• Hulpvragenden in dit forumonderdeel worden enkel geholpen door daartoe bevoegde teamleden.
    Dit is belangrijk, zodat de hulpvragende goed geholpen kan worden zonder (goedbedoelde) aanvullende berichten van andere leden.
    Reageren op andermans discussie is daarom uitgeschakeld.
  • De afgelopen dagen zijn er meerdere fora waarop bestaande accounts worden overgenomen door spammers. De gebruikersnamen en wachtwoorden zijn via een hack of een lek via andere sites buitgemaakt. Via have i been pwned? kan je controleren of jouw gegeven ook zijn buitgemaakt. Wijzig bij twijfel jouw wachtwoord of schakel de twee-staps-verificatie in.

Vccorelib141xvd.dll

Status
Niet open voor verdere reacties.
Probeer te zien of de meldingen voor komen na de start van een bepaald programma of handeling.
 
Ik heb nog geen antwoord gekregen of de foutmelding nu verleden tijd is.

Waarschuwing: onderstaande bewerking is enkel voor deze computer bedoeld,
het toepassen hiervan in een andere computer zal tot schade in Windows leiden.


We gaan
51a5c8edc4692-icon1337952077.png

Farbar Recovery Scan Tool (FRST.exe) opnieuw gebruiken.

Download de bijgevoegde Fixlist.txt naar de dezelfde locatie​
of verplaats Fixlist.txt naar waar ook FRST.exe aanwezig is.​

Farbar Recovery Scan Tool (FRST.exe) met de fixlist.txt gebruiken
  • Windows Vista, Windows 7, Windows 8 en Windows 10: via rechtsklik op
    577bf0efb8088-FRST.png
    FRST.exe en kies voor "Als Administrator uitvoeren".
  • Als het programma wordt gestart, klik dan op Ja in de popup.
  • Druk op de Fix knop.
  • Na de fix wordt een logbestand - Fixlog.txt - in dezelfde locatie aangemaakt van waaruit FRST.exe is gestart.
  • Voeg Fixlog.txt als bijlage toe aan jouw volgende bericht.
 

Bijlagen

  • Fixlog.txt
    8,5 KB · Weergaven: 3
Probeer te zien of de meldingen voor komen na de start van een bepaald programma of handeling.

Krijg de melding getriggerd door dingen te selecteren en dan rechter muisknop in te drukken
 
Dat zijn dus context handlers in de Verkenner.
 
Hallo,

Schakel uw antivirussoftware tijdelijk uit en download
51a612a8b27e2-Zoek.png
Zoek.exe naar het bureaublad.
  • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.

Zoek.exe uitvoeren (voor meer informatie kunt u deze handleiding raadplegen)
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
  • Klik met de rechtermuiknop op Zoek.exe en kies voor de optie "Als administrator uitvoeren".
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
    Code:
    silentrunners; 
    startupall;
    vccorelib141xvd.dll;a
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Voeg nu het geopende logbestand in het volgende bericht als bijlage. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\Zoek-results.log.)
 
Hallo Rowan,
Windows schoon opnieuw installeren - hoeveel ervaring heb jij daarin?

Want de besmetting die jij opgelopen hebt heeft heel wat bestanden aangepast; vermoedelijk heeft de oorspronkelijke besmetting ook contact gehad middels de beheersserver en zijn nieuwe bestanden in jouw Windows erbij gezet.
 
Hallo,

Schakel uw antivirussoftware tijdelijk uit en download
51a612a8b27e2-Zoek.png
Zoek.exe naar het bureaublad.
  • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.

Zoek.exe uitvoeren (voor meer informatie kunt u deze handleiding raadplegen)
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
  • Klik met de rechtermuiknop op Zoek.exe en kies voor de optie "Als administrator uitvoeren".
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
    Code:
    silentrunners;
    startupall;
    vccorelib141xvd.dll;a
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Voeg nu het geopende logbestand in het volgende bericht als bijlage. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\Zoek-results.log.)


Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by Rowan Jansen on vr 13-12-2019 at 11:21:04,17.
Microsoft Windows 10 Home 10.0.18362 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Rowan Jansen\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

13-12-2019 11:22:50 Zoek.exe System Restore Point Created Successfully.

==== Registry Search Results for "vccorelib141xvd.dll" ======================

No instances of string "vccorelib141xvd.dll" found.

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-21-2894347374-677541234-646958035-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\Rowan Jansen\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"Steam"="D:\Program Files (x86)\Steam\steam.exe -silent"
"Discord"="C:\Users\Rowan Jansen\AppData\Local\Discord\app-0.0.305\Discord.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WAB Migrate"="%ProgramFiles%\Windows Mail\wab.exe /Upgrade"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WAB Migrate"="%ProgramFiles%\Windows Mail\wab.exe /Upgrade"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aimersoft Helper Compact.exe"="C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\Rowan Jansen\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"Steam"="D:\Program Files (x86)\Steam\steam.exe -silent"
"Discord"="C:\Users\Rowan Jansen\AppData\Local\Discord\app-0.0.305\Discord.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui"
"SecurityHealth"="%windir%\system32\SecurityHealthSystray.exe "

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeUpdateService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\BEService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\CIJSRegister]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\GoogleChromeElevationService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\iaStorAfsService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\KvAppService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NAUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NvContainerLocalSystem]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NvContainerNetworkService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NVDisplay.ContainerLocalSystem]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Origin Client Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Origin Web Helper Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Rockstar Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SecureLine]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Steam Client Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WsAppService3]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WsDrvInst]


==== Startup Folders ======================

2019-06-13 10:58:24 1051 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk
2019-12-06 16:04:31 1558 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WSAndroidAppHelper.lnk
2019-12-06 16:04:31 1523 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WSAppHelper.lnk

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\Avast Emergency Update" [C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Avast SecureLine VPN Update" [C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\klcp_update" [codectweaktool.exe]
"C:\WINDOWS\SysNative\tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe]
"C:\WINDOWS\SysNative\tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe]
"C:\WINDOWS\SysNative\tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" ["C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe"]
"C:\WINDOWS\SysNative\tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe]
"C:\WINDOWS\SysNative\tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe]
"C:\WINDOWS\SysNative\tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe]
"C:\WINDOWS\SysNative\tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe]
"C:\WINDOWS\SysNative\tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe]
"C:\WINDOWS\SysNative\tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe]
"C:\WINDOWS\SysNative\tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe]
"C:\WINDOWS\SysNative\tasks\OneDrive Standalone Update Task-S-1-5-21-2894347374-677541234-646958035-1003" [%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe]
"C:\WINDOWS\SysNative\tasks\OneDrive Standalone Update Task-S-1-5-21-2894347374-677541234-646958035-500" [%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe]
"C:\WINDOWS\SysNative\tasks\Avast Software\Overseer" [C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe]
"C:\WINDOWS\SysNative\tasks\WiseCleaner\WDCSkipUAC" [D:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe]
"C:\WINDOWS\SysNative\tasks\WiseCleaner\WRCSkipUAC" [C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe]

==== Silent Runners ======================

"Silent Runners.vbs", revision 72, Silent Runners - Adware? Disinfect, don't reformat!
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
OneDrive = "C:\Users\Rowan Jansen\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [MS]
Steam = "D:\Program Files (x86)\Steam\steam.exe" -silent [Valve Corporation]
Discord = C:\Users\Rowan Jansen\AppData\Local\Discord\app-0.0.305\Discord.exe [Discord Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
SecurityHealth = C:\WINDOWS\system32\SecurityHealthSystray.exe
RTHDVCPL = "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s [Realtek Semiconductor]
AvastUI.exe = "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui [AVAST Software]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
Aimersoft Helper Compact.exe = C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [AimerSoft]
SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Oracle Corporation]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...Wow...CLSID} = Java(tm) Plug-In SSV Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Java\jre1.8.0_231\bin\ssv.dll [Oracle Corporation]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...Wow...CLSID} = Java(tm) Plug-In 2 SSV Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Java\jre1.8.0_231\bin\jp2ssv.dll [Oracle Corporation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

OneDrive6\(Default) = {9AA2F32D-362A-42D9-9328-24A483E2CCC3}
-> {HKCU...CLSID} = ReadOnlyOverlayHandler Class
\InProcServer32\(Default) = C:\Users\Rowan Jansen\AppData\Local\Microsoft\OneDrive\19.192.0926.0012\amd64\FileSyncShell64.dll [MS]

OneDrive7\(Default) = {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}
-> {HKCU...CLSID} = UpToDateUnpinnedOverlayHandler Class
\InProcServer32\(Default) = C:\Users\Rowan Jansen\AppData\Local\Microsoft\OneDrive\19.192.0926.0012\amd64\FileSyncShell64.dll [MS]

00asw\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
-> {HKLM...CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

OneDrive6\(Default) = {9AA2F32D-362A-42D9-9328-24A483E2CCC3}
-> {HKCU...Wow...CLSID} = ReadOnlyOverlayHandler Class
\InProcServer32\(Default) = C:\Users\Rowan Jansen\AppData\Local\Microsoft\OneDrive\19.192.0926.0012\FileSyncShell.dll [MS]

OneDrive7\(Default) = {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}
-> {HKCU...Wow...CLSID} = UpToDateUnpinnedOverlayHandler Class
\InProcServer32\(Default) = C:\Users\Rowan Jansen\AppData\Local\Microsoft\OneDrive\19.192.0926.0012\FileSyncShell.dll [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\

{578480AA-1B1C-4343-AABD-62C0A273DCB5}
-> {HKLM...CLSID} = Cloud Cache Invalidator SSO
\InProcServer32\(Default) = C:\Windows\System32\Windows.CloudStore.dll [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{09A47860-11B0-4DA5-AFA5-26D86198A780} = EPP
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Windows Defender\shellext.dll [MS]

{A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class
-> {HKLM...CLSID} = DesktopContext Class
\InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\Display\nvui.dll [NVIDIA Corporation]

{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension
-> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension
\InProcServer32\(Default) = C:\WINDOWS\system32\nvshext.dll [NVIDIA Corporation]

{A929C4CE-FD36-4270-B4F5-34ECAC5BD63C} = NvAppShExt extension
-> {HKLM...CLSID} = NvAppShExt Class
\InProcServer32\(Default) = C:\WINDOWS\system32\nv3dappshext.dll [NVIDIA Corporation]

{E97DEC16-A50D-49bb-AE24-CF682282E08D} = OpenGLShExt extension
-> {HKLM...CLSID} = OpenGLShExt Class
\InProcServer32\(Default) = C:\WINDOWS\system32\nv3dappshext.dll [NVIDIA Corporation]

{472083B0-C522-11CF-8763-00608CC02F24} = avast
-> {HKLM...CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]

{B41DB860-64E4-11D2-9906-E49FADC173CA} = WinRAR shell extension
-> {HKLM...CLSID} = WinRAR
\InProcServer32\(Default) = D:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

{c5aec3ec-e812-4677-a9a7-4fee1f9aa000} = Icaros Thumbnail Provider
-> {HKLM...CLSID} = Icaros Thumbnail Provider
\InProcServer32\(Default) = D:\Program Files (x86)\K-Lite Codec Pack\Icaros\64-bit\IcarosThumbnailProvider.dll [Tabibito Technology]

{0C08E3BB-D10B-4CC9-B1B3-701F5BE9D6EC} = Icaros Property Handler
-> {HKLM...CLSID} = Icaros Property Handler
\InProcServer32\(Default) = D:\Program Files (x86)\K-Lite Codec Pack\Icaros\64-bit\IcarosPropertyHandler.dll [Tabibito Technology]

{CBF88FC2-F150-4F29-BC80-CE30EFD1B62C} = HelloExtNoAtl
-> {HKLM...CLSID} = HelloExtNoAtl
\InProcServer32\(Default) = C:\Windows\system32\HelloExtNoAtl.dll [null data]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{472083B0-C522-11CF-8763-00608CC02F24} = avast
-> {HKLM...Wow...CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\x86\ashShell.dll [AVAST Software]

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<<!>> ("" [file not found]) Security Packages = ""

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> BootExecute = autocheck autochk *|bootdelete [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\

{C5D7540A-CD51-453B-B22B-05305BA03F07}\(Default) = Cloud Experience Credential Provider
-> {HKLM...CLSID} = Cloud Experience Credential Provider
\InProcServer32\(Default) = C:\Windows\System32\cxcredprov.dll [MS]

{F8A1793B-7873-4046-B2A7-1F318747F427}\(Default) = FIDO Credential Provider
-> {HKLM...CLSID} = FIDO Credential Provider
\InProcServer32\(Default) = C:\WINDOWS\system32\fidocredprov.dll [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\
{CFF649BD-601D-4361-AD3D-0FC365DB4DB7}\DllName = C:\WINDOWS\system32\domgmt.dll [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
-> {HKLM...CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]
-> {HKLM...Wow...CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\x86\ashShell.dll [AVAST Software]

HelloExtNoAtl\(Default) = {CBF88FC2-F150-4F29-BC80-CE30EFD1B62C}
-> {HKLM...CLSID} = HelloExtNoAtl
\InProcServer32\(Default) = C:\Windows\system32\HelloExtNoAtl.dll [null data]

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
-> {HKLM...CLSID} = WinRAR
\InProcServer32\(Default) = D:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
-> {HKLM...Wow...CLSID} = WinRAR
\InProcServer32\(Default) = D:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

00asw\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
-> {HKLM...CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]
-> {HKLM...Wow...CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\x86\ashShell.dll [AVAST Software]

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM...CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [Malwarebytes]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

HelloExtNoAtl\(Default) = {CBF88FC2-F150-4F29-BC80-CE30EFD1B62C}
-> {HKLM...CLSID} = HelloExtNoAtl
\InProcServer32\(Default) = C:\Windows\system32\HelloExtNoAtl.dll [null data]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}
-> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension
\InProcServer32\(Default) = C:\WINDOWS\system32\nvshext.dll [NVIDIA Corporation]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
-> {HKLM...CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]
-> {HKLM...Wow...CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\x86\ashShell.dll [AVAST Software]

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM...CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [Malwarebytes]

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
-> {HKLM...CLSID} = WinRAR
\InProcServer32\(Default) = D:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
-> {HKLM...Wow...CLSID} = WinRAR
\InProcServer32\(Default) = D:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
-> {HKLM...CLSID} = WinRAR
\InProcServer32\(Default) = D:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
-> {HKLM...Wow...CLSID} = WinRAR
\InProcServer32\(Default) = D:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\

DisableAntiSpyware = (REG_DWORD) dword:0x00000001
{Computer Configuration|Administrative Templates|Windows Components|Windows Defender|
Turn off Windows Defender}

AllowFastServiceStartup = (REG_DWORD) dword:0x00000000
{unrecognized setting}

ServiceKeepAlive = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-time Protection\

DisableIOAVProtection = (REG_DWORD) dword:0x00000001
{unrecognized setting}

DisableRealtimeMonitoring = (REG_DWORD) dword:0x00000001
{Computer Configuration|Administrative Templates|Windows Components|Windows Defender|
Turn off Real-Time Monitoring}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

DSCAutomationHostEnabled = (REG_DWORD) dword:0x00000002
{Computer Configuration|UNDOCUMENTED!|
Value of "2" present by default in W10 v1607 (Anniversary Update)}

EnableCursorSuppression = (REG_DWORD) dword:0x00000001
{Computer Configuration|UNDOCUMENTED!|
Value of "1" present by default in W10 v1607 (Anniversary Update)}

EnableFullTrustStartupTasks = (REG_DWORD) dword:0x00000002
{Computer Configuration|UNDOCUMENTED!|
Value of "2" present by default in W10 v1709 (Fall Creators Update)}

EnableUwpStartupTasks = (REG_DWORD) dword:0x00000002
{Computer Configuration|UNDOCUMENTED!|
Value of "2" present by default in W10 v1709 (Fall Creators Update)}

SupportFullTrustStartupTasks = (REG_DWORD) dword:0x00000001
{Computer Configuration|UNDOCUMENTED!|
Value of "1" present by default in W10 v1709 (Fall Creators Update)}

SupportUwpStartupTasks = (REG_DWORD) dword:0x00000001
{Computer Configuration|UNDOCUMENTED!|
Value of "1" present by default in W10 v1709 (Fall Creators Update)}

FilterAdministratorToken = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Admin Approval Mode for the Built-in Administrator Account}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\Rowan Jansen\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\33186059_2068994309797151_237175799256449024.jpg


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

FindAppPlayDVDMovieOnArrival\
Provider = @mferror.dll,-115
InvokeProgID = FindApp.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\FindApp.DVD\shell\play\command\(Default) = explorer "ms-windows-store://search/?query=DVD" [MS]

MPCPlayBluRayOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayBlurayMovie
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayBlurayMovie\command\(Default) = "D:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" %L\BDMV\INDEX.BDMV [MPC-HC Team]

MPCPlayCDAudioOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayCDAudio
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = "D:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" %1 /cd [MPC-HC Team]

MPCPlayDVDMovieOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayDVDMovie
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = "D:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" %1 /dvd [MPC-HC Team]

MPCPlayMusicFilesOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayMusicFiles
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = "D:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" %1 [MPC-HC Team]

MPCPlayVideoFilesOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayVideoFiles
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = "D:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" %1 [MPC-HC Team]

MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]

MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]

MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPromptEachTime\
Provider = @C:\WINDOWS\system32\shell32.dll,-17411
ProgID = Shell.Autoplay
InitCmdLine = PromptEachTime
HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7}
-> {HKLM...CLSID} = Shell Hardware Mixed Content Handler
\LocalServer32\(Default) = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS]

MSPromptEachTimeNoContent\
Provider = @C:\WINDOWS\system32\shell32.dll,-17411
ProgID = Shell.Autoplay
InitCmdLine = PromptEachTimeNoContent
HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7}
-> {HKLM...CLSID} = Shell Hardware Mixed Content Handler
\LocalServer32\(Default) = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS]

MSStorageSense\
Provider = @C:\WINDOWS\System32\SettingsHandlers_StorageSense.dll,-100
InvokeProgID = MSStorageSense
InvokeVerb = open
HKLM\SOFTWARE\Classes\MSStorageSense\shell\open\command\(Default) = explorer ms-settings:storagesense [MS]

MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]

VLCPlayBlurayOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.Bluray
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.Bluray\shell\Open\command\(Default) = "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file bluray:///%1 [VideoLAN]

VLCPlayCDAudioOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.CDAudio
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN]

VLCPlayDVDAudioOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "D:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

VLCPlayDVDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.DVDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN]

VLCPlayMusicFilesOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "D:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

VLCPlaySVCDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.SVCDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN]

VLCPlayVCDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.VCDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN]

VLCPlayVideoFilesOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "D:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]


Startup items in "Rowan Jansen" & "All Users" startup folders:
--------------------------------------------------------------

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp {++}
Avast SecureLine VPN -> shortcut to: C:\Program Files\AVAST Software\SecureLine\Vpn.exe /nogui [AVAST Software]
WSAndroidAppHelper -> shortcut to: C:\Program Files (x86)\Wondershare\drfone\Addins\SocialApps\WSAndroidAppHelper.exe [null data]
WSAppHelper -> shortcut to: C:\Program Files (x86)\Wondershare\drfone\Addins\SocialApps\WSAppHelper.exe [null data]


Non-disabled Scheduled Tasks: {++}
-----------------------------

C:\Windows\System32\Tasks
Avast Emergency Update -> (HIDDEN!) launches: C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [AVAST Software]
Avast SecureLine VPN Update -> (HIDDEN!) launches: C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe [AVAST Software]
GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
klcp_update -> launches: codectweaktool.exe /verysilent /update /freq=90 [file not found]
NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> launches: C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log [NVIDIA Corporation]
NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> launches: C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log [NVIDIA Corporation]
NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> launches: "C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe" [NVIDIA Corporation]
NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> launches: C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe --launcher=TaskScheduler [NVIDIA Corporation]
NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> launches: C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [NVIDIA Corporation]
NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> launches: C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [NVIDIA Corporation]
NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> launches: C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [NVIDIA Corporation]
NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> launches: C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [NVIDIA Corporation]
NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> launches: C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [NVIDIA Corporation]
NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> launches: C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [NVIDIA Corporation]
OneDrive Standalone Update Task-S-1-5-21-2894347374-677541234-646958035-1003 -> launches: %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MS]
OneDrive Standalone Update Task-S-1-5-21-2894347374-677541234-646958035-500 -> launches: %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MS]

C:\Windows\System32\Tasks\Avast Software
Overseer -> launches: C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1 [AVAST Software]

C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework
.NET Framework NGEN v4.0.30319 -> (HIDDEN!) launches: {84F0FAE1-C27B-4F6F-807B-28CF6F96287D}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Windows\System32\mscoree.dll [MS]
.NET Framework NGEN v4.0.30319 64 -> (HIDDEN!) launches: {429BC048-379E-45E0-80E4-EB1977941B5C}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Windows\System32\mscoree.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4D8A-A53E-D81C70CF743C}
-> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\msdrm.dll [MS]
-> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\msdrm.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\AppID
EDP Policy Manager -> launches: {DECA92E0-AF85-439E-9204-86679978DA08}
-> {HKLM...CLSID} = EDP Policy Manager Task Handler
\InProcServer32\(Default) = C:\WINDOWS\System32\AppLockerCsp.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
Microsoft Compatibility Appraiser -> launches: %windir%\system32\compattelrunner.exe [MS]
ProgramDataUpdater -> launches: %windir%\system32\compattelrunner.exe -maintenance [MS]
StartupAppTask -> launches: %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\applicationdata
appuriverifierdaily -> launches: %windir%\system32\AppHostRegistrationVerifier.exe [MS]
appuriverifierinstall -> launches: %windir%\system32\AppHostRegistrationVerifier.exe [MS]
CleanupTemporaryState -> launches: %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState [MS]
DsSvcCleanup -> launches: %windir%\system32\dstokenclean.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\BitLocker
BitLocker Encrypt All Drives -> launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\WINDOWS\System32\edptask.dll [MS]
BitLocker MDM policy Refresh -> launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\WINDOWS\System32\edptask.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\BrokerInfrastructure
BgTaskRegistrationMaintenanceTask -> launches: {E984D939-0E00-4DD9-AC3A-7ACA04745521} [InProcServer32 entry not found]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
AikCertEnrollTask -> launches: {47E30D54-DAC1-473A-AFF7-2355BF78881F}
-> {HKLM...CLSID} = NGC Pregeneration Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\ngctasks.dll [MS]
CryptoPolicyTask -> launches: {47E30D54-DAC1-473A-AFF7-2355BF78881F}
-> {HKLM...CLSID} = NGC Pregeneration Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\ngctasks.dll [MS]
KeyPreGenTask -> launches: {47E30D54-DAC1-473A-AFF7-2355BF78881F}
-> {HKLM...CLSID} = NGC Pregeneration Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\ngctasks.dll [MS]
SystemTask -> launches: {58FB76B9-AC85-4E55-AC04-427593B1D060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS]
UserTask -> launches: {58FB76B9-AC85-4E55-AC04-427593B1D060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS]
UserTask-Roam -> launches: {58FB76B9-AC85-4E55-AC04-427593B1D060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Chkdsk
ProactiveScan -> launches: {CF4270F5-2E43-4468-83B3-A8C45BB33EA1}
-> {HKLM...CLSID} = Proactive Scan
\InProcServer32\(Default) = C:\Windows\System32\pstask.dll [MS]
SyspartRepair -> (HIDDEN!) launches: %windir%\system32\bcdboot.exe %windir% /sysrepair [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CloudExperienceHost
CreateObjectTask -> (HIDDEN!) launches: {E4544ABA-62BF-4C54-AAB2-EC246342626C} [InProcServer32 entry not found]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]
UsbCeip -> (HIDDEN!) launches: {C27F6B1D-FE0B-45E4-9257-38799FA69BC8}
-> {HKLM...CLSID} = UsbCeip
\InProcServer32\(Default) = C:\WINDOWS\System32\usbceip.dll [MS]
-> {HKLM...Wow...CLSID} = UsbCeip
\InProcServer32\(Default) = C:\WINDOWS\System32\usbceip.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan
Data Integrity Scan -> launches: {DCFD3EA8-D960-4719-8206-490AE315F94F}
-> {HKLM...CLSID} = Data Integrity Scan
\InProcServer32\(Default) = C:\Windows\System32\discan.dll [MS]
Data Integrity Scan for Crash Recovery -> (HIDDEN!) launches: {DCFD3EA8-D960-4719-8206-490AE315F94F}
-> {HKLM...CLSID} = Data Integrity Scan
\InProcServer32\(Default) = C:\Windows\System32\discan.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c -h -o -$ [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Device Information
Device -> launches: %windir%\system32\devicecensus.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Device Setup
Metadata Refresh -> (HIDDEN!) launches: {23C1F3CF-C110-4512-ACA9-7B6174ECE888}
-> {HKLM...CLSID} = DsmRefreshTask Class
\InProcServer32\(Default) = C:\WINDOWS\System32\DeviceSetupManagerAPI.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient
HandleCommand -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
-> {HKLM...CLSID} = Device Directory Client Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
HandleWnsCommand -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
-> {HKLM...CLSID} = Device Directory Client Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
IntegrityCheck -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
-> {HKLM...CLSID} = Device Directory Client Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
LocateCommandUserSession -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
-> {HKLM...CLSID} = Device Directory Client Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
RegisterDeviceAccountChange -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
-> {HKLM...CLSID} = Device Directory Client Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
RegisterDevicePolicyChange -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
-> {HKLM...CLSID} = Device Directory Client Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
RegisterDeviceProtectionStateChanged -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
-> {HKLM...CLSID} = Device Directory Client Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
RegisterDeviceSettingChange -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
-> {HKLM...CLSID} = Device Directory Client Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
RegisterUserDevice -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
-> {HKLM...CLSID} = Device Directory Client Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
RecommendedTroubleshootingScanner -> launches: %windir%\system32\mitigationscanner.exe [MS]
Scheduled -> (HIDDEN!) launches: {C1F85EF8-BCC2-4606-BB39-70C523715EB3}
-> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler
\InProcServer32\(Default) = C:\WINDOWS\System32\sdiagschd.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\DirectX
DirectXDatabaseUpdater -> (HIDDEN!) launches: %windir%\system32\directxdatabaseupdater.exe [MS]
DXGIAdapterCache -> (HIDDEN!) launches: %windir%\system32\dxgiadaptercache.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\DiskCleanup
SilentCleanup -> launches: %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive% [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\DiskFootprint
Diagnostics -> launches: %windir%\system32\disksnapshot.exe -z [MS]
StorageSense -> launches: {AB2A519B-03B0-43CE-940A-A73DF850B49A}
-> {HKLM...CLSID} = StorageUsage State Reporter Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\StorageUsage.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\DUSM
dusmtask -> launches: %SystemRoot%\System32\dusmtask.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\EDP
EDP App Launch Task -> launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\WINDOWS\System32\edptask.dll [MS]
EDP Auth Task -> launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\WINDOWS\System32\edptask.dll [MS]
EDP Inaccessible Credentials Task -> launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\WINDOWS\System32\edptask.dll [MS]
StorageCardEncryption Task -> launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\WINDOWS\System32\edptask.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\EnterpriseMgmt
MDMMaintenenceTask -> launches: %windir%\system32\MDMAgent.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\ExploitGuard
ExploitGuard MDM policy Refresh -> launches: {711001CD-CC1D-4470-9B7E-1EF73849C79E}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\WINDOWS\System32\MitigationConfiguration.dll [MS]
-> {HKLM...Wow...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\WINDOWS\System32\MitigationConfiguration.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Feedback\Siuf
DmClient -> launches: %windir%\system32\dmclient.exe [MS]
DmClientOnScenarioDownload -> launches: %windir%\system32\dmclient.exe utcwnf [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\FileHistory
File History (maintenance mode) -> launches: {89917B7C-A1A6-11DF-8BF6-18A90531A85A}
-> {HKLM...CLSID} = FhTaskHandler Class
\InProcServer32\(Default) = C:\WINDOWS\System32\fhtask.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig
ReconcileFeatures -> launches: {59EECBFE-C2F5-4419-9B99-13FE05FF2675}
-> {HKLM...CLSID} = Feature Configuration Reconciliation Task Handler
\InProcServer32\(Default) = C:\Windows\System32\fcon.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Flighting\OneSettings
RefreshCache -> launches: {E07647F7-AED2-48D9-9720-939BC24A8A3C}
-> {HKLM...CLSID} = OneSettings Refresh Cache Task Handler
\InProcServer32\(Default) = C:\Windows\System32\wosc.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\HelloFace
FODCleanupTask -> (HIDDEN!) launches: %WinDir%\System32\WinBioPlugIns\FaceFodUninstaller.exe [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\InstallService
ScanForUpdates -> launches: {A558C6A5-B42B-4C98-B610-BF9559143139}
-> {HKLM...CLSID} = ScanForUpdates InstallService Task
\InProcServer32\(Default) = C:\Windows\System32\InstallServiceTasks.dll [MS]
-> {HKLM...Wow...CLSID} = ScanForUpdates InstallService Task
\InProcServer32\(Default) = C:\Windows\SysWOW64\InstallServiceTasks.dll [MS]
ScanForUpdatesAsUser -> launches: {DDAFAEA2-8842-4E96-BADE-D44A8D676FDB}
-> {HKLM...CLSID} = ScanForUpdates InstallService Task
\InProcServer32\(Default) = C:\Windows\System32\InstallServiceTasks.dll [MS]
-> {HKLM...Wow...CLSID} = ScanForUpdates InstallService Task
\InProcServer32\(Default) = C:\Windows\SysWOW64\InstallServiceTasks.dll [MS]
SmartRetry -> launches: {F3A219C3-2698-4CBF-9C07-037EDB8E72E6}
-> {HKLM...CLSID} = SmartRetry InstallService Task
\InProcServer32\(Default) = C:\Windows\System32\InstallServiceTasks.dll [MS]
-> {HKLM...Wow...CLSID} = SmartRetry InstallService Task
\InProcServer32\(Default) = C:\Windows\SysWOW64\InstallServiceTasks.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller
Installation -> launches: {6F58F65F-EC0E-4ACA-99FE-FC5A1A25E4BE}
-> {HKLM...CLSID} = Language Components Installer
\InProcServer32\(Default) = C:\Windows\System32\LanguageComponentsInstaller.dll [MS]
ReconcileLanguageResources -> launches: {D0582E3B-3126-4CAA-9155-AC37C912A489} [InProcServer32 entry not found]

C:\Windows\System32\Tasks\Microsoft\Windows\License Manager
TempSignedLicenseExchange -> (HIDDEN!) launches: {77646A68-AD14-4D53-897D-7BE4DDE5F929}
-> {HKLM...CLSID} = TempSignedLicenseExchangeTask
\InProcServer32\(Default) = C:\Windows\System32\TempSignedLicenseExchangeTask.dll [MS]
-> {HKLM...Wow...CLSID} = TempSignedLicenseExchangeTask
\InProcServer32\(Default) = C:\Windows\SysWOW64\TempSignedLicenseExchangeTask.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications -> launches: %windir%\System32\LocationNotificationWindows.exe [MS]
WindowsActionDialog -> launches: %windir%\System32\WindowsActionDialog.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
-> {HKLM...CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\WINDOWS\system32\WinSATAPI.dll [MS]
-> {HKLM...Wow...CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\WINDOWS\system32\WinSATAPI.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Management\Provisioning
Cellular -> (HIDDEN!) launches: %windir%\system32\ProvTool.exe /turn 7 /source CellStateChangeTask [MS]
Logon -> (HIDDEN!) launches: %windir%\system32\ProvTool.exe /turn 5 /source LogonIdleTask [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Maps
MapsToastTask -> (HIDDEN!) launches: {9885AEF2-BD9F-41E0-B15E-B3141395E803}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\WINDOWS\System32\mapstoasttask.dll [MS]
-> {HKLM...Wow...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\WINDOWS\System32\mapstoasttask.dll [MS]
MapsUpdateTask -> launches: {B9033E87-33CF-4D77-BC9B-895AFBBA72E4}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\WINDOWS\System32\mapsupdatetask.dll [MS]
-> {HKLM...Wow...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\WINDOWS\System32\mapsupdatetask.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
ProcessMemoryDiagnosticEvents -> (HIDDEN!) launches: {8168E74A-B39F-46D8-ADCD-7BED477B80A3}
-> {HKLM...CLSID} = MemoryDiagnosticTaskHandler
\InProcServer32\(Default) = C:\WINDOWS\System32\MemoryDiagnostic.dll [MS]
RunFullMemoryDiagnostic -> (HIDDEN!) launches: {8168E74A-B39F-46D8-ADCD-7BED477B80A3}
-> {HKLM...CLSID} = MemoryDiagnosticTaskHandler
\InProcServer32\(Default) = C:\WINDOWS\System32\MemoryDiagnostic.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts
MNO Metadata Parser -> launches: %SystemRoot%\System32\MbaeParserTask.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
LPRemove -> launches: %windir%\system32\lpremove.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
-> {HKLM...CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\WINDOWS\System32\PlaySndSrv.dll [MS]
-> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\WINDOWS\System32\PlaySndSrv.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\NlaSvc
WiFiTask -> (HIDDEN!) launches: %SystemRoot%\System32\WiFiTask.exe nla [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\PI
Secure-Boot-Update -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
-> {HKLM...CLSID} = TPM Maintenance Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS]
Sqm-Tasks -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
-> {HKLM...CLSID} = TPM Maintenance Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play
Device Install Group Policy -> (HIDDEN!) launches: {60400283-B242-4FA8-8C25-CAF695B88209}
-> {HKLM...CLSID} = Device Installation Group Policy Task Handler
\InProcServer32\(Default) = C:\Windows\System32\pnppolicy.dll [MS]
Device Install Reboot Required -> (HIDDEN!) launches: {48794782-6A1F-47B9-BD52-1D5F95D49C1B}
-> {HKLM...CLSID} = Device Installation Reboot Dialog Task
\InProcServer32\(Default) = C:\Windows\System32\pnpui.dll [MS]
Sysprep Generalize Drivers -> launches: %SystemRoot%\System32\drvinst.exe 6 [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem -> launches: {927EA2AF-1C54-43D5-825E-0074CE028EEE}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\WINDOWS\System32\energytask.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Printing
EduPrintProv -> launches: %windir%\system32\eduprintprov.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\PushToInstall
Registration -> launches: %windir%\system32\sc.exe start pushtoinstall registration [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager -> launches: {C463A0FC-794F-4FDF-9201-01938CEACAFA}
-> {HKLM...CLSID} = RasMobilityManager
\InProcServer32\(Default) = C:\WINDOWS\system32\rasmbmgr.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {CA767AA8-9157-4604-B64B-40747123D5F2}
-> {HKLM...CLSID} = RegistryIdleBackupHandler
\InProcServer32\(Default) = C:\WINDOWS\System32\regidle.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Servicing
StartComponentCleanup -> launches: {752073A1-23F2-4396-85F0-8FDB879ED0ED} [InProcServer32 entry not found]

C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync
BackgroundUploadTask -> (HIDDEN!) launches: {59B9640B-3F70-4D1C-B159-F26EEB8A4C87}
-> {HKLM...CLSID} = Delayed Background Upload Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS]
-> {HKLM...Wow...CLSID} = Delayed Background Upload Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS]
NetworkStateChangeTask -> (HIDDEN!) launches: {A4173A49-F373-4475-9A0F-2D615204DC20}
-> {HKLM...CLSID} = Network State Change Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS]
-> {HKLM...Wow...CLSID} = Network State Change Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Shell
CreateObjectTask -> (HIDDEN!) launches: {990A9F8F-301F-45F7-8D0E-68C5952DBA43}
-> {HKLM...CLSID} = Shell Create Object Task Delegate
\InProcServer32\(Default) = C:\WINDOWS\system32\shell32.dll [MS]
-> {HKLM...Wow...CLSID} = Shell Create Object Task Delegate
\InProcServer32\(Default) = C:\WINDOWS\system32\shell32.dll [MS]
FamilySafetyMonitor -> launches: %windir%\System32\wpcmon.exe [MS]
FamilySafetyRefreshTask -> launches: {C844C79D-AED8-4DCE-AB25-4D359BED84F8}
-> {HKLM...CLSID} = FamilySafetyRefreshTask
\InProcServer32\(Default) = C:\WINDOWS\System32\WpcRefreshTask.dll [MS]
IndexerAutomaticMaintenance -> launches: {3FBA60A6-7BF5-4868-A2CA-6623B3DFFEA6}
-> {HKLM...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby
\InProcServer32\(Default) = C:\WINDOWS\System32\srchadmin.dll [MS]
-> {HKLM...Wow...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby
\InProcServer32\(Default) = C:\WINDOWS\System32\srchadmin.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform
SvcRestartTask -> (HIDDEN!) launches: {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC}
-> {HKLM...CLSID} = SppSvcRestartTaskHandler Class
\InProcServer32\(Default) = C:\WINDOWS\System32\sppcext.dll [MS]
-> {HKLM...Wow...CLSID} = SppSvcRestartTaskHandler Class
\InProcServer32\(Default) = C:\WINDOWS\System32\sppcext.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort
SpaceAgentTask -> launches: %windir%\system32\SpaceAgent.exe [MS]
SpaceManagerTask -> launches: %windir%\system32\spaceman.exe /Work [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Speech
HeadsetButtonPress -> launches: %windir%\system32\speech_onecore\common\SpeechRuntime.exe StartedFromTask [MS]
SpeechModelDownloadTask -> launches: %windir%\system32\speech_onecore\common\SpeechModelDownload.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\StateRepository
MaintenanceTasks -> launches: %windir%\system32\rundll32.exe %windir%\system32\Windows.StateRepositoryClient.dll,StateRepositoryDoMaintenanceTasks [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Storage Tiers Management
Storage Tiers Management Initialization -> launches: {5C9AB547-345D-4175-9AF6-65133463A100} [InProcServer32 entry not found]

C:\Windows\System32\Tasks\Microsoft\Windows\Subscription
EnableLicenseAcquisition -> (HIDDEN!) launches: %SystemRoot%\system32\ClipRenew.exe -e [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain
ResPriStaticDbSync -> launches: {297EE78C-BA95-4E94-81D3-D6E7F089C7B5}
-> {HKLM...CLSID} = Reserved Priority Static Db Sync Task
\InProcServer32\(Default) = C:\WINDOWS\system32\sysmain.dll [MS]
WsSwapAssessmentTask -> launches: %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR -> launches: %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855FEC53-D2E4-4999-9E87-3414E9CF0FF4}
-> {HKLM...CLSID} = RunTask
\InProcServer32\(Default) = C:\WINDOWS\system32\wdc.dll [MS]
-> {HKLM...Wow...CLSID} = RunTask
\InProcServer32\(Default) = C:\WINDOWS\system32\wdc.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575CFE-9A55-4003-A5E1-F38D1EBDCBE1}
-> {HKLM...CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\WINDOWS\system32\MsCtfMonitor.dll [MS]
-> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\WINDOWS\system32\MsCtfMonitor.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
ForceSynchronizeTime -> launches: {A31AD6C2-FF4C-43D4-8E90-7101023096F9}
-> {HKLM...CLSID} = Time Synchronization Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\TimeSyncTask.dll [MS]
SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Zone
SynchronizeTimeZone -> launches: %windir%\system32\tzsync.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TPM
Tpm-HASCertRetr -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
-> {HKLM...CLSID} = TPM Maintenance Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS]
Tpm-Maintenance -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
-> {HKLM...CLSID} = TPM Maintenance Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator
Backup Scan -> launches: %systemroot%\system32\usoclient.exe StartScan [MS]
MusUx_UpdateInterval -> launches: %systemroot%\system32\MusNotification.exe Display [MS]
Schedule Scan -> launches: %systemroot%\system32\usoclient.exe StartScan [MS]
Schedule Scan Static Task -> launches: %systemroot%\system32\usoclient.exe StartScan [MS]
Universal Orchestrator Idle Start -> launches: %systemroot%\system32\usoclient.exe StartUWorkIdle [MS]
Universal Orchestrator Start -> launches: %systemroot%\system32\usoclient.exe StartUWork [MS]
UpdateModelTask -> launches: %systemroot%\system32\usoclient.exe StartModelUpdates [MS]
USO_Broker_Display -> launches: %systemroot%\system32\MusNotification.exe Display [MS]
USO_UxBroker -> launches: %systemroot%\system32\MusNotification.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\USB
Usb-Notifications -> (HIDDEN!) launches: {E05BE1C8-92A8-4757-B575-ACAECB4E6A40}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Windows\System32\UsbTask.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WaaSMedic
PerformRemediation -> launches: {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32} [InProcServer32 entry not found]

C:\Windows\System32\Tasks\Microsoft\Windows\WCM
WiFiTask -> (HIDDEN!) launches: %SystemRoot%\System32\WiFiTask.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900BE39D-6BE8-461A-BC4D-B0FA71F5ECB1}
-> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\WINDOWS\System32\wdi.dll [MS]
-> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\WINDOWS\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender
Windows Defender Cache Maintenance -> launches: %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance [MS]
Windows Defender Cleanup -> launches: %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup [MS]
Windows Defender Scheduled Scan -> launches: %ProgramFiles%\Windows Defender\MpCmdRun.exe Scan -ScheduleJob [MS]
Windows Defender Verification -> launches: %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting -> launches: %windir%\system32\wermgr.exe -upload [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem
Calibration Loader -> launches: {B210D694-C8DF-490D-9576-9E20CDBC20BD}
-> {HKLM...CLSID} = Color Calibration Loader
\InProcServer32\(Default) = C:\Windows\System32\mscms.dll [MS]
-> {HKLM...Wow...CLSID} = Color Calibration Loader
\InProcServer32\(Default) = C:\Windows\SysWOW64\mscms.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate
Scheduled Start -> launches: C:\WINDOWS\system32\sc.exe start wuauserv [MS]
sihpostreboot -> launches: %systemroot%\system32\sihclient.exe /PostReboot [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Wininet
CacheTask -> launches: {0358B920-0AC7-461F-98F4-58E32CD89148}
-> {HKLM...CLSID} = Wininet Cache task object
\InProcServer32\(Default) = C:\WINDOWS\system32\wininet.dll [MS]
-> {HKLM...Wow...CLSID} = Wininet Cache task object
\InProcServer32\(Default) = C:\WINDOWS\system32\wininet.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WlanSvc
CDSSync -> launches: {B0D2B535-12E1-439F-86B3-BADA289510F0}
-> {HKLM...CLSID} = WlanSyncTaskCommon
\InProcServer32\(Default) = C:\Windows\System32\WiFiCloudStore.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WOF
WIM-Hash-Management -> launches: {B7BFFB5A-EFA8-4D8C-BBDE-C8D5FAAF54A1}
-> {HKLM...CLSID} = WOF Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\WofTasks.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Work Folders
Work Folders Logon Synchronization -> launches: {97D47D56-3777-49FB-8E8F-90D7E30E1A1E}
-> {HKLM...CLSID} = Work Folder Logon Trigger Class
\InProcServer32\(Default) = C:\Windows\System32\WorkFoldersShell.dll [MS]
Work Folders Maintenance Work -> launches: {63260BCE-A3FB-4A34-AA51-D4D8E877B62B}
-> {HKLM...CLSID} = Work Folder Maintenance Task Class
\InProcServer32\(Default) = C:\Windows\System32\WorkFoldersShell.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WwanSvc
NotificationTask -> (HIDDEN!) launches: %SystemRoot%\System32\WiFiTask.exe wwan [MS]

C:\Windows\System32\Tasks\Microsoft\XblGameSave
XblGameSaveTask -> launches: %windir%\System32\XblGameSaveTask.exe standby [MS]

C:\Windows\System32\Tasks\WiseCleaner
WDCSkipUAC -> launches: D:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe $UAC [WiseCleaner.com]
WRCSkipUAC -> launches: C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe $UAC [file not found]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000006\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000006\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 14

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 14


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\(Default) = (no title provided)
-> {HKLM...CLSID} = F12 Developer Tools
\InProcServer32\(Default) = C:\Windows\System32\F12\F12App.dll [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Avast Antivirus, avast! Antivirus, "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [AVAST Software]
AvastWscReporter, AvastWscReporter, "C:\Program Files\AVAST Software\Avast\wsc_proxy.exe" /runassvc /rpcserver [AVAST Software]
AVCTP-service, BthAvctpSvc, C:\WINDOWS\system32\svchost.exe -k LocalService -p {C:\WINDOWS\System32\BthAvctpSvc.dll [MS]}
Background Tasks Infrastructure Service, BrokerInfrastructure, C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p {C:\WINDOWS\System32\psmsrv.dll [MS]}
Beeldschermbeleidsservice, DispBrokerDesktopSvc, C:\WINDOWS\system32\svchost.exe -k LocalService -p {C:\WINDOWS\System32\DispBroker.Desktop.dll [MS]}
Orchestrator-service bijwerken, UsoSvc, C:\WINDOWS\system32\svchost.exe -k netsvcs -p {C:\WINDOWS\system32\usosvc.dll [MS]}
System Guard Runtime Monitor Broker, SgrmBroker, C:\WINDOWS\system32\SgrmBroker.exe [MS]


Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> AudioEndpointBuilder, Service
<<!>> AudioSrv, Service
<<!>> CBDHSvc, Service
<<!>> HdAudAddService.Sys, Driver
<<!>> HdAudBus.Sys, Driver
<<!>> hitmanpro37,
<<!>> hitmanpro37.sys,
<<!>> HitmanPro38Crusader,
<<!>> HitmanPro38CrusaderBoot,
<<!>> iai2c.sys, Driver
<<!>> MBAMService, Service
<<!>> SerCx2.sys, Driver
<<!>> usbaudio.sys, Driver
<<!>> {4D36E96C-E325-11CE-BFC1-08002BE10318}, Media
<<!>> {F2E7DD72-6468-4E36-B6F1-6488F42C1B52}, Firmware

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> AudioEndpointBuilder, Service
<<!>> AudioSrv, Service
<<!>> CBDHSvc, Service
<<!>> HdAudAddService.Sys, Driver
<<!>> HdAudBus.Sys, Driver
<<!>> hitmanpro37,
<<!>> hitmanpro37.sys,
<<!>> HitmanPro38Crusader,
<<!>> HitmanPro38CrusaderBoot,
<<!>> MBAMService, Service
<<!>> NetSetupSvc, Service
<<!>> SerCx2.sys, Driver
<<!>> usbaudio.sys, Driver
<<!>> WinQuic, Driver
<<!>> {4D36E96C-E325-11CE-BFC1-08002BE10318}, Media
<<!>> {F2E7DD72-6468-4E36-B6F1-6488F42C1B52}, Firmware


Accessibility Tools:
--------------------

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\SessionTransit\
Configuration =


Keyboard Driver Filters:
------------------------

HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
<<!>> UpperFilters = <<!>> aswKbd [AVAST Software],kbdclass [MS]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Appmon\Driver = AppMon.dll [MS]
Canon BJ Language Monitor MG5700 series\Driver = CNMLMCS.DLL [CANON INC.]
WSD Port\Driver = APMon.dll [MS]




==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on vr 13-12-2019 at 11:25:15,85 ======================
 
Hallo Rowan,
Windows schoon opnieuw installeren - hoeveel ervaring heb jij daarin?

Want de besmetting die jij opgelopen hebt heeft heel wat bestanden aangepast; vermoedelijk heeft de oorspronkelijke besmetting ook contact gehad middels de beheersserver en zijn nieuwe bestanden in jouw Windows erbij gezet.

Euh, Gaat dat via BIOS? Windows zelf installeren kan ik wel maar de-installeren niet, meestal haal ik de HDD eruit en hang ik die aan een andere computer en formatteer ik hem
 
Of je het nu doet via de Windows setup zelf of via het bijhangen in een andere PC, de partities dienen eerst compleet verwijderd te worden, zodat dat alle virusinstellingen daarmee ook verdwijnen.

Documenten die je eerst gaat redden dien je in de andere computer met de daarin aanwezige antivirus te scannen, omdat de malware ook documenten aangetast kan hebben.
 
Of je het nu doet via de Windows setup zelf of via het bijhangen in een andere PC, de partities dienen eerst compleet verwijderd te worden, zodat dat alle virusinstellingen daarmee ook verdwijnen.

Documenten die je eerst gaat redden dien je in de andere computer met de daarin aanwezige antivirus te scannen, omdat de malware ook documenten aangetast kan hebben.

Ja ik moet documenten e.d. zeker veiligstellen, foto's van de crematie staan er ook nog op. Welke software moet ik eerst op de andere PC installeren? slinger ik die zo aan het internet
 
FF doorzagend:


het probleem is natuurlijk dat de DLL wat via dat rechtsklik menu wordt aangeroepen niet meer aanwezig is, (die Vccorelib141xvd.dll ), dus er is ook geen malware programma dat de oplossing zal bieden, die vindt blijkbaar niks meer. Die foutief achtergebleven vermelding in dat context menu zal je daarom beter ook moeten bekijken. In principe niet een enorm probleem, het is maar een melding, maar wel lastig irritant.

Probeer de download onderaan (en let op de 64 of 32 bit) :
ShellExView v2.01 - Shell Extensions Manager
Copyright (c) 2003 - 2019 Nir Sofer

Nou ben ik hier ook geen kei in, maar ShellExView geeft een overzicht van wat er zo in dat context menu geladen kan worden. Dat is altijd per item verschillend; een MP3 zal een ander menu laten zien dan b.v. een map. Waarschijnlijk zal jij de melding ook krijgen bij bepaalde items, b.v. bestanden met een bepaalde extentie.

Open het programma, laat het even de gegevens inladen, druk Ctrl+A om alle items te selecteren, en sla het resultaat op met het diskette icoontje. Dat levert een .TXT bestand op wat je als .TXT kan bijvoegen. Wie weet valt daar iets uit op te maken.
 
Jullie begrijpen het niet.
Zelfs Avast is naar alle waarschijnlijkheid aangepast.
 
OK, dat is dan een domper die ik niet kan zien :worried:
 
Welke software moet ik eerst op de andere PC installeren? slinger ik die zo aan het internet

Wat bedoel jij precies daarmee?

Of wil jij weten hoe je de nieuwste Windows 10 versie kan installeren?
 
Wat bedoel jij precies daarmee?

Of wil jij weten hoe je de nieuwste Windows 10 versie kan installeren?

Als die het ook niet ziet idd, Heb niet voor niks Avast op de computer staan.

Nee ik bedoel, ik haal nu alle documenten/foto's/video's e.d. die ik ken en/of er zelf opgezet heb van de huidige Windows af en zet het tijdelijk op en externe HDD en wil die bestanden laten scannen op mijn 2e computer of die ook besmet zijn geraakt, maar welke programma's moet ik daarvoor installeren? dachte zelf aan:

-Mbam
-JRT
-Avast
-Adaware cleaner
-Eset online scanner
 
Windows 10 doe ik straks bekijken hoe dat in z'n werk gaat, eerst zorgen dat ik alles veilig heb gesteld
 
Dan zit daar Windows Defender automatisch als antivirus in.
Eerst via de Windows Update kijken of er ook een update voor Windows Defender is en daarna kan je die antivirus gebruiken om alles op de HD te kunnen scannen.
 
Dan zit daar Windows Defender automatisch als antivirus in.
Eerst via de Windows Update kijken of er ook een update voor Windows Defender is en daarna kan je die antivirus gebruiken om alles op de HD te kunnen scannen.

Wat kan/moet ik voor beveiliging allemaal aanzetten bij Windows defender? heb bescherming tegen ransomware in elk geval aangezet
 
Status
Niet open voor verdere reacties.
Steun Ons

Nieuwste berichten

Terug
Bovenaan