Prosím o kontrolu - taskeng.exe

Příspěvekod **jerabina** » 10 kvě 2015 11:34

Aplikuj prosím ten fixlist, poté budeme řešit ten Bing.

Reklama

Kanovka · Příspěvekod **Kanovka** » 10 kvě 2015 11:35

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2015
Ran by Lucka at 2015-05-10 11:35:01 Run:2
Running from C:\Users\Lucka\Desktop
Loaded Profiles: Lucka (Available profiles: Lucka)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CMD: wmic startup get Caption, Location, Command /format:list
CMD: dir /s /a /x "c:\Windows\Tasks*.*"
*****************

========= wmic startup get Caption, Location, Command /format:list =========

C a p t i o n = B l u e t o o t h

C o m m a n d = C : \ P R O G R A ~ 1 \ L e n o v o \ B L U E T O ~ 1 \ B T T r a y . e x e

L o c a t i o n = C o m m o n S t a r t u p

C a p t i o n = c A u d i o F i l t e r A g e n t

C o m m a n d = C : \ P r o g r a m F i l e s \ C o n e x a n t \ c A u d i o F i l t e r A g e n t \ c A u d i o F i l t e r A g e n t 6 4 . e x e

L o c a t i o n = H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ R u n

C a p t i o n = E T D W a r e

C o m m a n d = C : \ P r o g r a m F i l e s \ E l a n t e c h \ E T D C t r l . e x e

L o c a t i o n = H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ R u n

C a p t i o n = O n e k e y S t u d i o

C o m m a n d = C : \ P r o g r a m F i l e s ( x 8 6 ) \ L e n o v o \ O n e k e y T h e a t e r \ O n e k e y S t u d i o . e x e

L o c a t i o n = H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ R u n

C a p t i o n = E n e r g y U t i l i t y

C o m m a n d = C : \ P r o g r a m F i l e s ( x 8 6 ) \ L e n o v o \ E n e r g y M a n a g e m e n t \ u t i l i t y . e x e

L o c a t i o n = H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ R u n

C a p t i o n = E n e r g y M a n a g e m e n t

C o m m a n d = C : \ P r o g r a m F i l e s ( x 8 6 ) \ L e n o v o \ E n e r g y M a n a g e m e n t \ E n e r g y M a n a g e m e n t . e x e

L o c a t i o n = H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ R u n

C a p t i o n = N v t m r u

C o m m a n d = " C : \ P r o g r a m F i l e s ( x 8 6 ) \ N V I D I A C o r p o r a t i o n \ N V I D I A U p d a t e C o r e \ n v t m r u . e x e "

L o c a t i o n = H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ R u n

C a p t i o n = S h a d o w P l a y

C o m m a n d = C : \ w i n d o w s \ s y s t e m 3 2 \ r u n d l l 3 2 . e x e C : \ w i n d o w s \ s y s t e m 3 2 \ n v s p c a p 6 4 . d l l , S h a d o w P l a y O n S y s t e m S t a r t

L o c a t i o n = H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ R u n

C a p t i o n = N v B a c k e n d

C o m m a n d = " C : \ P r o g r a m F i l e s ( x 8 6 ) \ N V I D I A C o r p o r a t i o n \ U p d a t e C o r e \ N v B a c k e n d . e x e "

L o c a t i o n = H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ R u n

========= End of CMD: =========

========= dir /s /a /x "c:\Windows\Tasks*.*" =========

Svazek v jednotce C nem� ��dnou jmenovku.
S�riov� ��slo svazku je 983B-9324.

V�pis adres��e c:\Windows

03.05.2015 09:44 <DIR> Tasks
Soubor�: 0, Bajt�: 0

V�pis adres��e c:\Windows\assembly\GAC_MSIL

14.07.2009 05:20 <DIR> TASKSC~1 TaskScheduler
24.01.2010 18:26 <DIR> TASKSC~1.RES TaskScheduler.Resources
Soubor�: 0, Bajt�: 0

V�pis adres��e c:\Windows\assembly\GAC_MSIL\TaskScheduler\6.1.0.0__31bf3856ad364e35

20.11.2010 14:36 167�936 TaskScheduler.dll
Soubor�: 1, Bajt�: 167�936

V�pis adres��e c:\Windows\assembly\GAC_MSIL\TaskScheduler.Resources\6.1.0.0_cs_31bf3856ad364e35

24.01.2010 18:25 7�168 TaskScheduler.resources.dll
Soubor�: 1, Bajt�: 7�168

V�pis adres��e c:\Windows\assembly\NativeImages_v2.0.50727_32

23.10.2014 17:26 <DIR> TASKSC~1 TaskScheduler
Soubor�: 0, Bajt�: 0

V�pis adres��e c:\Windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\96f486d5709ac7e2573b08fed46701e2

16.10.2014 09:23 245�248 TASKSC~1.DLL TaskScheduler.ni.dll
Soubor�: 1, Bajt�: 245�248

V�pis adres��e c:\Windows\Help\mui\0405

24.01.2010 18:25 72�172 taskscheduler.CHM
Soubor�: 1, Bajt�: 72�172

V�pis adres��e c:\Windows\System32

08.05.2015 12:22 <DIR> Tasks
20.11.2010 15:27 1�197�056 taskschd.dll
10.06.2009 22:58 145�059 taskschd.msc
14.07.2009 03:41 55�296 TaskSchdPS.dll
Soubor�: 3, Bajt�: 1�397�411

V�pis adres��e c:\Windows\System32\cs-CZ

24.01.2010 18:25 145�091 taskschd.msc
Soubor�: 1, Bajt�: 145�091

V�pis adres��e c:\Windows\System32\en-US

14.07.2009 04:25 2�560 taskschd.dll.mui
Soubor�: 1, Bajt�: 2�560

V�pis adres��e c:\Windows\SysWOW64

14.07.2009 05:20 <DIR> Tasks
20.11.2010 14:21 505�856 taskschd.dll
10.06.2009 23:38 145�059 taskschd.msc
14.07.2009 03:16 36�864 TaskSchdPS.dll
Soubor�: 3, Bajt�: 687�779

V�pis adres��e c:\Windows\SysWOW64\cs-CZ

24.01.2010 18:25 145�091 taskschd.msc
Soubor�: 1, Bajt�: 145�091

V�pis adres��e c:\Windows\SysWOW64\en-US

14.07.2009 04:02 2�560 taskschd.dll.mui
Soubor�: 1, Bajt�: 2�560

V�pis adres��e c:\Windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2

10.06.2009 23:00 13�427 tasks.xml
Soubor�: 1, Bajt�: 13�427

V�pis adres��e c:\Windows\winsxs\amd64_microsoft-windows-printing-fdprint_31bf3856ad364e35_6.1.7600.16385_none_b425025e9ef3d84c

10.06.2009 23:02 11�364 tasks.xml
Soubor�: 1, Bajt�: 11�364

V�pis adres��e c:\Windows\winsxs\amd64_microsoft-windows-t..cheduler-apis-proxy_31bf3856ad364e35_6.1.7600.16385_none_31a8e7113546f43e

14.07.2009 03:41 55�296 TASKSC~1.DLL TaskSchdPS.dll
Soubor�: 1, Bajt�: 55�296

V�pis adres��e c:\Windows\winsxs\amd64_microsoft-windows-t..duler-adm.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_f6de1fda349bd185

24.01.2010 18:25 7�899 TASKSC~1.ADM TaskScheduler.adml
Soubor�: 1, Bajt�: 7�899

V�pis adres��e c:\Windows\winsxs\amd64_microsoft-windows-t..er-client.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1bf121eae88b9918

14.07.2009 04:25 2�560 TASKSC~1.MUI taskschd.dll.mui
Soubor�: 1, Bajt�: 2�560

V�pis adres��e c:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-adm_31bf3856ad364e35_6.1.7600.16385_none_074719bfd9d616de

10.06.2009 22:58 5�520 TASKSC~1.ADM TaskScheduler.admx
Soubor�: 1, Bajt�: 5�520

V�pis adres��e c:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-client_31bf3856ad364e35_6.1.7601.17514_none_a2204d83b4ef6bd1

20.11.2010 15:27 1�197�056 taskschd.dll
Soubor�: 1, Bajt�: 1�197�056

V�pis adres��e c:\Windows\winsxs\amd64_server-help-chm.tas..eduler_lh.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_828b5b5c66fe6bf2

24.01.2010 18:25 72�172 TASKSC~1.CHM taskscheduler.CHM
Soubor�: 1, Bajt�: 72�172

V�pis adres��e c:\Windows\winsxs\amd64_taskschedulersettings.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_0c0bb151606e6d5a

24.01.2010 18:25 145�091 taskschd.msc
Soubor�: 1, Bajt�: 145�091

V�pis adres��e c:\Windows\winsxs\amd64_taskschedulersettings_31bf3856ad364e35_6.1.7600.16385_none_a6dff5711e0deb2d

10.06.2009 22:58 145�059 taskschd.msc
Soubor�: 1, Bajt�: 145�059

V�pis adres��e c:\Windows\winsxs\msil_taskscheduler.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_de8932a514f87eac

24.01.2010 18:25 7�168 TASKSC~1.DLL TaskScheduler.resources.dll
Soubor�: 1, Bajt�: 7�168

V�pis adres��e c:\Windows\winsxs\msil_taskscheduler_31bf3856ad364e35_6.1.7601.17514_none_170487c39d98ec89

20.11.2010 14:36 167�936 TASKSC~1.DLL TaskScheduler.dll
Soubor�: 1, Bajt�: 167�936

V�pis adres��e c:\Windows\winsxs\wow64_taskschedulersettings_31bf3856ad364e35_6.1.7600.16385_none_b1349fc3526ead28

10.06.2009 23:38 145�059 taskschd.msc
Soubor�: 1, Bajt�: 145�059

V�pis adres��e c:\Windows\winsxs\x86_microsoft-windows-t..cheduler-apis-proxy_31bf3856ad364e35_6.1.7600.16385_none_d58a4b8d7ce98308

14.07.2009 03:16 36�864 TASKSC~1.DLL TaskSchdPS.dll
Soubor�: 1, Bajt�: 36�864

V�pis adres��e c:\Windows\winsxs\x86_microsoft-windows-t..er-client.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bfd28667302e27e2

14.07.2009 04:02 2�560 TASKSC~1.MUI taskschd.dll.mui
Soubor�: 1, Bajt�: 2�560

V�pis adres��e c:\Windows\winsxs\x86_microsoft-windows-taskscheduler-client_31bf3856ad364e35_6.1.7601.17514_none_4601b1fffc91fa9b

20.11.2010 14:21 505�856 taskschd.dll
Soubor�: 1, Bajt�: 505�856

V�pis adres��e c:\Windows\winsxs\x86_taskschedulersettings.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_afed15cda810fc24

24.01.2010 18:25 145�091 taskschd.msc
Soubor�: 1, Bajt�: 145�091

Po�et soubor� v seznamu:
Soubor�: 31, Bajt�: 5�538�994
Adres��: 6, Voln�ch bajt�: 65�564�999�680

========= End of CMD: =========

==== End of Fixlog 11:35:09 ====

mople71 · Příspěvekod **mople71** » 10 kvě 2015 11:44

Aha, takže nefunguje jenom ten script...

Když se podíváš do seznamu aktualizací: http://windows.microsoft.com/cs-cz/wind ... =windows-7

Není tam náhodou aktualizace jménem:

Kód: Vybrat vše

KB3038314

Dodej prosím fixlog FRST.

mople71 · Příspěvekod **mople71** » 10 kvě 2015 11:54

Hm, duch nikde... Koukneme se hloběji.

Stáhni si SilentRunners: http://mople71.8u.cz/SilentRunners.zip

Extrahuj na Plochu SilentRunners.vbs a spusť jej. Klikni na Yes a počkej, než script dokončí svou práci.

Po dokončení se na Ploše zobrazí log Startup Programs (*****).txt, jeho obsah sem prosím vlož.

Kanovka · Příspěvekod **Kanovka** » 10 kvě 2015 12:03

KB3038314 úspěšně nainstalováno 16.4.2015

Kanovka · Příspěvekod **Kanovka** » 10 kvě 2015 12:08

"Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/
Operating System: Microsoft Windows 7 Home Premium Service Pack 1 (64-bit)
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
cAudioFilterAgent = C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [Conexant Systems, Inc.]
ETDWare = C:\Program Files\Elantech\ETDCtrl.exe [ELAN Microelectronic Corp.]
OnekeyStudio = C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [Lenovo]
EnergyUtility = C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [Lenovo(beijing) Limited]
Energy Management = C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [Lenovo (Beijing) Limited]
Nvtmru = "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [NVIDIA Corporation]
ShadowPlay = C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart [MS]
NvBackend = "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [NVIDIA Corporation]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
IAStorIcon = C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [null data]
331BigDog = C:\Program Files (x86)\USB Camera\VM331_STI.EXE [Vimicro]
GrooveMonitor = "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [MS]
AvastUI.exe = "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui [Avast Software s.r.o.]
UnlockerAssistant = "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\(Default) = Skype for Business Click to Call BHO
-> {HKLM...CLSID} = Skype for Business Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [MS]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = Java(tm) Plug-In SSV Helper
\InProcServer32\(Default) = C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [Oracle Corporation]
-> {HKLM...Wow...CLSID} = Java(tm) Plug-In SSV Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [Oracle Corporation]

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\(Default) = avast! Online Security
-> {HKLM...CLSID} = avast! Online Security
\InProcServer32\(Default) = C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [Avast Software s.r.o.]
-> {HKLM...Wow...CLSID} = avast! Online Security
\InProcServer32\(Default) = C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [Avast Software s.r.o.]

{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\(Default) = (no title provided)
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS]
-> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [MS]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = Java(tm) Plug-In 2 SSV Helper
\InProcServer32\(Default) = C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [Oracle Corporation]
-> {HKLM...Wow...CLSID} = Java(tm) Plug-In 2 SSV Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [Oracle Corporation]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = Java(tm) Plug-In SSV Helper
\InProcServer32\(Default) = C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [Oracle Corporation]
-> {HKLM...Wow...CLSID} = Java(tm) Plug-In SSV Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [Oracle Corporation]

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\(Default) = avast! Online Security
-> {HKLM...CLSID} = avast! Online Security
\InProcServer32\(Default) = C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [Avast Software s.r.o.]
-> {HKLM...Wow...CLSID} = avast! Online Security
\InProcServer32\(Default) = C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [Avast Software s.r.o.]

{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
-> {HKLM...Wow...CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [MS]

{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\(Default) = (no title provided)
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS]
-> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [MS]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = Java(tm) Plug-In 2 SSV Helper
\InProcServer32\(Default) = C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [Oracle Corporation]
-> {HKLM...Wow...CLSID} = Java(tm) Plug-In 2 SSV Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [Oracle Corporation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

SkyDrivePro1 (ErrorConflict)\(Default) = {8BA85C75-763B-4103-94EB-9470F12FE0F7}
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS]

SkyDrivePro2 (SyncInProgress)\(Default) = {CD55129A-B1A1-438E-A425-CEBC7DC684EE}
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS]

SkyDrivePro3 (InSync)\(Default) = {E768CD3B-BDDC-436D-9C13-E1B39CA257B1}
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS]

00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
-> {HKLM...CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\Alwil Software\Avast5\ashShA64.dll [Avast Software s.r.o.]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

SkyDrivePro1 (ErrorConflict)\(Default) = {8BA85C75-763B-4103-94EB-9470F12FE0F7}
-> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [MS]

SkyDrivePro2 (SyncInProgress)\(Default) = {CD55129A-B1A1-438E-A425-CEBC7DC684EE}
-> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [MS]

SkyDrivePro3 (InSync)\(Default) = {E768CD3B-BDDC-436D-9C13-E1B39CA257B1}
-> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7}
-> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}
-> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399}
-> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619}
-> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}
-> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class
-> {HKLM...CLSID} = DesktopContext Class
\InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\Display\nvui.dll [NVIDIA Corporation]

{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension
-> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension
\InProcServer32\(Default) = C:\windows\system32\nvshext.dll [NVIDIA Corporation]

{A929C4CE-FD36-4270-B4F5-34ECAC5BD63C} = NvAppShExt extension
-> {HKLM...CLSID} = NvAppShExt Class
\InProcServer32\(Default) = C:\windows\system32\Nv3DAppShExt.dll [NVIDIA Corporation]

{7842554E-6BED-11D2-8CDB-B05550C10000} = Monitor
-> {HKLM...CLSID} = Monitor Class
\InProcServer32\(Default) = C:\Program Files\Lenovo\Bluetooth Software\btncopy.dll [Broadcom Corporation.]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\MSOHEVI.DLL [MS]

{2d3dd4c0-3bd7-11d2-821e-444553540000} = WdmidleDeviceShellExtension
-> {HKLM...CLSID} = WdmidleDeviceShellExtension
\InProcServer32\(Default) = c:\program files (x86)\lenovo\energy management\powcpl.dll [null data]

{472083B0-C522-11CF-8763-00608CC02F24} = avast
-> {HKLM...CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\Alwil Software\Avast5\ashShA64.dll [Avast Software s.r.o.]

{8BA85C75-763B-4103-94EB-9470F12FE0F7} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS]

{CD55129A-B1A1-438E-A425-CEBC7DC684EE} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS]

{E768CD3B-BDDC-436D-9C13-E1B39CA257B1} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync)
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS]

{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} = Microsoft SkyDrive Pro Browser Helper
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS]

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
-> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONFILTER.DLL [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM...CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office15\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM...CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office15\msoshext.dll [MS]

{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
-> {HKLM...CLSID} = ImageExtractorShellExt Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\VISSHE.DLL [MS]

{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
-> {HKLM...CLSID} = CInfoTipShellExt Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\VISSHE.DLL [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{0006F045-0000-0000-C000-000000000046} = Microsoft Office Outlook Custom Icon Handler
-> {HKLM...Wow...CLSID} = Outlook File Icon Extension
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\OLKFSTUB.DLL [MS]

{00020D75-0000-0000-C000-000000000046} = Microsoft Office Outlook Desktop Icon Handler
-> {HKLM...Wow...CLSID} = Microsoft Office Outlook
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\MLSHEXT.DLL [MS]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM...Wow...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll [MS]

{472083B0-C522-11CF-8763-00608CC02F24} = avast
-> {HKLM...Wow...CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\Alwil Software\Avast5\ashShell.dll [Avast Software s.r.o.]

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar
-> {HKLM...Wow...CLSID} = Groove Folder Synchronization
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler
-> {HKLM...Wow...CLSID} = Groove GFS Stub Icon Handler
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
-> {HKLM...Wow...CLSID} = Groove GFS Stub Execution Hook
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler
-> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler
-> {HKLM...Wow...CLSID} = Groove XML Icon Handler
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder)
-> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub)
-> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
-> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
-> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
-> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search
-> {HKLM...Wow...CLSID} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\ONFILTER.DLL [MS]

{8903F6C9-25E3-40AC-A98F-E6D35CD0469C} = PSPad
-> {HKLM...Wow...CLSID} = PSPad
\InProcServer32\(Default) = C:\PROGRA~2\PSPADE~1\PSPADS~1.DLL [null data]

{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = Shell Extensions for RealOne Player
-> {HKLM...Wow...CLSID} = RealOne Player Context Menu Class
\InProcServer32\(Default) = c:\program files (x86)\real\realplayer\rpshell.dll [RealNetworks, Inc.]

{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Editor Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
-> {HKLM...Wow...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\ONFILTER.DLL [MS]

{8BA85C75-763B-4103-94EB-9470F12FE0F7} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)
-> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [MS]

{CD55129A-B1A1-438E-A425-CEBC7DC684EE} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)
-> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [MS]

{E768CD3B-BDDC-436D-9C13-E1B39CA257B1} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync)
-> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [MS]

{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} = Microsoft SkyDrive Pro Browser Helper
-> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office15\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office15\msoshext.dll [MS]

{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
-> {HKLM...Wow...CLSID} = ImageExtractorShellExt Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\VISSHE.DLL [MS]

{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
-> {HKLM...Wow...CLSID} = CInfoTipShellExt Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\VISSHE.DLL [MS]

{40CC864B-947A-4e5d-A2E5-DB6777B55D8F} = DivX MKV Icon Handler Shell Extension
-> {HKLM...Wow...CLSID} = DivX MKV Icon Handler Class
\InProcServer32\(Default) = C:\Program Files (x86)\DivX\DivX Player\DPXIconHandler32.dll [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\

{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}\(Default) = BtwCredentialProvider
-> {HKLM...CLSID} = BtwCredentialProvider
\InProcServer32\(Default) = C:\Program Files\Lenovo\Bluetooth Software\\BtwCP.dll [Broadcom Corporation.]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945}
-> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter
\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

ALZip\(Default) = {4EB37360-49E8-11D3-95B5-004033382980}
-> {HKLM...CLSID} = AZContextMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll [ESTsoft Corp.]
-> {HKLM...Wow...CLSID} = AZContextMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\ESTsoft\ALZip\AZCTM.dll [ESTsoft Corp.]

avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
-> {HKLM...CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\Alwil Software\Avast5\ashShA64.dll [Avast Software s.r.o.]
-> {HKLM...Wow...CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\Alwil Software\Avast5\ashShell.dll [Avast Software s.r.o.]

PSPad\(Default) = {8903F6C9-25E3-40AC-A98F-E6D35CD0469C}
-> {HKLM...Wow...CLSID} = PSPad
\InProcServer32\(Default) = C:\PROGRA~2\PSPADE~1\PSPADS~1.DLL [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
-> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
-> {HKLM...CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\Alwil Software\Avast5\ashShA64.dll [Avast Software s.r.o.]
-> {HKLM...Wow...CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\Alwil Software\Avast5\ashShell.dll [Avast Software s.r.o.]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
-> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

ALZip\(Default) = {4EB37360-49E8-11D3-95B5-004033382980}
-> {HKLM...CLSID} = AZContextMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll [ESTsoft Corp.]
-> {HKLM...Wow...CLSID} = AZContextMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\ESTsoft\ALZip\AZCTM.dll [ESTsoft Corp.]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
-> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\

Monitor\(Default) = {7842554E-6BED-11D2-8CDB-B05550C10000}
-> {HKLM...CLSID} = Monitor Class
\InProcServer32\(Default) = C:\Program Files\Lenovo\Bluetooth Software\btncopy.dll [Broadcom Corporation.]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

ALZip\(Default) = {4EB37360-49E8-11D3-95B5-004033382980}
-> {HKLM...CLSID} = AZContextMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll [ESTsoft Corp.]
-> {HKLM...Wow...CLSID} = AZContextMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\ESTsoft\ALZip\AZCTM.dll [ESTsoft Corp.]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

ALZip\(Default) = {4EB37360-49E8-11D3-95B5-004033382980}
-> {HKLM...CLSID} = AZContextMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll [ESTsoft Corp.]
-> {HKLM...Wow...CLSID} = AZContextMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\ESTsoft\ALZip\AZCTM.dll [ESTsoft Corp.]

NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}
-> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension
\InProcServer32\(Default) = C:\windows\system32\nvshext.dll [NVIDIA Corporation]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
-> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
-> {HKLM...Wow...CLSID} = PDF Shell Extension
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

ALZip\(Default) = {4EB37360-49E8-11D3-95B5-004033382980}
-> {HKLM...CLSID} = AZContextMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll [ESTsoft Corp.]
-> {HKLM...Wow...CLSID} = AZContextMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\ESTsoft\ALZip\AZCTM.dll [ESTsoft Corp.]

avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
-> {HKLM...CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\Alwil Software\Avast5\ashShA64.dll [Avast Software s.r.o.]
-> {HKLM...Wow...CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\Alwil Software\Avast5\ashShell.dll [Avast Software s.r.o.]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
-> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

ALZip\(Default) = {4EB37360-49E8-11D3-95B5-004033382980}
-> {HKLM...CLSID} = AZContextMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll [ESTsoft Corp.]
-> {HKLM...Wow...CLSID} = AZContextMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\ESTsoft\ALZip\AZCTM.dll [ESTsoft Corp.]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\

NoChangingWallpaper = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Control Panel|Display|
Disable changing wallpaper}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

disableregistrytools = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

HKCU\Software\Policies\Microsoft\Windows\System\

disablecmd = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to the command prompt}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

ConsentPromptBehaviorAdmin = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

EnableLUA = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}

PromptOnSecureDesktop = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Switch to the secure desktop when prompting for elevation}

SoftwareSASGeneration = (REG_DWORD) dword:0x00000001
{unrecognized setting}

DisableRegistryTools = (REG_DWORD) dword:0x00000000
{unrecognized setting}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\Lucka\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

MSLivePhotoAcquireDropHandler\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.LivePhotoAcqDTShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}
-> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]

MSLiveShowPicturesOnArrival\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}
-> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]

MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]

MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]

MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]

P2GCDBurningOnArrival\
Provider = Power2Go
InvokeProgID = BlankCD
InvokeVerb = OpenWithPower2Go
HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe" "%L" [Cyberlink]

P2GDVDBurningOnArrival\
Provider = Power2Go
InvokeProgID = BlankDVD
InvokeVerb = OpenWithPower2Go
HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe" "%L" [Cyberlink]

PDirDVArrival\
Provider = PowerDirector
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = "C:\Program Files\CyberLink\PowerDirector\PDR9.exe" /DV
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
-> {HKLM...CLSID} = Shell Execute Hardware Event Handler
\LocalServer32\(Default) = C:\windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]

RPCDBurningOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.CDBurn.6
InvokeVerb = open
HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = "c:\program files (x86)\real\realplayer\\RealPlay.exe" /burn "%1" [RealNetworks, Inc.]

RPDVDBurningOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.DVDBurn.6
InvokeVerb = open
HKCU\Software\Classes\RealPlayer.DVDBurn.6\shell\open\command\(Default) = "c:\program files (x86)\real\realplayer\\RealPlay.exe" /burndvd "%1" [RealNetworks, Inc.]

RPPlayCDAudioOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.AudioCD.6
InvokeVerb = play
HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = "c:\program files (x86)\real\realplayer\\RealPlay.exe" /play %1 [RealNetworks, Inc.]

RPPlayDVDMovieOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.DVD.6
InvokeVerb = play
HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = "c:\program files (x86)\real\realplayer\\RealPlay.exe" /dvd %1 [RealNetworks, Inc.]

RPPlayMediaOnArrival\
Provider = RealPlayer
InvokeProgID = RealPlayer.AutoPlay.6
InvokeVerb = open
HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = "c:\program files (x86)\real\realplayer\\RealPlay.exe" /autoplay "%1" [RealNetworks, Inc.]

VLCPlayCDAudioOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.CDAudio
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN]

VLCPlayDVDAudioOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

VLCPlayDVDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.DVDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN]

VLCPlayMusicFilesOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

VLCPlaySVCDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.SVCDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN]

VLCPlayVCDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.VCDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN]

VLCPlayVideoFilesOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

WIA_{364EF745-453A-4310-BB45-1FDCACB71FFE}\
Provider = Microsoft Publisher
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;C:\Program Files\Microsoft Office 15\root\office15\MSPUB.EXE /IMG_WIA;
-> {HKLM...CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\windows\system32\WPDShextAutoplay.exe [MS]

WIA_{5D6B39AC-3477-41A8-90D9-17510B2B584F}\
Provider = Microsoft Publisher
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;C:\Program Files\Microsoft Office 15\root\office15\MSPUB.EXE /IMG_STI /StiDevice:%1 /StiEvent:%2;
-> {HKLM...CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\windows\system32\WPDShextAutoplay.exe [MS]

Startup items in "Lucka" & "All Users" startup folders:
-------------------------------------------------------

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup {++}
Bluetooth -> shortcut to: C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe [Broadcom Corporation.]

Non-disabled Scheduled Tasks: {++}
-----------------------------

C:\Windows\System32\Tasks
Adobe Flash Player Updater -> launches: C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
avast! Emergency Update -> (HIDDEN!) launches: C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [Avast Software s.r.o.]
CCleanerSkipUAC -> launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd]
CreateChoiceProcessTask -> launches: C:\Windows\System32\browserchoice.exe /launch [MS]
Microsoft Office 15 Sync Maintenance for Lucka-PC-Lucka Lucka-PC -> launches: C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [MS]
Opera scheduled Autoupdate 1385488906 -> launches: C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate [Opera Software]
RealUpgradeScheduledTaskS-1-5-21-3468492827-1949538206-1100751284-1003 -> launches: C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck [RealNetworks, Inc.]
SidebarExecute -> launches: C:\Program Files (x86)\Windows Sidebar\sidebar.exe [MS]
{09C6B980-4BE4-4041-96E5-C330715EB095} -> launches: C:\Users\Lucka\Desktop\TS3.exe [file not found]
{9C3A888E-0D7F-4847-B562-75456714FFA1} -> launches: C:\Users\Lucka\Desktop\TS3.exe [file not found]
{FFCAAD2A-83A4-497B-9A8F-3F83946DF90D} -> launches: C:\Program Files (x86)\Skype\Phone\Skype.exe [Skype Technologies S.A.]

C:\Windows\System32\Tasks\Microsoft\Office
Office Automatic Updates -> launches: C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe /update SCHEDULEDTASK displaylevel=False [MS]
Office ClickToRun Service Monitor -> launches: C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe /WatchService [MS]
Office Subscription Maintenance -> launches: C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [MS]
OfficeTelemetryAgentFallBack -> launches: C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe scan upload mininterval:2880 [MS]
OfficeTelemetryAgentLogOn -> launches: C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe scan upload [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
-> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\windows\system32\msdrm.dll [MS]
-> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\windows\system32\msdrm.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent -> launches: aitagent [MS]
Microsoft Compatibility Appraiser -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy [MS]
ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\windows\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\windows\system32\dimsjob.dll [MS]
UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\windows\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\windows\system32\dimsjob.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
-> {HKLM...CLSID} = KernelCeipCustomHandler
\InProcServer32\(Default) = C:\windows\System32\kernelceip.dll [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
-> {HKLM...CLSID} = UsbCeip
\InProcServer32\(Default) = C:\windows\System32\usbceip.dll [MS]
-> {HKLM...Wow...CLSID} = UsbCeip
\InProcServer32\(Default) = C:\windows\System32\usbceip.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
-> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler
\InProcServer32\(Default) = C:\windows\System32\sdiagschd.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
-> {HKLM...CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\windows\system32\WinSATAPI.dll [MS]
-> {HKLM...Wow...CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\windows\system32\WinSATAPI.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]
ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]
mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]
mcupdate_scheduled -> launches: %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 [MS]
MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]
ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]
PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]
PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]
PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]
PeriodicScanRetry -> launches: %windir%\ehome\MCUpdate.exe -pscn 0 [MS]
PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]
PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [MS]
UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\windows\System32\memdiag.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
-> {HKLM...CLSID} = HotStart User Agent
\InProcServer32\(Default) = C:\windows\System32\HotStartUserAgent.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
Lpksetup -> launches: C:\windows\System32\lpksetup.exe -v [MS]
LPRemove -> launches: %windir%\system32\lpremove.exe [MS]
Mcbuilder -> launches: C:\windows\System32\mcbuilder.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
-> {HKLM...CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\windows\System32\PlaySndSrv.dll [MS]
-> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\windows\System32\PlaySndSrv.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
-> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\windows\system32\RacEngn.dll [MS]
-> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\windows\system32\RacEngn.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
-> {HKLM...CLSID} = RasMobilityManager
\InProcServer32\(Default) = C:\windows\system32\rasmbmgr.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
-> {HKLM...CLSID} = RegistryIdleBackupHandler
\InProcServer32\(Default) = C:\windows\System32\regidle.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx
launchtrayprocess -> launches: %windir%\system32\GWX\GWX.exe /tasklaunch [MS]
refreshgwxconfig -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfig [MS]
refreshgwxcontent -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshContent [MS]
runappraiser -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RunAppraiser [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
-> {HKLM...CLSID} = GadgetsManager Class
\InProcServer32\(Default) = C:\windows\System32\AuxiliaryDisplayServices.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
-> {HKLM...CLSID} = RunTask
\InProcServer32\(Default) = C:\windows\system32\wdc.dll [MS]
-> {HKLM...Wow...CLSID} = RunTask
\InProcServer32\(Default) = C:\windows\system32\wdc.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]

Kanovka · Příspěvekod **Kanovka** » 10 kvě 2015 12:09

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
-> {HKLM...CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\windows\system32\MsCtfMonitor.dll [MS]
-> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\windows\system32\MsCtfMonitor.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
-> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\windows\System32\wdi.dll [MS]
-> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\windows\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]
ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
Windows Backup Monitor -> launches: %systemroot%\system32\sdclt.exe /CHECKSKIPPED [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Wininet
CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148}
-> {HKLM...CLSID} = Wininet Cache task object
\InProcServer32\(Default) = C:\windows\system32\wininet.dll [MS]
-> {HKLM...Wow...CLSID} = Wininet Cache task object
\InProcServer32\(Default) = C:\windows\system32\wininet.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE
Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1}
-> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS]

C:\Windows\System32\Tasks\WPD
SqmUpload_S-1-5-21-3468492827-1949538206-1100751284-1003 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000007\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000008\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000009\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000007\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000008\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000009\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11

Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\(Default) = (no title provided)
-> {HKLM...CLSID} = F12 Developer Tools
\InProcServer32\(Default) = C:\Program Files\Internet Explorer\F12Tools.dll [MS]

HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Zdroje informací
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Send to OneNote
MenuText = Se&nd to OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
-> {HKLM...CLSID} = Send to OneNote from Internet Explorer button
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll [MS]

{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\
ButtonText = Skype for Business Click to Call
MenuText = Skype for Business Click to Call
CLSIDExtension = {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
-> {HKLM...CLSID} = Skype for Business Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [MS]

{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = OneNote Lin&ked Notes
MenuText = OneNote Lin&ked Notes
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
-> {HKLM...CLSID} = Linked Notes button
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll [MS]

{CCA281CA-C863-46EF-9331-5C8D4460577F}\
ButtonText = @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015
MenuText = @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650
Script = C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm [null data]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\
ButtonText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004
MenuText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003
CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
-> {HKLM...Wow...CLSID} = BlogThisToolbarButton Class
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS]

{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Send to OneNote
MenuText = Se&nd to OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
-> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll [MS]

{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\
ButtonText = Skype for Business Click to Call
MenuText = Skype for Business Click to Call
CLSIDExtension = {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}

{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = OneNote Lin&ked Notes
MenuText = OneNote Lin&ked Notes
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
-> {HKLM...Wow...CLSID} = Linked Notes button
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
ButtonText = Research
BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
-> {HKLM...Wow...CLSID} = &Zdroje informací
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL [MS]

{CCA281CA-C863-46EF-9331-5C8D4460577F}\
ButtonText = Odeslat do zařízení Bluetooth
MenuText = Odeslat do zařízení &Bluetooth...
Script = C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm [null data]

Miscellaneous IE Hijack Points
------------------------------

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> InPrivate = res://ieframe.dll/inprivate_win7.htm [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]
Avast Antivirus, avast! Antivirus, "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [Avast Software s.r.o.]
AVerRemote, AVerRemote, C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [AVerMedia]
AVerScheduleService, AVerScheduleService, C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [null data]
AVerUpdateServer, AVerUpdateServer, "C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe" [AVerMedia TECHNOLOGIES, Inc.]
Bluetooth Service, btwdins, C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [Broadcom Corporation.]
Cyberlink RichVideo64 Service(CRVS), RichVideo64, "C:\Program Files\CyberLink\Shared files\RichVideo64.exe" [empty string]
FortiClient SSLVPN, FortiSslvpnDaemon, C:\windows\SysWOW64\FortiSSLVPNdaemon.exe [Fortinet Inc.]
NVIDIA Display Driver Service, nvsvc, "C:\windows\system32\nvvsvc.exe" [NVIDIA Corporation]
NVIDIA Network Service, NvNetworkService, "C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe" [NVIDIA Corporation]
NVIDIA Stereoscopic 3D Driver Service, Stereo Service, C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [NVIDIA Corporation]
NVIDIA Streamer Service, NvStreamSvc, "C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" [NVIDIA Corporation]
Služba Microsoft Office ClickToRun, ClickToRunSvc, "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service [MS]
SnugTV Service, SnugTV Service, "C:\Program Files (x86)\SnugTV\SnugTV Station\AMAServer.exe" [AVerMedia Technologies, Inc.]
SQL Server VSS Writer, SQLWriter, "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [MS]
TeamViewer 9, TeamViewer9, "C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe" [TeamViewer GmbH]
Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS]
Úložná technologie Intel(R) Rapid, IAStorDataMgrSvc, "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" [null data]

Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> MCODS,

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> MCODS,

Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
pdfcmon\Driver = pdfcmon.dll [file not found]

---------- (launch time: 2015-05-10 12:03:57)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 79 seconds, including 8 seconds for message boxes)

mople71 · Příspěvekod **mople71** » 10 kvě 2015 12:12

A máme ji potvoru. :smile:

Odinstaluj aktualizaci dle návodu: http://windows.microsoft.com/cs-cz/wind ... =windows-7

Kód: Vybrat vše

KB3038314

Následně restartuj PC a zkus znovu přidat Google z odkazu výše.

------------------------------------------------------------------------

Duch objeven! Aplikuj prosím další fixlist pro FRST:

Kód: Vybrat vše

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks" /s

A dodej fixlog.

Kanovka · Příspěvekod **Kanovka** » 10 kvě 2015 19:04

tak super, bing odstraněn a nahrazen google search

Kanovka · Příspěvekod **Kanovka** » 10 kvě 2015 19:05

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2015
Ran by Lucka at 2015-05-10 19:05:28 Run:3
Running from C:\Users\Lucka\Desktop
Loaded Profiles: Lucka (Available profiles: Lucka)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks" /s
*****************

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks" /s => Error: No automatic fix found for this entry.

==== End of Fixlog 19:05:28 ====

mople71 · Příspěvekod **mople71** » 10 kvě 2015 19:07

Bezva!

Teď tě ještě zbavíme ducha.

Omlouvám se, špatný příkaz... :smile:

Tak tedy prosím ještě jeden fixlist:

Kód: Vybrat vše

CMD: reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks" /s

Kanovka · Příspěvekod **Kanovka** » 10 kvě 2015 19:10

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2015
Ran by Lucka at 2015-05-10 19:09:41 Run:4
Running from C:\Users\Lucka\Desktop
Loaded Profiles: Lucka (Available profiles: Lucka)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CMD: reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks" /s
*****************

========= reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks" /s =========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0020A2DC-E5BA-4213-94A8-D087A3F6A2E9}
Path REG_SZ \Microsoft\Windows\Setup\gwx\runappraiser
Hash REG_BINARY F6F9B05F5E2460F03BAE99889A01799F7D9B924A08ADBD1D37348860D37ADC68
Triggers REG_BINARY 1500000000000000017026030000000000201676A646CE010070260300000000FFFFFFFFFFFFFFFFC021420348484848B54EAA1F484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848380000004848484800000000FFFFFFFF00000000FFFFFFFF07000000000000000000000000000000000000000000000000000000000000000000000000000000DDDD000000000000017026030000000000201676A646CE0100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF01000000010000000000000000010000010000008051010000000000
DynamicInfo REG_BINARY 03000000E5E6D4FF726ED00100000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{044A6734-E90E-4F8F-B357-B2DC8AB3B5EC}
Path REG_SZ \Microsoft\Windows\Time Synchronization\SynchronizeTime
Triggers REG_BINARY 15000000000000000126B4010000000000E8E6379DEFC4010026B40100000000FFFFFFFFFFFFFFFFE8214203484848486165104B484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000514000000484848480000000048484848380000004848484800000000FFFFFFFF80F40300FFFFFFFF07000000000000000000000000000000000000000000000000000000000000000000000000000000DDDD0000000000000126B4010000000000E8E6379DEFC40100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF02000000010001000000000000010000010000000000000000000000DDDD0000000000000126B401000000000068C30828C5CD0100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF01000000010000000000000000010000010000000000000000000000
DynamicInfo REG_BINARY 030000002D35042D4104CA0100000000000000000000000000000000
Hash REG_BINARY 2ACE46E4C5A0E155C2CA54BDB8817699D13EA33EBE17A62235B368036488B428

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{088482FA-65B8-4E17-9ABF-1DCD48E8D373}
Path REG_SZ \Microsoft\Windows\Tcpip\IpAddressConflict1
Triggers REG_BINARY 1500000000000000001C24FBFE0700000000000000000000001C24FBFE070000FFFFFFFFFFFFFFFF38A1400348484848E99D6008484848480048484848484848004848484848484804000000484848481000000048484848010200000000000520000000210200000000000048484848380000004848484858020000100E000080F40300FFFFFFFF07000000000000000000000000000000000000000000000000000000000000000000000000000000CCCC000000000000001C24FBFE0700000000000000000000001C24FBFE070000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000000000010100000000000520000000000000008D000000000000003C00510075006500720079004C006900730074003E003C00510075006500720079002000490064003D00220030002200200050006100740068003D002200530079007300740065006D0022003E003C00530065006C00650063007400200050006100740068003D002200530079007300740065006D0022003E002A005B00530079007300740065006D005B00500072006F00760069006400650072005B0040004E0061006D0065003D0027005400630070006900700027005D00200061006E00640020004500760065006E007400490044003D0034003100390038005D005D003C002F00530065006C006500630074003E003C002F00510075006500720079003E003C002F00510075006500720079004C006900730074003E00000048484848000000000000000000000000000000000000000000000000
DynamicInfo REG_BINARY 030000008D96062D4104CA0100000000000000000000000000000000
Hash REG_BINARY CEF4FD5DA04459B60C163CD71D538078A601EF7EE05832CECD2DD79D5213AF22

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09F06BFE-A3C8-40E3-846A-6E6F4000C238}
Path REG_SZ \Microsoft\Windows\Tcpip\IpAddressConflict2
Triggers REG_BINARY 1500000000000000011272FBFE07000080294E129638C601001C24FBFE070000FFFFFFFFFFFFFFFF38A1400348484848A201FC43484848480048484848484848004848484848484804000000484848481000000048484848010200000000000520000000210200000000000048484848380000004848484858020000100E000080F40300FFFFFFFF07000000000000000000000000000000000000000000000000000000750070000000000000000000CCCC000000000000011272FBFE07000080294E129638C601001C24FBFE070000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000000000010100000000000520000000000000008D000000000000003C00510075006500720079004C006900730074003E003C00510075006500720079002000490064003D00220030002200200050006100740068003D002200530079007300740065006D0022003E003C00530065006C00650063007400200050006100740068003D002200530079007300740065006D0022003E002A005B00530079007300740065006D005B00500072006F00760069006400650072005B0040004E0061006D0065003D0027005400630070006900700027005D00200061006E00640020004500760065006E007400490044003D0034003100390039005D005D003C002F00530065006C006500630074003E003C002F00510075006500720079003E003C002F00510075006500720079004C006900730074003E00000048484848000000000000000000000000000000000000000000000000
DynamicInfo REG_BINARY 030000008D96062D4104CA0100000000000000000000000000000000
Hash REG_BINARY 4D3C72EE9B731BFCFC7022531B2870DEF28FF13FF8E0F089003E02AA0F40C05D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E463B1B-FB6F-488D-A95D-A207CDD9D949}
Path REG_SZ \avast! Emergency Update
Hash REG_BINARY 6A8ABE518CB01DB02F5ABF36E59C945520550DF75FCEC25C1C1BAD70BACD825A
Triggers REG_BINARY 1500000000000000004F38020000000080D3A7603588D001004F380200000000FFFFFFFFFFFFFFFF3821C200484848480F3458C4484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848380000004848484858020000100E000080F40300FFFFFFFF0A000000000000000000000000000000000000000000000000000000000000000000000000000000DDDD000000000000004F38020000000080D3A7603588D0010000000000000000000000000000000000000000000000000000000000000000C0A8000080510100FFFFFFFF01000000010000000000000000010000010000000000000000000000AAAA000000000000004F38020000000080D3A7603588D0010000000000000000FFFFFFFFFFFFFFFFF0000000FFFFFFFF0000000000000000000000000000000001006900630065003A00000069002E000148484848484848DDDD000000000000004F38020000000000EFD7916E89D00100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF00000000000000000000000000010000010000000000000000000000
DynamicInfo REG_BINARY 030000001317A4CCD087D00169B40F72148BD0010000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BE8E914-4029-47E1-8FC6-272C1609B26D}
Path REG_SZ \CreateChoiceProcessTask
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF78214102484848489CEC07B3484848480048484848484848004848484848484801000000484848481C000000484848480105000000000005150000001B00BDCE9E973374B4219C41EB030000484848481E000000484848484C00750063006B0061002D00500043005C004C00750063006B00610000004848380000004848484858020000100E000080F40300FFFFFFFF070000000000000000000000000000000000000000000000000000000000000000000000000000008888000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000000700000106A201000000000500000000000000
DynamicInfo REG_BINARY 03000000F03A6643480DCB0100000000000000000000000000000000
Hash REG_BINARY A1311859DD4299AE223906C939DB81873236EC0027173C916012D65D2213871D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E7828B9-6BC0-45F3-9376-BCFC4C03F01D}
Path REG_SZ \Microsoft\Windows\WindowsBackup\AutomaticBackup
Triggers REG_BINARY 150000000000000001468301000000000038941E860DCB010046830100000000FFFFFFFFFFFFFFFF4005020148484848974913B4484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848380000004848484858020000100E000080F40300FFFFFFFF07000000000000000000000000000000000000000000000000000000000000000000000000000000DDDD00000000000001468301000000000038941E860DCB0100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF02000000010001000000000000010000010000000000000000000000
DynamicInfo REG_BINARY 03000000BF3665447A08CB010473FC70490DCB010000000000000000
Hash REG_BINARY 7FE7760C8A71E00A28ABF04B60C46AB1BF13C321FF14C03561E96BA33589DBD2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F7B7221-AE8F-44F3-BA82-F7D260F51964}
Path REG_SZ \Microsoft\Windows\Task Manager\Interactive
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF00000000000000000085C0024848484819D7D458484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000504000000484848480000000048484848380000004848484800000000FFFFFFFF00000000FFFFFFFF05000000000000000000000000000000000000000000000000000000750070000000000000000000
DynamicInfo REG_BINARY 03000000EEF7082D4104CA0100000000000000000000000000000000
Hash REG_BINARY 89DE49D146B9DA8A3F686F98CC965767AFCD9716B08A2FC65105DC7B0DDDC519

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2308B132-4580-4FAE-A465-5199F8C97D06}
Path REG_SZ \Microsoft\Windows\Media Center\PeriodicScanRetry
Triggers REG_BINARY 1500000000000000014A4302000000008014E225195AD00101000000000000008014E225195AD00138214202484848489A67DE8C484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000514000000484848480000000048484848380000004848484800000000FFFFFFFF80F40300FFFFFFFF07000000000000000000000000000000000000000000000000000000000000000000000000000000DDDD000000000000014A4302000000008014E225195AD00100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF00000000000000000000000000010000010000000000000000000000
DynamicInfo REG_BINARY 0300000087992758599DCA0100000000000000000000000000000000
Hash REG_BINARY C9B50B003C28AE9165BB20E5C51FD1EF94D5D8B81C41C44E0AB193F1140B1E59

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2470470F-2634-478E-B181-571E98A789BB}
Path REG_SZ \Microsoft\Windows\Multimedia\SystemSoundsService
Triggers REG_BINARY 1500000000000000001C24FBFE0700000000000000000000001C24FBFE070000FFFFFFFFFFFFFFFF00854002484848489D3512E9484848480048484848484848004848484848484804000000484848481000000048484848010200000000000520000000210200000000000048484848380000004848484800000000FFFFFFFF00000000FFFFFFFF07000000000000000000000000000000000000000000000000000000750070000000000000000000AAAA000000000000001C24FBFE0700000000000000000000001C24FBFE070000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000000000010000000000000000000000030000000148484848484848
DynamicInfo REG_BINARY 030000002B2AF12C4104CA0100000000000000000000000000000000
Hash REG_BINARY FD7B51B9FB6DDD39374C586690F9E934EE65EB22FD61531B5408B20591031CE2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24F7ED08-3B5E-42B5-83D5-E2941AFBFF00}
Path REG_SZ \Microsoft\Windows\Setup\gwx\refreshgwxconfig
Hash REG_BINARY 686EE873F5A6D1467060CC52E2BE107DB05C28D6494BA35ADEB1BCCD77FD9A45
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000070260300000000FFFFFFFFFFFFFFFFC021420348484848B48109CF484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848380000004848484800000000FFFFFFFF00000000FFFFFFFF07000000000000000000000000000000000000000000000000000000000000000000000000000000DDDD000000000000017026030000000000201676A646CE0100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF010000000100000000000000000100000100000080510100000000008888000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000007000001006900630065003A00000035003000
DynamicInfo REG_BINARY 03000000E45064FC726ED00100000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25978E36-5C9F-40FF-AC08-F422F38F342A}
Path REG_SZ \Microsoft\Windows\Media Center\mcupdate
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF00000000000000006005420248484848A548697F484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000514000000484848480000000048484848380000004848484800000000FFFFFFFF80F40300FFFFFFFF060000000000000000000000000000000000000000000000000000002E0045000000000000000000
DynamicInfo REG_BINARY 030000004AEA825B599DCA0100000000000000000000000000000000
Hash REG_BINARY D23B7887DFD927FA2B59E80B7E060FA80CAAA1E83153B4053EF49F210FFA35C6

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28011108-68DF-4C73-B91B-57427D501BBA}
Path REG_SZ \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
Triggers REG_BINARY 1500000000000000001C24FBFE0700000000000000000000001C24FBFE070000FFFFFFFFFFFFFFFFF885400248484848CE52BAAA484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000100000000484848480000000048484848380000004848484858020000100E0000100E0000FFFFFFFF07000000000000000000000000000000000000000000000000000000000000000000000000000000AAAA000000000000001C24FBFE0700000000000000000000001C24FBFE070000FFFFFFFFFFFFFFFF100E0000FFFFFFFF00000000000000000000000000000000000000000000000000000000030000000148484848484848
DynamicInfo REG_BINARY 030000008B8BF32C4104CA0100000000000000000000000000000000
Hash REG_BINARY 62050C0D7C474998414FA2C47E4D346ECE628D7D974F377EE3B8AE2E60982EE3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{298A397F-A3D3-453F-9BA2-35B6A23F8EA1}
Path REG_SZ \Microsoft\Windows\Media Center\PvrRecoveryTask
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF0000000000000000000542024848484831C9DCAA484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005140000004848484800000000484848480000000048484848
DynamicInfo REG_BINARY 03000000D49BD85B599DCA0100000000000000000000000000000000
Hash REG_BINARY F18E7E603225B086AE1605B0EDDA4E41A11A6940F8C50583C566546D4753DBF9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A14099C-0231-42A3-B0D8-87F4B04DE10A}
Path REG_SZ \Microsoft\Windows\Media Center\mcupdate_scheduled
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF00000000000000005807420248484848369121EB484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000514000000484848480000000048484848380000004848484858020000100E000080F40300FFFFFFFF070000000000000000000000000000000000000000000000000000002E0045000000000000000000
DynamicInfo REG_BINARY 03000000697FEC7D3D1BCB0100000000000000000000000000000000
Hash REG_BINARY 1D1C07FEF6A150BB2F3A40687A0D0D69EDB34A7E8B5FFDF5CFC94F56046837F0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C3B8622-717C-462B-8D32-6AA45859D4DD}
Path REG_SZ \Microsoft\Office\OfficeTelemetryAgentLogOn
Hash REG_BINARY DC2274E714C0302B7899EC108C1B851CC698F976704AD3349F23019D7361D731
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFFB8A1400048484848DEDE8462484848480048484848484848004848484848484804000000484848481000000048484848010200000000000520000000210200000000000048484848380000004848484800000000FFFFFFFF00000000FFFFFFFF07000000000000000000000000000000000000000000000000000000000000000000000000000000AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00000000FFFFFFFF8070000000000000000000000000000001006900630065003A000000350030000148484848484848
DynamicInfo REG_BINARY 030000003F36FB17BD83D001BD1FFAE2138BD0010000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}
Path REG_SZ \Microsoft\Windows\WindowsBackup\ConfigNotification
Triggers REG_BINARY 150000000000000001CE2C02000000000050E85025A3CA0100CE2C0200000000FFFFFFFFFFFFFFFF48210202484848487CA7243E484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000513000000484848480000000048484848380000004848484800000000FFFFFFFF80F40300FFFFFFFF07000000000000000000000000000000000000000000000000000000000000000000000000000000DDDD00000000000001CE2C02000000000050E85025A3CA0100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF01000000010000000000000000010000010000000000000000000000
DynamicInfo REG_BINARY 030000004E590B2D4104CA0100000000000000000000000000000000
Hash REG_BINARY 62DDB6D3B90E940129C387E8CB650B4BB835A5B1CB0A04B818D0BF38A41FE7F8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{308043C2-E660-4074-9E8D-2B9A02894F11}
Path REG_SZ \Games\UpdateCheck_S-1-5-21-3468492827-1949538206-1100751284-1003
Hash REG_BINARY AB4DD7295D2ED81EFC1FAD9E35FE15E58778A871969C22917748B4B8A79975AB
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000091310200000000FFFFFFFFFFFFFFFF9A21C10248484848886258F5484848480048484848484848004848484848484801000000484848481C000000484848480105000000000005150000001B00BDCE9E973374B4219C41EB030000484848481E000000484848484C00750063006B0061002D00500043005C004C00750063006B00610000004848380000004848484858020000100E000080F40300FFFFFFFF07000000000000000000000000000000000000000000000000000000000000000000000000000000DDDD00000000000001913102000000000090FF031A4CC80100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF0100000001000000000000000001000001000000201C000000000000AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF84030000FFFFFFFF00000000000000000000000000000000010064006C006C002C002D00350030000048484848484848004848484848484801000000484848481C000000484848480105000000000005150000001B00BDCE9E973374B4219C41EB030000484848481E000000484848484C00750063006B0061002D00500043005C004C00750063006B00610000004848
DynamicInfo REG_BINARY 0300000068B28E14098BD00100000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3883B6D2-678E-46B5-9D81-36B892334E26}
Path REG_SZ \Microsoft\Windows\WindowsBackup\Windows Backup Monitor
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000046830100000000FFFFFFFFFFFFFFFF40A14003484848484D5A71524848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848480000000048484848DDDD000000000000014683010000000000901E77C886C50100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF01000000010000000000000000010000010000000000000000000000AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF2C010000FFFFFFFF00000000000000000000000000000000010065002C002D00320031003900340001484848484848487777000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF2C010000FFFFFFFF0000000000000000000000000000000001FFFFFF01000000010000000000000008000000000000000148484848484848
DynamicInfo REG_BINARY 03000000DE4F59447A08CB0100000000000000000000000000000000
Hash REG_BINARY 9F4E5740CF2651CC44B37A21368259C0CE9C1C4140F9A174794CBB650867751B

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EB6ED35-BF9C-469C-BC96-C83BD99E998D}
Path REG_SZ \Microsoft\Windows\Media Center\PvrScheduleTask
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF000000000000000000054202484848483A1B96C3484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005140000004848484800000000484848480000000048484848
DynamicInfo REG_BINARY 030000008EBEBA5C599DCA0100000000000000000000000000000000
Hash REG_BINARY 695AC268A441273AAAC43B4C25E863C354D8400FF37237317343CD29A22A2CEF

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{400DF2AC-5B4B-4BBB-A25F-C5913999067F}
Path REG_SZ \Microsoft\Windows\Media Center\DispatchRecoveryTasks
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF00000000000000000805420248484848223D843A484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848380000004848484800000000FFFFFFFF80F40300FFFFFFFF07000000000000000000000000000000000000000000000000000000000000000000000000000000
DynamicInfo REG_BINARY 03000000FD66BB56599DCA0100000000000000000000000000000000
Hash REG_BINARY BDAA9F21C883899D7D60A97E49C0F7A1F566EE118292875DCF4656402CFDD822

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4}
Path REG_SZ \Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
Triggers REG_BINARY 1500000000000000011272FBFE070000009C9EE073A6C801001272FBFE070000FFFFFFFFFFFFFFFF7021C2024848484863251B5D484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000513000000484848480000000048484848380000004848484800000000FFFFFFFF80F40300FFFFFFFF070000008C0A00000100000000000000000000000000000000000000750070000000000000000000DDDD000000000000011272FBFE070000009C9EE073A6C80100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF01000000030000000000000000010000010000000000000000000000
DynamicInfo REG_BINARY 03000000AEBA0D2D4104CA0100000000000000000000000000000000
Hash REG_BINARY AE1862BA409924248DC1736D23E327B7154018FC40A4DA695BC777D1135A5244

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{486D715E-6AA2-44CF-BC48-B6990CBB53C6}
Path REG_SZ \Microsoft\Windows\Shell\WindowsParentalControlsMigration
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF400582034848484879F2196C484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848380000004848484800000000FFFFFFFF00000000FFFFFFFF070000003C0000000100000000000000000000000000000000000000750070000000000000000000AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF01000000FFFFFFFF00000000000000000000000000000000010041003B003B003B004200410029000148484848484848
DynamicInfo REG_BINARY 03000000ACAFFA2C4104CA0100000000000000000000000000000000
Hash REG_BINARY 6D5D71FCD9AF69DE33A5E47E6DE894CAD15A010944B2EF58C072C7F61EDB87E8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C8B01A2-11FF-4C41-848F-508EF4F00CF7}
Path REG_SZ \Microsoft\Windows\TextServicesFramework\MsCtfMonitor
Triggers REG_BINARY 1500000000000000001624FBFE0700000000000000000000001624FBFE070000FFFFFFFFFFFFFFFF0085C00248484848E774F314484848480048484848484848004848484848484804000000484848481000000048484848010200000000000520000000210200000000000048484848380000004848484800000000FFFFFFFF00000000FFFFFFFF07000000000000000000000000000000000000000000000000000000750070000000000000000000AAAA000000000000001624FBFE0700000000000000000000001624FBFE070000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000000000010000000000000000000000030000000148484848484848
DynamicInfo REG_BINARY 030000000C11FD2C4104CA0100000000000000000000000000000000
Hash REG_BINARY F7CCB39021E7E245CADCD75E426102522087DD3AC91AF7D4387D8D70ED6DDAB4

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FA58879-8C22-46B9-BFD6-18861352C072}
Path REG_SZ \Microsoft\Windows\Media Center\PBDADiscovery
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF000000000000000000214202484848484AC29224484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848480000000048484848
DynamicInfo REG_BINARY 030000000D31FD53599DCA0100000000000000000000000000000000
Hash REG_BINARY FD760AB16D2846C5BFB23557934499A525D5FCEC624AD083FD21DDE1326FAE9D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55363D4F-CCA3-456B-A426-C88A815B8D73}
Path REG_SZ \Microsoft\Windows\MobilePC\HotStart
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF40854002484848487E9B658C484848480048484848484848004848484848484805000000484848480C0000004848484801010000000000050B000000484848480000000048484848380000004848484800000000FFFFFFFF00000000FFFFFFFF070000000000000000000000000000000000000000000000000000006D0022000000000000000000AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000000000001007A010000000005000000000000000148484848484848
DynamicInfo REG_BINARY 030000009CABC0631210CA0100000000000000000000000000000000
Hash REG_BINARY 0651BF3B9923F80BE8B50E253E843A95B0CFB7EB97A3EE4E7C955B543DD190E9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59243A45-4879-4B99-B5DC-0CF58AABF54A}
Path REG_SZ \Microsoft\Office\Office Automatic Updates
Hash REG_BINARY A25C6741CA15B2003AA4576BCA3B36A7A75134A648C67A7D588CE11D15545909
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000080A10300000000FFFFFFFFFFFFFFFFC02142014848484822782F6A484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848380000004848484800000000FFFFFFFF80F40300FFFFFFFF07000000080700000300000000000000000000000000000000000000000000000000000000000000DDDD0000000000000180A1030000000000F8E553CD9CCB0100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF02000000010025000000000000010000010000004038000000000000AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF8403000080F4030008070000100E0000100E00000000000001006900630065003A000000350030000148484848484848
DynamicInfo REG_BINARY 03000000CA431A08BD83D001321B4A5D1E8BD0010000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{598CB531-0C77-42BC-88D2-B5AD05AB3000}
Path REG_SZ \Microsoft\Windows\Windows Activation Technologies\ValidationTask
Triggers REG_BINARY 1500000000000000007D16020000000000D0BBEB5BBED001007D160200000000FFFFFFFFFFFFFFFFC221C202484848483B2F1397484848480048484848484848004848484848484805000000484848480C0000004848484801010000000000051300000048484848000000004848484838000000484848482C010000F0200D0000000000FFFFFFFF07000000000000000000000000000000000000000000000000000000000000000000000000000000DDDD000000000000007D16020000000000D0BBEB5BBED00100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF010000005A0000000000000000010000010000000000000000000000
DynamicInfo REG_BINARY 03000000F219D22D2412CB0100000000000000000000000000000000
Hash REG_BINARY E17D5086F5B628F1DE1000D08F8307E5802A69F0555D20B809A8FBB7F900E5CE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59DB8830-5BC0-4286-8435-4C8DC5AA04C1}
Path REG_SZ \Microsoft\Windows\Media Center\MediaCenterRecoveryTask
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF0000000000000000000542024848484868DEB374484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848480000000048484848
DynamicInfo REG_BINARY 030000001870105D599DCA0100000000000000000000000000000000
Hash REG_BINARY EB514214B7FD8BCDF44B13E01117537348E099E5CC33A15A470C6C60FE50467D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A40E926-9E86-4B89-9CFD-B12311724371}
Path REG_SZ \Microsoft\Windows\UPnP\UPnPHostConfig
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF0000000000000000102142024848484811E47727484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848480000000048484848
DynamicInfo REG_BINARY 030000006F7D122D4104CA0100000000000000000000000000000000
Hash REG_BINARY 6A0C38920812DABEF61FED2083D14E9E085CDBD0F5459B3159F0F4504CC8B4B0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B42DD9C-5A26-4F27-BB95-34603F0997E5}
Path REG_SZ \Microsoft\Windows\Shell\WindowsParentalControls
Triggers REG_BINARY 1500000000000000001624FBFE0700000000000000000000001624FBFE070000FFFFFFFFFFFFFFFF4085800248484848E149B4C1484848480048484848484848004848484848484805000000484848480C0000004848484801010000000000050B000000484848480000000048484848380000004848484800000000FFFFFFFF00000000FFFFFFFF070000003C0000000500000000000000000000000000000000000000750070000000000000000000AAAA000000000000001624FBFE0700000000000000000000001624FBFE070000FFFFFFFFFFFFFFFF01000000FFFFFFFF00000000000000000000000000000000000000000000000000000000030000000148484848484848
DynamicInfo REG_BINARY 030000000C11FD2C4104CA0100000000000000000000000000000000
Hash REG_BINARY 886511E7DEE4F447B2F704A04046BB942BD9BDA76152A12BB0AE3D9B56C6AAF5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C0AEEEA-C154-45BE-8499-BEA5F11BAFF6}
Path REG_SZ \Microsoft\Windows\Defrag\ScheduledDefrag
Triggers REG_BINARY 1500000000000000011272FBFE07000000E8E6379DEFC401001272FBFE070000FFFFFFFFFFFFFFFF7E21420348484848B27E59FE484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848483800000048484848B4000000803A090080F40300FFFFFFFF07000000000000000000000000000000000000000000000000000000000000000000000000000000DDDD000000000000011272FBFE07000000E8E6379DEFC40100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF0200000001000800000000000001000001000000201C000000000000
DynamicInfo REG_BINARY 030000002F40172D4104CA0100000000000000000000000000000000
Hash REG_BINARY 836A0F9A7943220E6E69D4607928F38F052787B27605A9C5CD19DF80804890CE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F5A18EB-DC73-4E45-A11C-B59043598412}
Path REG_SZ \Microsoft\Windows\CertificateServicesClient\SystemTask
Triggers REG_BINARY 1500000000000000001C24FBFE0700000000000000000000001C24FBFE070000FFFFFFFFFFFFFFFFC0054202484848484E9F42CE484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848380000004848484800000000FFFFFFFF00000000FFFFFFFF070000003C0000000500000000000000000000000000000000000000750070000000000000000000CCCC000000000000001C24FBFE0700000000000000000000001C24FBFE070000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000000000010100000000000520000000000000001B010000000000003C00510075006500720079004C006900730074003E000A0020002000200020002000200020002000200020002000200020002000200020003C00510075006500720079002000490064003D00220030002200200050006100740068003D002200530079007300740065006D0022003E000A00200020002000200020002000200020002000200020002000200020002000200020002000200020003C00530065006C00650063007400200050006100740068003D002200530079007300740065006D0022003E000A002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002A005B00530079007300740065006D005B00500072006F00760069006400650072005B0040004E0061006D0065003D0027004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D00470072006F007500700050006F006C0069006300790027005D00200061006E00640020004500760065006E007400490044003D0031003500300032005D005D000A00200020002000200020002000200020002000200020002000200020002000200020002000200020003C002F00530065006C006500630074003E000A0020002000200020002000200020002000200020002000200020002000200020003C002F00510075006500720079003E000A0020002000200020002000200020002000200020002000200020002000200020003C002F00510075006500720079004C006900730074003E0000000000000000000000000000000000000000000000000000008888000000000000001624FBFE0700000000000000000000001624FBFE070000FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000000000001000000000000000000000003000000FFFF000000000000001624FBFE0700000000000000000000001624FBFE070000FFFFFFFFFFFFFFFF0A000000FFFFFFFF8070000000000000000000000000000001006500720073000000000003000000
DynamicInfo REG_BINARY 03000000C8BDDB2C4104CA0100000000000000000000000000000000
Hash REG_BINARY 5F1741F0E3673AEE6B7D983CDB718C34640A8C20B8D2F627B7AA491C12F16358

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{613612BA-897D-44CE-8DC1-8FC283F9FD51}
Path REG_SZ \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
Triggers REG_BINARY 1500000000000000001C24FBFE0700000000000000000000001272FBFE070000FFFFFFFFFFFFFFFFC8850002484848484F482AB2484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000100000000484848480000000048484848380000004848484858020000100E0000100E0000FFFFFFFF07000000000000000000000000000000000000000000000000000000000000000000000000000000DDDD000000000000011272FBFE07000000781825AB03C70100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF0100000001000000000000000001000001000000100E000000000000AAAA000000000000001C24FBFE0700000000000000000000001C24FBFE070000FFFFFFFFFFFFFFFF100E0000FFFFFFFF00000000000000000000000000000000010000000000000000000000030000000148484848484848
DynamicInfo REG_BINARY 030000006D72FF2C4104CA0100000000000000000000000000000000
Hash REG_BINARY 5FEA8C5D590E391F05DC6BF182EE76FA80BE1EC03C9F02439F1A619A1D371CBB

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62000320-3909-4742-91A5-9D4A5FD9C2E3}
Path REG_SZ \Microsoft\Windows\SideShow\AutoWake
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00210202484848481CE1E052484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000513000000484848480000000048484848380000004848484800000000FFFFFFFF00000000FFFFFFFF07000000000000000000000000000000000000000000000000000000000000000000000000000000AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF3C000000FFFFFFFF0000000000000000000000000000000001FED4010000000005000000000000000148484848484848
DynamicInfo REG_BINARY 03000000C2BA7551599DCA0100000000000000000000000000000000
Hash REG_BINARY F1F3647B90EF320699C2A4CC877553D0AF5FBC91CCA73EC5D21D2C69ABA97BE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66977634-37B9-43D2-A70A-B23731BDBA2D}
Path REG_SZ \Microsoft\Windows\Application Experience\ProgramDataUpdater
Hash REG_BINARY 19A59AB7E22307B333D82B4EC7D8ADB17E47CE4F83E4814261192D8E3F369C8E
Triggers REG_BINARY 1500000000000000011D900100000000000CCFC53963CF01001D900100000000FFFFFFFFFFFFFFFF7E214202484848485A099479484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848483800000048484848B40000007043010080F40300FFFFFFFF04000000000000000000000000000000000000000000000000000000000000000000000000000000DDDD000000000000011D900100000000000CCFC53963CF0100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF0100000001000000000000000001000001000000201C000000000000
DynamicInfo REG_BINARY 03000000411689336F46D00100000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6738BA6E-EA75-4B6B-B8B8-71F0336DD8EF}
Path REG_SZ \Microsoft\Windows\User Profile Service\HiveUploadTask
Triggers REG_BINARY 1500000000000000011272FBFE07000000406A6006E9C701001272FBFE070000FFFFFFFFFFFFFFFFC2210202484848480C2AD3B9484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848380000004848484858020000201C000080F40300FFFFFFFF07000000780000000300000000000000000000000000000000000000000000000000000000000000DDDD000000000000011272FBFE07000000406A6006E9C7010000000000000000000000000000000000000000000000000000000000000000C0A8000000000000FFFFFFFF0000000000000000000000000001000001000000100E000000000000
DynamicInfo REG_BINARY 03000000B972832E4104CA0100000000000000000000000000000000
Hash REG_BINARY 22735240F634AF52EB496CAC7F58E85D9ED7AF876AD31D5AE4C1F57C234E5728

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{678A6531-262A-44E4-922D-6964F2C044EA}
Path REG_SZ \Microsoft\Windows\Wininet\CacheTask
Hash REG_BINARY B40015C2E03A4473C93284B4A79D0D10020C191C69D34B60D89B92D8942A01FC
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF008540024848484814F966A5484848480048484848484848004848484848484804000000484848481000000048484848010200000000000520000000210200000000000048484848380000004848484800000000FFFFFFFF00000000FFFFFFFF07000000000000000000000000000000000000000000000000000000000000000000000000000000AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000000000000100610073006B0000000000000000000148484848484848
DynamicInfo REG_BINARY 030000003F9A6B0D3E2DCE0100000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{685378EF-C551-44E0-BD0D-E83F0C564A2C}
Path REG_SZ \{09C6B980-4BE4-4041-96E5-C330715EB095}
Hash REG_BINARY 77F4344500DF261060C3DE3221F32776112340130E7285C6A3AABF52FDDDC278
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF282141004848484851E216A9484848480048484848484848004848484848484801000000484848481C000000484848480105000000000005150000001B00BDCE9E973374B4219C41EB030000484848481E000000484848484C00750063006B0061002D00500043005C004C00750063006B00610000004848380000004848484858020000100E000080F40300FFFFFFFF070000000000000000000000000000000000000000000000000000000000000000000000000000008888000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000070000010064006C006C002C002D0035003000
DynamicInfo REG_BINARY 0300000004B7C77FCD42CF012605C87FCD42CF01FFFFFFFF00000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68EEE96C-2DA8-404F-8A83-7E528BE2B0D8}
Path REG_SZ \{FFCAAD2A-83A4-497B-9A8F-3F83946DF90D}
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF08A1400048484848FC2BFB61484848480048484848484848004848484848484804000000484848481000000048484848010200000000000520000000210200000000000048484848380000004848484858020000100E000080F40300FFFFFFFF070000000000000000000000000000000000000000000000000000000000000000000000000000008888000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000070000010064006C006C002C002D0035003000
DynamicInfo REG_BINARY 03000000EB66E2CD9B08CB01F69D41CE9B08CB010000000000000000
Hash REG_BINARY 5CB2C743AFC1F1B7FCDA7A8DB81FC517E2D70F51E8ECB3CBD60B8AF9A5FC1409

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B4C60C5-3ABC-43DC-BE19-848E369A8AF3}
Path REG_SZ \Microsoft\Windows\Media Center\ReindexSearchRoot
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF00000000000000000021420248484848E17CF563484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848480000000048484848
DynamicInfo REG_BINARY 03000000CDF52E56599DCA0100000000000000000000000000000000
Hash REG_BINARY 59500DAC2B3DF24DD8EBD096B081796CE15A4D699DE7F05B53C249612F21A974

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CF0F03A-AB0D-42F3-A661-4AA956798B0E}
Path REG_SZ \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00858003484848481FCACD844848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848480000000048484848AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000000000001007A010000000005000000000000000148484848484848
DynamicInfo REG_BINARY 03000000D3BC6F631210CA0100000000000000000000000000000000
Hash REG_BINARY AC67DF7A4B9D1C8713C2D62FD8685113FB7749DE03811F77BBC4B4B06B74C2DA

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{716508A0-B84F-466D-B120-A0A8A2BF1549}
Path REG_SZ \Microsoft\Windows\SideShow\GadgetManager
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF009140024848484863DEF7F2484848480048484848484848004848484848484804000000484848481000000048484848010200000000000520000000210200000000000048484848380000004848484800000000FFFFFFFF80F40300FFFFFFFF07000000000000000000000000000000000000000000000000000000320044000000000000000000AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000000000000006F006E004100670065006E0074000148484848484848
DynamicInfo REG_BINARY 03000000DF496D52599DCA0100000000000000000000000000000000
Hash REG_BINARY 2B16A83D35908A64E898F2743328C16CBC44DE6C67AF392D6B0F19AE00829A72

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{728A4F42-4092-4AEB-8A17-52E70740D5C6}
Path REG_SZ \Microsoft\Windows\Media Center\ActivateWindowsSearch
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF000000000000000000214202484848489039649F484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848480000000048484848
DynamicInfo REG_BINARY 03000000559C7156599DCA0100000000000000000000000000000000
Hash REG_BINARY 440979398F3AB418F90B93DC0DD97070F5EF2337860AB42775202EF71D70B9E9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72DB7465-BC54-491B-A92A-4637A28C9BBF}
Path REG_SZ \Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
Triggers REG_BINARY 1500000000000000001624FBFE0700000000000000000000001624FBFE070000FFFFFFFFFFFFFFFF7E11020248484848218D22DB484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005130000004848484800000000484848483800000048484848B40000007043010080F40300FFFFFFFF0A000000000000000000000000000000000000000000000000000000750070000000000000000000FFFF000000000000001624FBFE0700000000000000000000001624FBFE070000FFFFFFFFFFFFFFFF08070000FFFFFFFF8051010000000000000000000000000001000000000000000000000003000000
DynamicInfo REG_BINARY 03000000291FDE2C4104CA0100000000000000000000000000000000
Hash REG_BINARY A8559F6CCCA2DF09F1225F5DCFF67D8C6FF124FC5F85DCDF7F191DC7CF13EADE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{753C47AE-EC5E-44B3-95A9-2C8E553F0E39}
Path REG_SZ \Microsoft\Windows\Windows Media Sharing\UpdateLibrary
Triggers REG_BINARY 1500000000000000001624FBFE0700000000000000000000001624FBFE070000FFFFFFFFFFFFFFFF4085400248484848EC26CB6D484848480048484848484848004848484848484805000000484848480C0000004848484801010000000000050B0000004848484800000000484848480000000048484848CCCC000000000000001624FBFE0700000000000000000000001624FBFE070000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000000000010100000000000520000000000000001E010000000000003C00510075006500720079004C006900730074003E000A00200020002000200020002000200020002000200020002000200020003C00510075006500720079000A00200020002000200020002000200020002000200020002000200020002000200020002000490064003D002200300022000A0020002000200020002000200020002000200020002000200020002000200020002000200050006100740068003D002200530079007300740065006D0022000A002000200020002000200020002000200020002000200020002000200020002000200020003E000A0020002000200020002000200020002000200020002000200020002000200020003C00530065006C00650063007400200050006100740068003D002200530079007300740065006D0022003E002A005B00530079007300740065006D005B00500072006F00760069006400650072005B0040004E0061006D0065003D0027004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D0057004D0050004E00530053002D00530065007200760069006300650027005D00200061006E006400200028004500760065006E007400490044003D003100340032003100300029005D005D003C002F00530065006C006500630074003E000A00200020002000200020002000200020002000200020002000200020003C002F00510075006500720079003E000A002000200020002000200020002000200020002000200020003C002F00510075006500720079004C006900730074003E0000004848000000000000000000000000000000000000000000000000
DynamicInfo REG_BINARY 030000007A35882E4104CA0100000000000000000000000000000000
Hash REG_BINARY 72A5683A40FAA291AA33CC4DD71A02E9E691D7C5A7BA213B817C759F7D4E24BE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AFCC0CA-7121-422A-AB45-B0E8D599FF08}
Path REG_SZ \Microsoft\Windows\CertificateServicesClient\UserTask
Triggers REG_BINARY 1500000000000000001C24FBFE0700000000000000000000001C24FBFE070000FFFFFFFFFFFFFFFFC085400248484848965281FA484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000504000000484848480000000048484848380000004848484800000000FFFFFFFF00000000FFFFFFFF070000003C0000000500000000000000000000000000000000000000000000000000000000000000CCCC000000000000001C24FBFE0700000000000000000000001C24FBFE070000FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000000000001010000000000052000000000000000A5000000000000003C00510075006500720079004C006900730074003E003C00510075006500720079002000490064003D00220030002200200050006100740068003D002200530079007300740065006D0022003E003C00530065006C00650063007400200050006100740068003D002200530079007300740065006D0022003E002A005B00530079007300740065006D005B00500072006F00760069006400650072005B0040004E0061006D0065003D0027004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D00470072006F007500700050006F006C0069006300790027005D00200061006E00640020004500760065006E007400490044003D0031003500300033005D005D003C002F00530065006C006500630074003E003C002F00510075006500720079003E003C002F00510075006500720079004C006900730074003E000000484848480000000000000000000000000000000000000000000000008888000000000000001624FBFE0700000000000000000000001624FBFE070000FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000000000001000000000000000000000003000000AAAA000000000000001624FBFE0700000000000000000000001624FBFE070000FFFFFFFFFFFFFFFF00000000FFFFFFFF80700000000000000000000000000000010000000000000000000000030000000148484848484848
DynamicInfo REG_BINARY 030000006D72FF2C4104CA0100000000000000000000000000000000
Hash REG_BINARY DB89FE61B38CF541D584C34612B856A825EF9A287779F0CCBFAA95A0183E8781

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B51A14F-38C1-4618-AA83-53BB22155100}
Path REG_SZ \SidebarExecute
Hash REG_BINARY F815FA9D139F9303C61C18DBBE9036F9F8FA7BA9D5147349397C45CCDAE389E9
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF38A14002484848488580CDD9484848480048484848484848004848484848484804000000484848481000000048484848010200000000000520000000210200000000000048484848380000004848484858020000100E000080F40300FFFFFFFF070000000000000000000000000000000000000000000000000000000000000000000000000000008888000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000007000001006900630065003A00000035003000
DynamicInfo REG_BINARY 03000000CDFD6410529FCE0100000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C976D08-1913-4B16-A8DF-EE896D6F59ED}
Path REG_SZ \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000065D10100000000FFFFFFFFFFFFFFFFF8A14000484848480E0907C6484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000504000000484848480000000048484848380000004848484858020000100E0000100E0000FFFFFFFF07000000100E00000100000000000000000000000000000000000000000000000000000000000000DDDD0000000000000165D1010000000000638F4726C9CA0100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF0100000007000000000000000001000001000000803A090000000000AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF84030000FFFFFFFF0000000000000000000000000000000001006900630065004100700069002E000148484848484848
DynamicInfo REG_BINARY 03000000A828D84D0A71CB0196169DFB158BD0010000000000000000
Hash REG_BINARY 7C90BE8C4E068C3354BE8729C025D9F6D559F10FD57CCCD0065B51D0BCADC08E
====

Prosím o kontrolu - taskeng.exe Vyřešeno

Re: Prosím o kontrolu - taskeng.exe

Re: Prosím o kontrolu - taskeng.exe

Re: Prosím o kontrolu - taskeng.exe

Re: Prosím o kontrolu - taskeng.exe

Re: Prosím o kontrolu - taskeng.exe

Re: Prosím o kontrolu - taskeng.exe

Re: Prosím o kontrolu - taskeng.exe

Re: Prosím o kontrolu - taskeng.exe

Re: Prosím o kontrolu - taskeng.exe

Re: Prosím o kontrolu - taskeng.exe

Re: Prosím o kontrolu - taskeng.exe

Re: Prosím o kontrolu - taskeng.exe

Kdo je online