wklejto.pl

Dodane przez: ~Anonim (2020-04-27 20:56) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
245.
246.
247.
248.
249.
250.
251.
252.
253.
254.
255.
256.
257.
258.
259.
260.
261.
262.
263.
264.
265.
266.
267.
268.
269.
270.
271.
272.
273.
274.
275.
276.
277.
278.
279.
280.
281.
282.
283.
284.
285.
286.
287.
288.
289.
290.
291.
292.
293.
294.
295.
296.
297.
298.
299.
300.
301.
302.
303.
304.
305.
306.
307.
308.
309.
310.
311.
312.
313.
314.
315.
316.
317.
318.
319.
320.
321.
322.
323.
324.
325.
326.
327.
328.
329.
330.
331.
332.
333.
334.
335.
336.
337.
338.
339.
340.
341.
342.
343.
344.
345.
346.
347.
348.
349.
350.
351.
352.
353.
354.
355.
356.
357.
358.
359.
360.
361.
362.
363.
364.
365.
366.
367.
368.
369.
370.
371.
372.
373.
374.
375.
376.
377.
378.
379.
380.
381.
382.
383.
384.
385.
386.
387.
388.
389.
390.
391.
392.
393.
394.
395.
396.
397.
398.
399.
400.
401.
402.
403.
404.
405.
406.
407.
408.
409.
410.
411.
412.
413.
414.
415.
416.
417.
418.
419.
420.
421.
422.
423.
424.
425.
426.
427.
428.
429.
430.
431.
432.
433.
434.
435.
436.
437.
438.
439.
440.
441.
442.
443.
444.
445.
446.
447.
448.
449.
450.
451.
452.
453.
454.
455.
456.
457.
458.
459.
460.
461.
462.
463.
464.
465.
466.
467.
468.
469.
470.
471.
472.
473.
474.
475.
476.
477.
478.
479.
480.
481.
482.
483.
484.
485.
486.
487.
488.
489.
490.
491.
492.
493.
494.
495.
496.
497.
498.
499.
500.
501.
502.
503.
504.
505.
506.
507.
508.
509.
510.
511.
512.
513.
514.
515.
516.
517.
518.
519.
520.
521.
522.
523.
524.
525.
526.
527.
528.
529.
530.
531.
532.
533.
534.
535.
536.
537.
538.
539.
540.
541.
542.
543.
544.
545.
546.
547.
548.
549.
550.
551.
552.
553.
554.
555.
556.
557.
558.
559.
560.
561.
562.
563.
564.
565.
566.
567.
568.
569.
570.
571.
572.
573.
574.
575.
576.
577.
578.
579.
580.
581.
582.
583.
584.
585.
586.
587.
588.
589.
590.
591.
592.
593.
594.
595.
596.
597.
598.
599.
600.
601.
602.
603.
604.
605.
606.
607.
608.
609.
610.
611.
612.
613.
614.
615.
616.
617.
618.
619.
620.
621.
622.
623.
624.
625.
626.
627.
628.
629.
630.
631.
632.
633.
634.
635.
636.
637.
638.
639.
640.
641.
642.
643.
644.
645.
646.
647.
648.
649.
650.
651.
652.
653.
654.
655.
656.
657.
658.
659.
660.
661.
662.
663.
664.
665.
666.
667.
668.
669.
670.
671.
672.
673.
674.
675.
676.
677.
678.
679.
680.
681.
682.
683.
684.
685.
686.
687.
688.
689.
690.
691.
692.
693.
694.
695.
696.
697.
698.
699.
700.
701.
702.
703.
704.
705.
706.
707.
708.
709.
710.
711.
712.
713.
714.
715.
716.
717.
718.
719.
720.
721.
722.
723.
724.
725.
726.
727.
728.
729.
730.
731.
732.
733.
734.
735.
736.
737.
738.
739.
740.
741.
742.
743.
744.
745.
746.
747.
748.
749.
750.
751.
752.
753.
754.
755.
756.
757.
758.
759.
760.
761.
762.
763.
764.
765.
766.
767.
768.
769.
770.
771.
772.
773.
774.
775.
776.
777.
778.
779.
780.
781.
782.
783.
784.
785.
786.
787.
788.
789.
790.
791.
792.
793.
794.
795.
796.
797.
798.
799.
800.
801.
802.
803.
804.
805.
806.
807.
808.
809.
810.
811.
812.
813.
814.
815.
816.
817.
818.
819.
820.
821.
822.
823.
824.
825.
826.
827.
828.
829.
830.
831.
832.
833.
834.
835.
836.
837.
838.
839.
840.
841.
842.
843.
844.
845.
846.
847.
848.
849.
850.
851.
852.
853.
854.
855.
856.
857.
858.
859.
860.
861.
862.
863.
864.
865.
866.
867.
868.
869.
870.
871.
872.
873.
874.
875.
876.
877.
878.
879.
880.
881.
882.
883.
884.
885.
886.
887.
888.
889.
890.
891.
892.
893.
894.
895.
896.
897.
898.
899.
900.
901.
902.
903.
904.
905.
906.
907.
908.
909.
910.
911.
912.
913.
914.
915.
916.
917.
918.
919.
920.
921.
922.
923.
924.
925.
926.
927.
928.
929.
930.
931.
932.
933.
934.
935.
936.
937.
938.
939.
940.
941.
942.
943.
944.
945.
946.
947.
948.
949.
950.
951.
952.
953.
954.
955.
956.
957.
958.
959.
960.
961.
962.
963.
964.
965.
966.
967.
968.
969.
970.
971.
972.
973.
974.
975.
976.
977.
978.
979.
980.
981.
982.
983.
984.
985.
986.
987.
988.
989.
990.
991.
992.
993.
994.
995.
996.
997.
998.
999.
1000.
1001.
1002.
1003.
1004.
1005.
1006.
1007.
1008.
1009.
1010.
1011.
1012.
1013.
1014.
1015.
1016.
1017.
1018.
1019.
1020.
1021.
1022.
1023.
1024.
1025.
1026.
1027.
1028.
1029.
1030.
1031.
1032.
1033.
1034.
1035.
1036.
1037.
1038.
1039.
1040.
1041.
1042.
1043.
1044.
1045.
1046.
1047.
1048.
1049.
1050.
1051.
1052.
1053.
1054.
1055.
1056.
1057.
1058.
1059.
1060.
1061.
1062.
1063.
1064.
1065.
1066.
1067.
1068.
1069.
1070.
1071.
1072.
1073.
1074.
1075.
1076.
1077.
1078.
1079.
1080.
1081.
1082.
1083.
1084.
1085.
1086.
1087.
1088.
1089.
1090.
1091.
1092.
1093.
1094.
1095.
1096.
1097.
1098.
1099.
1100.
1101.
1102.
1103.
1104.
1105.
1106.
1107.
1108.
1109.
1110.
1111.
1112.
1113.
1114.
1115.
1116.
1117.
1118.
1119.
1120.
1121.
"Silent Runners.vbs", revision 73, http://www.silentrunners.org/
Operating System: Microsoft Windows 10 Education (64-bit), Version 1809
Output limited to non-default values, except where indicated by "{++}"
 
 
Startup items buried in registry:
---------------------------------
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
uTorrent = "C:\Users\Pawel\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED [BitTorrent Inc.]
Discord = C:\Users\Pawel\AppData\Local\Discord\app-0.0.306\Discord.exe [Discord Inc.]
com.squirrel.Teams.Teams = C:\Users\Pawel\AppData\Local\Microsoft\Teams\Update.exe --processStart "Teams.exe" --process-start-args "--system-initiated" [MS]
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
SecurityHealth = C:\Windows\system32\SecurityHealthSystray.exe
RtkAudUService = "C:\Windows\System32\RtkAudUService64.exe" -background [Realtek Semiconductor]
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
BrMfcWnd = C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [null data]
ControlCenter3 = C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [Brother Industries, Ltd.]
SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Oracle Corporation]
Intel Driver & Support Assistant = C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [null data]
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
 
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\(Default) = Skype for Business Click to Call BHO
  -> {HKLM...CLSID} = Skype for Business Browser Helper
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office16\OCHelper.dll [MS]
  -> {HKLM...Wow...CLSID} = Skype for Business Browser Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [MS]
 
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Java(tm) Plug-In SSV Helper
                   \InProcServer32\(Default) = E:\JAVA\bin\ssv.dll [Oracle Corporation]
 
{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Microsoft OneDrive for Business Browser Helper
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office16\GROOVEEX.DLL [MS]
  -> {HKLM...Wow...CLSID} = Microsoft OneDrive for Business Browser Helper
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL [MS]
 
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Java(tm) Plug-In 2 SSV Helper
                   \InProcServer32\(Default) = E:\JAVA\bin\jp2ssv.dll [Oracle Corporation]
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
 
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\(Default) = Skype for Business Click to Call BHO
  -> {HKLM...CLSID} = Skype for Business Browser Helper
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office16\OCHelper.dll [MS]
  -> {HKLM...Wow...CLSID} = Skype for Business Browser Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [MS]
 
{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Microsoft OneDrive for Business Browser Helper
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office16\GROOVEEX.DLL [MS]
  -> {HKLM...Wow...CLSID} = Microsoft OneDrive for Business Browser Helper
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL [MS]
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
 
 OneDrive6\(Default) = {9AA2F32D-362A-42D9-9328-24A483E2CCC3}
  -> {HKCU...CLSID} = ReadOnlyOverlayHandler Class
                   \InProcServer32\(Default) = C:\Users\Pawel\AppData\Local\Microsoft\OneDrive\19.232.1124.0012\amd64\FileSyncShell64.dll [MS]
 
 OneDrive7\(Default) = {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}
  -> {HKCU...CLSID} = UpToDateUnpinnedOverlayHandler Class
                   \InProcServer32\(Default) = C:\Users\Pawel\AppData\Local\Microsoft\OneDrive\19.232.1124.0012\amd64\FileSyncShell64.dll [MS]
 
 SkyDrivePro1 (ErrorConflict)\(Default) = {8BA85C75-763B-4103-94EB-9470F12FE0F7}
  -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office16\GROOVEEX.DLL [MS]
 
 SkyDrivePro2 (SyncInProgress)\(Default) = {CD55129A-B1A1-438E-A425-CEBC7DC684EE}
  -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office16\GROOVEEX.DLL [MS]
 
 SkyDrivePro3 (InSync)\(Default) = {E768CD3B-BDDC-436D-9C13-E1B39CA257B1}
  -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync)
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office16\GROOVEEX.DLL [MS]
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
 
 OneDrive6\(Default) = {9AA2F32D-362A-42D9-9328-24A483E2CCC3}
  -> {HKCU...Wow...CLSID} = ReadOnlyOverlayHandler Class
                         \InProcServer32\(Default) = C:\Users\Pawel\AppData\Local\Microsoft\OneDrive\19.232.1124.0012\FileSyncShell.dll [MS]
 
 OneDrive7\(Default) = {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}
  -> {HKCU...Wow...CLSID} = UpToDateUnpinnedOverlayHandler Class
                         \InProcServer32\(Default) = C:\Users\Pawel\AppData\Local\Microsoft\OneDrive\19.232.1124.0012\FileSyncShell.dll [MS]
 
 SkyDrivePro1 (ErrorConflict)\(Default) = {8BA85C75-763B-4103-94EB-9470F12FE0F7}
  -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL [MS]
 
 SkyDrivePro2 (SyncInProgress)\(Default) = {CD55129A-B1A1-438E-A425-CEBC7DC684EE}
  -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL [MS]
 
 SkyDrivePro3 (InSync)\(Default) = {E768CD3B-BDDC-436D-9C13-E1B39CA257B1}
  -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync)
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL [MS]
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
 
{A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class
  -> {HKLM...CLSID} = DesktopContext Class
                   \InProcServer32\(Default) = C:\Windows\System32\DriverStore\FileRepository\nvmi.inf_amd64_32ef3d5cc44d4a1d\nvui.dll [NVIDIA Corporation]
 
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension
  -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension
                   \InProcServer32\(Default) = C:\Windows\System32\DriverStore\FileRepository\nvmi.inf_amd64_32ef3d5cc44d4a1d\nvshext.dll [NVIDIA Corporation]
 
{A929C4CE-FD36-4270-B4F5-34ECAC5BD63C} = NvAppShExt extension
  -> {HKLM...CLSID} = NvAppShExt Class
                   \InProcServer32\(Default) = C:\Windows\System32\DriverStore\FileRepository\nvmi.inf_amd64_32ef3d5cc44d4a1d\nv3dappshext.dll [NVIDIA Corporation]
 
{E97DEC16-A50D-49bb-AE24-CF682282E08D} = OpenGLShExt extension
  -> {HKLM...CLSID} = OpenGLShExt Class
                   \InProcServer32\(Default) = C:\Windows\System32\DriverStore\FileRepository\nvmi.inf_amd64_32ef3d5cc44d4a1d\nv3dappshext.dll [NVIDIA Corporation]
 
{B41DB860-64E4-11D2-9906-E49FADC173CA} = WinRAR shell extension
  -> {HKLM...CLSID} = WinRAR
                   \InProcServer32\(Default) = E:\Program Files\WinRAR\rarext.dll [Alexander Roshal]
 
{12F0008F-2113-482A-80B3-FD5E91C12313} = Witryny sieci Web
  -> {HKLM...CLSID} = Witryny sieci Web
                   \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE16\WXPNSE.DLL [MS]
 
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office16\msohevi.dll [MS]
 
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
  -> {HKLM...CLSID} = Microsoft Office Metadata Handler
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE16\msoshext.dll [MS]
 
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
  -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE16\msoshext.dll [MS]
 
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
  -> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office16\ONFILTER.DLL [MS]
 
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
  -> {HKLM...CLSID} = ImageExtractorShellExt Class
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office16\VISSHE.DLL [MS]
 
{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
  -> {HKLM...CLSID} = CInfoTipShellExt Class
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office16\VISSHE.DLL [MS]
 
{8BA85C75-763B-4103-94EB-9470F12FE0F7} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)
  -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office16\GROOVEEX.DLL [MS]
 
{CD55129A-B1A1-438E-A425-CEBC7DC684EE} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)
  -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office16\GROOVEEX.DLL [MS]
 
{E768CD3B-BDDC-436D-9C13-E1B39CA257B1} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync)
  -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync)
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office16\GROOVEEX.DLL [MS]
 
{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} = Microsoft OneDrive for Business Browser Helper
  -> {HKLM...CLSID} = Microsoft OneDrive for Business Browser Helper
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office16\GROOVEEX.DLL [MS]
 
{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
  -> {HKLM...CLSID} = Outlook File Icon Extension
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office16\OLKFSTUB.DLL [MS]
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
 
{8BA85C75-763B-4103-94EB-9470F12FE0F7} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)
  -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL [MS]
 
{CD55129A-B1A1-438E-A425-CEBC7DC684EE} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)
  -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL [MS]
 
{E768CD3B-BDDC-436D-9C13-E1B39CA257B1} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync)
  -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync)
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL [MS]
 
{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} = Microsoft OneDrive for Business Browser Helper
  -> {HKLM...Wow...CLSID} = Microsoft OneDrive for Business Browser Helper
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL [MS]
 
{F1893CCF-FB34-4AED-B144-34E940E2FA6D} = Nameext
  -> {HKLM...Wow...CLSID} = Projekty w przedsiębiorstwie
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office16\NAMEEXT.DLL [MS]
 
{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
  -> {HKLM...Wow...CLSID} = (no title provided)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office16\OLKFSTUB.DLL [MS]
 
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
  -> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\msoshext.dll [MS]
 
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
  -> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\msoshext.dll [MS]
 
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<<!>> ("" [file not found]) Security Packages = ""
 
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
 
<<!>> text/xml\CLSID = {807583E5-5146-11D5-A672-00B0D022E945}
  -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL [MS]
 
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\
 
<<!>> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294}
  -> {HKLM...CLSID} = HxProtocol Class
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS]
 
<<!>> mso-minsb.16\CLSID = {3459B272-CC19-4448-86C9-DDC3B4B2FAD3}
  -> {HKLM...CLSID} = Min Sandbox Protocol Class
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [MS]
 
<<!>> osf.16\CLSID = {5504BE45-A83B-4808-900A-3A5C36E7F77A}
  -> {HKLM...CLSID} = Protocol Class
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [MS]
 
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
 
ANotepad++64\(Default) = {B298D29A-A6ED-11DE-BA8C-A68E55D89593}
  -> {HKLM...CLSID} = ANotepad++64
                   \InProcServer32\(Default) = C:\Program Files (x86)\Notepad++\NppShell_06.dll [null data]
 
WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  -> {HKLM...CLSID} = WinRAR
                   \InProcServer32\(Default) = E:\Program Files\WinRAR\rarext.dll [Alexander Roshal]
 
WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM...Wow...CLSID} = WinRAR
                         \InProcServer32\(Default) = E:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]
 
HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
 
NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}
  -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension
                   \InProcServer32\(Default) = C:\Windows\System32\DriverStore\FileRepository\nvmi.inf_amd64_32ef3d5cc44d4a1d\nvshext.dll [NVIDIA Corporation]
 
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
 
WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  -> {HKLM...CLSID} = WinRAR
                   \InProcServer32\(Default) = E:\Program Files\WinRAR\rarext.dll [Alexander Roshal]
 
WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM...Wow...CLSID} = WinRAR
                         \InProcServer32\(Default) = E:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]
 
HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\
 
WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  -> {HKLM...CLSID} = WinRAR
                   \InProcServer32\(Default) = E:\Program Files\WinRAR\rarext.dll [Alexander Roshal]
 
WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM...Wow...CLSID} = WinRAR
                         \InProcServer32\(Default) = E:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]
 
 
Default executables:
--------------------
 
.scr
HKLM\SOFTWARE\Classes\.scr\(Default) = ZWCAD.SCR.2020
 
 
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
 
Note: detected settings may not have any effect.
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
 
DSCAutomationHostEnabled = (REG_DWORD) dword:0x00000002
{Computer Configuration|UNDOCUMENTED!|
Value of "2" present by default in W10 v1607 (Anniversary Update)}
 
EnableCursorSuppression = (REG_DWORD) dword:0x00000001
{Computer Configuration|UNDOCUMENTED!|
Value of "1" present by default in W10 v1607 (Anniversary Update)}
 
EnableFullTrustStartupTasks = (REG_DWORD) dword:0x00000002
{Computer Configuration|UNDOCUMENTED!|
Value of "2" present by default in W10 v1709 (Fall Creators Update)}
 
EnableUwpStartupTasks = (REG_DWORD) dword:0x00000002
{Computer Configuration|UNDOCUMENTED!|
Value of "2" present by default in W10 v1709 (Fall Creators Update)}
 
SupportFullTrustStartupTasks = (REG_DWORD) dword:0x00000001
{Computer Configuration|UNDOCUMENTED!|
Value of "1" present by default in W10 v1709 (Fall Creators Update)}
 
SupportUwpStartupTasks = (REG_DWORD) dword:0x00000001
{Computer Configuration|UNDOCUMENTED!|
Value of "1" present by default in W10 v1709 (Fall Creators Update)}
 
 
Active Desktop and Wallpaper:
-----------------------------
 
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
 
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\Pawel\Pictures\10593.jpg
 
 
Windows Portable Device AutoPlay Handlers
-----------------------------------------
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
 
FindAppPlayDVDMovieOnArrival\
Provider = @mferror.dll,-115
InvokeProgID = FindApp.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\FindApp.DVD\shell\play\command\(Default) = explorer "ms-windows-store://search/?query=DVD" [MS]
 
MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]
 
MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]
 
MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
 
MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
 
MSPromptEachTime\
Provider = @C:\Windows\system32\shell32.dll,-17411
ProgID = Shell.Autoplay
InitCmdLine = PromptEachTime
HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7}
  -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler
                   \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS]
 
MSPromptEachTimeNoContent\
Provider = @C:\Windows\system32\shell32.dll,-17411
ProgID = Shell.Autoplay
InitCmdLine = PromptEachTimeNoContent
HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7}
  -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler
                   \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS]
 
MSStorageSense\
Provider = @C:\Windows\System32\SettingsHandlers_StorageSense.dll,-100
InvokeProgID = MSStorageSense
InvokeVerb = open
HKLM\SOFTWARE\Classes\MSStorageSense\shell\open\command\(Default) = explorer ms-settings:storagesense [MS]
 
MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]
 
VLCPlayBlurayOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.Bluray
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.Bluray\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file bluray:///%1 [VideoLAN]
 
VLCPlayCDAudioOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.CDAudio
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN]
 
VLCPlayDVDAudioOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]
 
VLCPlayDVDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.DVDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN]
 
VLCPlayMusicFilesOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]
 
VLCPlaySVCDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.SVCDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN]
 
VLCPlayVCDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.VCDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN]
 
VLCPlayVideoFilesOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]
 
WIA_{83F6C8CD-3858-4EFA-ADD4-7497644B3FB0}\
Provider = ControlCenter3
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /StiDevice:%1 /StiEvent:%2;
  -> {HKLM...CLSID} = WPDShextAutoplay
                   \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]
 
 
Non-disabled Scheduled Tasks: {++}
-----------------------------
 
C:\Windows\System32\Tasks
Dragon_Center_updater ->  launches: C:\ProgramData\MSI\Dragon Center\DragonCenter_Updater.exe DragonCenter [file not found]
GoogleUpdateTaskMachineCore ->  launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google LLC]
GoogleUpdateTaskMachineCore1d57d5d1b1fc363 ->  launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google LLC]
GoogleUpdateTaskMachineUA ->  launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google LLC]
GoogleUpdateTaskMachineUA1d57d5d1b23436a ->  launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google LLC]
IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 ->  launches: "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe" --automatic [Intel Corporation]
IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon ->  launches: "C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe" --automatic [Intel Corporation]
IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 ->  launches: C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic [file not found]
MATLAB R2019a Startup Accelerator ->  launches: E:\Program Files\MATLAB\R2019a\bin\win64\MATLABStartupAccelerator.exe [null data]
MSISCMTsk ->  launches: C:\Program Files (x86)\MSI\MSI Remind Manager\MSISCMTsk.exe [Application]
MSI_Help_Desk_Agent ->  launches: C:\Program Files (x86)\MSI\Help Desk\MSI Update Agent.exe [null data]
NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} ->  launches: C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log [NVIDIA Corporation]
NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} ->  launches: C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log [NVIDIA Corporation]
NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} ->  launches: "C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe" [NVIDIA Corporation]
NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} ->  launches: C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe --launcher=TaskScheduler [NVIDIA Corporation]
NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} ->  launches: C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [NVIDIA Corporation]
NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} ->  launches: C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [NVIDIA Corporation]
NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} ->  launches: C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [NVIDIA Corporation]
NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} ->  launches: C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe /noshim [NVIDIA Corporation]
NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} ->  launches: C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe /noshim [NVIDIA Corporation]
NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} ->  launches: C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe /noshim [NVIDIA Corporation]
NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} ->  launches: C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [NVIDIA Corporation]
OneDrive Standalone Update Task-S-1-5-21-3036338905-3444979438-2322948216-1001 ->  launches: %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  [MS]
USER_ESRV_SVC_QUEENCREEK ->  launches: "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs" [MS]
 
C:\Windows\System32\Tasks\Microsoft\Office
Office 15 Subscription Heartbeat ->  launches: %ProgramFiles%\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [MS]
OfficeTelemetryAgentFallBack2016 ->  launches: "C:\Program Files\Microsoft Office\Office16\msoia.exe" scan upload mininterval:2880 [MS]
OfficeTelemetryAgentLogOn2016 ->  launches: "C:\Program Files\Microsoft Office\Office16\msoia.exe" scan upload [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework
.NET Framework NGEN v4.0.30319 -> (HIDDEN!) launches: {84F0FAE1-C27B-4F6F-807B-28CF6F96287D}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Windows\System32\mscoree.dll [MS]
.NET Framework NGEN v4.0.30319 64 -> (HIDDEN!) launches: {429BC048-379E-45E0-80E4-EB1977941B5C}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Windows\System32\mscoree.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) ->  launches: {BF5CB148-7C77-4D8A-A53E-D81C70CF743C}
  -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
  -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                         \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\AppID
EDP Policy Manager ->  launches: {DECA92E0-AF85-439E-9204-86679978DA08}
  -> {HKLM...CLSID} = EDP Policy Manager Task Handler
                   \InProcServer32\(Default) = C:\Windows\System32\AppLockerCsp.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
Microsoft Compatibility Appraiser ->  launches: %windir%\system32\compattelrunner.exe [MS]
ProgramDataUpdater ->  launches: %windir%\system32\compattelrunner.exe -maintenance [MS]
StartupAppTask ->  launches: %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData
appuriverifierdaily ->  launches: %windir%\system32\AppHostRegistrationVerifier.exe [MS]
appuriverifierinstall ->  launches: %windir%\system32\AppHostRegistrationVerifier.exe [MS]
CleanupTemporaryState ->  launches: %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState [MS]
DsSvcCleanup ->  launches: %windir%\system32\dstokenclean.exe [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy ->  launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\BitLocker
BitLocker Encrypt All Drives ->  launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Windows\System32\edptask.dll [MS]
BitLocker MDM policy Refresh ->  launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Windows\System32\edptask.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask ->  launches: BthUdTask.exe $(Arg0) [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\BrokerInfrastructure
BgTaskRegistrationMaintenanceTask ->  launches: {E984D939-0E00-4DD9-AC3A-7ACA04745521} [InProcServer32 entry not found]
 
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
AikCertEnrollTask ->  launches: {47E30D54-DAC1-473A-AFF7-2355BF78881F}
  -> {HKLM...CLSID} = NGC Pregeneration Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\ngctasks.dll [MS]
CryptoPolicyTask ->  launches: {47E30D54-DAC1-473A-AFF7-2355BF78881F}
  -> {HKLM...CLSID} = NGC Pregeneration Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\ngctasks.dll [MS]
KeyPreGenTask ->  launches: {47E30D54-DAC1-473A-AFF7-2355BF78881F}
  -> {HKLM...CLSID} = NGC Pregeneration Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\ngctasks.dll [MS]
SystemTask ->  launches: {58FB76B9-AC85-4E55-AC04-427593B1D060}
  -> {HKLM...CLSID} = Certificate Services Client Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
  -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
                         \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask ->  launches: {58FB76B9-AC85-4E55-AC04-427593B1D060}
  -> {HKLM...CLSID} = Certificate Services Client Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
  -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
                         \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask-Roam ->  launches: {58FB76B9-AC85-4E55-AC04-427593B1D060}
  -> {HKLM...CLSID} = Certificate Services Client Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
  -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
                         \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Chkdsk
ProactiveScan ->  launches: {CF4270F5-2E43-4468-83B3-A8C45BB33EA1}
  -> {HKLM...CLSID} = Proactive Scan
                   \InProcServer32\(Default) = C:\Windows\System32\pstask.dll [MS]
SyspartRepair -> (HIDDEN!) launches: %windir%\system32\bcdboot.exe %windir% /sysrepair [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\CloudExperienceHost
CreateObjectTask -> (HIDDEN!) launches: {E4544ABA-62BF-4C54-AAB2-EC246342626C} [InProcServer32 entry not found]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator ->  launches: %SystemRoot%\System32\wsqmcons.exe [MS]
UsbCeip -> (HIDDEN!) launches: {C27F6B1D-FE0B-45E4-9257-38799FA69BC8}
  -> {HKLM...CLSID} = UsbCeip
                   \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
  -> {HKLM...Wow...CLSID} = UsbCeip
                         \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan
Data Integrity Scan ->  launches: {DCFD3EA8-D960-4719-8206-490AE315F94F}
  -> {HKLM...CLSID} = Data Integrity Scan
                   \InProcServer32\(Default) = C:\Windows\System32\discan.dll [MS]
Data Integrity Scan for Crash Recovery -> (HIDDEN!) launches: {DCFD3EA8-D960-4719-8206-490AE315F94F}
  -> {HKLM...CLSID} = Data Integrity Scan
                   \InProcServer32\(Default) = C:\Windows\System32\discan.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag ->  launches: %windir%\system32\defrag.exe -c -h -o -$ [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Device Information
Device ->  launches: %windir%\system32\devicecensus.exe [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Device Setup
Metadata Refresh -> (HIDDEN!) launches: {23C1F3CF-C110-4512-ACA9-7B6174ECE888}
  -> {HKLM...CLSID} = DsmRefreshTask Class
                   \InProcServer32\(Default) = C:\Windows\System32\DeviceSetupManagerAPI.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient
HandleCommand -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
  -> {HKLM...CLSID} = Device Directory Client Handler
                   \InProcServer32\(Default) = C:\Windows\system32\DeviceDirectoryClient.dll [MS]
HandleWnsCommand -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
  -> {HKLM...CLSID} = Device Directory Client Handler
                   \InProcServer32\(Default) = C:\Windows\system32\DeviceDirectoryClient.dll [MS]
IntegrityCheck -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
  -> {HKLM...CLSID} = Device Directory Client Handler
                   \InProcServer32\(Default) = C:\Windows\system32\DeviceDirectoryClient.dll [MS]
LocateCommandUserSession -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
  -> {HKLM...CLSID} = Device Directory Client Handler
                   \InProcServer32\(Default) = C:\Windows\system32\DeviceDirectoryClient.dll [MS]
RegisterDeviceAccountChange -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
  -> {HKLM...CLSID} = Device Directory Client Handler
                   \InProcServer32\(Default) = C:\Windows\system32\DeviceDirectoryClient.dll [MS]
RegisterDevicePolicyChange -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
  -> {HKLM...CLSID} = Device Directory Client Handler
                   \InProcServer32\(Default) = C:\Windows\system32\DeviceDirectoryClient.dll [MS]
RegisterDeviceProtectionStateChanged -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
  -> {HKLM...CLSID} = Device Directory Client Handler
                   \InProcServer32\(Default) = C:\Windows\system32\DeviceDirectoryClient.dll [MS]
RegisterDeviceSettingChange -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
  -> {HKLM...CLSID} = Device Directory Client Handler
                   \InProcServer32\(Default) = C:\Windows\system32\DeviceDirectoryClient.dll [MS]
RegisterUserDevice -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
  -> {HKLM...CLSID} = Device Directory Client Handler
                   \InProcServer32\(Default) = C:\Windows\system32\DeviceDirectoryClient.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {C1F85EF8-BCC2-4606-BB39-70C523715EB3}
  -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler
                   \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\DirectX
DXGIAdapterCache -> (HIDDEN!) launches: %windir%\system32\dxgiadaptercache.exe [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\DiskCleanup
SilentCleanup ->  launches: %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive% [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\DiskFootprint
Diagnostics ->  launches: %windir%\system32\disksnapshot.exe -z [MS]
StorageSense ->  launches: {AB2A519B-03B0-43CE-940A-A73DF850B49A}
  -> {HKLM...CLSID} = StorageUsage State Reporter Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\StorageUsage.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\DUSM
dusmtask ->  launches: %SystemRoot%\System32\dusmtask.exe [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\EDP
EDP App Launch Task ->  launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Windows\System32\edptask.dll [MS]
EDP Auth Task ->  launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Windows\System32\edptask.dll [MS]
EDP Inaccessible Credentials Task ->  launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Windows\System32\edptask.dll [MS]
StorageCardEncryption Task ->  launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Windows\System32\edptask.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\ExploitGuard
ExploitGuard MDM policy Refresh ->  launches: {711001CD-CC1D-4470-9B7E-1EF73849C79E}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Windows\System32\MitigationConfiguration.dll [MS]
  -> {HKLM...Wow...CLSID} = (no title provided)
                         \InProcServer32\(Default) = C:\Windows\System32\MitigationConfiguration.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Feedback\Siuf
DmClient ->  launches: %windir%\system32\dmclient.exe [MS]
DmClientOnScenarioDownload ->  launches: %windir%\system32\dmclient.exe utcwnf [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\FileHistory
File History (maintenance mode) ->  launches: {89917B7C-A1A6-11DF-8BF6-18A90531A85A}
  -> {HKLM...CLSID} = FhTaskHandler Class
                   \InProcServer32\(Default) = C:\Windows\System32\fhtask.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig
ReconcileFeatures ->  launches: {59EECBFE-C2F5-4419-9B99-13FE05FF2675}
  -> {HKLM...CLSID} = Feature Configuration Reconciliation Task Handler
                   \InProcServer32\(Default) = C:\Windows\System32\fcon.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Flighting\OneSettings
RefreshCache ->  launches: {E07647F7-AED2-48D9-9720-939BC24A8A3C}
  -> {HKLM...CLSID} = OneSettings Refresh Cache Task Handler
                   \InProcServer32\(Default) = C:\Windows\System32\wosc.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\HelloFace
FODCleanupTask -> (HIDDEN!) launches: %WinDir%\System32\WinBioPlugIns\FaceFodUninstaller.exe [null data]
 
C:\Windows\System32\Tasks\Microsoft\Windows\InstallService
ScanForUpdates ->  launches: {A558C6A5-B42B-4C98-B610-BF9559143139}
  -> {HKLM...CLSID} = ScanForUpdates InstallService Task
                   \InProcServer32\(Default) = C:\Windows\System32\InstallServiceTasks.dll [MS]
  -> {HKLM...Wow...CLSID} = ScanForUpdates InstallService Task
                         \InProcServer32\(Default) = C:\Windows\SysWOW64\InstallServiceTasks.dll [MS]
ScanForUpdatesAsUser ->  launches: {DDAFAEA2-8842-4E96-BADE-D44A8D676FDB}
  -> {HKLM...CLSID} = ScanForUpdates InstallService Task
                   \InProcServer32\(Default) = C:\Windows\System32\InstallServiceTasks.dll [MS]
  -> {HKLM...Wow...CLSID} = ScanForUpdates InstallService Task
                         \InProcServer32\(Default) = C:\Windows\SysWOW64\InstallServiceTasks.dll [MS]
SmartRetry ->  launches: {F3A219C3-2698-4CBF-9C07-037EDB8E72E6}
  -> {HKLM...CLSID} = SmartRetry InstallService Task
                   \InProcServer32\(Default) = C:\Windows\System32\InstallServiceTasks.dll [MS]
  -> {HKLM...Wow...CLSID} = SmartRetry InstallService Task
                         \InProcServer32\(Default) = C:\Windows\SysWOW64\InstallServiceTasks.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller
Installation ->  launches: {6F58F65F-EC0E-4ACA-99FE-FC5A1A25E4BE}
  -> {HKLM...CLSID} = Language Components Installer
                   \InProcServer32\(Default) = C:\Windows\System32\LanguageComponentsInstaller.dll [MS]
ReconcileLanguageResources ->  launches: {D0582E3B-3126-4CAA-9155-AC37C912A489} [InProcServer32 entry not found]
 
C:\Windows\System32\Tasks\Microsoft\Windows\License Manager
TempSignedLicenseExchange -> (HIDDEN!) launches: {77646A68-AD14-4D53-897D-7BE4DDE5F929}
  -> {HKLM...CLSID} = TempSignedLicenseExchangeTask
                   \InProcServer32\(Default) = C:\Windows\System32\TempSignedLicenseExchangeTask.dll [MS]
  -> {HKLM...Wow...CLSID} = TempSignedLicenseExchangeTask
                         \InProcServer32\(Default) = C:\Windows\SysWOW64\TempSignedLicenseExchangeTask.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications ->  launches: %windir%\System32\LocationNotificationWindows.exe [MS]
WindowsActionDialog ->  launches: %windir%\System32\WindowsActionDialog.exe [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT ->  launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
  -> {HKLM...CLSID} = WinSAT Task Manger Task
                   \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
  -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task
                         \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Management\Provisioning
Cellular -> (HIDDEN!) launches: %windir%\system32\ProvTool.exe /turn 7 /source CellStateChangeTask [MS]
Logon -> (HIDDEN!) launches: %windir%\system32\ProvTool.exe /turn 5 /source LogonIdleTask [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Maps
MapsToastTask -> (HIDDEN!) launches: {9885AEF2-BD9F-41E0-B15E-B3141395E803}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Windows\System32\mapstoasttask.dll [MS]
  -> {HKLM...Wow...CLSID} = (no title provided)
                         \InProcServer32\(Default) = C:\Windows\System32\mapstoasttask.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
ProcessMemoryDiagnosticEvents -> (HIDDEN!) launches: {8168E74A-B39F-46D8-ADCD-7BED477B80A3}
  -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler
                   \InProcServer32\(Default) = C:\Windows\System32\MemoryDiagnostic.dll [MS]
RunFullMemoryDiagnostic -> (HIDDEN!) launches: {8168E74A-B39F-46D8-ADCD-7BED477B80A3}
  -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler
                   \InProcServer32\(Default) = C:\Windows\System32\MemoryDiagnostic.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts
MNO Metadata Parser ->  launches: %SystemRoot%\System32\MbaeParserTask.exe [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\MUI
LPRemove ->  launches: %windir%\system32\lpremove.exe [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService ->  launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
  -> {HKLM...CLSID} = Microsoft PlaySoundService Class
                   \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
  -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
                         \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo ->  launches: %windir%\system32\gatherNetworkInfo.vbs [null data]
 
C:\Windows\System32\Tasks\Microsoft\Windows\NlaSvc
WiFiTask -> (HIDDEN!) launches: %SystemRoot%\System32\WiFiTask.exe nla [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\PI
Secure-Boot-Update ->  launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
  -> {HKLM...CLSID} = TPM Maintenance Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\TpmTasks.dll [MS]
Sqm-Tasks ->  launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
  -> {HKLM...CLSID} = TPM Maintenance Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\TpmTasks.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play
Device Install Group Policy -> (HIDDEN!) launches: {60400283-B242-4FA8-8C25-CAF695B88209}
  -> {HKLM...CLSID} = Device Installation Group Policy Task Handler
                   \InProcServer32\(Default) = C:\Windows\System32\pnppolicy.dll [MS]
Device Install Reboot Required -> (HIDDEN!) launches: {48794782-6A1F-47B9-BD52-1D5F95D49C1B}
  -> {HKLM...CLSID} = Device Installation Reboot Dialog Task
                   \InProcServer32\(Default) = C:\Windows\System32\pnpui.dll [MS]
Sysprep Generalize Drivers ->  launches: %SystemRoot%\System32\drvinst.exe 6 [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem ->  launches: {927EA2AF-1C54-43D5-825E-0074CE028EEE}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Windows\System32\energytask.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Printing
EduPrintProv ->  launches: %windir%\system32\eduprintprov.exe [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\PushToInstall
Registration ->  launches: %windir%\system32\sc.exe start pushtoinstall registration [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager ->  launches: {C463A0FC-794F-4FDF-9201-01938CEACAFA}
  -> {HKLM...CLSID} = RasMobilityManager
                   \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {CA767AA8-9157-4604-B64B-40747123D5F2}
  -> {HKLM...CLSID} = RegistryIdleBackupHandler
                   \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Servicing
StartComponentCleanup ->  launches: {752073A1-23F2-4396-85F0-8FDB879ED0ED} [InProcServer32 entry not found]
 
C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync
BackgroundUploadTask -> (HIDDEN!) launches: {59B9640B-3F70-4D1C-B159-F26EEB8A4C87}
  -> {HKLM...CLSID} = Delayed Background Upload Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\SettingSyncCore.dll [MS]
  -> {HKLM...Wow...CLSID} = Delayed Background Upload Task Handler
                         \InProcServer32\(Default) = C:\Windows\system32\SettingSyncCore.dll [MS]
NetworkStateChangeTask -> (HIDDEN!) launches: {A4173A49-F373-4475-9A0F-2D615204DC20}
  -> {HKLM...CLSID} = Network State Change Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\SettingSyncCore.dll [MS]
  -> {HKLM...Wow...CLSID} = Network State Change Task Handler
                         \InProcServer32\(Default) = C:\Windows\system32\SettingSyncCore.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Shell
CreateObjectTask -> (HIDDEN!) launches: {990A9F8F-301F-45F7-8D0E-68C5952DBA43}
  -> {HKLM...CLSID} = Shell Create Object Task Delegate
                   \InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]
  -> {HKLM...Wow...CLSID} = Shell Create Object Task Delegate
                         \InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]
FamilySafetyMonitor ->  launches: %windir%\System32\wpcmon.exe [MS]
FamilySafetyRefreshTask ->  launches: {C844C79D-AED8-4DCE-AB25-4D359BED84F8}
  -> {HKLM...CLSID} = FamilySafetyRefreshTask
                   \InProcServer32\(Default) = C:\Windows\System32\WpcRefreshTask.dll [MS]
IndexerAutomaticMaintenance ->  launches: {3FBA60A6-7BF5-4868-A2CA-6623B3DFFEA6}
  -> {HKLM...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby
                   \InProcServer32\(Default) = C:\Windows\System32\srchadmin.dll [MS]
  -> {HKLM...Wow...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby
                         \InProcServer32\(Default) = C:\Windows\System32\srchadmin.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform
SvcRestartTask -> (HIDDEN!) launches: {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC}
  -> {HKLM...CLSID} = SppSvcRestartTaskHandler Class
                   \InProcServer32\(Default) = C:\Windows\System32\sppcext.dll [MS]
  -> {HKLM...Wow...CLSID} = SppSvcRestartTaskHandler Class
                         \InProcServer32\(Default) = C:\Windows\System32\sppcext.dll [MS]
SvcRestartTaskLogon -> (HIDDEN!) launches: {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC}
  -> {HKLM...CLSID} = SppSvcRestartTaskHandler Class
                   \InProcServer32\(Default) = C:\Windows\System32\sppcext.dll [MS]
  -> {HKLM...Wow...CLSID} = SppSvcRestartTaskHandler Class
                         \InProcServer32\(Default) = C:\Windows\System32\sppcext.dll [MS]
SvcRestartTaskNetwork -> (HIDDEN!) launches: {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC}
  -> {HKLM...CLSID} = SppSvcRestartTaskHandler Class
                   \InProcServer32\(Default) = C:\Windows\System32\sppcext.dll [MS]
  -> {HKLM...Wow...CLSID} = SppSvcRestartTaskHandler Class
                         \InProcServer32\(Default) = C:\Windows\System32\sppcext.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort
SpaceAgentTask ->  launches: %windir%\system32\SpaceAgent.exe [MS]
SpaceManagerTask ->  launches: %windir%\system32\spaceman.exe /Work [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Speech
HeadsetButtonPress ->  launches: %windir%\system32\speech_onecore\common\SpeechRuntime.exe StartedFromTask [MS]
SpeechModelDownloadTask ->  launches: %windir%\system32\speech_onecore\common\SpeechModelDownload.exe [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Storage Tiers Management
Storage Tiers Management Initialization ->  launches: {5C9AB547-345D-4175-9AF6-65133463A100} [InProcServer32 entry not found]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Subscription
EnableLicenseAcquisition -> (HIDDEN!) launches: %SystemRoot%\system32\ClipRenew.exe -e [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain
ResPriStaticDbSync ->  launches: {297EE78C-BA95-4E94-81D3-D6E7F089C7B5}
  -> {HKLM...CLSID} = Reserved Priority Static Db Sync Task
                   \InProcServer32\(Default) = C:\Windows\system32\sysmain.dll [MS]
WsSwapAssessmentTask ->  launches: %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR ->  launches: %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855FEC53-D2E4-4999-9E87-3414E9CF0FF4}
  -> {HKLM...CLSID} = RunTask
                   \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
  -> {HKLM...Wow...CLSID} = RunTask
                         \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575CFE-9A55-4003-A5E1-F38D1EBDCBE1}
  -> {HKLM...CLSID} = MsCtfMonitor task handler
                   \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
  -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
                         \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
ForceSynchronizeTime ->  launches: {A31AD6C2-FF4C-43D4-8E90-7101023096F9}
  -> {HKLM...CLSID} = Time Synchronization Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\TimeSyncTask.dll [MS]
SynchronizeTime ->  launches: %windir%\system32\sc.exe start w32time task_started [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Time Zone
SynchronizeTimeZone ->  launches: %windir%\system32\tzsync.exe [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\TPM
Tpm-HASCertRetr ->  launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
  -> {HKLM...CLSID} = TPM Maintenance Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\TpmTasks.dll [MS]
Tpm-Maintenance ->  launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
  -> {HKLM...CLSID} = TPM Maintenance Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\TpmTasks.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\UNP
RunUpdateNotificationMgr ->  launches: %windir%\System32\UNP\UpdateNotificationMgr.exe [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator
Backup Scan ->  launches: %systemroot%\system32\usoclient.exe StartScan [MS]
Schedule Scan ->  launches: %systemroot%\system32\usoclient.exe StartScan [MS]
Schedule Scan Static Task ->  launches: %systemroot%\system32\usoclient.exe StartScan [MS]
UpdateModelTask ->  launches: %systemroot%\system32\usoclient.exe StartModelUpdates [MS]
USO_UxBroker ->  launches: %systemroot%\system32\MusNotification.exe [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig ->  launches: sc.exe config upnphost start= auto [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\USB
Usb-Notifications -> (HIDDEN!) launches: {E05BE1C8-92A8-4757-B575-ACAECB4E6A40}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Windows\System32\UsbTask.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\WaaSMedic
PerformRemediation ->  launches: {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32} [InProcServer32 entry not found]
 
C:\Windows\System32\Tasks\Microsoft\Windows\WCM
WiFiTask -> (HIDDEN!) launches: %SystemRoot%\System32\WiFiTask.exe [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900BE39D-6BE8-461A-BC4D-B0FA71F5ECB1}
  -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
                   \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
  -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
                         \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender
Windows Defender Cache Maintenance ->  launches: C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance [MS]
Windows Defender Cleanup ->  launches: C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe -IdleTask -TaskName WdCleanup [MS]
Windows Defender Scheduled Scan ->  launches: C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55 [MS]
Windows Defender Verification ->  launches: C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe -IdleTask -TaskName WdVerification [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting ->  launches: %windir%\system32\wermgr.exe -upload [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary ->  launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem
Calibration Loader ->  launches: {B210D694-C8DF-490D-9576-9E20CDBC20BD}
  -> {HKLM...CLSID} = Color Calibration Loader
                   \InProcServer32\(Default) = C:\Windows\System32\mscms.dll [MS]
  -> {HKLM...Wow...CLSID} = Color Calibration Loader
                         \InProcServer32\(Default) = C:\Windows\SysWOW64\mscms.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate
Scheduled Start ->  launches: C:\Windows\system32\sc.exe start wuauserv [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Wininet
CacheTask ->  launches: {0358B920-0AC7-461F-98F4-58E32CD89148}
  -> {HKLM...CLSID} = Wininet Cache task object
                   \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]
  -> {HKLM...Wow...CLSID} = Wininet Cache task object
                         \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\WlanSvc
CDSSync ->  launches: {B0D2B535-12E1-439F-86B3-BADA289510F0}
  -> {HKLM...CLSID} = WlanSyncTaskCommon
                   \InProcServer32\(Default) = C:\Windows\System32\WiFiCloudStore.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\WOF
WIM-Hash-Management ->  launches: {B7BFFB5A-EFA8-4D8C-BBDE-C8D5FAAF54A1}
  -> {HKLM...CLSID} = WOF Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\WofTasks.dll [MS]
WIM-Hash-Validation ->  launches: {B7BFFB5A-EFA8-4D8C-BBDE-C8D5FAAF54A1}
  -> {HKLM...CLSID} = WOF Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\WofTasks.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Work Folders
Work Folders Logon Synchronization ->  launches: {97D47D56-3777-49FB-8E8F-90D7E30E1A1E}
  -> {HKLM...CLSID} = Work Folder Logon Trigger Class
                   \InProcServer32\(Default) = C:\Windows\System32\WorkFoldersShell.dll [MS]
Work Folders Maintenance Work ->  launches: {63260BCE-A3FB-4A34-AA51-D4D8E877B62B}
  -> {HKLM...CLSID} = Work Folder Maintenance Task Class
                   \InProcServer32\(Default) = C:\Windows\System32\WorkFoldersShell.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\WwanSvc
NotificationTask -> (HIDDEN!) launches: %SystemRoot%\System32\WiFiTask.exe wwan [MS]
 
C:\Windows\System32\Tasks\Microsoft\XblGameSave
XblGameSaveTask ->  launches: %windir%\System32\XblGameSaveTask.exe standby [MS]
 
 
Winsock2 Service Provider DLLs:
-------------------------------
 
Namespace Service Providers
 
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000006\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
 
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000006\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
 
Transport Service Providers
 
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 15
 
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 15
 
 
Toolbars, Explorer Bars, Extensions:
------------------------------------
 
Extensions (Tools menu items, main toolbar menu buttons)
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Wyślij do programu OneNote
MenuText = Wyślij &do programu OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
  -> {HKLM...CLSID} = Send to OneNote from Internet Explorer button
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office16\ONBttnIE.dll [MS]
 
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\
ButtonText = @C:\Program Files\Common Files\Microsoft Shared\Office16\oregres.dll,-430
MenuText = @C:\Program Files\Common Files\Microsoft Shared\Office16\oregres.dll,-430
CLSIDExtension = {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
  -> {HKLM...CLSID} = Skype for Business Browser Helper
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office16\OCHelper.dll [MS]
 
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = &Notatki połączone programu OneNote
MenuText = &Notatki połączone programu OneNote
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
  -> {HKLM...CLSID} = Linked Notes button
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office16\ONBttnIELinkedNotes.dll [MS]
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Wyślij do programu OneNote
MenuText = Wyślij &do programu OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
  -> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll [MS]
 
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\
ButtonText = @C:\Program Files\Common Files\Microsoft Shared\Office16\oregres.dll,-430
MenuText = @C:\Program Files\Common Files\Microsoft Shared\Office16\oregres.dll,-430
CLSIDExtension = {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
  -> {HKLM...Wow...CLSID} = Skype for Business Browser Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [MS]
 
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = &Notatki połączone programu OneNote
MenuText = &Notatki połączone programu OneNote
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
  -> {HKLM...Wow...CLSID} = Linked Notes button
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll [MS]
 
 
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
 
FlexNet Licensing Service 64, FlexNet Licensing Service 64, "C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe" [Flexera Software LLC]
Intel(R) Content Protection HDCP Service, cplspcon, C:\Windows\System32\DriverStore\FileRepository\iigd_dch_base.inf_amd64_464601b8ef69395c\IntelCpHDCPSvc.exe [Intel Corporation]
Intel(R) Content Protection HECI Service, cphs, C:\Windows\System32\DriverStore\FileRepository\iigd_dch_base.inf_amd64_464601b8ef69395c\IntelCpHeciSvc.exe [Intel Corporation]
Intel(R) Driver & Support Assistant Updater, DSAUpdateService, "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe" [null data]
Intel(R) HD Graphics Control Panel Service, igfxCUIService2.0.0.0, C:\Windows\System32\DriverStore\FileRepository\cui_dch_comp.inf_amd64_deecec7d232ced2b\igfxCUIService.exe [Intel Corporation]
Intel(R) PROSet/Wireless Event Log, EvtEng, "C:\Program Files\Intel\WiFi\bin\EvtEng.exe" [Intel(R) Corporation]
Intel(R) PROSet/Wireless Registry Service, RegSrvc, "C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe" [Intel(R) Corporation]
Intel(R) PROSet/Wireless Zero Configuration Service, ZeroConfigService, "C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe" [Intel® Corporation]
Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK, SystemUsageReportSvc_QUEENCREEK, "C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe" [null data]
Micro Star SCM, Micro Star SCM, "C:\Windows\SysWOW64\MSIService.exe" [Micro-Star International Co., Ltd.]
NVIDIA Display Container LS, NVDisplay.ContainerLocalSystem, C:\Windows\System32\DriverStore\FileRepository\nvmi.inf_amd64_32ef3d5cc44d4a1d\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f C:\ProgramData\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvmi.inf_amd64_32ef3d5cc44d4a1d\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem [NVIDIA Corporation]
NVIDIA LocalSystem Container, NvContainerLocalSystem, "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" [NVIDIA Corporation]
NVIDIA Telemetry Container, NvTelemetryContainer, "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r [NVIDIA Corporation]
Origin Web Helper Service, Origin Web Helper Service, "C:\Program Files (x86)\Origin\OriginWebHelperService.exe" [Electronic Arts]
Realtek Audio Universal Service, RtkAudioUniversalService, "C:\Windows\System32\RtkAudUService64.exe" [Realtek Semiconductor]
Update Orchestrator Service, UsoSvc, C:\Windows\system32\svchost.exe -k netsvcs -p {C:\Windows\system32\usocore.dll [MS]}
Usługa telefoniczna, PhoneSvc, C:\Windows\system32\svchost.exe -k LocalService -p {C:\Windows\System32\PhoneService.dll [MS]}
 
 
Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------
 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\
 
<<!>> epmntdrv, 
<<!>> EuGdiDrv, 
<<!>> iai2c.sys, Driver
 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\
 
<<!>> epmntdrv, 
<<!>> EuGdiDrv, 
 
 
---------- (launch time: 2020-04-27 22:54:34)
<<!>>: Suspicious data at a malware launch point.
 
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points, use the -supp parameter or answer "No" at the
  first message box and "Yes" at the second message box.
---------- (total run time: 48 seconds, including 14 seconds for message boxes)
 
Wygenerowano w 0.013s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!