Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version) Tool run by Leo on wo 01/01/2020 at 13:41:30,69. Microsoft Windows 10 Home 10.0.18363 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Leo\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 1/01/2020 13:51:23 Zoek.exe System Restore Point Created Successfully. ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-3412851300-2870964825-4123225172-1002\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Smart Cleaning"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "OneDrive"="C:\Users\Leo\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "OneDrive"="C:\Users\Leo\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DriveUtilitiesHelper"="C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe" "WDAppManager"="C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe" "WD Drive Unlocker"="C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" "WD Quick View"="C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Smart Cleaning"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "OneDrive"="C:\Users\Leo\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "OneDrive"="C:\Users\Leo\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVBg_SOUNDEDGE"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SOUNDEDGE" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" "SecurityHealth"="%windir%\system32\SecurityHealthSystray.exe " ==== Startup Folders ====================== 2019-02-20 10:27:16 1954 ----a-w- C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Deskjet 2540 series (Kopie 1).lnk 2017-12-10 15:25:54 1954 ----a-w- C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Deskjet 2540 series.lnk 2016-11-14 14:42:14 1187 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Software Updater Beta.lnk 2016-04-11 18:32:49 2486 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logo Calibration Loader.lnk 2016-04-11 18:32:49 2370 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ProfileReminder.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\HPCeeScheduleForLeo.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [20/10/2017 16:36] C:\WINDOWS\tasks\X-Rite Device Services Software Updater.job --a-------- C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe [24/01/2019 20:22] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Flash Player NPAPI Notifier" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_303_Plugin.exe] "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\AMDInstallLauncher" [C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe] "C:\WINDOWS\SysNative\tasks\CCleaner Update" [C:\Program Files\CCleaner\CCUpdate.exe] "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\CreateExplorerShellUnelevatedTask" [C:\WINDOWS\explorer.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\HPCeeScheduleForLeo" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\WINDOWS\SysNative\tasks\HPCustParticipation HP Deskjet 2540 series" ["C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe"] "C:\WINDOWS\SysNative\tasks\ModifyLinkUpdate" [C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe] "C:\WINDOWS\SysNative\tasks\Office 2019 Re-Activation" [C:\Users\Leo\Downloads\Microsoft] "C:\WINDOWS\SysNative\tasks\OneDrive Standalone Update Task-S-1-5-21-3412851300-2870964825-4123225172-1002" [%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe] "C:\WINDOWS\SysNative\tasks\StartCN" ["C:\Program Files\AMD\CNext\CNext\cncmd.exe"] "C:\WINDOWS\SysNative\tasks\StartDVR" ["C:\Program Files\AMD\CNext\CNext\RSServCmd.exe"] "C:\WINDOWS\SysNative\tasks\X-Rite Device Services Software Updater" [C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA)" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Product Configurator" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] "C:\WINDOWS\SysNative\tasks\S-1-5-21-3412851300-2870964825-4123225172-1002\DataSenseLiveTileTask" [%SystemRoot%\System32\DataUsageLiveTileTask.exe] ==== Silent Runners ====================== "Silent Runners.vbs", revision 72, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} CCleaner Smart Cleaning = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [Piriform Ltd] OneDrive = "C:\Users\Leo\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} SecurityHealth = C:\WINDOWS\system32\SecurityHealthSystray.exe RtHDVBg_SOUNDEDGE = "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SOUNDEDGE [Realtek Semiconductor] RTHDVCPL = "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s [Realtek Semiconductor] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++} DriveUtilitiesHelper = C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [Western Digital Technologies, Inc.] WDAppManager = C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [null data] WD Drive Unlocker = C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [Western Digital Technologies, Inc.] WD Quick View = C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [Western Digital Technologies, Inc.] HP Software Update = C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [Hewlett-Packard] SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Oracle Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {9F904093-6E18-4536-BF5F-B03689CF00F0}\(Default) = ScriptInjectionPluginBrowserHelperObject -> {HKLM...CLSID} = Kaspersky Protection \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\IEExt\ie_plugin.dll [AO Kaspersky Lab] -> {HKLM...Wow...CLSID} = Kaspersky Protection \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\IEExt\ie_plugin.dll [AO Kaspersky Lab] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Java(tm) Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre1.8.0_231\bin\ssv.dll [Oracle Corporation] {9F904093-6E18-4536-BF5F-B03689CF00F0}\(Default) = ScriptInjectionPluginBrowserHelperObject -> {HKLM...CLSID} = Kaspersky Protection \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\IEExt\ie_plugin.dll [AO Kaspersky Lab] -> {HKLM...Wow...CLSID} = Kaspersky Protection \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\IEExt\ie_plugin.dll [AO Kaspersky Lab] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre1.8.0_231\bin\jp2ssv.dll [Oracle Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6\(Default) = {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -> {HKCU...CLSID} = ReadOnlyOverlayHandler Class \InProcServer32\(Default) = C:\Users\Leo\AppData\Local\Microsoft\OneDrive\19.192.0926.0012\amd64\FileSyncShell64.dll [MS] OneDrive7\(Default) = {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -> {HKCU...CLSID} = UpToDateUnpinnedOverlayHandler Class \InProcServer32\(Default) = C:\Users\Leo\AppData\Local\Microsoft\OneDrive\19.192.0926.0012\amd64\FileSyncShell64.dll [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6\(Default) = {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -> {HKCU...Wow...CLSID} = ReadOnlyOverlayHandler Class \InProcServer32\(Default) = C:\Users\Leo\AppData\Local\Microsoft\OneDrive\19.192.0926.0012\FileSyncShell.dll [MS] OneDrive7\(Default) = {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -> {HKCU...Wow...CLSID} = UpToDateUnpinnedOverlayHandler Class \InProcServer32\(Default) = C:\Users\Leo\AppData\Local\Microsoft\OneDrive\19.192.0926.0012\FileSyncShell.dll [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\ {578480AA-1B1C-4343-AABD-62C0A273DCB5} -> {HKLM...CLSID} = Cloud Cache Invalidator SSO \InProcServer32\(Default) = C:\Windows\System32\Windows.CloudStore.dll [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {09A47860-11B0-4DA5-AFA5-26D86198A780} = EPP -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Windows Defender\shellext.dll [MS] {B41DB860-64E4-11D2-9906-E49FADC173CA} = WinRAR shell extension -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] {5E2121EE-0300-11D4-8D3B-444553540000} = Catalyst Context Menu extension -> {HKLM...CLSID} = SimpleShlExt Class \InProcServer32\(Default) = C:\Program Files\AMD\CNext\CNext\atiacm64.dll [Advanced Micro Devices, Inc.] {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} = Revo Uninstaller Pro Extension -> {HKLM...CLSID} = RUShellExt Class \InProcServer32\(Default) = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [VS Revo Group] {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} = Scan with Kaspersky Anti-Virus -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\ShellEx.dll [AO Kaspersky Lab] {D1325A3D-2D13-4A37-8892-C6D343E2068C} = Kaspersky Anti-Virus crypto container -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\ShellEx.dll [AO Kaspersky Lab] {087B3AE3-E237-4467-B8DB-5A38AB959AC9} = LibreOffice Infotip Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\LibreOffice\program\shlxthdl\shlxthdl.dll [The Document Foundation] {3B092F0C-7696-40E3-A80F-68D74DA84210} = LibreOffice Thumbnail Viewer -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\LibreOffice\program\shlxthdl\shlxthdl.dll [The Document Foundation] {63542C48-9552-494A-84F7-73AA6A7C99C1} = LibreOffice Property Sheet Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\LibreOffice\program\shlxthdl\shlxthdl.dll [The Document Foundation] {AE424E85-F6DF-4910-A6A9-438797986431} = LibreOffice Property Handler -> {HKLM...CLSID} = LibreOffice Property Handler \InProcServer32\(Default) = C:\Program Files\LibreOffice\program\shlxthdl\propertyhdl.dll [The Document Foundation] {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} = LibreOffice Column Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\LibreOffice\program\shlxthdl\shlxthdl.dll [The Document Foundation] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} = Scan with Kaspersky Anti-Virus -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\shellex.dll [AO Kaspersky Lab] {D1325A3D-2D13-4A37-8892-C6D343E2068C} = Kaspersky Anti-Virus crypto container -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\shellex.dll [AO Kaspersky Lab] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug\ <> Debugger = "C:\WINDOWS\system32\vsjitdebugger.exe" -p %ld -e %ld [file not found] HKLM\SYSTEM\CurrentControlSet\Control\Lsa\ <> ("" [file not found]) Security Packages = "" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\ {C5D7540A-CD51-453B-B22B-05305BA03F07}\(Default) = Cloud Experience Credential Provider -> {HKLM...CLSID} = Cloud Experience Credential Provider \InProcServer32\(Default) = C:\Windows\System32\cxcredprov.dll [MS] {F8A1793B-7873-4046-B2A7-1F318747F427}\(Default) = FIDO Credential Provider -> {HKLM...CLSID} = FIDO Credential Provider \InProcServer32\(Default) = C:\WINDOWS\system32\fidocredprov.dll [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\ {CFF649BD-601D-4361-AD3D-0FC365DB4DB7}\DllName = C:\WINDOWS\system32\domgmt.dll [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ <> SppExtComObj.exe\Debugger = rundll32.exe SECOPatcher.dll,PatcherMain [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ <> SppExtComObj.exe\Debugger = rundll32.exe SECOPatcher.dll,PatcherMain [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus 20.0\(Default) = {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\ShellEx.dll [AO Kaspersky Lab] -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\shellex.dll [AO Kaspersky Lab] WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus 20.0\(Default) = {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\ShellEx.dll [AO Kaspersky Lab] -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\shellex.dll [AO Kaspersky Lab] RecuvaShellExt\(Default) = {435E5DF5-2510-463C-B223-BDA47006D002} -> {HKLM...CLSID} = RecuvaShellExt Class \InProcServer32\(Default) = C:\Program Files\Recuva\RecuvaShell64.dll [Piriform Ltd] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ ACE\(Default) = {5E2121EE-0300-11D4-8D3B-444553540000} -> {HKLM...CLSID} = SimpleShlExt Class \InProcServer32\(Default) = C:\Program Files\AMD\CNext\CNext\atiacm64.dll [Advanced Micro Devices, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = LibreOffice Column Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\LibreOffice\program\shlxthdl\shlxthdl.dll [The Document Foundation] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus 20.0\(Default) = {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\ShellEx.dll [AO Kaspersky Lab] -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\shellex.dll [AO Kaspersky Lab] RecuvaShellExt\(Default) = {435E5DF5-2510-463C-B223-BDA47006D002} -> {HKLM...CLSID} = RecuvaShellExt Class \InProcServer32\(Default) = C:\Program Files\Recuva\RecuvaShell64.dll [Piriform Ltd] RUShellExt\(Default) = {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} -> {HKLM...CLSID} = RUShellExt Class \InProcServer32\(Default) = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [VS Revo Group] WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ DSCAutomationHostEnabled = (REG_DWORD) dword:0x00000002 {Computer Configuration|UNDOCUMENTED!| Value of "2" present by default in W10 v1607 (Anniversary Update)} EnableCursorSuppression = (REG_DWORD) dword:0x00000001 {Computer Configuration|UNDOCUMENTED!| Value of "1" present by default in W10 v1607 (Anniversary Update)} EnableFullTrustStartupTasks = (REG_DWORD) dword:0x00000002 {Computer Configuration|UNDOCUMENTED!| Value of "2" present by default in W10 v1709 (Fall Creators Update)} EnableUwpStartupTasks = (REG_DWORD) dword:0x00000002 {Computer Configuration|UNDOCUMENTED!| Value of "2" present by default in W10 v1709 (Fall Creators Update)} SupportFullTrustStartupTasks = (REG_DWORD) dword:0x00000001 {Computer Configuration|UNDOCUMENTED!| Value of "1" present by default in W10 v1709 (Fall Creators Update)} SupportUwpStartupTasks = (REG_DWORD) dword:0x00000001 {Computer Configuration|UNDOCUMENTED!| Value of "1" present by default in W10 v1709 (Fall Creators Update)} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ FindAppPlayDVDMovieOnArrival\ Provider = @mferror.dll,-115 InvokeProgID = FindApp.DVD InvokeVerb = play HKLM\SOFTWARE\Classes\FindApp.DVD\shell\play\command\(Default) = explorer "ms-windows-store://search/?query=DVD" [MS] MSPlayCDAudioOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.AudioCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS] MSPlayDVDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.DVD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS] MSPlaySuperVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPlayVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPromptEachTime\ Provider = @C:\WINDOWS\system32\shell32.dll,-17411 ProgID = Shell.Autoplay InitCmdLine = PromptEachTime HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7} -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler \LocalServer32\(Default) = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS] MSPromptEachTimeNoContent\ Provider = @C:\WINDOWS\system32\shell32.dll,-17411 ProgID = Shell.Autoplay InitCmdLine = PromptEachTimeNoContent HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7} -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler \LocalServer32\(Default) = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS] MSStorageSense\ Provider = @C:\WINDOWS\System32\SettingsHandlers_StorageSense.dll,-100 InvokeProgID = MSStorageSense InvokeVerb = open HKLM\SOFTWARE\Classes\MSStorageSense\shell\open\command\(Default) = explorer ms-settings:storagesense [MS] MSWMPBurnCDOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.BurnCD InvokeVerb = Burn HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS] VLCPlayBlurayOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.Bluray InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.Bluray\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file bluray:///%1 [VideoLAN] VLCPlayCDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.CDAudio InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN] VLCPlayDVDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlayDVDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.DVDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN] VLCPlayMusicFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlaySVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.SVCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.VCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVideoFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] WIA_{2E6D9879-6587-4447-89A5-0FA0EFD55752}\ Provider = Photoshop CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\Adobe\Adobe Photoshop 2020\Photoshop.exe /StiDevice:%1 /StiEvent:%2; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\WINDOWS\system32\WPDShextAutoplay.exe [MS] WIA_{49C84D47-0530-4AC2-AE86-65470A964808}\ Provider = Photoshop CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\Adobe\Adobe Photoshop CC 2019\Photoshop.exe /StiDevice:%1 /StiEvent:%2; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\WINDOWS\system32\WPDShextAutoplay.exe [MS] WIA_{74BF45C5-CF80-4B01-93AF-3958293B1334}\ Provider = Photoshop CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe /StiDevice:%1 /StiEvent:%2; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\WINDOWS\system32\WPDShextAutoplay.exe [MS] WIA_{97A7C28C-72B5-48EA-8C90-57BA2306044D}\ Provider = Photoshop CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\Adobe\Adobe Photoshop CC 2018\Photoshop.exe /StiDevice:%1 /StiEvent:%2; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\WINDOWS\system32\WPDShextAutoplay.exe [MS] WIA_{E5B15EB4-1506-46DA-BC74-4986D729F916}\ Provider = Photoshop CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\Adobe\Adobe Photoshop CC 2015.5\Photoshop.exe /StiDevice:%1 /StiEvent:%2; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\WINDOWS\system32\WPDShextAutoplay.exe [MS] WIA_{EF75F0BE-F0D9-472F-88C4-90CB63CC2957}\ Provider = Photoshop CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\Adobe\Adobe Photoshop CC 2017\Photoshop.exe /StiDevice:%1 /StiEvent:%2; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\WINDOWS\system32\WPDShextAutoplay.exe [MS] Startup items in "Leo" & "All Users" startup folders: ----------------------------------------------------- C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++} Inktwaarschuwingen controleren - HP Deskjet 2540 series (Kopie 1) -> shortcut to: C:\WINDOWS\system32\RunDll32.exe "C:\Program Files\HP\HP Deskjet 2540 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN48B4726K0604;CONNECTION=USB;MONITOR=1; [MS] Inktwaarschuwingen controleren - HP Deskjet 2540 series -> shortcut to: C:\WINDOWS\system32\RunDll32.exe "C:\Program Files\HP\HP Deskjet 2540 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN48B4726K0604;CONNECTION=USB;MONITOR=1; [MS] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp {++} Kaspersky Software Updater Beta -> shortcut to: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe -hide [AO Kaspersky Lab] Logo Calibration Loader -> shortcut to: C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [LOGO Kommunikations- und Drucktechnik GmbH & Co. KG] ProfileReminder -> shortcut to: C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [LOGO Kommunikations- und Drucktechnik GmbH & Co. KG] Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks Adobe Flash Player NPAPI Notifier -> launches: C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_303_Plugin.exe -check plugin [file not found] Adobe Flash Player Updater -> launches: C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [file not found] AMDInstallLauncher -> (HIDDEN!) launches: C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe /InstallAUEP [Advanced Micro Devices, Inc.] CCleaner Update -> (HIDDEN!) launches: C:\Program Files\CCleaner\CCUpdate.exe [Piriform Software Ltd] CCleanerSkipUAC -> launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd] CreateExplorerShellUnelevatedTask -> launches: C:\WINDOWS\explorer.exe /NOUACCHECK [MS] Dur‚e de vie -> launches: "C:\Mireille\Statique.exe" [null data] GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] HPCeeScheduleForLeo -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForLeo (null) [null data] HPCustParticipation HP Deskjet 2540 series -> launches: "C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe" /UA 12.5 /DDV 0x0b00 [Hewlett-Packard Co.] ModifyLinkUpdate -> launches: C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe -UpdateCurrentUser [Advanced Micro Devices, Inc.] Office 2019 Re-Activation -> launches: C:\Users\Leo\Downloads\Microsoft Office 2019 pro\ActO19-v2.cmd -renewalonly [file not found] OneDrive Standalone Update Task-S-1-5-21-3412851300-2870964825-4123225172-1002 -> launches: %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MS] StartCN -> launches: "C:\Program Files\AMD\CNext\CNext\cncmd.exe" startwithdelay [Advanced Micro Devices, Inc.] StartDVR -> launches: "C:\Program Files\AMD\CNext\CNext\RSServCmd.exe" [Advanced Micro Devices, Inc.] X-Rite Device Services Software Updater -> launches: C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe [X-Rite Inc.] C:\Windows\System32\Tasks\Hewlett-Packard\HP Active Health HP Active Health Scan (HPSA) -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe -task -source HPSA [file not found] C:\Windows\System32\Tasks\Hewlett-Packard\HP Support Assistant HP Support Assistant Quick Start -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /taskrestart [file not found] HP Support Solutions Framework Report -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe /send [file not found] HP Support Solutions Framework Updater -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /u [file not found] HP Support Solutions Framework Updater - Resources -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /r /m [file not found] PC Health Analysis -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L Analysis [file not found] Product Configurator -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe /noreport [file not found] WarrantyChecker -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [file not found] WarrantyChecker_DeviceScan -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe /DeviceScanR6 [file not found] C:\Windows\System32\Tasks\Microsoft\VisualStudio VSIX Auto Update 14 -> (HIDDEN!) launches: J:\Windows Driver Kit\Common7\IDE\VSIXAutoUpdate.exe [file not found] C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework .NET Framework NGEN v4.0.30319 -> (HIDDEN!) launches: {84F0FAE1-C27B-4F6F-807B-28CF6F96287D} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Windows\System32\mscoree.dll [MS] .NET Framework NGEN v4.0.30319 64 -> (HIDDEN!) launches: {429BC048-379E-45E0-80E4-EB1977941B5C} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Windows\System32\mscoree.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4D8A-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\msdrm.dll [MS] -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\AppID EDP Policy Manager -> launches: {DECA92E0-AF85-439E-9204-86679978DA08} -> {HKLM...CLSID} = EDP Policy Manager Task Handler \InProcServer32\(Default) = C:\WINDOWS\System32\AppLockerCsp.dll [MS] SmartScreenSpecific -> launches: {9F2B0085-9218-42A1-88B0-9F0E65851666} [InProcServer32 entry not found] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience Microsoft Compatibility Appraiser -> launches: %windir%\system32\compattelrunner.exe [MS] ProgramDataUpdater -> launches: %windir%\system32\compattelrunner.exe -maintenance [MS] StartupAppTask -> launches: %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask [MS] C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData appuriverifierdaily -> launches: %windir%\system32\AppHostRegistrationVerifier.exe [MS] appuriverifierinstall -> launches: %windir%\system32\AppHostRegistrationVerifier.exe [MS] CleanupTemporaryState -> launches: %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState [MS] DsSvcCleanup -> launches: %windir%\system32\dstokenclean.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\BitLocker BitLocker Encrypt All Drives -> launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\WINDOWS\System32\edptask.dll [MS] BitLocker MDM policy Refresh -> launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\WINDOWS\System32\edptask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\BrokerInfrastructure BgTaskRegistrationMaintenanceTask -> launches: {E984D939-0E00-4DD9-AC3A-7ACA04745521} [InProcServer32 entry not found] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient AikCertEnrollTask -> launches: {47E30D54-DAC1-473A-AFF7-2355BF78881F} -> {HKLM...CLSID} = NGC Pregeneration Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\ngctasks.dll [MS] CryptoPolicyTask -> launches: {47E30D54-DAC1-473A-AFF7-2355BF78881F} -> {HKLM...CLSID} = NGC Pregeneration Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\ngctasks.dll [MS] KeyPreGenTask -> launches: {47E30D54-DAC1-473A-AFF7-2355BF78881F} -> {HKLM...CLSID} = NGC Pregeneration Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\ngctasks.dll [MS] SystemTask -> launches: {58FB76B9-AC85-4E55-AC04-427593B1D060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS] UserTask -> launches: {58FB76B9-AC85-4E55-AC04-427593B1D060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS] UserTask-Roam -> launches: {58FB76B9-AC85-4E55-AC04-427593B1D060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Chkdsk ProactiveScan -> launches: {CF4270F5-2E43-4468-83B3-A8C45BB33EA1} -> {HKLM...CLSID} = Proactive Scan \InProcServer32\(Default) = C:\Windows\System32\pstask.dll [MS] SyspartRepair -> (HIDDEN!) launches: %windir%\system32\bcdboot.exe %windir% /sysrepair [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CloudExperienceHost CreateObjectTask -> (HIDDEN!) launches: {E4544ABA-62BF-4C54-AAB2-EC246342626C} [InProcServer32 entry not found] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] UsbCeip -> (HIDDEN!) launches: {C27F6B1D-FE0B-45E4-9257-38799FA69BC8} -> {HKLM...CLSID} = UsbCeip \InProcServer32\(Default) = C:\WINDOWS\System32\usbceip.dll [MS] -> {HKLM...Wow...CLSID} = UsbCeip \InProcServer32\(Default) = C:\WINDOWS\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan Data Integrity Scan -> launches: {DCFD3EA8-D960-4719-8206-490AE315F94F} -> {HKLM...CLSID} = Data Integrity Scan \InProcServer32\(Default) = C:\Windows\System32\discan.dll [MS] Data Integrity Scan for Crash Recovery -> (HIDDEN!) launches: {DCFD3EA8-D960-4719-8206-490AE315F94F} -> {HKLM...CLSID} = Data Integrity Scan \InProcServer32\(Default) = C:\Windows\System32\discan.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c -h -o -$ [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Device Information Device -> launches: %windir%\system32\devicecensus.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Device Setup Metadata Refresh -> (HIDDEN!) launches: {23C1F3CF-C110-4512-ACA9-7B6174ECE888} -> {HKLM...CLSID} = DsmRefreshTask Class \InProcServer32\(Default) = C:\WINDOWS\System32\DeviceSetupManagerAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient HandleCommand -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE} -> {HKLM...CLSID} = Device Directory Client Handler \InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS] HandleWnsCommand -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE} -> {HKLM...CLSID} = Device Directory Client Handler \InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS] LocateCommandUserSession -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE} -> {HKLM...CLSID} = Device Directory Client Handler \InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS] RegisterDeviceAccountChange -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE} -> {HKLM...CLSID} = Device Directory Client Handler \InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS] RegisterDeviceLocationRightsChange -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE} -> {HKLM...CLSID} = Device Directory Client Handler \InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS] RegisterDevicePeriodic24 -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE} -> {HKLM...CLSID} = Device Directory Client Handler \InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS] RegisterDevicePolicyChange -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE} -> {HKLM...CLSID} = Device Directory Client Handler \InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS] RegisterDeviceProtectionStateChanged -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE} -> {HKLM...CLSID} = Device Directory Client Handler \InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS] RegisterDeviceSettingChange -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE} -> {HKLM...CLSID} = Device Directory Client Handler \InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS] RegisterDeviceWnsFallback -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE} -> {HKLM...CLSID} = Device Directory Client Handler \InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS] RegisterUserDevice -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE} -> {HKLM...CLSID} = Device Directory Client Handler \InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis RecommendedTroubleshootingScanner -> launches: %windir%\system32\mitigationscanner.exe [MS] Scheduled -> (HIDDEN!) launches: {C1F85EF8-BCC2-4606-BB39-70C523715EB3} -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\WINDOWS\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\DirectX DirectXDatabaseUpdater -> (HIDDEN!) launches: %windir%\system32\directxdatabaseupdater.exe [MS] DXGIAdapterCache -> (HIDDEN!) launches: %windir%\system32\dxgiadaptercache.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\DiskCleanup SilentCleanup -> launches: %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive% [MS] C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic Microsoft-Windows-DiskDiagnosticDataCollector -> (HIDDEN!) launches: %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART [MS] C:\Windows\System32\Tasks\Microsoft\Windows\DiskFootprint Diagnostics -> launches: %windir%\system32\disksnapshot.exe -z [MS] StorageSense -> launches: {AB2A519B-03B0-43CE-940A-A73DF850B49A} -> {HKLM...CLSID} = StorageUsage State Reporter Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\StorageUsage.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\DUSM dusmtask -> launches: %SystemRoot%\System32\dusmtask.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\EDP EDP App Launch Task -> launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\WINDOWS\System32\edptask.dll [MS] EDP Auth Task -> launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\WINDOWS\System32\edptask.dll [MS] EDP Inaccessible Credentials Task -> launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\WINDOWS\System32\edptask.dll [MS] StorageCardEncryption Task -> launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\WINDOWS\System32\edptask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\EnterpriseMgmt MDMMaintenenceTask -> launches: %windir%\system32\MDMAgent.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\ErrorDetails EnableErrorDetailsUpdate -> launches: {FE285C8C-5360-41C1-A700-045501C740DE} [InProcServer32 entry not found] C:\Windows\System32\Tasks\Microsoft\Windows\ExploitGuard ExploitGuard MDM policy Refresh -> launches: {711001CD-CC1D-4470-9B7E-1EF73849C79E} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\WINDOWS\System32\MitigationConfiguration.dll [MS] -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\WINDOWS\System32\MitigationConfiguration.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Feedback\Siuf DmClient -> launches: %windir%\system32\dmclient.exe [MS] DmClientOnScenarioDownload -> launches: %windir%\system32\dmclient.exe utcwnf [MS] C:\Windows\System32\Tasks\Microsoft\Windows\FileHistory File History (maintenance mode) -> launches: {89917B7C-A1A6-11DF-8BF6-18A90531A85A} -> {HKLM...CLSID} = FhTaskHandler Class \InProcServer32\(Default) = C:\WINDOWS\System32\fhtask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig ReconcileFeatures -> launches: {59EECBFE-C2F5-4419-9B99-13FE05FF2675} -> {HKLM...CLSID} = Feature Configuration Reconciliation Task Handler \InProcServer32\(Default) = C:\Windows\System32\fcon.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Flighting\OneSettings RefreshCache -> launches: {E07647F7-AED2-48D9-9720-939BC24A8A3C} -> {HKLM...CLSID} = OneSettings Refresh Cache Task Handler \InProcServer32\(Default) = C:\Windows\System32\wosc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\HelloFace FODCleanupTask -> (HIDDEN!) launches: %WinDir%\System32\WinBioPlugIns\FaceFodUninstaller.exe [null data] C:\Windows\System32\Tasks\Microsoft\Windows\InstallService ScanForUpdates -> launches: {A558C6A5-B42B-4C98-B610-BF9559143139} -> {HKLM...CLSID} = ScanForUpdates InstallService Task \InProcServer32\(Default) = C:\Windows\System32\InstallServiceTasks.dll [MS] -> {HKLM...Wow...CLSID} = ScanForUpdates InstallService Task \InProcServer32\(Default) = C:\Windows\SysWOW64\InstallServiceTasks.dll [MS] ScanForUpdatesAsUser -> launches: {DDAFAEA2-8842-4E96-BADE-D44A8D676FDB} -> {HKLM...CLSID} = ScanForUpdates InstallService Task \InProcServer32\(Default) = C:\Windows\System32\InstallServiceTasks.dll [MS] -> {HKLM...Wow...CLSID} = ScanForUpdates InstallService Task \InProcServer32\(Default) = C:\Windows\SysWOW64\InstallServiceTasks.dll [MS] SmartRetry -> launches: {F3A219C3-2698-4CBF-9C07-037EDB8E72E6} -> {HKLM...CLSID} = SmartRetry InstallService Task \InProcServer32\(Default) = C:\Windows\System32\InstallServiceTasks.dll [MS] -> {HKLM...Wow...CLSID} = SmartRetry InstallService Task \InProcServer32\(Default) = C:\Windows\SysWOW64\InstallServiceTasks.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller Installation -> launches: {6F58F65F-EC0E-4ACA-99FE-FC5A1A25E4BE} -> {HKLM...CLSID} = Language Components Installer \InProcServer32\(Default) = C:\Windows\System32\LanguageComponentsInstaller.dll [MS] ReconcileLanguageResources -> launches: {D0582E3B-3126-4CAA-9155-AC37C912A489} [InProcServer32 entry not found] Uninstallation -> launches: {6F58F65F-EC0E-4ACA-99FE-FC5A1A25E4BE} -> {HKLM...CLSID} = Language Components Installer \InProcServer32\(Default) = C:\Windows\System32\LanguageComponentsInstaller.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\License Manager TempSignedLicenseExchange -> (HIDDEN!) launches: {77646A68-AD14-4D53-897D-7BE4DDE5F929} -> {HKLM...CLSID} = TempSignedLicenseExchangeTask \InProcServer32\(Default) = C:\Windows\System32\TempSignedLicenseExchangeTask.dll [MS] -> {HKLM...Wow...CLSID} = TempSignedLicenseExchangeTask \InProcServer32\(Default) = C:\Windows\SysWOW64\TempSignedLicenseExchangeTask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotificationWindows.exe [MS] WindowsActionDialog -> launches: %windir%\System32\WindowsActionDialog.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D} -> {HKLM...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\WINDOWS\system32\WinSATAPI.dll [MS] -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\WINDOWS\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Management\Provisioning Cellular -> (HIDDEN!) launches: %windir%\system32\ProvTool.exe /turn 7 /source CellStateChangeTask [MS] Logon -> (HIDDEN!) launches: %windir%\system32\ProvTool.exe /turn 5 /source LogonIdleTask [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maps MapsToastTask -> (HIDDEN!) launches: {9885AEF2-BD9F-41E0-B15E-B3141395E803} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\WINDOWS\System32\mapstoasttask.dll [MS] -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\WINDOWS\System32\mapstoasttask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic ProcessMemoryDiagnosticEvents -> (HIDDEN!) launches: {8168E74A-B39F-46D8-ADCD-7BED477B80A3} -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler \InProcServer32\(Default) = C:\WINDOWS\System32\MemoryDiagnostic.dll [MS] RunFullMemoryDiagnostic -> (HIDDEN!) launches: {8168E74A-B39F-46D8-ADCD-7BED477B80A3} -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler \InProcServer32\(Default) = C:\WINDOWS\System32\MemoryDiagnostic.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts MNO Metadata Parser -> launches: %SystemRoot%\System32\MbaeParserTask.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI LPRemove -> launches: %windir%\system32\lpremove.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\WINDOWS\System32\PlaySndSrv.dll [MS] -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\WINDOWS\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetCfg BindingWorkItemQueueHandler -> launches: {5AA199A0-1CED-43A5-9B85-3226086738A3} [InProcServer32 entry not found] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\NlaSvc WiFiTask -> (HIDDEN!) launches: %SystemRoot%\System32\WiFiTask.exe nla [MS] C:\Windows\System32\Tasks\Microsoft\Windows\PI Secure-Boot-Update -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4} -> {HKLM...CLSID} = TPM Maintenance Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS] Sqm-Tasks -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4} -> {HKLM...CLSID} = TPM Maintenance Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play Device Install Group Policy -> (HIDDEN!) launches: {60400283-B242-4FA8-8C25-CAF695B88209} -> {HKLM...CLSID} = Device Installation Group Policy Task Handler \InProcServer32\(Default) = C:\Windows\System32\pnppolicy.dll [MS] Device Install Reboot Required -> (HIDDEN!) launches: {48794782-6A1F-47B9-BD52-1D5F95D49C1B} -> {HKLM...CLSID} = Device Installation Reboot Dialog Task \InProcServer32\(Default) = C:\Windows\System32\pnpui.dll [MS] Plug and Play Cleanup -> launches: {DEF03232-9688-11E2-BE7F-B4B52FD966FF} [InProcServer32 entry not found] Sysprep Generalize Drivers -> launches: %SystemRoot%\System32\drvinst.exe 6 [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: {927EA2AF-1C54-43D5-825E-0074CE028EEE} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\WINDOWS\System32\energytask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Printing EduPrintProv -> launches: %windir%\system32\eduprintprov.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\PushToInstall Registration -> launches: %windir%\system32\sc.exe start pushtoinstall registration [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {C463A0FC-794F-4FDF-9201-01938CEACAFA} -> {HKLM...CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\WINDOWS\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RecoveryEnvironment VerifyWinRE -> (HIDDEN!) launches: {89D1D0C2-A3CF-490C-ABE3-B86CDE34B047} -> {HKLM...CLSID} = ReAgentTaskHandler \InProcServer32\(Default) = C:\WINDOWS\System32\ReAgentTask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {CA767AA8-9157-4604-B64B-40747123D5F2} -> {HKLM...CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\WINDOWS\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Servicing StartComponentCleanup -> launches: {752073A1-23F2-4396-85F0-8FDB879ED0ED} [InProcServer32 entry not found] C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync BackgroundUploadTask -> (HIDDEN!) launches: {59B9640B-3F70-4D1C-B159-F26EEB8A4C87} -> {HKLM...CLSID} = Delayed Background Upload Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] -> {HKLM...Wow...CLSID} = Delayed Background Upload Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] NetworkStateChangeTask -> (HIDDEN!) launches: {A4173A49-F373-4475-9A0F-2D615204DC20} -> {HKLM...CLSID} = Network State Change Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] -> {HKLM...Wow...CLSID} = Network State Change Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Setup SetupCleanupTask -> launches: {7C83C056-1D0D-4C8E-A6B0-89E79C213559} -> {HKLM...CLSID} = Setup Cleanup Task \InProcServer32\(Default) = C:\WINDOWS\system32\oobe\SetupCleanupTask.dll [MS] -> {HKLM...Wow...CLSID} = Setup Cleanup Task \InProcServer32\(Default) = C:\WINDOWS\system32\oobe\SetupCleanupTask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Shell CreateObjectTask -> (HIDDEN!) launches: {990A9F8F-301F-45F7-8D0E-68C5952DBA43} -> {HKLM...CLSID} = Shell Create Object Task Delegate \InProcServer32\(Default) = C:\WINDOWS\system32\shell32.dll [MS] -> {HKLM...Wow...CLSID} = Shell Create Object Task Delegate \InProcServer32\(Default) = C:\WINDOWS\system32\shell32.dll [MS] FamilySafetyMonitor -> launches: %windir%\System32\wpcmon.exe [MS] FamilySafetyRefreshTask -> launches: {C844C79D-AED8-4DCE-AB25-4D359BED84F8} -> {HKLM...CLSID} = FamilySafetyRefreshTask \InProcServer32\(Default) = C:\WINDOWS\System32\WpcRefreshTask.dll [MS] IndexerAutomaticMaintenance -> launches: {3FBA60A6-7BF5-4868-A2CA-6623B3DFFEA6} -> {HKLM...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby \InProcServer32\(Default) = C:\WINDOWS\System32\srchadmin.dll [MS] -> {HKLM...Wow...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby \InProcServer32\(Default) = C:\WINDOWS\System32\srchadmin.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform SvcRestartTask -> (HIDDEN!) launches: {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC} -> {HKLM...CLSID} = SppSvcRestartTaskHandler Class \InProcServer32\(Default) = C:\WINDOWS\System32\sppcext.dll [MS] -> {HKLM...Wow...CLSID} = SppSvcRestartTaskHandler Class \InProcServer32\(Default) = C:\WINDOWS\System32\sppcext.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort SpaceAgentTask -> launches: %windir%\system32\SpaceAgent.exe [MS] SpaceManagerTask -> launches: %windir%\system32\spaceman.exe /Work [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Speech HeadsetButtonPress -> launches: %windir%\system32\speech_onecore\common\SpeechRuntime.exe StartedFromTask [MS] SpeechModelDownloadTask -> launches: %windir%\system32\speech_onecore\common\SpeechModelDownload.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\StateRepository MaintenanceTasks -> launches: %windir%\system32\rundll32.exe %windir%\system32\Windows.StateRepositoryClient.dll,StateRepositoryDoMaintenanceTasks [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Storage Tiers Management Storage Tiers Management Initialization -> launches: {5C9AB547-345D-4175-9AF6-65133463A100} [InProcServer32 entry not found] C:\Windows\System32\Tasks\Microsoft\Windows\Subscription EnableLicenseAcquisition -> (HIDDEN!) launches: %SystemRoot%\system32\ClipRenew.exe -e [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain ResPriStaticDbSync -> launches: {297EE78C-BA95-4E94-81D3-D6E7F089C7B5} -> {HKLM...CLSID} = Reserved Priority Static Db Sync Task \InProcServer32\(Default) = C:\WINDOWS\system32\sysmain.dll [MS] WsSwapAssessmentTask -> launches: %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855FEC53-D2E4-4999-9E87-3414E9CF0FF4} -> {HKLM...CLSID} = RunTask \InProcServer32\(Default) = C:\WINDOWS\system32\wdc.dll [MS] -> {HKLM...Wow...CLSID} = RunTask \InProcServer32\(Default) = C:\WINDOWS\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575CFE-9A55-4003-A5E1-F38D1EBDCBE1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\WINDOWS\system32\MsCtfMonitor.dll [MS] -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\WINDOWS\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization ForceSynchronizeTime -> launches: {A31AD6C2-FF4C-43D4-8E90-7101023096F9} -> {HKLM...CLSID} = Time Synchronization Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\TimeSyncTask.dll [MS] SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Zone SynchronizeTimeZone -> launches: %windir%\system32\tzsync.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TPM Tpm-HASCertRetr -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4} -> {HKLM...CLSID} = TPM Maintenance Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS] Tpm-Maintenance -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4} -> {HKLM...CLSID} = TPM Maintenance Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator Backup Scan -> launches: %systemroot%\system32\usoclient.exe StartScan [MS] Reboot -> launches: %systemroot%\system32\MusNotification.exe ReadyToReboot [MS] Schedule Retry Scan -> launches: %systemroot%\system32\usoclient.exe StartScan [MS] Schedule Scan -> launches: %systemroot%\system32\usoclient.exe StartScan [MS] Schedule Scan Static Task -> launches: %systemroot%\system32\usoclient.exe StartScan [MS] UpdateModelTask -> launches: %systemroot%\system32\usoclient.exe StartModelUpdates [MS] USO_Broker_Display -> launches: %systemroot%\system32\MusNotification.exe Display [MS] USO_UxBroker -> launches: %systemroot%\system32\MusNotification.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\USB Usb-Notifications -> (HIDDEN!) launches: {E05BE1C8-92A8-4757-B575-ACAECB4E6A40} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Windows\System32\UsbTask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WCM WiFiTask -> (HIDDEN!) launches: %SystemRoot%\System32\WiFiTask.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900BE39D-6BE8-461A-BC4D-B0FA71F5ECB1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\WINDOWS\System32\wdi.dll [MS] -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\WINDOWS\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -upload [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem Calibration Loader -> launches: {B210D694-C8DF-490D-9576-9E20CDBC20BD} -> {HKLM...CLSID} = Color Calibration Loader \InProcServer32\(Default) = C:\Windows\System32\mscms.dll [MS] -> {HKLM...Wow...CLSID} = Color Calibration Loader \InProcServer32\(Default) = C:\Windows\SysWOW64\mscms.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate Scheduled Start -> launches: C:\WINDOWS\system32\sc.exe start wuauserv [MS] sihpostreboot -> launches: %systemroot%\system32\sihclient.exe /PostReboot [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wininet CacheTask -> launches: {0358B920-0AC7-461F-98F4-58E32CD89148} -> {HKLM...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\WINDOWS\system32\wininet.dll [MS] -> {HKLM...Wow...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\WINDOWS\system32\wininet.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WlanSvc CDSSync -> launches: {B0D2B535-12E1-439F-86B3-BADA289510F0} -> {HKLM...CLSID} = WlanSyncTaskCommon \InProcServer32\(Default) = C:\Windows\System32\WiFiCloudStore.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WOF WIM-Hash-Management -> launches: {B7BFFB5A-EFA8-4D8C-BBDE-C8D5FAAF54A1} -> {HKLM...CLSID} = WOF Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\WofTasks.dll [MS] WIM-Hash-Validation -> launches: {B7BFFB5A-EFA8-4D8C-BBDE-C8D5FAAF54A1} -> {HKLM...CLSID} = WOF Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\WofTasks.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Work Folders Work Folders Logon Synchronization -> launches: {97D47D56-3777-49FB-8E8F-90D7E30E1A1E} -> {HKLM...CLSID} = Work Folder Logon Trigger Class \InProcServer32\(Default) = C:\Windows\System32\WorkFoldersShell.dll [MS] Work Folders Maintenance Work -> launches: {63260BCE-A3FB-4A34-AA51-D4D8E877B62B} -> {HKLM...CLSID} = Work Folder Maintenance Task Class \InProcServer32\(Default) = C:\Windows\System32\WorkFoldersShell.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WwanSvc NotificationTask -> (HIDDEN!) launches: %SystemRoot%\System32\WiFiTask.exe wwan [MS] C:\Windows\System32\Tasks\Microsoft\XblGameSave XblGameSaveTask -> launches: %windir%\System32\XblGameSaveTask.exe standby [MS] XblGameSaveTaskLogon -> launches: %windir%\System32\XblGameSaveTask.exe logon [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000006\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS] HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000006\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 14 HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 14 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {EF293C5A-9F37-49FD-91C4-2B867063FC54} = (no title provided) -> {HKLM...CLSID} = Kaspersky Protection Toolbar \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\x64\IEExt\ie_plugin.dll [AO Kaspersky Lab] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\ {EF293C5A-9F37-49FD-91C4-2B867063FC54} = (no title provided) -> {HKLM...Wow...CLSID} = Kaspersky Protection Toolbar \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\IEExt\ie_plugin.dll [AO Kaspersky Lab] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {22CC3EBD-C286-43AA-B8E6-06B115F74162}\ ButtonText = HP Smart Print MenuText = HP Smart Print Exec = C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe [Hewlett-Packard] {25510184-5A38-4A99-B273-DCA8EEF6CD08}\ ButtonText = @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 MenuText = @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 Exec = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe [file not found] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\ {22CC3EBD-C286-43AA-B8E6-06B115F74162}\ ButtonText = HP Smart Print MenuText = HP Smart Print Exec = C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe [Hewlett-Packard] {25510184-5A38-4A99-B273-DCA8EEF6CD08}\ ButtonText = @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 MenuText = @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 Exec = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AMD External Events Utility, AMD External Events Utility, C:\WINDOWS\System32\DriverStore\FileRepository\u0349781.inf_amd64_a9a51f30a2be0d77\B349558\atiesrxx.exe [AMD] AVCTP-service, BthAvctpSvc, C:\WINDOWS\system32\svchost.exe -k LocalService -p {C:\WINDOWS\System32\BthAvctpSvc.dll [MS]} Background Tasks Infrastructure Service, BrokerInfrastructure, C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p {C:\WINDOWS\System32\psmsrv.dll [MS]} Beeldschermbeleidsservice, DispBrokerDesktopSvc, C:\WINDOWS\system32\svchost.exe -k LocalService -p {C:\WINDOWS\System32\DispBroker.Desktop.dll [MS]} Bonjour-service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.] Intel(R) Security Assist Helper, isaHelperSvc, "C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe" [null data] Kaspersky Anti-Virus-service 20.0, AVP20.0, "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 20.0\avp.exe" -r [AO Kaspersky Lab] Kaspersky Secure Connection Service 4.0, KSDE4.0, "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksde.exe" -r [AO Kaspersky Lab] Realtek Audio Service, RtkAudioService, "C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe" [Realtek Semiconductor] SAMSUNG Mobile Connectivity Service, ss_conn_service, "C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe" [DEVGURU Co., LTD.] System Guard Runtime Monitor Broker, SgrmBroker, C:\WINDOWS\system32\SgrmBroker.exe [MS] Update Orchestrator-service, UsoSvc, C:\WINDOWS\system32\svchost.exe -k netsvcs -p {C:\WINDOWS\system32\usosvc.dll [MS]} Wacom Professional Service, WTabletServicePro, "C:\Program Files\Tablet\Wacom\WTabletServicePro.exe" [Wacom Technology, Corp.] WD Drive Manager, WDDriveService, "C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe" [Western Digital Technologies, Inc.] X-Rite Device Services Manager, xrdd.exe, "C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe" [X-Rite Inc.] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> AudioEndpointBuilder, Service <> AudioSrv, Service <> CBDHSvc, Service <> HdAudAddService.Sys, Driver <> HdAudBus.Sys, Driver <> iai2c.sys, Driver <> SerCx2.sys, Driver <> usbaudio.sys, Driver <> {4D36E96C-E325-11CE-BFC1-08002BE10318}, Media <> {F2E7DD72-6468-4E36-B6F1-6488F42C1B52}, Firmware HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> AudioEndpointBuilder, Service <> AudioSrv, Service <> CBDHSvc, Service <> HdAudAddService.Sys, Driver <> HdAudBus.Sys, Driver <> NetSetupSvc, Service <> SerCx2.sys, Driver <> usbaudio.sys, Driver <> WinQuic, Driver <> {4D36E96C-E325-11CE-BFC1-08002BE10318}, Media <> {F2E7DD72-6468-4E36-B6F1-6488F42C1B52}, Firmware Accessibility Tools: -------------------- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\SessionTransit\ Configuration = Keyboard Driver Filters: ------------------------ HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\ <> UpperFilters = <> klkbdflt [AO Kaspersky Lab],kbdclass [MS] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Appmon\Driver = AppMon.dll [MS] HP C211 Status Monitor\Driver = hpinkstsC211LM.dll [Hewlett-Packard Co.] HP Discovery Port Monitor (HP Deskjet 2540 series)\Driver = HPDiscoPMC211.dll [Hewlett-Packard Co.] WSD Port\Driver = APMon.dll [MS] ==== C:\zoek_backup content ====================== C:\zoek_backup (files=0 folders=0 0 bytes) ==== EOF on wo 01/01/2020 at 13:53:17,34 ======================