698.
699.
700.
701.
702.
703.
704.
705.
706.
707.
708.
709.
710.
711.
712.
713.
714.
715.
716.
717.
718.
719.
720.
721.
722.
723.
724.
725.
726.
727.
728.
729.
730.
731.
732.
733.
734.
735.
736.
737.
738.
739.
740.
741.
742.
743.
744.
745.
746.
747.
748.
749.
750.
751.
752.
753.
754.
755.
756.
757.
758.
759.
760.
761.
762.
763.
764.
765.
766.
767.
768.
769.
770.
771.
772.
773.
774.
775.
776.
777.
778.
779.
780.
781.
782.
783.
784.
785.
786.
787.
788.
789.
790.
791.
792.
793.
794.
795.
796.
797.
798.
799.
800.
801.
802.
803.
804.
805.
806.
807.
808.
809.
810.
811.
812.
813.
814.
815.
816.
817.
818.
819.
820.
821.
822.
823.
824.
825.
826.
827.
828.
829.
830.
831.
832.
833.
834.
835.
836.
837.
838.
839.
840.
841.
842.
843.
844.
845.
846.
847.
848.
849.
850.
851.
852.
853.
854.
855.
856.
857.
858.
859.
860.
861.
862.
863.
864.
865.
866.
867.
868.
869.
870.
871.
872.
873.
874.
875.
876.
877.
878.
879.
880.
881.
882.
883.
884.
885.
886.
887.
888.
889.
890.
891.
892.
893.
894.
895.
896.
897.
898.
899.
900.
901.
902.
903.
904.
905.
906.
907.
908.
909.
910.
911.
912.
913.
914.
915.
916.
917.
918.
919.
920.
921.
922.
923.
924.
925.
926.
927.
928.
929.
930.
931.
932.
933.
934.
935.
936.
937.
938.
939.
940.
941.
942.
943.
944.
945.
946.
947.
948.
949.
950.
951.
952.
953.
954.
955.
956.
957.
958.
959.
960.
961.
962.
963.
964.
965.
966.
967.
968.
969.
970.
971.
972.
973.
974.
975.
976.
977.
978.
979.
980.
981.
982.
983.
984.
985.
986.
987.
988.
989.
990.
991.
992.
993.
994.
995.
996.
997.
998.
999.
1000.
1001.
1002.
1003.
1004.
1005.
1006.
1007.
1008.
1009.
1010.
1011.
1012.
1013.
1014.
1015.
1016.
1017.
1018.
1019.
1020.
1021.
1022.
1023.
1024.
1025.
1026.
1027.
1028.
1029.
1030.
1031.
1032.
1033.
1034.
1035.
1036.
1037.
1038.
1039.
1040.
1041.
1042.
1043.
1044.
1045.
1046.
1047.
1048.
1049.
1050.
1051.
1052.
1053.
1054.
1055.
1056.
1057.
1058.
1059.
1060.
1061.
1062.
1063.
1064.
1065.
1066.
1067.
1068.
1069.
1070.
1071.
1072.
1073.
1074.
1075.
1076.
1077.
1078.
1079.
1080.
1081.
1082.
1083.
1084.
1085.
1086.
1087.
1088.
1089.
1090.
1091.
1092.
1093.
1094.
1095.
1096.
1097.
1098.
1099.
1100.
1101.
1102.
1103.
1104.
1105.
1106.
1107.
1108.
1109.
1110.
1111.
1112.
1113.
1114.
1115.
1116.
1117.
1118.
1119.
1120.
1121.
1122.
1123.
1124.
1125.
1126.
1127.
1128.
1129.
1130.
1131.
1132.
1133.
1134.
1135.
1136.
1137.
1138.
1139.
1140.
1141.
1142.
1143.
1144.
1145.
1146.
1147.
1148.
1149.
1150.
1151.
1152.
1153.
1154.
1155.
1156.
1157.
1158.
1159.
1160.
1161.
1162.
1163.
1164.
1165.
1166.
1167.
1168.
1169.
1170.
1171.
1172.
1173.
1174.
1175.
1176.
1177.
1178.
1179.
1180.
1181.
1182.
1183.
1184.
1185.
1186.
1187.
1188.
1189.
1190.
1191.
1192.
1193.
1194.
1195.
1196.
1197.
1198.
1199.
1200.
1201.
1202.
1203.
1204.
1205.
1206.
1207.
1208.
1209.
1210.
1211.
1212.
1213.
1214.
1215.
1216.
1217.
1218.
1219.
1220.
1221.
1222.
1223.
1224.
1225.
1226.
1227.
1228.
1229.
1230.
1231.
1232.
1233.
1234.
1235.
1236.
1237.
1238.
1239.
1240.
1241.
1242.
1243.
1244.
1245.
1246.
1247.
1248.
1249.
1250.
1251.
1252.
1253.
1254.
1255.
1256.
1257.
1258.
1259.
1260.
1261.
1262.
1263.
1264.
1265.
1266.
1267.
1268.
1269.
1270.
1271.
1272.
1273.
1274.
1275.
1276.
1277.
1278.
1279.
1280.
1281.
1282.
1283.
1284.
1285.
1286.
1287.
1288.
1289.
1290.
1291.
1292.
1293.
1294.
1295.
1296.
1297.
1298.
1299.
1300.
1301.
1302.
1303.
1304.
1305.
1306.
1307.
1308.
1309.
1310.
1311.
1312.
1313.
1314.
1315.
1316.
1317.
1318.
1319.
1320.
1321.
1322.
1323.
1324.
1325.
1326.
1327.
1328.
1329.
1330.
1331.
1332.
1333.
1334.
1335.
1336.
1337.
1338.
1339.
1340.
1341.
1342.
1343.
1344.
1345.
1346.
1347.
1348.
1349.
1350.
1351.
1352.
1353.
1354.
1355.
1356.
1357.
1358.
1359.
1360.
1361.
1362.
1363.
1364.
1365.
1366.
1367.
1368.
1369.
1370.
1371.
1372.
1373.
1374.
1375.
1376.
1377.
1378.
1379.
1380.
1381.
1382.
1383.
1384.
1385.
1386.
1387.
1388.
1389.
1390.
1391.
1392.
1393.
1394.
1395.
1396.
1397.
1398.
1399.
1400.
1401.
1402.
1403.
1404.
1405.
1406.
1407.
1408.
1409.
1410.
1411.
1412.
1413.
1414.
1415.
1416.
1417.
1418.
1419.
1420.
1421.
1422.
1423.
1424.
1425.
1426.
1427.
1428.
1429.
1430.
1431.
1432.
1433.
1434.
1435.
1436.
1437.
1438.
1439.
1440.
1441.
1442.
1443.
1444.
1445.
"Silent Runners.vbs", revision 72, http://www.silentrunners.org/
Operating System: Microsoft Windows 10 Pro (64-bit), Version 1903
Output limited to non-default values, except where indicated by "{++}"
 
 
Startup items buried in registry:
---------------------------------
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
OneDrive = "C:\Users\daw\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [MS]
WTFast Tray = "C:\Program Files (x86)\WTFast\WTFast.exe" trayonly [null data]
CCleaner Smart Cleaning = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [Piriform Software Ltd]
ExpressVPN4 = C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [null data]
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
SecurityHealth = C:\WINDOWS\system32\SecurityHealthSystray.exe
jv16 PT (System Startup Check) = "C:\Program Files (x86)\jv16 PowerTools\jv16pt_PreWorker2.exe" /SysStartupCheck /PT:"C:\Program Files (x86)\jv16 PowerTools\" [null data]
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
IAStorIcon = C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [Intel Corporation]
OnScreen Control = C:\Program Files (x86)\LG Electronics\OnScreen Control\bin\OnScreenStartUpApp.exe [TODO: <Company name>]
Live Update = C:\Program Files (x86)\MSI\Live Update\Live Update.exe /REMINDER [Micro-Star INT'L CO., LTD.]
MSIRegister = "C:\MSI\MSIRegister\MSIRegister.exe" [null data]
SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Oracle Corporation]
Aimersoft Helper Compact.exe = C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [AimerSoft]
ExpressVPNNotificationService = "C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe" [ExpressVPN]
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
 
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\(Default) = Skype for Business Click to Call BHO
  -> {HKLM...CLSID} = Skype for Business Browser Helper
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\OCHelper.dll [MS]
  -> {HKLM...Wow...CLSID} = Skype for Business Browser Helper
                         \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [MS]
 
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Java(tm) Plug-In SSV Helper
                   \InProcServer32\(Default) = C:\Program Files\Java\jre1.8.0_221\bin\ssv.dll [Oracle Corporation]
 
{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Microsoft SkyDrive Pro Browser Helper
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [MS]
  -> {HKLM...Wow...CLSID} = 
                         \InProcServer32\(Default) =  [file not found]
 
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Java(tm) Plug-In 2 SSV Helper
                   \InProcServer32\(Default) = C:\Program Files\Java\jre1.8.0_221\bin\jp2ssv.dll [Oracle Corporation]
 
{EC1E29BB-F56A-45D8-B023-D3EF710FA0E0}\(Default) = ScriptInjectionPluginBrowserHelperObject
  -> {HKLM...CLSID} = Kaspersky Protection
                   \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [AO Kaspersky Lab]
  -> {HKLM...Wow...CLSID} = Kaspersky Protection
                         \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [AO Kaspersky Lab]
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
 
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\(Default) = Lync Click to Call BHO
  -> {HKLM...CLSID} = Skype for Business Browser Helper
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\OCHelper.dll [MS]
  -> {HKLM...Wow...CLSID} = Skype for Business Browser Helper
                         \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [MS]
 
{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Microsoft SkyDrive Pro Browser Helper
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [MS]
  -> {HKLM...Wow...CLSID} = 
                         \InProcServer32\(Default) =  [file not found]
 
{EC1E29BB-F56A-45D8-B023-D3EF710FA0E0}\(Default) = ScriptInjectionPluginBrowserHelperObject
  -> {HKLM...CLSID} = Kaspersky Protection
                   \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [AO Kaspersky Lab]
  -> {HKLM...Wow...CLSID} = Kaspersky Protection
                         \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [AO Kaspersky Lab]
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
 
  GoogleDriveBlacklisted\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}
  -> {HKLM...CLSID} = Google Drive Shell extension
                   \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google]
 
  GoogleDriveSynced\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}
  -> {HKLM...CLSID} = Google Drive Shell extension
                   \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google]
 
  GoogleDriveSyncing\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}
  -> {HKLM...CLSID} = Google Drive Shell extension
                   \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google]
 
 OneDrive6\(Default) = {9AA2F32D-362A-42D9-9328-24A483E2CCC3}
  -> {HKCU...CLSID} = ReadOnlyOverlayHandler Class
                   \InProcServer32\(Default) = C:\Users\daw\AppData\Local\Microsoft\OneDrive\19.192.0926.0012\amd64\FileSyncShell64.dll [MS]
 
 OneDrive7\(Default) = {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}
  -> {HKCU...CLSID} = UpToDateUnpinnedOverlayHandler Class
                   \InProcServer32\(Default) = C:\Users\daw\AppData\Local\Microsoft\OneDrive\19.192.0926.0012\amd64\FileSyncShell64.dll [MS]
 
 SkyDrivePro1 (ErrorConflict)\(Default) = {8BA85C75-763B-4103-94EB-9470F12FE0F7}
  -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [MS]
 
 SkyDrivePro2 (SyncInProgress)\(Default) = {CD55129A-B1A1-438E-A425-CEBC7DC684EE}
  -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [MS]
 
 SkyDrivePro3 (InSync)\(Default) = {E768CD3B-BDDC-436D-9C13-E1B39CA257B1}
  -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync)
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [MS]
 
GGDriveOverlay1\(Default) = {E68D0A50-3C40-4712-B90D-DCFA93FF2534}
  -> {HKLM...CLSID} = GGDriveOverlay1 Class
                   \InProcServer32\(Default) = C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [GG Network S.A.]
 
GGDriveOverlay2\(Default) = {E68D0A51-3C40-4712-B90D-DCFA93FF2534}
  -> {HKLM...CLSID} = GGDriveOverlay2 Class
                   \InProcServer32\(Default) = C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [GG Network S.A.]
 
GGDriveOverlay3\(Default) = {E68D0A52-3C40-4712-B90D-DCFA93FF2534}
  -> {HKLM...CLSID} = GGDriveOverlay3 Class
                   \InProcServer32\(Default) = C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [GG Network S.A.]
 
GGDriveOverlay4\(Default) = {E68D0A53-3C40-4712-B90D-DCFA93FF2534}
  -> {HKLM...CLSID} = GGDriveOverlay4 Class
                   \InProcServer32\(Default) = C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [GG Network S.A.]
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
 
 OneDrive6\(Default) = {9AA2F32D-362A-42D9-9328-24A483E2CCC3}
  -> {HKCU...Wow...CLSID} = ReadOnlyOverlayHandler Class
                         \InProcServer32\(Default) = C:\Users\daw\AppData\Local\Microsoft\OneDrive\19.192.0926.0012\FileSyncShell.dll [MS]
 
 OneDrive7\(Default) = {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}
  -> {HKCU...Wow...CLSID} = UpToDateUnpinnedOverlayHandler Class
                         \InProcServer32\(Default) = C:\Users\daw\AppData\Local\Microsoft\OneDrive\19.192.0926.0012\FileSyncShell.dll [MS]
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\
 
{578480AA-1B1C-4343-AABD-62C0A273DCB5}
  -> {HKLM...CLSID} = Cloud Cache Invalidator SSO
                   \InProcServer32\(Default) = C:\Windows\System32\Windows.CloudStore.dll [MS]
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
 
{09A47860-11B0-4DA5-AFA5-26D86198A780} = EPP
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files\Windows Defender\shellext.dll [MS]
 
{B41DB860-64E4-11D2-9906-E49FADC173CA} = WinRAR shell extension
  -> {HKLM...CLSID} = WinRAR
                   \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]
 
{8BA85C75-763B-4103-94EB-9470F12FE0F7} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)
  -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [MS]
 
{CD55129A-B1A1-438E-A425-CEBC7DC684EE} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)
  -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [MS]
 
{E768CD3B-BDDC-436D-9C13-E1B39CA257B1} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync)
  -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync)
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [MS]
 
{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} = Microsoft SkyDrive Pro Browser Helper
  -> {HKLM...CLSID} = Microsoft SkyDrive Pro Browser Helper
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [MS]
 
{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
  -> {HKLM...CLSID} = Outlook File Icon Extension
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\OLKFSTUB.DLL [MS]
 
{E68D0A50-3C40-4712-B90D-DCFA93FF2534} = GGDriveOverlay1
  -> {HKLM...CLSID} = GGDriveOverlay1 Class
                   \InProcServer32\(Default) = C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [GG Network S.A.]
 
{E68D0A51-3C40-4712-B90D-DCFA93FF2534} = GGDriveOverlay2
  -> {HKLM...CLSID} = GGDriveOverlay2 Class
                   \InProcServer32\(Default) = C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [GG Network S.A.]
 
{E68D0A52-3C40-4712-B90D-DCFA93FF2534} = GGDriveOverlay3
  -> {HKLM...CLSID} = GGDriveOverlay3 Class
                   \InProcServer32\(Default) = C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [GG Network S.A.]
 
{E68D0A53-3C40-4712-B90D-DCFA93FF2534} = GGDriveOverlay4
  -> {HKLM...CLSID} = GGDriveOverlay4 Class
                   \InProcServer32\(Default) = C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [GG Network S.A.]
 
{AD392E40-428C-459F-961E-9B147782D099} = UltraISO
  -> {HKLM...CLSID} = UIContextMenu Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\UltraISO\isoshl64.dll [EZB Systems, Inc.]
 
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
  -> {HKLM...CLSID} = Microsoft Office Metadata Handler
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\msoshext.dll [MS]
 
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\msohevi.dll [MS]
 
{B28AA736-876B-46DA-B3A8-84C5E30BA492} = Witryny sieci Web
  -> {HKLM...CLSID} = Witryny sieci Web
                   \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\WXPNSE.DLL [MS]
 
{755D388B-420B-4692-A974-84AAF0E577D3} = Scan with Kaspersky Anti-Virus
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [AO Kaspersky Lab]
 
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
  -> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\Office16\ONFILTER.DLL [MS]
 
{E3956DCF-D1C7-4375-AAAA-22FF8191C479} = Microsoft Access Metadata Handler
  -> {HKLM...CLSID} = Microsoft Access Metadata Handler
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll [MS]
 
{33154C99-BF49-443D-A73C-303A23ABBE97} = Microsoft Excel Metadata Handler
  -> {HKLM...CLSID} = Microsoft Excel Metadata Handler
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll [MS]
 
{01BE4CFB-129A-452B-A209-F9D40B3B84A5} = Microsoft PowerPoint Metadata Handler
  -> {HKLM...CLSID} = Microsoft PowerPoint Metadata Handler
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll [MS]
 
{5383EF74-273B-4278-AB0C-CDAA9FD5369E} = Microsoft Visio Metadata Handler
  -> {HKLM...CLSID} = Microsoft Visio Metadata Handler
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll [MS]
 
{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} = Microsoft Word Metadata Handler
  -> {HKLM...CLSID} = Microsoft Word Metadata Handler
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll [MS]
 
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Access Thumbnail Handler
  -> {HKLM...CLSID} = Microsoft Access Thumbnail Handler
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll [MS]
 
{72B66649-3DBF-429F-BD6F-7774A9784B78} = Microsoft Excel Thumbnail Handler
  -> {HKLM...CLSID} = Microsoft Excel Thumbnail Handler
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll [MS]
 
{35C5242B-7455-4F9C-962B-369EA43ED6F3} = Microsoft PowerPoint Thumbnail Handler
  -> {HKLM...CLSID} = Microsoft PowerPoint Thumbnail Handler
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll [MS]
 
{AFE9E2F0-5BBA-4169-A33B-EE3727AC3482} = Microsoft Visio Thumbnail Handler
  -> {HKLM...CLSID} = Microsoft Visio Thumbnail Handler
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll [MS]
 
{355822FC-86F1-4BE8-B5F0-A33736789641} = Microsoft Word Thumbnail Handler
  -> {HKLM...CLSID} = Microsoft Word Thumbnail Handler
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll [MS]
 
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
  -> {HKLM...CLSID} = ImageExtractorShellExt Class
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL [MS]
 
{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
  -> {HKLM...CLSID} = CInfoTipShellExt Class
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL [MS]
 
{5E2121EE-0300-11D4-8D3B-444553540000} = Catalyst Context Menu extension
  -> {HKLM...CLSID} = SimpleShlExt Class
                   \InProcServer32\(Default) = C:\Program Files\AMD\CNext\CNext\atiacm64.dll [Advanced Micro Devices, Inc.]
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
 
{DB19096C-5365-4164-A246-59FEFF9D8062} = Nameext
  -> {HKLM...Wow...CLSID} = Projekty w przedsiębiorstwie
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office15\NAMEEXT.DLL [MS]
 
{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
  -> {HKLM...Wow...CLSID} = (no title provided)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office15\OLKFSTUB.DLL [MS]
 
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
  -> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\msoshext.dll [MS]
 
{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)
  -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
                         \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
 
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim
  -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Shim
                         \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
 
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim
  -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Editor Shim
                         \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
 
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim
  -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
                         \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
 
{755D388B-420B-4692-A974-84AAF0E577D3} = Scan with Kaspersky Anti-Virus
  -> {HKLM...Wow...CLSID} = (no title provided)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\shellex.dll [AO Kaspersky Lab]
 
{E3956DCF-D1C7-4375-AAAA-22FF8191C479} = Microsoft Access Metadata Handler
  -> {HKLM...Wow...CLSID} = Microsoft Access Metadata Handler
                         \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll [MS]
 
{33154C99-BF49-443D-A73C-303A23ABBE97} = Microsoft Excel Metadata Handler
  -> {HKLM...Wow...CLSID} = Microsoft Excel Metadata Handler
                         \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll [MS]
 
{01BE4CFB-129A-452B-A209-F9D40B3B84A5} = Microsoft PowerPoint Metadata Handler
  -> {HKLM...Wow...CLSID} = Microsoft PowerPoint Metadata Handler
                         \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll [MS]
 
{5383EF74-273B-4278-AB0C-CDAA9FD5369E} = Microsoft Visio Metadata Handler
  -> {HKLM...Wow...CLSID} = Microsoft Visio Metadata Handler
                         \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll [MS]
 
{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} = Microsoft Word Metadata Handler
  -> {HKLM...Wow...CLSID} = Microsoft Word Metadata Handler
                         \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll [MS]
 
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Access Thumbnail Handler
  -> {HKLM...Wow...CLSID} = Microsoft Access Thumbnail Handler
                         \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll [MS]
 
{72B66649-3DBF-429F-BD6F-7774A9784B78} = Microsoft Excel Thumbnail Handler
  -> {HKLM...Wow...CLSID} = Microsoft Excel Thumbnail Handler
                         \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll [MS]
 
{35C5242B-7455-4F9C-962B-369EA43ED6F3} = Microsoft PowerPoint Thumbnail Handler
  -> {HKLM...Wow...CLSID} = Microsoft PowerPoint Thumbnail Handler
                         \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll [MS]
 
{AFE9E2F0-5BBA-4169-A33B-EE3727AC3482} = Microsoft Visio Thumbnail Handler
  -> {HKLM...Wow...CLSID} = Microsoft Visio Thumbnail Handler
                         \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll [MS]
 
{355822FC-86F1-4BE8-B5F0-A33736789641} = Microsoft Word Thumbnail Handler
  -> {HKLM...Wow...CLSID} = Microsoft Word Thumbnail Handler
                         \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll [MS]
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\
 
{C5D7540A-CD51-453B-B22B-05305BA03F07}\(Default) = Cloud Experience Credential Provider
  -> {HKLM...CLSID} = Cloud Experience Credential Provider
                   \InProcServer32\(Default) = C:\Windows\System32\cxcredprov.dll [MS]
 
{F8A1793B-7873-4046-B2A7-1F318747F427}\(Default) = FIDO Credential Provider
  -> {HKLM...CLSID} = FIDO Credential Provider
                   \InProcServer32\(Default) = C:\WINDOWS\system32\fidocredprov.dll [MS]
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\
{6cfb9c5c-138e-4bb3-8a3d-d5383e910e57}\DllName = C:\WINDOWS\System32\RdpGroupPolicyExtension.dll [file not found]
{CFF649BD-601D-4361-AD3D-0FC365DB4DB7}\DllName = C:\WINDOWS\system32\domgmt.dll [MS]
 
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
 
<<!>> text/xml\CLSID = {807583E5-5146-11D5-A672-00B0D022E945}
  -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLMF.DLL [MS]
 
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\
 
<<!>> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294}
  -> {HKLM...CLSID} = HxProtocol Class
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS]
 
<<!>> mso-minsb-roaming.16\CLSID = {83C25742-A9F7-49FB-9138-434302C88D07}
  -> {HKLM...CLSID} = Min Sandbox Protocol Roaming Class
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [MS]
 
<<!>> mso-minsb.16\CLSID = {42089D2D-912D-4018-9087-2B87803E93FB}
  -> {HKLM...CLSID} = Min Sandbox Protocol Class
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [MS]
 
<<!>> osf\CLSID = {D924BDC6-C83A-4BD5-90D0-095128A113D1}
  -> {HKLM...CLSID} = Protocol Class
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [MS]
 
<<!>> osf-roaming.16\CLSID = {42089D2D-912D-4018-9087-2B87803E93FB}
  -> {HKLM...CLSID} = Min Sandbox Protocol Class
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [MS]
 
<<!>> osf.16\CLSID = {5504BE45-A83B-4808-900A-3A5C36E7F77A}
  -> {HKLM...CLSID} = Protocol Class
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [MS]
 
HKCU\Software\Classes\*\shellex\ContextMenuHandlers\
 
GGDriveMenu\(Default) = {E68D0A55-3C40-4712-B90D-DCFA93FF2534}
  -> {HKCU...CLSID} = GGDriveMenu Class
                   \InProcServer32\(Default) = C:\Users\daw\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll [GG Network S.A.]
 
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
 
GDContextMenu\(Default) = {BB02B294-8425-42E5-983F-41A1FA970CD6}
  -> {HKLM...CLSID} = GDContextMenu Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\contextmenu64.dll [Google]
 
Kaspersky Anti-Virus 19.0.0\(Default) = {755D388B-420B-4692-A974-84AAF0E577D3}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [AO Kaspersky Lab]
  -> {HKLM...Wow...CLSID} = (no title provided)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\shellex.dll [AO Kaspersky Lab]
 
WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  -> {HKLM...CLSID} = WinRAR
                   \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]
 
WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM...Wow...CLSID} = WinRAR
                         \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]
 
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
 
MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
  -> {HKLM...CLSID} = MBAMShlExt Class
                   \InProcServer32\(Default) = C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [Malwarebytes]
 
HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\
 
GGDriveMenu\(Default) = {E68D0A55-3C40-4712-B90D-DCFA93FF2534}
  -> {HKCU...CLSID} = GGDriveMenu Class
                   \InProcServer32\(Default) = C:\Users\daw\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll [GG Network S.A.]
 
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
 
GDContextMenu\(Default) = {BB02B294-8425-42E5-983F-41A1FA970CD6}
  -> {HKLM...CLSID} = GDContextMenu Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\contextmenu64.dll [Google]
 
Kaspersky Anti-Virus 19.0.0\(Default) = {755D388B-420B-4692-A974-84AAF0E577D3}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [AO Kaspersky Lab]
  -> {HKLM...Wow...CLSID} = (no title provided)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\shellex.dll [AO Kaspersky Lab]
 
UltraISO\(Default) = {AD392E40-428C-459F-961E-9B147782D099}
  -> {HKLM...CLSID} = UIContextMenu Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\UltraISO\isoshl64.dll [EZB Systems, Inc.]
 
HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
 
GGDriveMenu\(Default) = {E68D0A55-3C40-4712-B90D-DCFA93FF2534}
  -> {HKCU...CLSID} = GGDriveMenu Class
                   \InProcServer32\(Default) = C:\Users\daw\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll [GG Network S.A.]
 
HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
 
ACE\(Default) = {5E2121EE-0300-11D4-8D3B-444553540000}
  -> {HKLM...CLSID} = SimpleShlExt Class
                   \InProcServer32\(Default) = C:\Program Files\AMD\CNext\CNext\atiacm64.dll [Advanced Micro Devices, Inc.]
 
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
 
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
  -> {HKLM...Wow...CLSID} = PDF Shell Extension
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]
 
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
 
Kaspersky Anti-Virus 19.0.0\(Default) = {755D388B-420B-4692-A974-84AAF0E577D3}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [AO Kaspersky Lab]
  -> {HKLM...Wow...CLSID} = (no title provided)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\shellex.dll [AO Kaspersky Lab]
 
MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
  -> {HKLM...CLSID} = MBAMShlExt Class
                   \InProcServer32\(Default) = C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [Malwarebytes]
 
UltraISO\(Default) = {AD392E40-428C-459F-961E-9B147782D099}
  -> {HKLM...CLSID} = UIContextMenu Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\UltraISO\isoshl64.dll [EZB Systems, Inc.]
 
WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  -> {HKLM...CLSID} = WinRAR
                   \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]
 
WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM...Wow...CLSID} = WinRAR
                         \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]
 
HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\
 
WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  -> {HKLM...CLSID} = WinRAR
                   \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]
 
WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM...Wow...CLSID} = WinRAR
                         \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]
 
 
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
 
Note: detected settings may not have any effect.
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
 
NoDriveAutoRun- = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
 
NoDriveAutoRun- = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
NoDriveTypeAutoRun- = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
 
DSCAutomationHostEnabled = (REG_DWORD) dword:0x00000002
{Computer Configuration|UNDOCUMENTED!|
Value of "2" present by default in W10 v1607 (Anniversary Update)}
 
EnableCursorSuppression = (REG_DWORD) dword:0x00000001
{Computer Configuration|UNDOCUMENTED!|
Value of "1" present by default in W10 v1607 (Anniversary Update)}
 
EnableFullTrustStartupTasks = (REG_DWORD) dword:0x00000002
{Computer Configuration|UNDOCUMENTED!|
Value of "2" present by default in W10 v1709 (Fall Creators Update)}
 
EnableUwpStartupTasks = (REG_DWORD) dword:0x00000002
{Computer Configuration|UNDOCUMENTED!|
Value of "2" present by default in W10 v1709 (Fall Creators Update)}
 
SupportFullTrustStartupTasks = (REG_DWORD) dword:0x00000001
{Computer Configuration|UNDOCUMENTED!|
Value of "1" present by default in W10 v1709 (Fall Creators Update)}
 
SupportUwpStartupTasks = (REG_DWORD) dword:0x00000001
{Computer Configuration|UNDOCUMENTED!|
Value of "1" present by default in W10 v1709 (Fall Creators Update)}
 
SoftwareSASGeneration = (REG_DWORD) dword:0x00000001
{unrecognized setting}
 
 
Active Desktop and Wallpaper:
-----------------------------
 
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
 
 
Enabled Screen Saver:
---------------------
 
HKCU\Control Panel\Desktop\
SCRNSAVE.EXE = C:\Users\daw\Desktop\OTL.scr [OldTimer Tools]
 
 
Windows Portable Device AutoPlay Handlers
-----------------------------------------
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
 
AstroburnLiteBurnDisc\
Provider = Astroburn Lite
InvokeProgID = AstroburnLiteBurnDisc
InvokeVerb = BurnDisc
HKLM\SOFTWARE\Classes\AstroburnLiteBurnDisc\shell\BurnDisc\Command\(Default) = C:\Program Files (x86)\Astroburn Lite\AstroburnLite.exe [Disc Soft Ltd]
 
FindAppPlayDVDMovieOnArrival\
Provider = @mferror.dll,-115
InvokeProgID = FindApp.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\FindApp.DVD\shell\play\command\(Default) = explorer "ms-windows-store://search/?query=DVD" [MS]
 
MSLivePhotoAcquireDropHandler\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.LivePhotoAcqDTShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}
  -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
                   \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]
 
MSLiveShowPicturesOnArrival\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}
  -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
                   \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]
 
MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]
 
MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]
 
MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
 
MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
 
MSPromptEachTime\
Provider = @C:\WINDOWS\system32\shell32.dll,-17411
ProgID = Shell.Autoplay
InitCmdLine = PromptEachTime
HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7}
  -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler
                   \LocalServer32\(Default) = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS]
 
MSPromptEachTimeNoContent\
Provider = @C:\WINDOWS\system32\shell32.dll,-17411
ProgID = Shell.Autoplay
InitCmdLine = PromptEachTimeNoContent
HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7}
  -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler
                   \LocalServer32\(Default) = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS]
 
MSStorageSense\
Provider = @C:\WINDOWS\System32\SettingsHandlers_StorageSense.dll,-100
InvokeProgID = MSStorageSense
InvokeVerb = open
HKLM\SOFTWARE\Classes\MSStorageSense\shell\open\command\(Default) = explorer ms-settings:storagesense [MS]
 
MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]
 
 
Non-disabled Scheduled Tasks: {++}
-----------------------------
 
C:\Windows\System32\Tasks
Adobe Acrobat Update Task ->  launches: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [Adobe Systems]
Adobe Flash Player Updater ->  launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
AMDInstallUEP ->  launches: C:\Program Files\AMD\InstallUEP\AMDInstallUEP.exe [file not found]
AMDLinkUpdate ->  launches: C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe -AMDLinkUpdate [Advanced Micro Devices, Inc.]
BlueStacksHelper ->  launches: C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe -sr [file not found]
CCleaner Update -> (HIDDEN!) launches: C:\Program Files\CCleaner\CCUpdate.exe [Piriform Software Ltd]
CCleanerSkipUAC ->  launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Software Ltd]
GoogleUpdateTaskMachineCore ->  launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA ->  launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d ->  launches: C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller scheduler-impersonate [Intel Corporation]
ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon ->  launches: C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller winlogon-impersonate [Intel Corporation]
ModifyLinkUpdate ->  launches: "C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe" -UpdateCurrentUser [Advanced Micro Devices, Inc.]
MSIGH_Host -> (HIDDEN!) launches: C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe --normal [null data]
MSIOSDx64_Host -> (HIDDEN!) launches: C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe [null data]
MSIOSDx86_Host -> (HIDDEN!) launches: C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe [null data]
MSISW_Host -> (HIDDEN!) launches: C:\WINDOWS\SysWOW64\muachost.exe [MSI]
oCamTask ->  launches: C:\Program Files (x86)\oCam\oCamTask.exe /Run [oh!soft]
OneDrive Standalone Update Task-S-1-5-21-2410118792-1310059698-778459309-1001 ->  launches: %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  [MS]
Opera scheduled Autoupdate 1511290304 ->  launches: C:\Program Files\Opera\launcher.exe --scheduledautoupdate $(Arg0) [Opera Software]
StartCN ->  launches: "C:\Program Files\AMD\CNext\CNext\cncmd.exe" startwithdelay [Advanced Micro Devices, Inc.]
StartDVR ->  launches: "C:\Program Files\AMD\CNext\CNext\RSServCmd.exe" [Advanced Micro Devices, Inc.]
{1B5F98B9-92DB-48E7-8C92-F1822A43734E} ->  launches: C:\Windows\system32\pcalua.exe -a "C:\Users\daw\Downloads\Mimo Installer.exe" -d C:\Users\daw\Downloads [MS]
{554F2A33-E339-474F-8E66-DFA93089F46C} ->  launches: C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\4Media\Video Cutter 2\Uninstall.exe" [MS]
{EB58302A-98E9-4B85-8514-82E2DDD885CB} ->  launches: C:\Windows\system32\pcalua.exe -a H:\setup.exe -d H:\ [MS]
 
C:\Windows\System32\Tasks\Microsoft\Office
Office 15 Subscription Heartbeat ->  launches: %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [MS]
Office Automatic Updates 2.0 ->  launches: C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /frequentupdate SCHEDULEDTASK displaylevel=False [MS]
Office ClickToRun Service Monitor ->  launches: C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /WatchService [MS]
Office Feature Updates ->  launches: C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [MS]
Office Feature Updates Logon ->  launches: C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe /onlogon [MS]
OfficeBackgroundTaskHandlerLogon ->  launches: C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [MS]
OfficeBackgroundTaskHandlerRegistration ->  launches: C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [MS]
OfficeTelemetryAgentFallBack ->  launches: "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload mininterval:2880 [MS]
OfficeTelemetryAgentLogOn ->  launches: "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework
.NET Framework NGEN v4.0.30319 -> (HIDDEN!) launches: {84F0FAE1-C27B-4F6F-807B-28CF6F96287D}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Windows\System32\mscoree.dll [MS]
.NET Framework NGEN v4.0.30319 64 -> (HIDDEN!) launches: {429BC048-379E-45E0-80E4-EB1977941B5C}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Windows\System32\mscoree.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) ->  launches: {BF5CB148-7C77-4D8A-A53E-D81C70CF743C}
  -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\msdrm.dll [MS]
  -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                         \InProcServer32\(Default) = C:\WINDOWS\system32\msdrm.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\AppID
EDP Policy Manager ->  launches: {DECA92E0-AF85-439E-9204-86679978DA08}
  -> {HKLM...CLSID} = EDP Policy Manager Task Handler
                   \InProcServer32\(Default) = C:\WINDOWS\System32\AppLockerCsp.dll [MS]
SmartScreenSpecific ->  launches: {9F2B0085-9218-42A1-88B0-9F0E65851666} [InProcServer32 entry not found]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
Microsoft Compatibility Appraiser ->  launches: %windir%\system32\compattelrunner.exe [MS]
ProgramDataUpdater ->  launches: %windir%\system32\compattelrunner.exe -maintenance [MS]
StartupAppTask ->  launches: %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData
appuriverifierdaily ->  launches: %windir%\system32\AppHostRegistrationVerifier.exe [MS]
appuriverifierinstall ->  launches: %windir%\system32\AppHostRegistrationVerifier.exe [MS]
CleanupTemporaryState ->  launches: %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState [MS]
DsSvcCleanup ->  launches: %windir%\system32\dstokenclean.exe [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy ->  launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\BitLocker
BitLocker Encrypt All Drives ->  launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\WINDOWS\System32\edptask.dll [MS]
BitLocker MDM policy Refresh ->  launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\WINDOWS\System32\edptask.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask ->  launches: BthUdTask.exe $(Arg0) [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\BrokerInfrastructure
BgTaskRegistrationMaintenanceTask ->  launches: {E984D939-0E00-4DD9-AC3A-7ACA04745521} [InProcServer32 entry not found]
 
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
AikCertEnrollTask ->  launches: {47E30D54-DAC1-473A-AFF7-2355BF78881F}
  -> {HKLM...CLSID} = NGC Pregeneration Task Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\ngctasks.dll [MS]
CryptoPolicyTask ->  launches: {47E30D54-DAC1-473A-AFF7-2355BF78881F}
  -> {HKLM...CLSID} = NGC Pregeneration Task Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\ngctasks.dll [MS]
KeyPreGenTask ->  launches: {47E30D54-DAC1-473A-AFF7-2355BF78881F}
  -> {HKLM...CLSID} = NGC Pregeneration Task Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\ngctasks.dll [MS]
SystemTask ->  launches: {58FB76B9-AC85-4E55-AC04-427593B1D060}
  -> {HKLM...CLSID} = Certificate Services Client Task Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS]
  -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
                         \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS]
UserTask ->  launches: {58FB76B9-AC85-4E55-AC04-427593B1D060}
  -> {HKLM...CLSID} = Certificate Services Client Task Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS]
  -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
                         \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS]
UserTask-Roam ->  launches: {58FB76B9-AC85-4E55-AC04-427593B1D060}
  -> {HKLM...CLSID} = Certificate Services Client Task Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS]
  -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
                         \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Chkdsk
ProactiveScan ->  launches: {CF4270F5-2E43-4468-83B3-A8C45BB33EA1}
  -> {HKLM...CLSID} = Proactive Scan
                   \InProcServer32\(Default) = C:\Windows\System32\pstask.dll [MS]
SyspartRepair -> (HIDDEN!) launches: %windir%\system32\bcdboot.exe %windir% /sysrepair [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\CloudExperienceHost
CreateObjectTask -> (HIDDEN!) launches: {E4544ABA-62BF-4C54-AAB2-EC246342626C} [InProcServer32 entry not found]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator ->  launches: %SystemRoot%\System32\wsqmcons.exe [MS]
UsbCeip -> (HIDDEN!) launches: {C27F6B1D-FE0B-45E4-9257-38799FA69BC8}
  -> {HKLM...CLSID} = UsbCeip
                   \InProcServer32\(Default) = C:\WINDOWS\System32\usbceip.dll [MS]
  -> {HKLM...Wow...CLSID} = UsbCeip
                         \InProcServer32\(Default) = C:\WINDOWS\System32\usbceip.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan
Data Integrity Scan ->  launches: {DCFD3EA8-D960-4719-8206-490AE315F94F}
  -> {HKLM...CLSID} = Data Integrity Scan
                   \InProcServer32\(Default) = C:\Windows\System32\discan.dll [MS]
Data Integrity Scan for Crash Recovery -> (HIDDEN!) launches: {DCFD3EA8-D960-4719-8206-490AE315F94F}
  -> {HKLM...CLSID} = Data Integrity Scan
                   \InProcServer32\(Default) = C:\Windows\System32\discan.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag ->  launches: %windir%\system32\defrag.exe -c -h -o -$ [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Device Information
Device ->  launches: %windir%\system32\devicecensus.exe [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Device Setup
Metadata Refresh -> (HIDDEN!) launches: {23C1F3CF-C110-4512-ACA9-7B6174ECE888}
  -> {HKLM...CLSID} = DsmRefreshTask Class
                   \InProcServer32\(Default) = C:\WINDOWS\System32\DeviceSetupManagerAPI.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient
HandleCommand -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
  -> {HKLM...CLSID} = Device Directory Client Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
HandleWnsCommand -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
  -> {HKLM...CLSID} = Device Directory Client Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
LocateCommandUserSession -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
  -> {HKLM...CLSID} = Device Directory Client Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
RegisterDeviceAccountChange -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
  -> {HKLM...CLSID} = Device Directory Client Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
RegisterDeviceLocationRightsChange -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
  -> {HKLM...CLSID} = Device Directory Client Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
RegisterDevicePeriodic24 -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
  -> {HKLM...CLSID} = Device Directory Client Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
RegisterDevicePolicyChange -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
  -> {HKLM...CLSID} = Device Directory Client Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
RegisterDeviceProtectionStateChanged -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
  -> {HKLM...CLSID} = Device Directory Client Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
RegisterDeviceSettingChange -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
  -> {HKLM...CLSID} = Device Directory Client Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
RegisterDeviceWnsFallback -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
  -> {HKLM...CLSID} = Device Directory Client Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
RegisterUserDevice -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
  -> {HKLM...CLSID} = Device Directory Client Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
RecommendedTroubleshootingScanner ->  launches: %windir%\system32\mitigationscanner.exe [MS]
Scheduled -> (HIDDEN!) launches: {C1F85EF8-BCC2-4606-BB39-70C523715EB3}
  -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler
                   \InProcServer32\(Default) = C:\WINDOWS\System32\sdiagschd.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\DirectX
DirectXDatabaseUpdater -> (HIDDEN!) launches: %windir%\system32\directxdatabaseupdater.exe [MS]
DXGIAdapterCache -> (HIDDEN!) launches: %windir%\system32\dxgiadaptercache.exe [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\DiskCleanup
SilentCleanup ->  launches: %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive% [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic
Microsoft-Windows-DiskDiagnosticDataCollector -> (HIDDEN!) launches: %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\DiskFootprint
Diagnostics ->  launches: %windir%\system32\disksnapshot.exe -z [MS]
StorageSense ->  launches: {AB2A519B-03B0-43CE-940A-A73DF850B49A}
  -> {HKLM...CLSID} = StorageUsage State Reporter Task Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\StorageUsage.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\DUSM
dusmtask ->  launches: %SystemRoot%\System32\dusmtask.exe [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\EDP
EDP App Launch Task ->  launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\WINDOWS\System32\edptask.dll [MS]
EDP Auth Task ->  launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\WINDOWS\System32\edptask.dll [MS]
EDP Inaccessible Credentials Task ->  launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\WINDOWS\System32\edptask.dll [MS]
StorageCardEncryption Task ->  launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\WINDOWS\System32\edptask.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\EnterpriseMgmt
MDMMaintenenceTask ->  launches: %windir%\system32\MDMAgent.exe [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\ErrorDetails
EnableErrorDetailsUpdate ->  launches: {FE285C8C-5360-41C1-A700-045501C740DE} [InProcServer32 entry not found]
 
C:\Windows\System32\Tasks\Microsoft\Windows\ExploitGuard
ExploitGuard MDM policy Refresh ->  launches: {711001CD-CC1D-4470-9B7E-1EF73849C79E}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\WINDOWS\System32\MitigationConfiguration.dll [MS]
  -> {HKLM...Wow...CLSID} = (no title provided)
                         \InProcServer32\(Default) = C:\WINDOWS\System32\MitigationConfiguration.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Feedback\Siuf
DmClient ->  launches: %windir%\system32\dmclient.exe [MS]
DmClientOnScenarioDownload ->  launches: %windir%\system32\dmclient.exe utcwnf [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\FileHistory
File History (maintenance mode) ->  launches: {89917B7C-A1A6-11DF-8BF6-18A90531A85A}
  -> {HKLM...CLSID} = FhTaskHandler Class
                   \InProcServer32\(Default) = C:\WINDOWS\System32\fhtask.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig
ReconcileFeatures ->  launches: {59EECBFE-C2F5-4419-9B99-13FE05FF2675}
  -> {HKLM...CLSID} = Feature Configuration Reconciliation Task Handler
                   \InProcServer32\(Default) = C:\Windows\System32\fcon.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Flighting\OneSettings
RefreshCache ->  launches: {E07647F7-AED2-48D9-9720-939BC24A8A3C}
  -> {HKLM...CLSID} = OneSettings Refresh Cache Task Handler
                   \InProcServer32\(Default) = C:\Windows\System32\wosc.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\HelloFace
FODCleanupTask -> (HIDDEN!) launches: %WinDir%\System32\WinBioPlugIns\FaceFodUninstaller.exe [null data]
 
C:\Windows\System32\Tasks\Microsoft\Windows\InstallService
ScanForUpdates ->  launches: {A558C6A5-B42B-4C98-B610-BF9559143139}
  -> {HKLM...CLSID} = ScanForUpdates InstallService Task
                   \InProcServer32\(Default) = C:\Windows\System32\InstallServiceTasks.dll [MS]
  -> {HKLM...Wow...CLSID} = ScanForUpdates InstallService Task
                         \InProcServer32\(Default) = C:\Windows\SysWOW64\InstallServiceTasks.dll [MS]
ScanForUpdatesAsUser ->  launches: {DDAFAEA2-8842-4E96-BADE-D44A8D676FDB}
  -> {HKLM...CLSID} = ScanForUpdates InstallService Task
                   \InProcServer32\(Default) = C:\Windows\System32\InstallServiceTasks.dll [MS]
  -> {HKLM...Wow...CLSID} = ScanForUpdates InstallService Task
                         \InProcServer32\(Default) = C:\Windows\SysWOW64\InstallServiceTasks.dll [MS]
SmartRetry ->  launches: {F3A219C3-2698-4CBF-9C07-037EDB8E72E6}
  -> {HKLM...CLSID} = SmartRetry InstallService Task
                   \InProcServer32\(Default) = C:\Windows\System32\InstallServiceTasks.dll [MS]
  -> {HKLM...Wow...CLSID} = SmartRetry InstallService Task
                         \InProcServer32\(Default) = C:\Windows\SysWOW64\InstallServiceTasks.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller
Installation ->  launches: {6F58F65F-EC0E-4ACA-99FE-FC5A1A25E4BE}
  -> {HKLM...CLSID} = Language Components Installer
                   \InProcServer32\(Default) = C:\Windows\System32\LanguageComponentsInstaller.dll [MS]
ReconcileLanguageResources ->  launches: {D0582E3B-3126-4CAA-9155-AC37C912A489} [InProcServer32 entry not found]
 
C:\Windows\System32\Tasks\Microsoft\Windows\License Manager
TempSignedLicenseExchange -> (HIDDEN!) launches: {77646A68-AD14-4D53-897D-7BE4DDE5F929}
  -> {HKLM...CLSID} = TempSignedLicenseExchangeTask
                   \InProcServer32\(Default) = C:\Windows\System32\TempSignedLicenseExchangeTask.dll [MS]
  -> {HKLM...Wow...CLSID} = TempSignedLicenseExchangeTask
                         \InProcServer32\(Default) = C:\Windows\SysWOW64\TempSignedLicenseExchangeTask.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications ->  launches: %windir%\System32\LocationNotificationWindows.exe [MS]
WindowsActionDialog ->  launches: %windir%\System32\WindowsActionDialog.exe [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT ->  launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
  -> {HKLM...CLSID} = WinSAT Task Manger Task
                   \InProcServer32\(Default) = C:\WINDOWS\system32\WinSATAPI.dll [MS]
  -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task
                         \InProcServer32\(Default) = C:\WINDOWS\system32\WinSATAPI.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Management\Provisioning
Cellular -> (HIDDEN!) launches: %windir%\system32\ProvTool.exe /turn 7 /source CellStateChangeTask [MS]
Logon -> (HIDDEN!) launches: %windir%\system32\ProvTool.exe /turn 5 /source LogonIdleTask [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Maps
MapsToastTask -> (HIDDEN!) launches: {9885AEF2-BD9F-41E0-B15E-B3141395E803}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\WINDOWS\System32\mapstoasttask.dll [MS]
  -> {HKLM...Wow...CLSID} = (no title provided)
                         \InProcServer32\(Default) = C:\WINDOWS\System32\mapstoasttask.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
ActivateWindowsSearch ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [file not found]
ConfigureInternetTimeService ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [file not found]
DispatchRecoveryTasks ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [file not found]
ehDRMInit ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [file not found]
InstallPlayReady ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [file not found]
mcupdate ->  launches: %SystemRoot%\ehome\mcupdate $(Arg0) [file not found]
mcupdate_scheduled ->  launches: %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 [file not found]
MediaCenterRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [file not found]
ObjectStoreRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [file not found]
OCURActivate ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [file not found]
OCURDiscovery ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [file not found]
PBDADiscovery ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [file not found]
PBDADiscoveryW1 ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [file not found]
PBDADiscoveryW2 ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [file not found]
PvrRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [file not found]
PvrScheduleTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [file not found]
RegisterSearch ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [file not found]
ReindexSearchRoot ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [file not found]
SqlLiteRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [file not found]
StartRecording ->  launches: %SystemRoot%\ehome\ehrec /StartRecording [file not found]
UpdateRecordPath ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [file not found]
 
C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
ProcessMemoryDiagnosticEvents -> (HIDDEN!) launches: {8168E74A-B39F-46D8-ADCD-7BED477B80A3}
  -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler
                   \InProcServer32\(Default) = C:\WINDOWS\System32\MemoryDiagnostic.dll [MS]
RunFullMemoryDiagnostic -> (HIDDEN!) launches: {8168E74A-B39F-46D8-ADCD-7BED477B80A3}
  -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler
                   \InProcServer32\(Default) = C:\WINDOWS\System32\MemoryDiagnostic.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts
MNO Metadata Parser ->  launches: %SystemRoot%\System32\MbaeParserTask.exe [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart ->  launches: {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} [InProcServer32 entry not found]
 
C:\Windows\System32\Tasks\Microsoft\Windows\MUI
LPRemove ->  launches: %windir%\system32\lpremove.exe [MS]
Mcbuilder ->  launches: C:\Windows\System32\mcbuilder.exe [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService ->  launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
  -> {HKLM...CLSID} = Microsoft PlaySoundService Class
                   \InProcServer32\(Default) = C:\WINDOWS\System32\PlaySndSrv.dll [MS]
  -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
                         \InProcServer32\(Default) = C:\WINDOWS\System32\PlaySndSrv.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo ->  launches: %windir%\system32\gatherNetworkInfo.vbs [null data]
 
C:\Windows\System32\Tasks\Microsoft\Windows\NlaSvc
WiFiTask -> (HIDDEN!) launches: %SystemRoot%\System32\WiFiTask.exe nla [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\PI
Secure-Boot-Update ->  launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
  -> {HKLM...CLSID} = TPM Maintenance Task Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS]
Sqm-Tasks ->  launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
  -> {HKLM...CLSID} = TPM Maintenance Task Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play
Device Install Group Policy -> (HIDDEN!) launches: {60400283-B242-4FA8-8C25-CAF695B88209}
  -> {HKLM...CLSID} = Device Installation Group Policy Task Handler
                   \InProcServer32\(Default) = C:\Windows\System32\pnppolicy.dll [MS]
Device Install Reboot Required -> (HIDDEN!) launches: {48794782-6A1F-47B9-BD52-1D5F95D49C1B}
  -> {HKLM...CLSID} = Device Installation Reboot Dialog Task
                   \InProcServer32\(Default) = C:\Windows\System32\pnpui.dll [MS]
Plug and Play Cleanup ->  launches: {DEF03232-9688-11E2-BE7F-B4B52FD966FF} [InProcServer32 entry not found]
Sysprep Generalize Drivers ->  launches: %SystemRoot%\System32\drvinst.exe 6 [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem ->  launches: {927EA2AF-1C54-43D5-825E-0074CE028EEE}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\WINDOWS\System32\energytask.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Printing
EduPrintProv ->  launches: %windir%\system32\eduprintprov.exe [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\PushToInstall
Registration ->  launches: %windir%\system32\sc.exe start pushtoinstall registration [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager ->  launches: {C463A0FC-794F-4FDF-9201-01938CEACAFA}
  -> {HKLM...CLSID} = RasMobilityManager
                   \InProcServer32\(Default) = C:\WINDOWS\system32\rasmbmgr.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {CA767AA8-9157-4604-B64B-40747123D5F2}
  -> {HKLM...CLSID} = RegistryIdleBackupHandler
                   \InProcServer32\(Default) = C:\WINDOWS\System32\regidle.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Servicing
StartComponentCleanup ->  launches: {752073A1-23F2-4396-85F0-8FDB879ED0ED} [InProcServer32 entry not found]
 
C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync
BackgroundUploadTask -> (HIDDEN!) launches: {59B9640B-3F70-4D1C-B159-F26EEB8A4C87}
  -> {HKLM...CLSID} = Delayed Background Upload Task Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS]
  -> {HKLM...Wow...CLSID} = Delayed Background Upload Task Handler
                         \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS]
NetworkStateChangeTask -> (HIDDEN!) launches: {A4173A49-F373-4475-9A0F-2D615204DC20}
  -> {HKLM...CLSID} = Network State Change Task Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS]
  -> {HKLM...Wow...CLSID} = Network State Change Task Handler
                         \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Shell
CreateObjectTask -> (HIDDEN!) launches: {990A9F8F-301F-45F7-8D0E-68C5952DBA43}
  -> {HKLM...CLSID} = Shell Create Object Task Delegate
                   \InProcServer32\(Default) = C:\WINDOWS\system32\shell32.dll [MS]
  -> {HKLM...Wow...CLSID} = Shell Create Object Task Delegate
                         \InProcServer32\(Default) = C:\WINDOWS\system32\shell32.dll [MS]
FamilySafetyMonitor ->  launches: %windir%\System32\wpcmon.exe [MS]
FamilySafetyRefreshTask ->  launches: {C844C79D-AED8-4DCE-AB25-4D359BED84F8}
  -> {HKLM...CLSID} = FamilySafetyRefreshTask
                   \InProcServer32\(Default) = C:\WINDOWS\System32\WpcRefreshTask.dll [MS]
IndexerAutomaticMaintenance ->  launches: {3FBA60A6-7BF5-4868-A2CA-6623B3DFFEA6}
  -> {HKLM...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby
                   \InProcServer32\(Default) = C:\WINDOWS\System32\srchadmin.dll [MS]
  -> {HKLM...Wow...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby
                         \InProcServer32\(Default) = C:\WINDOWS\System32\srchadmin.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager ->  launches: {FF87090D-4A9A-4F47-879B-29A80C355D61} [InProcServer32 entry not found]
 
C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform
SvcRestartTask -> (HIDDEN!) launches: {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC}
  -> {HKLM...CLSID} = SppSvcRestartTaskHandler Class
                   \InProcServer32\(Default) = C:\WINDOWS\System32\sppcext.dll [MS]
  -> {HKLM...Wow...CLSID} = SppSvcRestartTaskHandler Class
                         \InProcServer32\(Default) = C:\WINDOWS\System32\sppcext.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort
SpaceAgentTask ->  launches: %windir%\system32\SpaceAgent.exe [MS]
SpaceManagerTask ->  launches: %windir%\system32\spaceman.exe /Work [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Speech
HeadsetButtonPress ->  launches: %windir%\system32\speech_onecore\common\SpeechRuntime.exe StartedFromTask [MS]
SpeechModelDownloadTask ->  launches: %windir%\system32\speech_onecore\common\SpeechModelDownload.exe [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\StateRepository
MaintenanceTasks ->  launches: %windir%\system32\rundll32.exe %windir%\system32\Windows.StateRepositoryClient.dll,StateRepositoryDoMaintenanceTasks [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Storage Tiers Management
Storage Tiers Management Initialization ->  launches: {5C9AB547-345D-4175-9AF6-65133463A100} [InProcServer32 entry not found]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Subscription
EnableLicenseAcquisition -> (HIDDEN!) launches: %SystemRoot%\system32\ClipRenew.exe -e [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain
ResPriStaticDbSync ->  launches: {297EE78C-BA95-4E94-81D3-D6E7F089C7B5}
  -> {HKLM...CLSID} = Reserved Priority Static Db Sync Task
                   \InProcServer32\(Default) = C:\WINDOWS\system32\sysmain.dll [MS]
WsSwapAssessmentTask ->  launches: %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR ->  launches: %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855FEC53-D2E4-4999-9E87-3414E9CF0FF4}
  -> {HKLM...CLSID} = RunTask
                   \InProcServer32\(Default) = C:\WINDOWS\system32\wdc.dll [MS]
  -> {HKLM...Wow...CLSID} = RunTask
                         \InProcServer32\(Default) = C:\WINDOWS\system32\wdc.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 ->  launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 ->  launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575CFE-9A55-4003-A5E1-F38D1EBDCBE1}
  -> {HKLM...CLSID} = MsCtfMonitor task handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\MsCtfMonitor.dll [MS]
  -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
                         \InProcServer32\(Default) = C:\WINDOWS\system32\MsCtfMonitor.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
ForceSynchronizeTime ->  launches: {A31AD6C2-FF4C-43D4-8E90-7101023096F9}
  -> {HKLM...CLSID} = Time Synchronization Task Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\TimeSyncTask.dll [MS]
SynchronizeTime ->  launches: %windir%\system32\sc.exe start w32time task_started [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Time Zone
SynchronizeTimeZone ->  launches: %windir%\system32\tzsync.exe [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\TPM
Tpm-HASCertRetr ->  launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
  -> {HKLM...CLSID} = TPM Maintenance Task Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS]
Tpm-Maintenance ->  launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
  -> {HKLM...CLSID} = TPM Maintenance Task Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator
Backup Scan ->  launches: %systemroot%\system32\usoclient.exe StartScan [MS]
MusUx_UpdateInterval ->  launches: %systemroot%\system32\MusNotification.exe Display [MS]
Reboot ->  launches: %systemroot%\system32\MusNotification.exe Reboot [MS]
Schedule Scan ->  launches: %systemroot%\system32\usoclient.exe StartScan [MS]
Schedule Scan Static Task ->  launches: %systemroot%\system32\usoclient.exe StartScan [MS]
Universal Orchestrator Start ->  launches: %systemroot%\system32\usoclient.exe StartUWork [MS]
UpdateModelTask ->  launches: %systemroot%\system32\usoclient.exe StartModelUpdates [MS]
USO_Broker_Display ->  launches: %systemroot%\system32\MusNotification.exe Display [MS]
USO_UxBroker ->  launches: %systemroot%\system32\MusNotification.exe [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig ->  launches: sc.exe config upnphost start= auto [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\USB
Usb-Notifications -> (HIDDEN!) launches: {E05BE1C8-92A8-4757-B575-ACAECB4E6A40}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Windows\System32\UsbTask.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\WaaSMedic
PerformRemediation ->  launches: {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32} [InProcServer32 entry not found]
 
C:\Windows\System32\Tasks\Microsoft\Windows\WCM
WiFiTask -> (HIDDEN!) launches: %SystemRoot%\System32\WiFiTask.exe [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900BE39D-6BE8-461A-BC4D-B0FA71F5ECB1}
  -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
                   \InProcServer32\(Default) = C:\WINDOWS\System32\wdi.dll [MS]
  -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
                         \InProcServer32\(Default) = C:\WINDOWS\System32\wdi.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting ->  launches: %windir%\system32\wermgr.exe -upload [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary ->  launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem
Calibration Loader ->  launches: {B210D694-C8DF-490D-9576-9E20CDBC20BD}
  -> {HKLM...CLSID} = Color Calibration Loader
                   \InProcServer32\(Default) = C:\Windows\System32\mscms.dll [MS]
  -> {HKLM...Wow...CLSID} = Color Calibration Loader
                         \InProcServer32\(Default) = C:\Windows\SysWOW64\mscms.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate
Scheduled Start ->  launches: C:\WINDOWS\system32\sc.exe start wuauserv [MS]
sihpostreboot ->  launches: %systemroot%\system32\sihclient.exe /PostReboot [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Wininet
CacheTask ->  launches: {0358B920-0AC7-461F-98F4-58E32CD89148}
  -> {HKLM...CLSID} = Wininet Cache task object
                   \InProcServer32\(Default) = C:\WINDOWS\system32\wininet.dll [MS]
  -> {HKLM...Wow...CLSID} = Wininet Cache task object
                         \InProcServer32\(Default) = C:\WINDOWS\system32\wininet.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\WlanSvc
CDSSync ->  launches: {B0D2B535-12E1-439F-86B3-BADA289510F0}
  -> {HKLM...CLSID} = WlanSyncTaskCommon
                   \InProcServer32\(Default) = C:\Windows\System32\WiFiCloudStore.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\WOF
WIM-Hash-Management ->  launches: {B7BFFB5A-EFA8-4D8C-BBDE-C8D5FAAF54A1}
  -> {HKLM...CLSID} = WOF Task Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\WofTasks.dll [MS]
WIM-Hash-Validation ->  launches: {B7BFFB5A-EFA8-4D8C-BBDE-C8D5FAAF54A1}
  -> {HKLM...CLSID} = WOF Task Handler
                   \InProcServer32\(Default) = C:\WINDOWS\system32\WofTasks.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Work Folders
Work Folders Logon Synchronization ->  launches: {97D47D56-3777-49FB-8E8F-90D7E30E1A1E}
  -> {HKLM...CLSID} = Work Folder Logon Trigger Class
                   \InProcServer32\(Default) = C:\Windows\System32\WorkFoldersShell.dll [MS]
Work Folders Maintenance Work ->  launches: {63260BCE-A3FB-4A34-AA51-D4D8E877B62B}
  -> {HKLM...CLSID} = Work Folder Maintenance Task Class
                   \InProcServer32\(Default) = C:\Windows\System32\WorkFoldersShell.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\WwanSvc
NotificationTask -> (HIDDEN!) launches: %SystemRoot%\System32\WiFiTask.exe wwan [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows Defender
MP Scheduled Scan -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE
Extractor Definitions Update Task ->  launches: {3519154C-227E-47F3-9CC9-12C3F05817F1}
  -> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater
                         \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\XblGameSave
XblGameSaveTask ->  launches: %windir%\System32\XblGameSaveTask.exe standby [MS]
XblGameSaveTaskLogon ->  launches: %windir%\System32\XblGameSaveTask.exe logon [MS]
 
C:\Windows\System32\Tasks\WPD
SqmUpload_S-1-5-21-2410118792-1310059698-778459309-1001 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]
 
 
Winsock2 Service Provider DLLs:
-------------------------------
 
Namespace Service Providers
 
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000006\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
 
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000006\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
 
Transport Service Providers
 
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 14
 
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 14
 
 
Toolbars, Explorer Bars, Extensions:
------------------------------------
 
Toolbars
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
{C500C267-63BF-451F-8797-4D720C9A2ED9} = (no title provided)
  -> {HKLM...CLSID} = Kaspersky Protection Toolbar
                   \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [AO Kaspersky Lab]
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\
{C500C267-63BF-451F-8797-4D720C9A2ED9} = (no title provided)
  -> {HKLM...Wow...CLSID} = Kaspersky Protection Toolbar
                         \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [AO Kaspersky Lab]
 
Extensions (Tools menu items, main toolbar menu buttons)
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Send to OneNote
MenuText = Se&nd to OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
  -> {HKLM...CLSID} = Send to OneNote from Internet Explorer button
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll [MS]
 
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\
ButtonText = Lync — kliknij, aby połączyć
MenuText = Lync — kliknij, aby połączyć
CLSIDExtension = {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
  -> {HKLM...CLSID} = Skype for Business Browser Helper
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\OCHelper.dll [MS]
 
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = OneNote Lin&ked Notes
MenuText = OneNote Lin&ked Notes
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
  -> {HKLM...CLSID} = Linked Notes button
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll [MS]
 
{A95FE080-8F5D-11D2-A20B-00AA003C157A}\
ButtonText = @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101
MenuText = @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101
Script = C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html [file not found]
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Send to OneNote
MenuText = Se&nd to OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
  -> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button
                         \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll [MS]
 
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\
ButtonText = Lync Click to Call
MenuText = Lync Click to Call
CLSIDExtension = {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
  -> {HKLM...Wow...CLSID} = Skype for Business Browser Helper
                         \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [MS]
 
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = OneNote Lin&ked Notes
MenuText = OneNote Lin&ked Notes
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
  -> {HKLM...Wow...CLSID} = Linked Notes button
                         \InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll [MS]
 
 
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
 
Adapter odbiornika Net.Msmq, NetMsmqActivator, "C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [MS]
Adapter odbiornika Net.Pipe, NetPipeActivator, C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [MS]
Adapter odbiornika Net.Tcp, NetTcpActivator, C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [MS]
Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems]
AMD External Events Utility, AMD External Events Utility, C:\WINDOWS\System32\DriverStore\FileRepository\c0348309.inf_amd64_da0b285cf0c5a651\B348293\atiesrxx.exe [AMD]
Broker monitorów czasu wykonywania funkcji System Guard, SgrmBroker, C:\WINDOWS\system32\SgrmBroker.exe [MS]
ExpressVPN Service, ExpressVPNService, "C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe" [ExpressVPN]
GamingApp_Service, GamingApp_Service, "C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe" [null data]
HuaweiHiSuiteService64.exe, HuaweiHiSuiteService64.exe, "C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe" -/service [null data]
Intel(R) Capability Licensing Service Interface, Intel(R) Capability Licensing Service Interface, "C:\Program Files\Intel\iCLS Client\HeciServer.exe" [Intel(R) Corporation]
Intel(R) Dynamic Application Loader Host Interface Service, jhi_service, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [Intel Corporation]
Intel(R) Management and Security Application Local Management Service, LMS, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [Intel Corporation]
Intel(R) Management and Security Application User Notification Service, UNS, "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [Intel Corporation]
Intel(R) ME Service, Intel(R) ME Service, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [Intel Corporation]
Intel(R) Rapid Storage Technology, IAStorDataMgrSvc, "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" [null data]
MSI Gaming Hotkey Service, GamingHotkey_Service, "C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe" [Micro-Star INT'L CO., LTD.]
MSI Live Update Service, MSI_LiveUpdate_Service, "C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe" [Micro-Star INT'L CO., LTD.]
MSI_ActiveX_Service, MSI_ActiveX_Service, "C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe" [null data]
MSIREGISTER_MR, MSIREGISTER_MR, C:\MSI\MSIRegister\MSIRegisterService.exe [Micro-Star INT'L CO., LTD.]
Usługa AVCTP, BthAvctpSvc, C:\WINDOWS\system32\svchost.exe -k LocalService -p {C:\WINDOWS\System32\BthAvctpSvc.dll [MS]}
Usługa infrastruktury zadań w tle, BrokerInfrastructure, C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p {C:\WINDOWS\System32\psmsrv.dll [MS]}
Usługa Kaspersky Anti-Virus 19.0.0, AVP19.0.0, "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe" -r [AO Kaspersky Lab]
Usługa Kaspersky Secure Connection 3.0.0, KSDE3.0.0, "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe" -r [AO Kaspersky Lab]
Usługa koordynatora aktualizacji, UsoSvc, C:\WINDOWS\system32\svchost.exe -k netsvcs -p {C:\WINDOWS\system32\usosvc.dll [MS]}
Usługa Szybka instalacja pakietu Microsoft Office, ClickToRunSvc, "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service [MS]
Usługa udostępniania portów Net.Tcp, NetTcpPortSharing, C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [MS]
Usługa zasad wyświetlania, DispBrokerDesktopSvc, C:\WINDOWS\system32\svchost.exe -k LocalService -p {C:\WINDOWS\System32\DispBroker.Desktop.dll [MS]}
Xbox Accessory Management Service, XboxGipSvc, C:\WINDOWS\system32\svchost.exe -k netsvcs -p {C:\WINDOWS\System32\XboxGipSvc.dll [MS]}
 
 
Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------
 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\
 
<<!>> AudioEndpointBuilder, Service
<<!>> AudioSrv, Service
<<!>> CBDHSvc, Service
<<!>> HdAudAddService.Sys, Driver
<<!>> HdAudBus.Sys, Driver
<<!>> iai2c.sys, Driver
<<!>> SerCx2.sys, Driver
<<!>> usbaudio.sys, Driver
<<!>> {4D36E96C-E325-11CE-BFC1-08002BE10318}, Media
<<!>> {F2E7DD72-6468-4E36-B6F1-6488F42C1B52}, Firmware
 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\
 
<<!>> AudioEndpointBuilder, Service
<<!>> AudioSrv, Service
<<!>> CBDHSvc, Service
<<!>> HdAudAddService.Sys, Driver
<<!>> HdAudBus.Sys, Driver
<<!>> NetSetupSvc, Service
<<!>> SerCx2.sys, Driver
<<!>> usbaudio.sys, Driver
<<!>> WinQuic, Driver
<<!>> {4D36E96C-E325-11CE-BFC1-08002BE10318}, Media
<<!>> {F2E7DD72-6468-4E36-B6F1-6488F42C1B52}, Firmware
 
 
Accessibility Tools:
--------------------
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\SessionTransit\
Configuration =  
 
 
Keyboard Driver Filters:
------------------------
 
HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
<<!>> UpperFilters = <<!>> klkbdflt [AO Kaspersky Lab],<<!>> ikbevent [null data],kbdclass [MS]
 
 
Print Monitors:
---------------
 
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Appmon\Driver = AppMon.dll [MS]
WSD Port\Driver = APMon.dll [MS]
 
 
---------- (launch time: 2019-12-05 00:03:30)
<<!>>: Suspicious data at a malware launch point.
 
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points, use the -supp parameter or answer "No" at the
  first message box and "Yes" at the second message box.
---------- (total run time: 51 seconds, including 7 seconds for message boxes)
 
Wygenerowano w 0.015s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!