--------------- QuickDiag | g3n-h@ckm@n | V6.208.20.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 03/08/2020 11:09:19

Updated 26/07/2020 | 09:20 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris
[theos (Administrator)] - [DESKTOP-GVI7Q33] (S-1-5-21-3426726900-1680016901-4063642811-1001)

System: Microsoft Windows 10 Professionnel - - (10.0.19041) -  BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (2004)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 10 Professionnel|C:\WINDOWS|\Device\Harddisk0\Partition4
Boot : Normal boot
PC: B450 AORUS ELITE - Gigabyte Technology Co., Ltd. - IdNumber: Default string - UUID: 032E02B4-0499-05C1-9C06-470700080009
Processor : X64 - 3593 Mhz - AMD Ryzen 5 3600 6-Core Processor              
F51 - en|US|iso8859-1 - American Megatrends Inc. - S/N: Default string - F51 - ALASKA - 1072009
CoreTemp : ? Celsius

----------| Quick


---------- | SoundDevice

NVIDIA High Definition Audio - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0093&SUBSYS_10DE13A3&REV_1001\5&31908DE1&0&0001
Périphérique audio USB - Status: OK - Manufacturer: (USB Audio générique) - PNPDeviceID: USB\VID_9886&PID_0038&MI_03\7&1F5D5A9B&0&0003
Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0892&SUBSYS_1458A182&REV_1003\5&18339B10&0&0001
NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: ROOT\UNNAMED_DEVICE\0000
Périphérique audio USB - Status: OK - Manufacturer: (USB Audio générique) - PNPDeviceID: USB\VID_9886&PID_0038&MI_00\7&1F5D5A9B&0&0000
Voicemod Virtual Audio Device (WDM) - Status: OK - Manufacturer: Voicemod S.L. - PNPDeviceID: ROOT\MEDIA\0000

---------- | Video

NVIDIA GeForce RTX 2060 SUPER - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 143 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edab19158bdd0d0a\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edab19158bdd0d0a\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edab19158bdd0d0a\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edab19158bdd0d0a\nvldumdx.dll - PNPDeviceID: PCI\VEN_10DE&DEV_1F06&SUBSYS_13A310DE&REV_A1\4&2B49CAF9&0&0019 - AdapterCompatibility: NVIDIA - RAM: -1048576
Inegrated Video Chipset DeviceName: NVIDIA GeForce RTX 2060 SUPER - DriverVersion: 27.21.14.5167 - SpecificationVersion: 1025

---------- | Codecs

C:\WINDOWS\system32\MSRLE32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 18432 -  Manufacturer: Microsoft Corporation - Status: OK
C:\WINDOWS\system32\MSG711.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25824 -  Manufacturer: Microsoft Corporation - Status: OK
C:\WINDOWS\system32\TSBYUV.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 -  Manufacturer: Microsoft Corporation - Status: OK
C:\WINDOWS\system32\L3CODECA.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 93184 -  Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
C:\WINDOWS\system32\RTVCVFW64.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 246272 -  Manufacturer: - Status: OK
C:\WINDOWS\system32\MSYUV.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 27648 -  Manufacturer: Microsoft Corporation - Status: OK
C:\WINDOWS\system32\MSVIDC32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 39936 -  Manufacturer: Microsoft Corporation - Status: OK
C:\WINDOWS\system32\MSGSM32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42904 -  Manufacturer: Microsoft Corporation - Status: OK
C:\WINDOWS\system32\IMAADP32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 37440 -  Manufacturer: Microsoft Corporation - Status: OK
C:\WINDOWS\system32\MSADP32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34600 -  Manufacturer: Microsoft Corporation - Status: OK
C:\WINDOWS\system32\IYUV_32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 -  Manufacturer: Microsoft Corporation - Status: OK

---------- | Memory

Pagefile = Total (MB) : 69154 | Free (MB) : 48790
Virtual = Total (MB) : 4194 | Free (MB) : 3891

Physical Memory (MB)
--------------------
Total:     32717
Available: 20879
Cached:    9578
Free:      681

Kernel Memory (MB)
------------------
Paged:     403
Nonpaged:  277

System
------
Handles:   95679
Processes: 217
Threads:   3339

---------- | SID Users

Administrateur : [S-1-5-21-3426726900-1680016901-4063642811-500]
DefaultAccount : [S-1-5-21-3426726900-1680016901-4063642811-503]
Invité : [S-1-5-21-3426726900-1680016901-4063642811-501]
theos : [S-1-5-21-3426726900-1680016901-4063642811-1001]
WDAGUtilityAccount : [S-1-5-21-3426726900-1680016901-4063642811-504]
Administrateurs : [S-1-5-32-544]
Administrateurs Hyper-V : [S-1-5-32-578]
Duplicateurs : [S-1-5-32-552]
IIS_IUSRS : [S-1-5-32-568]
Invités : [S-1-5-32-546]
Lecteurs des journaux d’événements : [S-1-5-32-573]
Opérateurs d'assistance de contrôle d'accès : [S-1-5-32-579]
Opérateurs de chiffrement : [S-1-5-32-569]
Opérateurs de configuration réseau : [S-1-5-32-556]
Opérateurs de sauvegarde : [S-1-5-32-551]
Propriétaires d'appareils : [S-1-5-32-583]
System Managed Accounts Group : [S-1-5-32-581]
Utilisateurs : [S-1-5-32-545]
Utilisateurs avec pouvoir : [S-1-5-32-547]
Utilisateurs de gestion à distance : [S-1-5-32-580]
Utilisateurs de l’Analyseur de performances : [S-1-5-32-558]
Utilisateurs du Bureau à distance : [S-1-5-32-555]
Utilisateurs du journal de performances : [S-1-5-32-559]
Utilisateurs du modèle COM distribué : [S-1-5-32-562]

---------- | Drives

C:\ -> [Fixed] | [] | Total : 893.62 Go | Free : 408.08 Go -> NTFS (SSD) 

Drive: 0
Cylinders: 116737
Tracks per Cylinder: 255
Sectors per Track: 63
Bytes per Sector: 512
Total Space: 960197124096 bytes


---------- | Windows updates - Activation - License


W.A.T : :)

Test 1 : Windows Is Activated
Test 2 : Windows Is Activated

Volume License


---------- | Browsers

IE : 11.0.19041.1     (© Microsoft Corporation. Tous droits réservés.)
GC : 84.0.4147.105     (Copyright 2020 Google LLC.)

Default : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" 

---------- | FlashPlayer

FlashPlayer ActiveX : 32.0.0.387

---------- | Security

AS : 
FW : WINDOWS Firewall
WMI : OK
WU: Windows Update Service [Manual(3)] = Running
AS: Windows Defender [Auto(2)] = Running
WMI: Windows Management Instrumentation [Auto(2)] = Running



---------- | Running processes

552 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.19041.1) = C:\Windows\System32\smss.exe     [07/12/2019 11:08:49]    CPU Usage:0 %
820 | [Owner : Système | Parent : 812() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.19041.1) = C:\Windows\System32\csrss.exe     [07/12/2019 11:08:49]    CPU Usage:0 %
908 | [Owner : Système | Parent : 812() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.19041.1) = C:\Windows\System32\wininit.exe     [07/12/2019 11:08:49]    CPU Usage:0 %
984 | [Owner : Système | Parent : 908(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.19041.1) = C:\Windows\System32\services.exe     [07/12/2019 11:08:49]    CPU Usage:0 %
1000 | [Owner : Système | Parent : 908(wininit.exe) | 22.77 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.19041.1) = C:\Windows\System32\lsass.exe     [07/12/2019 11:08:49]    CPU Usage:0 %
740 | [Owner : Système | Parent : 984(services.exe) | 2.91 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
636 | [Owner : Système | Parent : 984(services.exe) | 27.2 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
808 | [Owner : UMFD-0 | Parent : 908(wininit.exe) | 2.38 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.19041.388) = C:\Windows\System32\fontdrvhost.exe     [10/07/2020 20:15:45]    CPU Usage:0 %
1200 | [Owner : SERVICE RÉSEAU | Parent : 984(services.exe) | 16.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
1248 | [Owner : Système | Parent : 984(services.exe) | 9.57 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
1392 | [Owner : SERVICE RÉSEAU | Parent : 984(services.exe) | 10.45 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
1528 | [Owner : Système | Parent : 984(services.exe) | 8.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
1536 | [Owner : SERVICE LOCAL | Parent : 984(services.exe) | 10.99 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
1604 | [Owner : Système | Parent : 984(services.exe) | 13.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
1656 | [Owner : Système | Parent : 984(services.exe) | 5.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
1668 | [Owner : Système | Parent : 984(services.exe) | 7 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
1688 | [Owner : Système | Parent : 984(services.exe) | 11.87 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
1828 | [Owner : SERVICE LOCAL | Parent : 984(services.exe) | 14.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
1880 | [Owner : Système | Parent : 984(services.exe) | 9.26 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
1948 | [Owner : SERVICE LOCAL | Parent : 984(services.exe) | 5.39 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
324 | [Owner : SERVICE LOCAL | Parent : 984(services.exe) | 6.2 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
1612 | [Owner : SERVICE LOCAL | Parent : 984(services.exe) | 6.64 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
1444 | [Owner : Système | Parent : 984(services.exe) | 6.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
2124 | [Owner : SERVICE RÉSEAU | Parent : 984(services.exe) | 9.93 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
2248 | [Owner : SERVICE LOCAL | Parent : 984(services.exe) | 6.06 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
2260 | [Owner : Système | Parent : 984(services.exe) | 5.79 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
2408 | [Owner : SERVICE LOCAL | Parent : 984(services.exe) | 8.2 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
2508 | [Owner : SERVICE LOCAL | Parent : 984(services.exe) | 6.73 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
2556 | [Owner : SERVICE RÉSEAU | Parent : 984(services.exe) | 7.16 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
2648 | [Owner : Système | Parent : 984(services.exe) | 14.86 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.25.2802.9499) = C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edab19158bdd0d0a\Display.NvContainer\NVDisplay.Container.exe     [18/07/2020 19:56:37]    CPU Usage:0 %
2724 | [Owner : SERVICE RÉSEAU | Parent : 984(services.exe) | 7.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
2764 | [Owner : Système | Parent : 984(services.exe) | 4.93 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
2772 | [Owner : Système | Parent : 984(services.exe) | 12.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
2788 | [Owner : SERVICE LOCAL | Parent : 984(services.exe) | 6.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
2936 | [Owner : Système | Parent : 984(services.exe) | 7.2 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
2976 | [Owner : Système | Parent : 984(services.exe) | 6.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
3036 | [Owner : Système | Parent : 984(services.exe) | 6.79 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
3044 | [Owner : SERVICE LOCAL | Parent : 984(services.exe) | 6.86 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
3144 | [Owner : Système | Parent : 984(services.exe) | 15.8 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
3480 | [Owner : SERVICE LOCAL | Parent : 984(services.exe) | 7.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
3548 | [Owner : SERVICE LOCAL | Parent : 984(services.exe) | 14.22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
3736 | [Owner : Système | Parent : 984(services.exe) | 20.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
3856 | [Owner : SERVICE LOCAL | Parent : 984(services.exe) | 8.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
3864 | [Owner : SERVICE LOCAL | Parent : 984(services.exe) | 5.7 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
3904 | [Owner : Système | Parent : 984(services.exe) | 12.25 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
4056 | [Owner : Système | Parent : 984(services.exe) | 12.81 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.19041.421) = C:\Windows\System32\spoolsv.exe     [01/08/2020 21:16:36]    CPU Usage:0 %
4020 | [Owner : SERVICE LOCAL | Parent : 984(services.exe) | 13.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
4300 | [Owner : SERVICE RÉSEAU | Parent : 984(services.exe) | 12.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
4312 | [Owner : Système | Parent : 984(services.exe) | 30.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
4320 | [Owner : SERVICE LOCAL | Parent : 984(services.exe) | 34.77 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
4328 | [Owner : Système | Parent : 984(services.exe) | 10.55 Mo] - (.- EnTierService.) - (1.5.3.22206) = C:\Program Files\AMD\StoreMI\ECmd\EnTierService.exe     [10/10/2019 23:24:34]    CPU Usage:0 %
4336 | [Owner : Système | Parent : 984(services.exe) | 8.53 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
4352 | [Owner : Système | Parent : 984(services.exe) | 7.78 Mo] - (.Realtek Semiconductor - Realtek HD Audio Universal Service.) - (1.0.191.1) = C:\Windows\System32\RtkAudUService64.exe     [13/01/2020 19:46:23]    CPU Usage:0 %
4360 | [Owner : Système | Parent : 984(services.exe) | 8.01 Mo] - (.Corsair - Corsair SSD Toolbox Service.) - (1.2.5.7) = C:\Program Files (x86)\Corsair SSD Toolbox\CSSDTService.exe     [27/03/2020 11:15:51]    CPU Usage:0 %
4368 | [Owner : Système | Parent : 984(services.exe) | 4.26 Mo] - (.Parsec - Parsec.) - (150.36.0.0) = C:\Program Files\Parsec\pservice.exe     [19/05/2020 14:28:54]    CPU Usage:0 %
4384 | [Owner : Système | Parent : 984(services.exe) | 19.01 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
4392 | [Owner : SERVICE LOCAL | Parent : 984(services.exe) | 5.53 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
4400 | [Owner : Système | Parent : 984(services.exe) | 17.49 Mo] - (.pdfforge GmbH - PDF Architect 7.) - (7.1.14.4969) = C:\Program Files\PDF Architect 7\updater-ws.exe     [07/10/2019 21:55:48]    CPU Usage:0 %
4416 | [Owner : Système | Parent : 984(services.exe) | 32.96 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.27.2835.6155) = C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe     [10/01/2020 13:36:44]    CPU Usage:0 %
4456 | [Owner : Système | Parent : 984(services.exe) | 36.16 Mo] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.13127.20000) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe     [31/07/2020 10:54:00]    CPU Usage:0 %
4464 | [Owner : Système | Parent : 984(services.exe) | 4.68 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
4484 | [Owner : Système | Parent : 984(services.exe) | ?????] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.18.2006.10) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2006.10-0\MsMpEng.exe     [02/07/2020 13:21:01]    CPU Usage:0 %
4780 | [Owner : SERVICE LOCAL | Parent : 984(services.exe) | 4.65 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
5256 | [Owner : Système | Parent : 984(services.exe) | 16.8 Mo] - (.pdfforge GmbH - PDF Architect 7.) - (7.1.14.4969) = C:\Program Files\PDF Architect 7\ws.exe     [07/10/2019 21:55:54]    CPU Usage:0 %
5384 | [Owner : Système | Parent : 984(services.exe) | 8.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
5452 | [Owner : Système | Parent : 984(services.exe) | 11 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
5464 | [Owner : SERVICE RÉSEAU | Parent : 984(services.exe) | 6.3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
6464 | [Owner : Système | Parent : 984(services.exe) | 21.51 Mo] - (.Microsoft Corporation - GamingServices.) - (10.0.19041.3225) = C:\Program Files\WindowsApps\Microsoft.GamingServices_2.43.13001.0_x64__8wekyb3d8bbwe\GamingServices.exe     [18/07/2020 13:49:30]    CPU Usage:0 %
6472 | [Owner : SERVICE LOCAL | Parent : 984(services.exe) | 4.42 Mo] - (.Microsoft Corporation - GamingServices.) - (10.0.19041.3225) = C:\Program Files\WindowsApps\Microsoft.GamingServices_2.43.13001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe     [18/07/2020 13:49:30]    CPU Usage:0 %
7044 | [Owner : Système | Parent : 984(services.exe) | 15.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
7360 | [Owner : SERVICE LOCAL | Parent : 984(services.exe) | 17.06 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
7680 | [Owner : Système | Parent : 984(services.exe) | 3.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
8052 | [Owner : Système | Parent : 984(services.exe) | 18.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
8180 | [Owner : Système | Parent : 984(services.exe) | 29 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
8992 | [Owner : Système | Parent : 984(services.exe) | 39.64 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.19041.329) = C:\Windows\System32\SearchIndexer.exe     [10/07/2020 20:15:37]    CPU Usage:0 %
9316 | [Owner : SERVICE LOCAL | Parent : 984(services.exe) | 19.59 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
11156 | [Owner : Système | Parent : 636(svchost.exe) | 9.36 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.19041.1) = C:\Windows\System32\dllhost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
9236 | [Owner : Système | Parent : 984(services.exe) | 10.82 Mo] - (.Microsoft Corporation - Service de disque virtuel.) - (10.0.19041.1) = C:\Windows\System32\vds.exe     [07/12/2019 11:08:19]    CPU Usage:0 %
11896 | [Owner : Système | Parent : 984(services.exe) | 9.63 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
12012 | [Owner : Système | Parent : 984(services.exe) | 10.1 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
10148 | [Owner : SERVICE LOCAL | Parent : 984(services.exe) | 10.15 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
12492 | [Owner : Système | Parent : 984(services.exe) | 10.19 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
5288 | [Owner : Système | Parent : 984(services.exe) | ?????] - (.Microsoft Corporation - Service Broker du moniteur d'exécution System Guard.) - (10.0.19041.84) = C:\Windows\System32\SgrmBroker.exe     [10/07/2020 20:16:00]    CPU Usage:0 %
7028 | [Owner : Système | Parent : 984(services.exe) | 9.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
8328 | [Owner : Système | Parent : 984(services.exe) | 9.52 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
10176 | [Owner : Système | Parent : 636(svchost.exe) | 17.11 Mo] - (.Microsoft Corporation - MoUSO Core Worker Process.) - (10.0.19041.421) = C:\Windows\System32\MoUsoCoreWorker.exe     [01/08/2020 21:16:42]    CPU Usage:0 %
9572 | [Owner : SERVICE LOCAL | Parent : 984(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
12964 | [Owner : Système | Parent : 984(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.18.1907.16384) = C:\Windows\System32\SecurityHealthService.exe     [01/08/2020 21:16:45]    CPU Usage:0 %
12184 | [Owner : SERVICE LOCAL | Parent : 3548(svchost.exe) | 14.97 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.19041.421) = C:\Windows\System32\audiodg.exe     [01/08/2020 21:16:36]    CPU Usage:0 %
1752 | [Owner : SERVICE LOCAL | Parent : 984(services.exe) | 7.91 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
7468 | [Owner : Système | Parent : 984(services.exe) | 10.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
9404 | [Owner : SERVICE LOCAL | Parent : 984(services.exe) | 6.56 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
12532 | [Owner : Système | Parent : 984(services.exe) | 8.19 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
11924 | [Owner : Système | Parent : 14020() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.19041.1) = C:\Windows\System32\csrss.exe     [07/12/2019 11:08:49]    CPU Usage:1 %
14280 | [Owner : Système | Parent : 14020() | 9.81 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.19041.1) = C:\Windows\System32\winlogon.exe     [07/12/2019 11:08:51]    CPU Usage:0 %
11864 | [Owner : UMFD-3 | Parent : 14280(winlogon.exe) | 17.2 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.19041.388) = C:\Windows\System32\fontdrvhost.exe     [10/07/2020 20:15:45]    CPU Usage:0 %
1840 | [Owner : DWM-3 | Parent : 14280(winlogon.exe) | 61.06 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.19041.1) = C:\Windows\System32\dwm.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
6816 | [Owner : Système | Parent : 2648(NVDisplay.Container.exe) | 33.96 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.25.2802.9499) = C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edab19158bdd0d0a\Display.NvContainer\NVDisplay.Container.exe     [18/07/2020 19:56:37]    CPU Usage:0 %
12360 | [Owner : theos | Parent : 636(svchost.exe) | 8.22 Mo] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.19041.1) = C:\Windows\System32\rundll32.exe     [07/12/2019 11:09:07]    CPU Usage:0 %
3472 | [Owner : theos | Parent : 4416(nvcontainer.exe) | 24.44 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.27.2835.6155) = C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe     [10/01/2020 13:36:44]    CPU Usage:0 %
12440 | [Owner : theos | Parent : 4416(nvcontainer.exe) | 46.1 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.27.2835.6155) = C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe     [10/01/2020 13:36:44]    CPU Usage:0 %
11056 | [Owner : theos | Parent : 1880(svchost.exe) | 28.96 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.19041.1) = C:\Windows\System32\sihost.exe     [07/12/2019 11:08:28]    CPU Usage:0 %
4604 | [Owner : theos | Parent : 984(services.exe) | 19.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
4496 | [Owner : theos | Parent : 984(services.exe) | 42.36 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
11844 | [Owner : theos | Parent : 1604(svchost.exe) | 9.95 Mo] - (.- MysticLightController.) - (0.0.1.25) = C:\Program Files\GamingOSD\mysticlight\MysticLightController.exe     [06/01/2020 10:45:06]    CPU Usage:0 %
3256 | [Owner : theos | Parent : 1604(svchost.exe) | 13.76 Mo] - (.MSI - MNTMicorKey.) - (0.0.0.2) = C:\Program Files\GamingOSD\MonitorMicroKeyDetector.exe     [03/03/2020 10:10:30]    CPU Usage:0 %
6148 | [Owner : theos | Parent : 1604(svchost.exe) | 18.85 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.19041.1) = C:\Windows\System32\taskhostw.exe     [07/12/2019 11:09:00]    CPU Usage:0 %
12268 | [Owner : theos | Parent : 1604(svchost.exe) | 9.78 Mo] - (.MSI - WeatherDetector.) - (1.0.0.0) = C:\Program Files\GamingOSD\WeatherDetector.exe     [03/03/2020 10:10:32]    CPU Usage:0 %
9916 | [Owner : theos | Parent : 1604(svchost.exe) | 27.67 Mo] - (.MICRO-STAR INT'L,.LTD. - GamingOSD.) - (0.0.2.31) = C:\Program Files\GamingOSD\GamingOSD.exe     [03/03/2020 10:10:26]    CPU Usage:0 %
3928 | [Owner : theos | Parent : 10620() | 138.1 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.19041.421) = C:\Windows\explorer.exe     [01/08/2020 21:16:37]    CPU Usage:0 %
11032 | [Owner : theos | Parent : 984(services.exe) | 17.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
13980 | [Owner : theos | Parent : 636(svchost.exe) | 81.87 Mo] - (.-.) - (0.0.0.0) = C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe     [01/08/2020 21:16:42]    CPU Usage:0 %
9004 | [Owner : theos | Parent : 636(svchost.exe) | 24.73 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.1) = C:\Windows\System32\RuntimeBroker.exe     [07/12/2019 11:08:22]    CPU Usage:0 %
7928 | [Owner : theos | Parent : 636(svchost.exe) | 182.23 Mo] - (.Microsoft Corporation - Search application.) - (10.0.19041.421) = C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe     [01/08/2020 21:17:01]    CPU Usage:0 %
3344 | [Owner : theos | Parent : 636(svchost.exe) | 12.74 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.19041.1) = C:\Windows\System32\dllhost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
8720 | [Owner : theos | Parent : 636(svchost.exe) | 36.23 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.1) = C:\Windows\System32\RuntimeBroker.exe     [07/12/2019 11:08:22]    CPU Usage:0 %
4256 | [Owner : theos | Parent : 636(svchost.exe) | 6.1 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.19041.1) = C:\Windows\System32\SettingSyncHost.exe     [07/12/2019 11:09:09]    CPU Usage:0 %
7868 | [Owner : theos | Parent : 1664() | 15.61 Mo] - (.Node.js - NVIDIA Web Helper Service.) - (11.13.0.0) = C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe     [10/01/2020 13:36:55]    CPU Usage:0 %
12768 | [Owner : theos | Parent : 7868(NVIDIA Web Helper.exe) | 0.98 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.19041.153) = C:\Windows\System32\conhost.exe     [10/07/2020 20:15:44]    CPU Usage:0 %
7448 | [Owner : theos | Parent : 1668(svchost.exe) | 20.61 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.19041.1) = C:\Windows\System32\ctfmon.exe     [07/12/2019 11:09:00]    CPU Usage:0 %
13080 | [Owner : SERVICE LOCAL | Parent : 984(services.exe) | 5.35 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
4144 | [Owner : theos | Parent : 636(svchost.exe) | 1.77 Mo] - (.Microsoft Corporation - YourPhone.) - (1.20071.95.0) = C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20071.95.0_x64__8wekyb3d8bbwe\YourPhone.exe     [27/07/2020 13:58:54]    CPU Usage:0 %
12684 | [Owner : theos | Parent : 636(svchost.exe) | 44.01 Mo] - (.Microsoft Corporation -.) - (2001.22012.0.31) = C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe     [01/08/2020 21:17:00]    CPU Usage:0 %
12488 | [Owner : theos | Parent : 636(svchost.exe) | 12.77 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.1) = C:\Windows\System32\RuntimeBroker.exe     [07/12/2019 11:08:22]    CPU Usage:0 %
9536 | [Owner : theos | Parent : 4416(nvcontainer.exe) | 12.59 Mo] - (.NVIDIA Corporation - NVIDIA ShadowPlay Helper.) - (3.20.4.14) = C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe     [10/01/2020 13:36:57]    CPU Usage:0 %
592 | [Owner : theos | Parent : 3472(nvcontainer.exe) | 46.82 Mo] - (.NVIDIA Corporation - NVIDIA Share.) - (73.3683.1933.5) = C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe     [10/01/2020 13:36:56]    CPU Usage:0 %
10224 | [Owner : theos | Parent : 592(NVIDIA Share.exe) | 28.42 Mo] - (.NVIDIA Corporation - NVIDIA Share.) - (73.3683.1933.5) = C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe     [10/01/2020 13:36:56]    CPU Usage:0 %
7380 | [Owner : theos | Parent : 592(NVIDIA Share.exe) | 51.96 Mo] - (.NVIDIA Corporation - NVIDIA Share.) - (73.3683.1933.5) = C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe     [10/01/2020 13:36:56]    CPU Usage:0 %
10972 | [Owner : theos | Parent : 636(svchost.exe) | 22.1 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.1) = C:\Windows\System32\RuntimeBroker.exe     [07/12/2019 11:08:22]    CPU Usage:0 %
6808 | [Owner : theos | Parent : 9916(GamingOSD.exe) | 13.05 Mo] - (.MSI - WindowDetector.) - (0.999.2.0) = C:\Program Files\GamingOSD\WindowDetector.exe     [03/03/2020 10:10:32]    CPU Usage:0 %
3668 | [Owner : theos | Parent : 3928(explorer.exe) | 7.62 Mo] - (.Realtek Semiconductor - Realtek HD Audio Universal Service.) - (1.0.191.1) = C:\Windows\System32\RtkAudUService64.exe     [13/01/2020 19:46:23]    CPU Usage:0 %
10820 | [Owner : theos | Parent : 3928(explorer.exe) | 12.55 Mo] - (.Ugee Technology Company Ltd - Pentablet Service.) - (1.6.4.0) = C:\Program Files\Pentablet\PentabletService.exe     [23/03/2020 12:35:23]    CPU Usage:0 %
1844 | [Owner : theos | Parent : 3928(explorer.exe) | 6.73 Mo] - (.Riot Games, Inc. - Vanguard tray notification..) - (1.0.2.2) = C:\Program Files\Riot Vanguard\vgtray.exe     [28/04/2020 09:59:30]    CPU Usage:0 %
11484 | [Owner : theos | Parent : 3928(explorer.exe) | 13.58 Mo] - (.Unified Intents AB - Unified Remote.) - (3.7.0.2352) = C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe     [21/01/2020 11:08:27]    CPU Usage:0 %
7740 | [Owner : theos | Parent : 3928(explorer.exe) | 11.85 Mo] - (.-.) - (1.7.0.0) = C:\Program Files (x86)\PrtScr\PrtScr.exe     [23/07/2020 11:02:37]    CPU Usage:0 %
8588 | [Owner : theos | Parent : 636(svchost.exe) | 54.6 Mo] - (.Microsoft Corporation - Cortana.) - (2.2007.9736.0) = C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2007.9736.0_x64__8wekyb3d8bbwe\Cortana.exe     [22/07/2020 09:39:00]    CPU Usage:0 %
13976 | [Owner : theos | Parent : 636(svchost.exe) | 20.92 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.1) = C:\Windows\System32\RuntimeBroker.exe     [07/12/2019 11:08:22]    CPU Usage:0 %
12256 | [Owner : theos | Parent : 3928(explorer.exe) | 58.48 Mo] - (.SteelSeries ApS - SteelSeries Engine 3 Core.) - (3.18.1.0) = C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe     [18/01/2020 00:17:02]    CPU Usage:0 %
4656 | [Owner : theos | Parent : 636(svchost.exe) | 18.47 Mo] - (.Microsoft Corporation - Speech Runtime Executable.) - (10.0.19041.421) = C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe     [01/08/2020 21:16:42]    CPU Usage:0 %
3276 | [Owner : theos | Parent : 636(svchost.exe) | 44.74 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.19041.1) = C:\Windows\System32\ApplicationFrameHost.exe     [07/12/2019 11:08:41]    CPU Usage:0 %
11356 | [Owner : theos | Parent : 636(svchost.exe) | 12.37 Mo] - (.Microsoft Corporation - Microsoft Edge.) - (11.0.19041.421) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe     [01/08/2020 21:16:32]    CPU Usage:0 %
8700 | [Owner : theos | Parent : 636(svchost.exe) | 7.91 Mo] - (.Microsoft Corporation - Browser_Broker.) - (11.0.19041.1) = C:\Windows\System32\browser_broker.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
13412 | [Owner : theos | Parent : 636(svchost.exe) | 11.59 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.19041.1) = C:\Windows\System32\dllhost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
9040 | [Owner : theos | Parent : 636(svchost.exe) | 7.06 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.1) = C:\Windows\System32\RuntimeBroker.exe     [07/12/2019 11:08:22]    CPU Usage:0 %
12060 | [Owner : theos | Parent : 636(svchost.exe) | 23.2 Mo] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.19041.1) = C:\Windows\System32\MicrosoftEdgeCP.exe     [07/12/2019 11:08:52]    CPU Usage:0 %
13948 | [Owner : theos | Parent : 9040(RuntimeBroker.exe) | 11.85 Mo] - (.Microsoft Corporation - Microsoft Edge Web Platform.) - (11.0.19041.1) = C:\Windows\System32\MicrosoftEdgeSH.exe     [07/12/2019 11:08:26]    CPU Usage:0 %
2368 | [Owner : theos | Parent : 15088(ShellExperienceHost.exe) | 218.12 Mo] - (.Opera Software - Opera GX Internet Browser.) - (68.0.3618.197) = C:\Users\theos\AppData\Local\Programs\Opera GX\68.0.3618.197\opera.exe     [15/07/2020 14:55:50]    CPU Usage:0 %
6976 | [Owner : theos | Parent : 2368(opera.exe) | 8.43 Mo] - (.Opera Software - Opera GX crash-reporter.) - (68.0.3618.197) = C:\Users\theos\AppData\Local\Programs\Opera GX\68.0.3618.197\opera_crashreporter.exe     [15/07/2020 14:55:51]    CPU Usage:0 %
15096 | [Owner : theos | Parent : 2368(opera.exe) | 144.03 Mo] - (.Opera Software - Opera GX Internet Browser.) - (68.0.3618.197) = C:\Users\theos\AppData\Local\Programs\Opera GX\68.0.3618.197\opera.exe     [15/07/2020 14:55:50]    CPU Usage:0 %
15044 | [Owner : theos | Parent : 2368(opera.exe) | 47.52 Mo] - (.Opera Software - Opera GX Internet Browser.) - (68.0.3618.197) = C:\Users\theos\AppData\Local\Programs\Opera GX\68.0.3618.197\opera.exe     [15/07/2020 14:55:50]    CPU Usage:0 %
1936 | [Owner : theos | Parent : 2368(opera.exe) | 22.5 Mo] - (.Opera Software - Opera GX Internet Browser.) - (68.0.3618.197) = C:\Users\theos\AppData\Local\Programs\Opera GX\68.0.3618.197\opera.exe     [15/07/2020 14:55:50]    CPU Usage:0 %
628 | [Owner : theos | Parent : 2368(opera.exe) | 56.37 Mo] - (.Opera Software - Opera GX Internet Browser.) - (68.0.3618.197) = C:\Users\theos\AppData\Local\Programs\Opera GX\68.0.3618.197\opera.exe     [15/07/2020 14:55:50]    CPU Usage:0 %
14880 | [Owner : theos | Parent : 2368(opera.exe) | 22.49 Mo] - (.Opera Software - Opera GX Internet Browser.) - (68.0.3618.197) = C:\Users\theos\AppData\Local\Programs\Opera GX\68.0.3618.197\opera.exe     [15/07/2020 14:55:50]    CPU Usage:0 %
15004 | [Owner : theos | Parent : 2368(opera.exe) | 98.86 Mo] - (.Opera Software - Opera GX Internet Browser.) - (68.0.3618.197) = C:\Users\theos\AppData\Local\Programs\Opera GX\68.0.3618.197\opera.exe     [15/07/2020 14:55:50]    CPU Usage:0 %
14364 | [Owner : theos | Parent : 2368(opera.exe) | 122.35 Mo] - (.Opera Software - Opera GX Internet Browser.) - (68.0.3618.197) = C:\Users\theos\AppData\Local\Programs\Opera GX\68.0.3618.197\opera.exe     [15/07/2020 14:55:50]    CPU Usage:0 %
11408 | [Owner : theos | Parent : 2368(opera.exe) | 141.26 Mo] - (.Opera Software - Opera GX Internet Browser.) - (68.0.3618.197) = C:\Users\theos\AppData\Local\Programs\Opera GX\68.0.3618.197\opera.exe     [15/07/2020 14:55:50]    CPU Usage:0 %
8684 | [Owner : theos | Parent : 2368(opera.exe) | 52.39 Mo] - (.Opera Software - Opera GX Internet Browser.) - (68.0.3618.197) = C:\Users\theos\AppData\Local\Programs\Opera GX\68.0.3618.197\opera.exe     [15/07/2020 14:55:50]    CPU Usage:0 %
10424 | [Owner : theos | Parent : 2368(opera.exe) | 19.1 Mo] - (.Opera Software - Opera GX Internet Browser.) - (68.0.3618.197) = C:\Users\theos\AppData\Local\Programs\Opera GX\68.0.3618.197\opera.exe     [15/07/2020 14:55:50]    CPU Usage:0 %
8636 | [Owner : theos | Parent : 2368(opera.exe) | 53.05 Mo] - (.Opera Software - Opera GX Internet Browser.) - (68.0.3618.197) = C:\Users\theos\AppData\Local\Programs\Opera GX\68.0.3618.197\opera.exe     [15/07/2020 14:55:50]    CPU Usage:0 %
12672 | [Owner : theos | Parent : 2368(opera.exe) | 76.58 Mo] - (.Opera Software - Opera GX Internet Browser.) - (68.0.3618.197) = C:\Users\theos\AppData\Local\Programs\Opera GX\68.0.3618.197\opera.exe     [15/07/2020 14:55:50]    CPU Usage:0 %
9280 | [Owner : theos | Parent : 2368(opera.exe) | 55.91 Mo] - (.Opera Software - Opera GX Internet Browser.) - (68.0.3618.197) = C:\Users\theos\AppData\Local\Programs\Opera GX\68.0.3618.197\opera.exe     [15/07/2020 14:55:50]    CPU Usage:0 %
9800 | [Owner : theos | Parent : 984(services.exe) | 10.92 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
9884 | [Owner : theos | Parent : 2368(opera.exe) | 104.05 Mo] - (.Opera Software - Opera GX Internet Browser.) - (68.0.3618.197) = C:\Users\theos\AppData\Local\Programs\Opera GX\68.0.3618.197\opera.exe     [15/07/2020 14:55:50]    CPU Usage:0 %
3704 | [Owner : theos | Parent : 2368(opera.exe) | 57.44 Mo] - (.Opera Software - Opera GX Internet Browser.) - (68.0.3618.197) = C:\Users\theos\AppData\Local\Programs\Opera GX\68.0.3618.197\opera.exe     [15/07/2020 14:55:50]    CPU Usage:0 %
2548 | [Owner : theos | Parent : 8936() | 58.68 Mo] - (.Discord Inc. - Discord.) - (0.0.306.0) = C:\Users\theos\AppData\Local\Discord\app-0.0.306\Discord.exe     [27/02/2020 15:28:49]    CPU Usage:0 %
14128 | [Owner : theos | Parent : 2548(Discord.exe) | 76.72 Mo] - (.Discord Inc. - Discord.) - (0.0.306.0) = C:\Users\theos\AppData\Local\Discord\app-0.0.306\Discord.exe     [27/02/2020 15:28:49]    CPU Usage:0 %
12144 | [Owner : theos | Parent : 2548(Discord.exe) | 35.9 Mo] - (.Discord Inc. - Discord.) - (0.0.306.0) = C:\Users\theos\AppData\Local\Discord\app-0.0.306\Discord.exe     [27/02/2020 15:28:49]    CPU Usage:0 %
11344 | [Owner : theos | Parent : 2548(Discord.exe) | 49.18 Mo] - (.Discord Inc. - Discord.) - (0.0.306.0) = C:\Users\theos\AppData\Local\Discord\app-0.0.306\Discord.exe     [27/02/2020 15:28:49]    CPU Usage:0 %
10712 | [Owner : theos | Parent : 2548(Discord.exe) | 154.8 Mo] - (.Discord Inc. - Discord.) - (0.0.306.0) = C:\Users\theos\AppData\Local\Discord\app-0.0.306\Discord.exe     [27/02/2020 15:28:49]    CPU Usage:0 %
1072 | [Owner : theos | Parent : 2548(Discord.exe) | 54.2 Mo] - (.Discord Inc. - Discord.) - (0.0.306.0) = C:\Users\theos\AppData\Local\Discord\app-0.0.306\Discord.exe     [27/02/2020 15:28:49]    CPU Usage:0 %
4760 | [Owner : theos | Parent : 2368(opera.exe) | 60.49 Mo] - (.Opera Software - Opera GX Internet Browser.) - (68.0.3618.197) = C:\Users\theos\AppData\Local\Programs\Opera GX\68.0.3618.197\opera.exe     [15/07/2020 14:55:50]    CPU Usage:0 %
11112 | [Owner : theos | Parent : 2368(opera.exe) | 105.64 Mo] - (.Opera Software - Opera GX Internet Browser.) - (68.0.3618.197) = C:\Users\theos\AppData\Local\Programs\Opera GX\68.0.3618.197\opera.exe     [15/07/2020 14:55:50]    CPU Usage:0 %
12196 | [Owner : theos | Parent : 2368(opera.exe) | 65.33 Mo] - (.Opera Software - Opera GX Internet Browser.) - (68.0.3618.197) = C:\Users\theos\AppData\Local\Programs\Opera GX\68.0.3618.197\opera.exe     [15/07/2020 14:55:50]    CPU Usage:0 %
12512 | [Owner : theos | Parent : 2368(opera.exe) | 124.12 Mo] - (.Opera Software - Opera GX Internet Browser.) - (68.0.3618.197) = C:\Users\theos\AppData\Local\Programs\Opera GX\68.0.3618.197\opera.exe     [15/07/2020 14:55:50]    CPU Usage:0 %
1632 | [Owner : theos | Parent : 636(svchost.exe) | 7.96 Mo] - (.Microsoft Corporation - Component Package Support Server.) - (10.0.19041.1) = C:\Windows\System32\CompPkgSrv.exe     [07/12/2019 11:08:07]    CPU Usage:0 %
6964 | [Owner : theos | Parent : 2368(opera.exe) | 125.64 Mo] - (.Opera Software - Opera GX Internet Browser.) - (68.0.3618.197) = C:\Users\theos\AppData\Local\Programs\Opera GX\68.0.3618.197\opera.exe     [15/07/2020 14:55:50]    CPU Usage:0 %
10992 | [Owner : theos | Parent : 2368(opera.exe) | 61.65 Mo] - (.Opera Software - Opera GX Internet Browser.) - (68.0.3618.197) = C:\Users\theos\AppData\Local\Programs\Opera GX\68.0.3618.197\opera.exe     [15/07/2020 14:55:50]    CPU Usage:0 %
10976 | [Owner : theos | Parent : 2368(opera.exe) | 93.05 Mo] - (.Opera Software - Opera GX Internet Browser.) - (68.0.3618.197) = C:\Users\theos\AppData\Local\Programs\Opera GX\68.0.3618.197\opera.exe     [15/07/2020 14:55:50]    CPU Usage:0 %
11668 | [Owner : theos | Parent : 2368(opera.exe) | 64.37 Mo] - (.Opera Software - Opera GX Internet Browser.) - (68.0.3618.197) = C:\Users\theos\AppData\Local\Programs\Opera GX\68.0.3618.197\opera.exe     [15/07/2020 14:55:50]    CPU Usage:0 %
7544 | [Owner : theos | Parent : 3928(explorer.exe) | 66.88 Mo] - (.Cloud Imperium Games - RSI Launcher.) - (1.4.3.0) = C:\Program Files\Roberts Space Industries\RSI Launcher\RSI Launcher.exe     [02/08/2020 14:05:28]    CPU Usage:1 %
9092 | [Owner : theos | Parent : 7544(RSI Launcher.exe) | 40.59 Mo] - (.Cloud Imperium Games - RSI Launcher.) - (1.4.3.0) = C:\Program Files\Roberts Space Industries\RSI Launcher\RSI Launcher.exe     [02/08/2020 14:05:28]    CPU Usage:0 %
2012 | [Owner : theos | Parent : 7544(RSI Launcher.exe) | 101.25 Mo] - (.Cloud Imperium Games - RSI Launcher.) - (1.4.3.0) = C:\Program Files\Roberts Space Industries\RSI Launcher\RSI Launcher.exe     [02/08/2020 14:05:28]    CPU Usage:0 %
7336 | [Owner : theos | Parent : 7544(RSI Launcher.exe) | 4194.3 Mo] - (.Cloud Imperium Games Corp. -.) - (3.9.80.7656) = C:\Program Files\Roberts Space Industries\StarCitizen\LIVE\Bin64\StarCitizen.exe     [02/08/2020 15:03:45]    CPU Usage:29 %
12004 | [Owner : Système | Parent : 984(services.exe) | 7.75 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
10284 | [Owner : Système | Parent : 984(services.exe) | 9.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
6904 | [Owner : theos | Parent : 636(svchost.exe) | 16.1 Mo] - (.Microsoft Corporation - Gamebar Presence Writer.) - (10.0.19041.1) = C:\Windows\System32\GameBarPresenceWriter.exe     [07/12/2019 11:09:32]    CPU Usage:0 %
14048 | [Owner : Système | Parent : 984(services.exe) | 14.8 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
13896 | [Owner : theos | Parent : 636(svchost.exe) | 67.7 Mo] - (.Microsoft Corporation - Xbox Game Bar.) - (5.320.6242.0) = C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.320.6242.0_x64__8wekyb3d8bbwe\GameBar.exe     [02/07/2020 13:21:03]    CPU Usage:0 %
13924 | [Owner : theos | Parent : 636(svchost.exe) | 20.9 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.1) = C:\Windows\System32\RuntimeBroker.exe     [07/12/2019 11:08:22]    CPU Usage:0 %
14200 | [Owner : theos | Parent : 636(svchost.exe) | 15.52 Mo] - (.Microsoft Corporation - Xbox Game Bar Full Trust COM Server.) - (5.320.6242.0) = C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.320.6242.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe     [02/07/2020 13:21:03]    CPU Usage:0 %
11904 | [Owner : theos | Parent : 13924(RuntimeBroker.exe) | 18.81 Mo] - (.Microsoft Corporation - Xbox Game Bar Full Trust.) - (5.320.6242.0) = C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.320.6242.0_x64__8wekyb3d8bbwe\GameBarFT.exe     [02/07/2020 13:21:03]    CPU Usage:0 %
2336 | [Owner : theos | Parent : 2368(opera.exe) | 127.93 Mo] - (.Opera Software - Opera GX Internet Browser.) - (68.0.3618.197) = C:\Users\theos\AppData\Local\Programs\Opera GX\68.0.3618.197\opera.exe     [15/07/2020 14:55:50]    CPU Usage:0 %
4480 | [Owner : Système | Parent : 984(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
7876 | [Owner : Système | Parent : 984(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
13384 | [Owner : Système | Parent : 984(services.exe) | 6.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
15088 | [Owner : theos | Parent : 636(svchost.exe) | 57.4 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.19041.421) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe     [01/08/2020 21:16:59]    CPU Usage:0 %
8060 | [Owner : theos | Parent : 636(svchost.exe) | 16.9 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.1) = C:\Windows\System32\RuntimeBroker.exe     [07/12/2019 11:08:22]    CPU Usage:0 %
15304 | [Owner : theos | Parent : 636(svchost.exe) | 71.48 Mo] - (.Microsoft Corporation - Windows Defender application.) - (10.0.19041.421) = C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe     [01/08/2020 21:16:43]    CPU Usage:0 %
9576 | [Owner : theos | Parent : 636(svchost.exe) | 10.05 Mo] - (.Microsoft Corporation - Windows Security Health Host.) - (4.18.1907.16384) = C:\Windows\System32\SecurityHealthHost.exe     [01/08/2020 21:16:45]    CPU Usage:0 %
9140 | [Owner : theos | Parent : 636(svchost.exe) | 36.5 Mo] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.19041.264) = C:\Windows\System32\smartscreen.exe     [10/07/2020 20:15:29]    CPU Usage:0 %
3532 | [Owner : Système | Parent : 984(services.exe) | 8.05 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
9668 | [Owner : Système | Parent : 984(services.exe) | 16.29 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
14108 | [Owner : Système | Parent : 984(services.exe) | 7.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
13960 | [Owner : SERVICE LOCAL | Parent : 984(services.exe) | 10.09 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1) = C:\Windows\System32\svchost.exe     [07/12/2019 11:08:46]    CPU Usage:0 %
6620 | [Owner : theos | Parent : 636(svchost.exe) | 7.9 Mo] - (.Microsoft Corporation - Windows Security Health Host.) - (4.18.1907.16384) = C:\Windows\System32\SecurityHealthHost.exe     [01/08/2020 21:16:45]    CPU Usage:0 %
8764 | [Owner : theos | Parent : 2368(opera.exe) | 27.62 Mo] - (.Opera Software - Opera GX Internet Browser.) - (68.0.3618.197) = C:\Users\theos\AppData\Local\Programs\Opera GX\68.0.3618.197\opera.exe     [15/07/2020 14:55:50]    CPU Usage:0 %
6652 | [Owner : theos | Parent : 2368(opera.exe) | 63.68 Mo] - (.SosVirus - QuickDiag.) - (6.208.20.1) = C:\Users\theos\AppData\Local\Temp\scoped_dir2368_1769176759\QuickDiag.exe     [03/08/2020 11:08:50]    CPU Usage:0 %
16028 | [Owner : Système | Parent : 636(svchost.exe) | 9.31 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.19041.1) = C:\Windows\System32\wbem\WmiPrvSE.exe     [07/12/2019 11:08:19]    CPU Usage:0 %
16088 | [Owner : SERVICE RÉSEAU | Parent : 636(svchost.exe) | 11.56 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.19041.1) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe     [07/12/2019 11:09:15]    CPU Usage:0 %

---------- | Locked Applications


---------- | Policy Restrictions


---------- | Explorer.exe Modules (Microsoft Files Whitelisted)

(..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\UMPDC.dll
(..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\TextShaping.dll
(..-..) - (0.0.0.0) -- C:\Windows\System32\WindowManagementAPI.dll
(..-..) - (0.0.0.0) -- C:\Windows\System32\VirtualMonitorManager.dll
(.NVIDIA Corporation.-.NVIDIA Driver Loader, Version 451.67.) - (27.21.14.5167) -- C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edab19158bdd0d0a\nvldumdx.dll
(.NVIDIA Corporation.-.NVIDIA D3D10 Driver, Version 451.67.) - (27.21.14.5167) -- C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edab19158bdd0d0a\nvwgf2umx_cfg.dll
(.NVIDIA Corporation.-.NVIDIA NVAPI Library, Version 451.67.) - (27.21.14.5167) -- C:\WINDOWS\SYSTEM32\nvapi64.dll
(..-..) - (0.0.0.0) -- C:\Windows\ShellExperiences\TileControl.dll
(..-..) - (0.0.0.0) -- C:\Windows\ShellComponents\TaskFlowUI.dll

---------- | Winlogon.exe Modules (Microsoft Files Whitelisted)

(..-..) - (0.0.0.0) -- C:\WINDOWS\System32\UMPDC.dll

---------- | svchost.exe Modules (Microsoft Files Whitelisted)

(..-..) - (0.0.0.0) -- c:\windows\system32\UMPDC.dll
(..-..) - (0.0.0.0) -- c:\windows\system32\TextShaping.dll
(.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.29.0.0) -- c:\windows\system32\winsqlite3.dll
(..-..) - (0.0.0.0) -- C:\Windows\System32\WindowManagementAPI.dll
(..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\WINBIOPLUGINS\FACEBOOTSTRAPADAPTER.DLL
(..-..) - (0.0.0.0) -- C:\Windows\System32\usocoreps.dll

---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL
OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU
Twitch - (Twitch.lnk [Startup]) - User: DESKTOP-GVI7Q33\theos
OneDrive - ("C:\Users\theos\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\...\Run]) - User: DESKTOP-GVI7Q33\theos
Steam - ("C:\Program Files (x86)\Steam\steam.exe" -silent [HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\...\Run]) - User: DESKTOP-GVI7Q33\theos
Discord - (C:\Users\theos\AppData\Local\Discord\app-0.0.306\Discord.exe [HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\...\Run]) - User: DESKTOP-GVI7Q33\theos
EpicGamesLauncher - ("C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent [HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\...\Run]) - User: DESKTOP-GVI7Q33\theos
Unified Remote V3 - ("C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe" [HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\...\Run]) - User: DESKTOP-GVI7Q33\theos
Spotify - (C:\Users\theos\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized [HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\...\Run]) - User: DESKTOP-GVI7Q33\theos
Voicemod - ("C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" [HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\...\Run]) - User: DESKTOP-GVI7Q33\theos
Parsec.App.0 - (C:\Program Files\Parsec\parsecd.exe app_silent=1 [HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\...\Run]) - User: DESKTOP-GVI7Q33\theos
PrtScr by FireStarter - (C:\Program Files (x86)\PrtScr\PrtScr.exe /Tray [HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\...\Run]) - User: DESKTOP-GVI7Q33\theos
SteelSeries Engine 3 - (C:\PROGRA~1\STEELS~1\STEELS~1\STEELS~1.EXE -dataPath="C:\ProgramData\SteelSeries\SteelSeries Engine 3" -dbEnv=production -auto=true [Common Startup]) - User: Public
SecurityHealth - (%windir%\system32\SecurityHealthSystray.exe [HKLM\SOFTWARE\...\Run]) - User: Public
RtkAudUService - ("C:\WINDOWS\System32\RtkAudUService64.exe" -background [HKLM\SOFTWARE\...\Run]) - User: Public
PentabletService - (C:\Program Files\Pentablet\PentabletService.exe [HKLM\SOFTWARE\...\Run]) - User: Public
Riot Vanguard - ("C:\Program Files\Riot Vanguard\vgtray.exe" [HKLM\SOFTWARE\...\Run]) - User: Public
EnTierSystray - ("C:\Program Files\AMD\StoreMI\ECmd\EApps\StoreMISystray.exe" [HKLM\SOFTWARE\...\Run]) - User: Public

[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\theos\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background   
"Steam"="C:\Program Files (x86)\Steam\steam.exe" -silent   
"Discord"=C:\Users\theos\AppData\Local\Discord\app-0.0.306\Discord.exe   [27/02/2020 15:28:49]
"EpicGamesLauncher"="C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent   
"Unified Remote V3"="C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe"   
"Spotify"=C:\Users\theos\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized   
"Voicemod"="C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"   
"Parsec.App.0"=C:\Program Files\Parsec\parsecd.exe app_silent=1   
"PrtScr by FireStarter"=C:\Program Files (x86)\PrtScr\PrtScr.exe /Tray   

[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Delete Cached Update Binary"=C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\theos\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"   
"Delete Cached Standalone Update Binary"=C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\theos\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"   
"Uninstall 20.124.0621.0006\amd64"=C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\theos\AppData\Local\Microsoft\OneDrive\20.124.0621.0006\amd64"   
"Uninstall 20.124.0621.0006"=C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\theos\AppData\Local\Microsoft\OneDrive\20.124.0621.0006"   

[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"OneDrive"=0x03000000A76F6A42A8C7D501   
"Discord"=0x03000000241A8F67E004D601   
"EpicGamesLauncher"=0x030000002F9B4744B6C7D501   
"Steam"=0x0300000005D6177444C8D501   
"Unified Remote V3"=0x020000000000000000000000   
"Spotify"=0x0300000074FA140279DAD501   
"Overwolf"=0x030000000FB502B86BF4D501   
"GoogleChromeAutoLaunch_35DF0885EC44CB0C4324B3570B7C12A3"=0x020000000000000000000000   
"LGHUB"=0x03000000072691C88737D601   
"LoR deck tracker"=0x03000000270F57C18737D601   
"Voicemod"=0x030000005DD6A1713138D601   
"Skype for Desktop"=0x03000000561960151D3BD601   
"Parsec.App.0"=0x03000000B82F83D9E259D601   
"PrtScr by FireStarter"=0x020000000000000000000000   

[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"a"=sysdm.cpl\1   
"MRUList"=febdca   
"b"=regedit\1   
"c"=msconfig\1   
"d"=shutdown -s -t 3600\1   
"e"=verifier\1   
"f"=mdsched.exe\1   

[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"Device"=PDFCreator,winspool,Ne00:   
"IsMRUEstablished"=0   
"LegacyDefaultPrinterMode"=0   
"MenuDropAlignment"=1   

[HKLM\Software\Microsoft\Command Processor]
"CompletionChar"=9   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=9   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=%windir%\system32\SecurityHealthSystray.exe   
"RtkAudUService"="C:\WINDOWS\System32\RtkAudUService64.exe" -background   
"PentabletService"=C:\Program Files\Pentablet\PentabletService.exe   [23/03/2020 12:35:23]
"Riot Vanguard"="C:\Program Files\Riot Vanguard\vgtray.exe"   
"EnTierSystray"="C:\Program Files\AMD\StoreMI\ECmd\EApps\StoreMISystray.exe"   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"SecurityHealth"=0x070000007380807644C8D501   
"RtkAudUService"=0x020000000000000000000000   
"PentabletService"=0x020000000000000000000000   
"Riot Vanguard"=0x020000000000000000000000   
"EnTierSystray"=0x03000000C34A53C38737D601   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]
"SunJavaUpdateSched"=0x030000007918ED42B6C7D501   
"Lightshot"=0x03000000ED9139FC014FD601   
"Xtreme Tuner"=0x03000000FDA947142B16D601   
"Intel Driver & Support Assistant"=0x030000009A76FD780055D601   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc   
"AppInit_DLLs"=   
"DdeSendTimeout"=0   
"DesktopHeapLogging"=1   
"DeviceNotSelectedTimeout"=15   
"DwmInputUsesIoCompletionPort"=1   
"EnableDwmInputProcessing"=7   
"GDIProcessHandleQuota"=10000   
"IconServiceLib"=IconCodecService.dll   
"LoadAppInit_DLLs"=0   
"NaturalInputHandler"=Ninput.dll   
"ShutdownWarningDialogTimeout"=4294967295   
"Spooler"=yes   
"ThreadUnresponsiveLogTimeout"=500   
"TransmissionRetryTimeout"=90   
"USERNestedWindowLimit"=50   
"USERPostMessageLimit"=10000   
"USERProcessHandleQuota"=10000   
"Win32kLastWriteTime"=1D6683849E9B8D9   

[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
"CompletionChar"=9   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=9   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"   
"Xtreme Tuner"=C:\Program Files\XtremeTuner\Xtreme Tuner.exe SysTray   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc   
"AppInit_DLLs"=   
"DdeSendTimeout"=0   
"DesktopHeapLogging"=1   
"DeviceNotSelectedTimeout"=15   
"DwmInputUsesIoCompletionPort"=1   
"EnableDwmInputProcessing"=7   
"GDIProcessHandleQuota"=10000   
"IconServiceLib"=IconCodecService.dll   
"LoadAppInit_DLLs"=0   
"NaturalInputHandler"=Ninput.dll   
"ShutdownWarningDialogTimeout"=4294967295   
"Spooler"=yes   
"ThreadUnresponsiveLogTimeout"=500   
"TransmissionRetryTimeout"=90   
"USERNestedWindowLimit"=50   
"USERPostMessageLimit"=10000   
"USERProcessHandleQuota"=10000   

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED}   


---------- | Win.ini : 



---------- | System.ini : 



---------- | Tasks List

AMDAutoUpdate
GamingOSDAutoStartUp
GoogleUpdateTaskMachineCore
GoogleUpdateTaskMachineUA
MicrosoftEdgeUpdateTaskMachineCore
MicrosoftEdgeUpdateTaskMachineUA
MonitorMicroKey
MonitorMysticLight
MonitorWeatherDetector
MSIAfterburner
NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
OneDrive Standalone Update Task-S-1-5-21-3426726900-1680016901-4063642811-1001
Opera GX scheduled Autoupdate 1578655239

---------- | Startings up registry ¦ Folder


---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server


[HKLM\System\CurrentControlSet\Control]
"BootDriverFlags"=28   
"CurrentUser"=USERNAME   
"EarlyStartServices"=RpcSs
Power
BrokerInfrastructure
SystemEventsBroker
DcomLaunch
RpcEpMapper
LSM
AppIdSvc   
"PreshutdownOrder"=DeviceInstall
UsoSvc
gpsvc
trustedinstaller   
"SvcHostSplitThresholdInKB"=3670016   
"WaitToKillServiceTimeout"=2000   
"SystemStartOptions"= NOEXECUTE=OPTIN   
"SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(4)   
"FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(2)   
"LastBootSucceeded"=1   
"LastBootShutdown"=1   
"DirtyShutdownCount"=3   

[HKLM\System\CurrentControlSet\Control\lsa]
"auditbasedirectories"=0   
"auditbaseobjects"=0   
"Bounds"=0x0030000000200000   
"crashonauditfail"=0   
"fullprivilegeauditing"=0x00   
"LimitBlankPasswordUse"=1   
"NoLmHash"=1   
"Security Packages"=""   [03/08/2020 11:09:07]
"Notification Packages"=scecli   
"Authentication Packages"=msv1_0   
"disabledomaincreds"=0   
"everyoneincludesanonymous"=0   
"forceguest"=0   
"LsaCfgFlagsDefault"=0   
"LsaPid"=1000   
"ProductType"=6   
"restrictanonymous"=0   
"restrictanonymoussam"=1   
"SamConnectedAccountsExist"=1   
"SecureBoot"=1   

[HKLM\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll   

[HKLM\System\CurrentControlSet\Control\Session Manager]
"AutoChkTimeout"=8   
"BootExecute"=autocheck autochk *   
"BootShell"=%SystemRoot%\system32\bootim.exe   
"CriticalSectionTimeout"=2592000   
"ExcludeFromKnownDlls"=   
"GlobalFlag"=0   
"GlobalFlag2"=0   
"HeapDeCommitFreeBlockThreshold"=0   
"HeapDeCommitTotalFreeThreshold"=0   
"HeapSegmentCommit"=0   
"HeapSegmentReserve"=0   
"InitConsoleFlags"=0   
"NumberOfInitialSessions"=2   
"ObjectDirectories"=\Windows
\RPC Control   
"ProcessorControl"=2   
"ProtectionMode"=1   
"ResourceTimeoutCount"=150   
"RunLevelExecute"=WinInit
ServiceControlManager   
"RunLevelValidate"=ServiceControlManager   
"SETUPEXECUTE"=   
"AutoChkSkipSystemPartition"=0   
"PendingFileRenameOperations"=\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\IrisPlugins\TrayPlugin.EXPT-59_Control.x64.dll

\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\IrisPlugins\TrayPlugin.EXPT-59_Test.x64.dll

\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\IrisPlugins\UIPlugin.EXPT-77_Control.x64.dll

\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\IrisPlugins\UIPlugin.EXPT-77_Email.x64.dll

\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\IrisPlugins\UIPlugin.EXPT-77_Url.x64.dll

\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\IrisPlugins\TrayPlugin.EXPT-59_Control.x64.dll

\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\IrisPlugins\TrayPlugin.EXPT-59_Test.x64.dll

\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\IrisPlugins\UIPlugin.EXPT-77_Control.x64.dll

\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\IrisPlugins\UIPlugin.EXPT-77_Email.x64.dll

\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\IrisPlugins\UIPlugin.EXPT-77_Url.x64.dll

\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\IrisPlugins\TrayPlugin.EXPT-59_Control.x64.dll

\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\IrisPlugins\TrayPlugin.EXPT-59_Test.x64.dll

\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\IrisPlugins\UIPlugin.EXPT-77_Control.x64.dll

\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\IrisPlugins\UIPlugin.EXPT-77_Email.x64.dll

\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\IrisPlugins\UIPlugin.EXPT-77_Url.x64.dll
   

[HKLM\System\CurrentControlSet\Control\Terminal Server]
"AllowRemoteRPC"=0   
"DelayConMgrTimeout"=0   
"DeleteTempDirsOnExit"=1   
"fSingleSessionPerUser"=1   
"NotificationTimeOut"=0   
"PerSessionTempDir"=0   
"ProductVersion"=5.1   
"RCDependentServices"=CertPropSvc
SessionEnv   
"SnapshotMonitors"=1   
"StartRCM"=0   
"TSUserEnabled"=0   
"RailShowallNotifyIcons"=1   
"RDPVGCInstalled"=1   
"fDenyTSConnections"=0   
"InstanceID"=7eeedc35-b7ad-4946-839a-98c0f1d   
"GlassSessionId"=3   


---------- | .LNK with Arguments


---------- | AppCertDlls


---------- | Dnsapi.dll

C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts
C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Control Panel\Desktop]
"ActiveWndTrackTimeout"=0   
"BlockSendInputResets"=0   
"CaretTimeout"=5000   
"CaretWidth"=1   
"ClickLockTime"=1200   
"CoolSwitchColumns"=7   
"CoolSwitchRows"=3   
"CursorBlinkRate"=530   
"DockMoving"=1   
"DragFromMaximize"=1   
"DragFullWindows"=1   
"DragHeight"=4   
"DragWidth"=4   
"FocusBorderHeight"=1   
"FocusBorderWidth"=1   
"FontSmoothing"=2   
"FontSmoothingGamma"=0   
"FontSmoothingOrientation"=1   
"FontSmoothingType"=2   
"ForegroundFlashCount"=7   
"ForegroundLockTimeout"=200000   
"LeftOverlapChars"=3   
"MenuShowDelay"=400   
"MouseWheelRouting"=2   
"PaintDesktopVersion"=0   
"Pattern"=0   
"RightOverlapChars"=3   
"ScreenSaveActive"=1   
"SnapSizing"=1   
"TileWallpaper"=0   
"WallpaperOriginX"=0   
"WallpaperOriginY"=0   
"WallpaperStyle"=10   
"WheelScrollChars"=3   
"WheelScrollLines"=3   
"WindowArrangementActive"=1   
"WallPaper"=C:\Users\theos\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper   [19/07/2020 19:28:16]
"Win8DpiScaling"=0   
"DpiScalingVer"=4096   
"UserPreferencesMask"=0x9E1E068012000000   
"MaxVirtualDesktopDimension"=5760   
"MaxMonitorDimension"=3840   
"TranscodedImageCount"=2   
"LastUpdated"=4294967295   
"TranscodedImageCache"=0x7AC301006ED702008007000038040000B160289BEF5DD60143003A005C00550073006500720073005C007400680065006F0073005C0041007000700044006100740061005C004C006F00630061006C005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073005C005400680065006D00650073005C005400720061006E00730063006F00640065006400570061006C006C0070006100700065007200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000   
"AutoColorization"=1   
"ImageColor"=3305111551   
"PreferredUILanguages"=fr-FR   
"LockScreenAutoLockActive"=0   
"WaitToKillAppTimeout"=2000   
"HungAppTimeout"=2000   

[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   

[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   

[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Microsoft\Windows\CurrentVersion\Explorer]
"EdgeDesktopShortcutCreated"=1   
"ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000   
"ExplorerStartupTraceRecorded"=1   
"UserSignedIn"=1   
"SlowContextMenuEntries"=0x6024B221EA3A6910A2DC08002B30309D8D0000000114020000000000C00000000000004665040000599F982160B2024390C3E51740E03639AC00000000000000000000000000000000000000000000000000000000000000000000000000000000000000   
"SIDUpdatedOnLibraries"=1   
"LocalKnownFoldersMigrated"=1   
"TelemetrySalt"=0   
"GlobalAssocChangedCounter"=22   
"FirstRunTelemetryComplete"=1   
"AppReadinessLogonComplete"=1   
"PostAppInstallTasksCompleted"=1   

[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2   
"ServerAdminUI"=0   
"Hidden"=2   
"ShowCompColor"=1   
"HideFileExt"=1   
"DontPrettyPath"=0   
"ShowInfoTip"=1   
"HideIcons"=0   
"MapNetDrvBtn"=0   
"WebView"=1   
"Filter"=0   
"ShowSuperHidden"=0   
"SeparateProcess"=0   
"AutoCheckSelect"=0   
"IconsOnly"=0   
"ShowTypeOverlay"=1   
"ShowStatusBar"=1   
"StoreAppsOnTaskbar"=1   
"ListviewAlphaSelect"=1   
"ListviewShadow"=1   
"TaskbarAnimations"=1   
"StartMenuInit"=13   
"TaskbarStateLastRun"=0x4CE11F5F00000000   
"ShowCortanaButton"=0   
"TaskbarSizeMove"=0   
"DisablePreviewDesktop"=1   
"TaskbarGlomLevel"=0   
"ReindexedProfile"=1   
"Start_TrackProgs"=1   
"StartMigratedBrowserPin"=1   

[HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers]
"authenticodeenabled"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5   
"ConsentPromptBehaviorUser"=3   
"DSCAutomationHostEnabled"=2   
"EnableCursorSuppression"=1   
"EnableFullTrustStartupTasks"=2   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableUwpStartupTasks"=2   
"EnableVirtualization"=1   
"PromptOnSecureDesktop"=1   
"SupportFullTrustStartupTasks"=1   
"SupportUwpStartupTasks"=1   
"ValidateAdminCodeSignatures"=0   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"undockwithoutlogon"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0   
"NoActiveDesktop"=1   
"NoActiveDesktopChanges"=1   
"NoRecentDocsHistory"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"Id"=2   
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"ValueName"=Hidden   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0   
"ActiveSetupTaskOverride"=1   
"AsyncRunOnce"=1   
"AsyncUpdatePCSettings"=1   
"DisableAppInstallsOnFirstLogon"=1   
"DisableResolveStoreCategories"=1   
"DisableUpgradeCleanup"=1   
"EarlyAppResolverStart"=1   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"FSIASleepTimeInMs"=60000   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"IconUnderline"=2   
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"MachineOobeUpdates"=1   
"NoWaitOnRoamingPayloads"=1   
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}   
"AccessDeniedDialog"={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD}   
"GlobalAssocChangedCounter"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1   
"TaskbarSizeMove"=0   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   

[HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers]
"authenticodeenabled"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5   
"ConsentPromptBehaviorUser"=3   
"DSCAutomationHostEnabled"=2   
"EnableCursorSuppression"=1   
"EnableFullTrustStartupTasks"=2   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableUwpStartupTasks"=2   
"EnableVirtualization"=1   
"PromptOnSecureDesktop"=1   
"SupportFullTrustStartupTasks"=1   
"SupportUwpStartupTasks"=1   
"ValidateAdminCodeSignatures"=0   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"undockwithoutlogon"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0   
"NoActiveDesktop"=1   
"NoActiveDesktopChanges"=1   
"NoRecentDocsHistory"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"Id"=2   
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"ValueName"=Hidden   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0   
"ActiveSetupTaskOverride"=1   
"AsyncRunOnce"=1   
"AsyncUpdatePCSettings"=1   
"DisableAppInstallsOnFirstLogon"=1   
"DisableResolveStoreCategories"=1   
"DisableUpgradeCleanup"=1   
"EarlyAppResolverStart"=1   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"FSIASleepTimeInMs"=60000   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"IconUnderline"=2   
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"MachineOobeUpdates"=1   
"NoWaitOnRoamingPayloads"=1   
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}   
"AccessDeniedDialog"={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD}   
"GlobalAssocChangedCounter"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1   
"TaskbarSizeMove"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   


---------- | Winlogon 

[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders   
"PUUActive"=0x23E86B5701000B00320083008FB6050084B8050084B80500D200000003000F00E27C68D3F5980F0054B205000888050076EC0200103D01000000000000000000000000009C910500F41F000053000000968354DC6E69D6018FB6050000000000010000008FB60500614A000082040000021A140000000000   
"BuildNumber"=19041   
"FirstLogon"=0   
"DP"=0xD200E800040003000800000023E86B573C3F0D0000000000EE0C1CCB6B69D601B3F0A5C56969D6011D4F0D000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000F03F805101004E9700400806160009461601248200C0020400680604416C29EB0000144E0021144E817181060080C1201701C1261701B28A0000002218220826392A3B290080D5C80201D5C84A014E9600800991214889913148753C0180F1A90801F5A90A05E8A80080008800080088000802480000C2151800C21518082F9700809C16834A9C968F4A   
"ParseAutoexec"=1   

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoRestartShell"=1   
"Background"=0 0 0   
"CachedLogonsCount"=10   
"DebugServerCommand"=no   
"DisableBackButton"=1   
"EnableSIHostIntegration"=1   
"ForceUnlockLogon"=0   
"LegalNoticeCaption"=   
"LegalNoticeText"=   
"PasswordExpiryWarning"=5   
"PowerdownAfterShutdown"=0   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"ReportBootOk"=1   
"Shell"=explorer.exe   
"ShellCritical"=0   
"ShellInfrastructure"=sihost.exe   
"SiHostCritical"=0   
"SiHostReadyTimeOut"=0   
"SiHostRestartCountLimit"=0   
"SiHostRestartTimeGap"=0   
"VMApplet"=SystemPropertiesPerformance.exe /pagefile   
"WinStationsDisabled"=0   
"scremoveoption"=0   
"LastLogOffEndTimePerfCounter"=456342174103   
"ShutdownFlags"=2147483687   
"Userinit"=C:\Windows\system32\userinit.exe,   
"DisableCad"=1   
"DisableLockWorkstation"=0   
"AutoAdminLogon"=1   
"DefaultDomainName"=DESKTOP-GVI7Q33   
"DefaultUserName"=theos   
"EnableFirstLogonAnimation"=1   
"AutoLogonSID"=S-1-5-21-3426726900-1680016901-4063642811-1001   
"LastUsedUsername"=theos   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultDomainName"=   
"DefaultUserName"=   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"Shell"=explorer.exe   
"ShellCritical"=0   
"SiHostCritical"=0   
"SiHostReadyTimeOut"=0   
"SiHostRestartCountLimit"=0   
"SiHostRestartTimeGap"=0   


---------- | Associations

[HKLM\Software\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\Classes\.com]
""=comfile   

[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.reg]
""=regfile   

[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\Classes\.scr]
""=scrfile   

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\Classes\.bat]
""=batfile   

[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.cmd]
""=cmdfile   

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.pif]
""=piffile   

[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.inf]
""=inffile   

[HKLM\Software\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\Classes\.url]
""=InternetShortcut   

[HKLM\Software\Classes\.lnk]
""=lnkfile   

[HKLM\Software\Classes\.hta]
""=htafile   
"Content Type"=application/hta   
"PerceivedType"=text   

[HKLM\Software\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*   

[HKLM\Software\Classes\InternetShortcut]
"EditFlags"=2   
"FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"NeverShowExt"=   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   
""=Raccourci Internet   

[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest   
"BrowserFlags"=4096   
"EditFlags"=4259840   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200   

[HKLM\Software\Classes\Application.Reference]
""=Application Reference   
"EditFlags"=131072   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201   
"IsShortcut"=   
"NeverShowExt"=   

[HKLM\Software\Classes\Folder]
""=Folder   
"AppUserModelID"=Microsoft.Windows.Explorer   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeLayoutPatternForSearch"=alpha   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus   

[HKLM\Software\WOW6432Node\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.com]
""=comfile   

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.reg]
""=regfile   

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\WOW6432Node\Classes\.scr]
""=scrfile   

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\WOW6432Node\Classes\.bat]
""=batfile   

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.cmd]
""=cmdfile   

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.pif]
""=piffile   

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.inf]
""=inffile   

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\WOW6432Node\Classes\.url]
""=InternetShortcut   

[HKLM\Software\WOW6432Node\Classes\.lnk]
""=lnkfile   

[HKLM\Software\WOW6432Node\Classes\.hta]
""=htafile   
"Content Type"=application/hta   
"PerceivedType"=text   

[HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*   

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
"EditFlags"=2   
"FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"NeverShowExt"=   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   
""=Raccourci Internet   

[HKLM\Software\WOW6432Node\Classes\Application.Manifest]
""=Application Manifest   
"BrowserFlags"=4096   
"EditFlags"=4259840   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200   

[HKLM\Software\WOW6432Node\Classes\Application.Reference]
""=Application Reference   
"EditFlags"=131072   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201   
"IsShortcut"=   
"NeverShowExt"=   

[HKLM\Software\WOW6432Node\Classes\Folder]
""=Folder   
"AppUserModelID"=Microsoft.Windows.Explorer   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeLayoutPatternForSearch"=alpha   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus   

[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Clients\StartMenuInternet\Opera GXStable\Shell\open\Command]
""="C:\Users\theos\AppData\Local\Programs\Opera GX\Launcher.exe"   
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Clients\StartMenuInternet\Opera GXStable\InstallInfo]
"ReinstallCommand"="C:\Users\theos\AppData\Local\Programs\Opera GX\Launcher.exe" --makedefaultbrowser

[HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"   
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe   [07/12/2019 16:51:18]
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\Clients\StartMenuInternet\Microsoft Edge\Shell\open\Command]
""="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"   
[HKLM\Software\Clients\StartMenuInternet\Microsoft Edge\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --make-default-browser

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe   [07/12/2019 16:51:18]
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Microsoft Edge\Shell\open\Command]
""="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Microsoft Edge\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --make-default-browser


---------- | AppcompatFlags

[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe"=32
"C:\Users\theos\AppData\Local\Programs\Opera GX\Launcher.exe"=32
"C:\Users\theos\AppData\Local\Temp\Rar$EXa9276.44185\Install_Win10_10042_06222020\AutoInst.exe"=1
"C:\Users\theos\AppData\Local\Temp\Rar$EXa9276.44185\Install_Win10_10042_06222020\setup.exe"=1
"C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe"=33
"C:\Program Files (x86)\Realtek\NICDRV_8169\RTINSTALLER64.EXE"=1

[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files\XtremeTuner\Xtreme Tuner.exe"=0x5341435001000000000000000700000028000000006866000000000001000000000000000000000A71220000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000197B7C03000000000900000009000000
"C:\Program Files\CPUID\HWMonitor\HWMonitor.exe"=0x534143500100000000000000070000002800000090FA250026ED260001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000A75C8E01000000000B0000000B000000
"C:\Program Files\Java\jre1.8.0_231\bin\javaw.exe"=0x5341435001000000000000000700000028000000382E03003C00040001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000D5350000000000000200000002000000
"C:\Program Files\WinRAR\WinRAR.exe"=0x5341435001000000000000000700000028000000C8052400A80A240001000000000000000000000A0021000050BB64EDDDACD501000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000000000000000000000000000000000000007513F705000000004E0000004E000000
"C:\Program Files (x86)\Steam\bin\steamservice.exe"=0x5341435001000000000000000700000028000000D03B1A00952D1B0001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000040000000000000000000000000000000001ECE0000000000000200000002000000
"C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\skse64_loader.exe"=0x5341435001000000000000000700000028000000000E03000000000001000000000000000000000A73220000631F6E6F0EDED4010000000000000000020000005000000000000000200000600000000000000000000000000000000008DCC60100000000280000002800000000000000000000000000000000000000000000000000000029867300000000001300000000000000
"D:\Steam\steamapps\common\Assassin's Creed - Odyssey\ACOdyssey.exe"=0x5341435001000000000000000500000010000000000000000000000000000000200000000700000028000000C8C60811682A091101000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000002000006000000000000000000000000000000000F9A22700000000000900000009000000
"C:\Program Files\Rockstar Games\Launcher\Redistributables\SocialClub\Social-Club-Setup.exe"=0x534143500100000000000000070000002800000060DEBB051F14BC0501000000000000000000010671000000631F6E6F0EDED40100000000000000000200000028000000000000000008004000000000000000000000000000000000DA220000000000000100000001000000
"D:\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe"=0x5341435001000000000000000700000028000000084C0E0094040F0001000000000000000000000A71200000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000EAD32400000000000100000001000000
"C:\Users\theos\AppData\Local\Apps\2.0\XQ5Y4W5M.MME\JOVPOZ6K.8VG\rdas..tion_a8eee8aa09b0c4a7_0001.0000_b5dcbc36344ae0c6\rdassistant.exe"=0x5341435001000000000000000700000028000000900B0800182C080001000000000000000000000A00210000631F6E6F0EDED4010000000000000000
"D:\Steam\steamapps\common\Call of Duty Modern Warfare\Modern Warfare Launcher.exe"=0x5341435001000000000000000700000028000000A0D64B0097A14C0001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000080000000000000000000000000000000000000006E3E7005000000005400000054000000
"SIGN.MEDIA=834C8CD1 setup.exe"=0x5341435001000000000000000700000028000000FCC40C000000000001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000055884600000000000100000001000000
"D:\Steam\steamapps\common\Diablo III\Diablo III Launcher.exe"=0x5341435001000000000000000700000028000000E8414A00ACBB4A0001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000080000000000000000000000000000000000000001FEC1500000000000100000001000000
"SIGN.MEDIA=994C675C setup.exe"=0x534143500100000000000000070000002800000000D044000000000001000000000000000000000A71220000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000043A60000000000000100000001000000
"SIGN.MEDIA=AAB63932 Setup.exe"=0x5341435001000000000000000700000028000000CE1EC4000000000001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000090B50100000000000100000001000000
"C:\Program Files (x86)\Deluge\deluge.exe"=0x534143500100000000000000070000002800000000880000B43200000100000000000000000003067102000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000027B29B00000000000E0000000E000000
"D:\Games\The Witcher 3 - Wild Hunt\bin\x64\witcher3.exe"=0x53414350010000000000000007000000280000005004C60241ADC60201000000000000000000000A00210000631F6E6F0EDED40100000000000000000500000010000000000000000000000000000000200000000200000028000000000000002000006000000000000000000000000000000000A5B89A00000000001400000014000000
"SIGN.MEDIA=3DFBB979 Win64\Setup.exe"=0x53414350010000000000000007000000280000003FA8E6000000000001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000AB290100000000000100000001000000
"SIGN.MEDIA=16D90378 setup.exe"=0x5341435001000000000000000700000028000000021140000000000001000000000000000000010600010000631F6E6F0EDED4010000000000000000020000002800000000000000000000400000000000000000000000000000000013A80E00000000000100000001000000
"D:\Games\Nexus Mod Manager\Modds\The Witcher 3 Mod Manager-2678-0-7-11-1571758907\TheWitcher3ModManager.exe"=0x5341435001000000000000000700000028000000008A00000000000001000000000000000000000A73220000631F6E6F0EDED40100000000000000000500000010000000000000000000000000000000000000000200000050000000000000000000004000000000000000000000000000000000C8BD0200000000000100000001000000000000000000000000000000000000000000000000000000A0CD0000000000000300000000000000
"SIGN.MEDIA=8845B07C mSetup.exe"=0x534143500100000000000000070000002800000069972B000000000001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000004AA00600000000000100000001000000
"D:\Games\Subnautica\scoped_dir7000_308545004\InternetsLIVE H2.0 Vibrant Subnautica Shader Installer DX11 v2-1-2-00.exe"=0x5341435001000000000000000700000028000000F3A413000000000001000000000000000000000A00210000631F6E6F0EDED40100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000D51B0000000000000100000001000000
"D:\Games\Subnautica\InternetsLIVE H2.0 Vibrant Subnautica Shader Installer DX11 v2-1-2-00.exe"=0x5341435001000000000000000700000028000000F3A413000000000001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000F93C0000000000000100000001000000
"D:\Games\Subnautica\Subnautica.exe"=0x534143500100000000000000070000002800000000EE09000000000001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000001000000000000000000000000000000000A8E03200000000000500000005000000
"C:\Games\The Sims 4\Language\language-changer.exe"=0x534143500100000000000000070000002800000000720E0024F40E0001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000663B5500000000000100000001000000
"C:\Games\The Sims 4\Game\Bin\TS4_x64.exe"=0x53414350010000000000000007000000280000000074DE01FEE9DE0101000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000200000600000000000000000000000000000000018369300000000000800000008000000
"C:\Program Files (x86)\GameforgeClient\gfclient.exe"=0x5341435001000000000000000700000028000000A0303600AE39360001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000729E0401000000000200000002000000
"SIGN.MEDIA=B56F24B4 FF7_v1.0.5.exe"=0x5341435001000000000000000700000028000000D003080084E0080001000000000000000000010600210000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000007C500100000000000100000001000000
"C:\Users\theos\AppData\Local\Citra\canary-mingw\citra-qt.exe"=0x5341435001000000000000000700000028000000C059E501F09DE50101000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000DD185501000000000900000009000000
"D:\Games\#Emulation\PCSX2 1.4.0\pcsx2.exe"=0x534143500100000000000000070000002800000000AA8B000000000001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000B50C1D00000000000500000005000000
"D:\Games\#Emulation\ePsxe\ePSXe.exe"=0x5341435001000000000000000700000028000000008213000000000001000000000000000000000A71200000631F6E6F0EDED40100000000000000000500000010000000000000000000000000000000000000000200000050000000000000000000000000000200000000000000000000000000C81947000000000008000000030000000000000000000040000000000000000000000000000000004D6C0200000000000100000000000000
"C:\Users\theos\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\GeForceNOW.exe"=0x534143500100000000000000070000002800000068963200A0A0320001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000AF49BE00000000000200000002000000
"D:\Games\Two Point Hospital\TPH.exe"=0x534143500100000000000000070000002800000000EE09000000000001000000000000000000000A00210000631F6E6F0EDED40100000000000000000500000010000000000000000000000000000000200000000200000028000000000000002000006000000000000000000000000000000000EF0A2700000000000100000001000000
"C:\Program Files (x86)\Common Files\Overwolf\0.142.0.22\OverwolfHelper.exe"=0x534143500100000000000000070000002800000048E90100882D020001000000000000000000000A71220000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000E9D88801000000000300000003000000
"C:\Program Files (x86)\Common Files\Overwolf\0.142.0.22\OverwolfHelper64.exe"=0x5341435001000000000000000700000028000000482D02007EA5020001000000000000000000000A73220000631F6E6F0EDED401000000000000000002000000280000000000000000000040000000000000000000000000000000007BD88801000000000300000003000000
"C:\Users\theos\AppData\Local\Discord\Update.exe"=0x53414350010000000000000005000000100000000000000000000000000000000000000006000000080000001000000000000000070000002800000038211700455D170001000000000000000000000A7522000050BB64EDDDACD50100000000000000000200000078000000000000000000000014000000000000000000000000000000E00F230400000000140000000B000000000000000000004010000000000000000000000000000000DC050000000000000100000000000000000000002000006014000000000000000000000000000000BB47D302000000001500000000000000
"C:\Users\theos\AppData\Roaming\Twitch\Bin\Twitch.exe"=0x5341435001000000000000000700000028000000900313009CB2130001000000000000000000000A0021000050BB64EDDDACD5010000000000000000
"SIGN.MEDIA=28C6B12B mSetup.exe"=0x534143500100000000000000070000002800000099E00C000000000001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000023170D00000000000100000001000000
"SIGN.MEDIA=12F320B OInstall.exe"=0x534143500100000000000000070000002800000058999700D41E980001000000000000000000000A71220000631F6E6F0EDED4010000000000000000020000002800000000000000000000400000000000000000000000000000000095810300000000000100000001000000
"C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe"=0x534143500100000000000000070000002800000018157101DBDE710101000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000814BA501000000000100000001000000
"D:\Games\Halo The Master Chief Collection\MCC\Binaries\Win64\MCC-Win64-Shipping.exe"=0x5341435001000000000000000700000028000000A88F8C031BDA8C0301000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000003FF51000000000000500000005000000
"C:\Program Files (x86)\Project64 2.3\Project64.exe"=0x5341435001000000000000000700000028000000981215005C14150001000000000000000000000A71220000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000099420600000000000200000002000000
"SIGN.MEDIA=7D55EA52 setup.exe"=0x53414350010000000000000007000000280000003B250A000000000001000000000000000000010600010000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000D07A0600000000000100000001000000
"D:\Games\Sonic Adventure 2\redist\Directx\DXSETUP.exe"=0x53414350010000000000000007000000280000005833080061B8080001000000000000000000010671020000631F6E6F0EDED4010000000000000000020000002800000000000000000000400000000000000000000000000000000080040100000000000300000003000000
"SIGN.MEDIA=5F2858B4 setup.exe"=0x5341435001000000000000000700000028000000F71040000000000001000000000000000000010600010000631F6E6F0EDED401000000000000000002000000280000000000000000000040000000000000000000000000000000007ECC3000000000000100000001000000
"D:\Games\Sonic Adventure 2\sonic2app.exe"=0x5341435001000000000000000700000028000000002445010000000001000000000000000000010671020000631F6E6F0EDED40100000000000000000200000028000000000000000000000010100000000000000000000000000000896A0500000000000400000004000000
"D:\Games\Sonic Adventure 2\Launcher.exe"=0x534143500100000000000000070000002800000000BE1C005A681D0001000000000000000000010671020000631F6E6F0EDED40100000000000000000200000028000000000000008000000010100000000000000000000000000000EB864A00000000000800000008000000
"D:\Games\DOOM Eternal\DOOMEternalx64vk.exe"=0x534143500100000000000000070000002800000000382404A497240401000000000000000000000A73200000631F6E6F0EDED401000000000000000002000000280000000000000020000060000000000000000000000000000000008A790900000000000400000004000000
"C:\Users\theos\Desktop\DS4Updater.exe"=0x534143500100000000000000070000002800000000C208000000000001000000000000000000000A75220000631F6E6F0EDED40100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000D2C60500000000000200000002000000
"C:\Users\theos\Desktop\DS4Windows.exe"=0x5341435001000000000000000700000028000000005830000000000001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000007D535001000000000800000008000000
"C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe"=0x5341435001000000000000000700000028000000589E30001BBC300001000000000000000000000A71220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000DFBA5102000000000100000001000000
"D:\Bibliotèque\Downloads\scoped_dir9368_1910379733\osu!.exe"=0x534143500100000000000000070000002800000080D44200934D430001000000000000000000030600010000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000002DD4500000000004900000049000000
"C:\Program Files\Pentablet\PenTablet.exe"=0x5341435001000000000000000700000028000000E02D3200DB64320001000000000000000000000A73220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000DA4C1000000000000200000002000000
"C:\Program Files\CrystalDiskMark7\DiskMark64.exe"=0x534143500100000000000000070000002800000038442C00664A2C0001000000000000000000000A0021000050BB64EDDDACD501000000000000000002000000500000000000000000000000000000000000000000000000000000007784090000000000090000000400000000000000000000400000000000000000000000000000000093BB1300000000000400000000000000
"C:\Program Files\CrystalDiskInfo\DiskInfo64.exe"=0x534143500100000000000000070000002800000038C049001F784A0001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000400000000000000000000000000000000034200B00000000000800000008000000
"C:\Program Files (x86)\Corsair SSD Toolbox\CSSDT.exe"=0x534143500100000000000000070000002800000028D2A7009C4AA80001000000000000000000000A71220000631F6E6F0EDED40100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000EA160200000000000300000003000000
"SIGN.MEDIA=E2CC5713 setup.exe"=0x534143500100000000000000070000002800000069040C000000000001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000D2990600000000000100000001000000
"C:\Program Files\GamingOSD\GamingOSD.exe"=0x5341435001000000000000000700000028000000F8072A00EE032B0001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000040000000000000000000000000000000007D9AE804000000000200000002000000
"C:\Program Files (x86)\InstallShield Installation Information\{11E14722-1213-4021-AD72-32252315CB8B}\setup.exe"=0x5341435001000000000000000700000028000000603009000000000001000000000000000000000671020000631F6E6F0EDED4010000000000000000
"C:\Program Files (x86)\Perfect IP Camera Recorder\ipcrecorder.exe"=0x5341435001000000000000000700000028000000005466000000000001000000000000000000000A71220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000CFCA0400000000000300000003000000
"C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayService.exe"=0x5341435001000000000000000700000028000000407B60003482600001000000000000000000000A71220000631F6E6F0EDED4010000000000000000020000005000000000000000800000000000000000000000000000000000000009160000000000000200000002000000000000008000004000000000000000000000000000000000EE020000000000000100000000000000
"C:\Program Files (x86)\WinDirStat\windirstat.exe"=0x534143500100000000000000070000002800000000F009000000000001000000000000000000010571200000631F6E6F0EDED4010000000000000000020000002800000000000000000000000004000000000000000000000000000004EF1E01000000000300000003000000
"C:\Program Files\VideoLAN\VLC\vlc.exe"=0x5341435001000000000000000700000028000000C80A0F00C3970F0001000000000000000000000600010000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000D1EC0000000000000800000008000000
"D:\Games\[FR]Undertale\UNDERTALE.exe"=0x5341435001000000000000000700000028000000002A3A00A77D3B0001000000000000000000000A71220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000FFA81100000000000D0000000D000000
"D:\Games\7th Heaven\7th Heaven.exe"=0x534143500100000000000000070000002800000000B843000000000001000000000000000000000A65220000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000F94B1303000000000E0000000E000000
"C:\Program Files (x86)\LOOT\LOOT.exe"=0x5341435001000000000000000700000028000000003E1D009E1E1E0001000000000000000000000A71220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000D76E0000000000000100000001000000
"C:\Users\theos\eclipse\java-2020-03\eclipse\eclipse.exe"=0x5341435001000000000000000700000028000000087A0600510D070001000000000000000000000A73200000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000153B0000000000000100000001000000
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe"=0x534143500100000000000000070000002800000020442400EE14250001000000000000000000000A73220000631F6E6F0EDED401000000000000000002000000280000000000000000000040000000000000000000000000000000002F000000000000000200000002000000
"C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe"=0x534143500100000000000000070000002800000048B31A00557A1B0001000000000000000000000A73220000631F6E6F0EDED40100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000004000000000000000000000000000000DC432704000000000100000001000000
"C:\Program Files\Windows Photo Viewer\ImagingDevices.exe"=0x5341435001000000000000000700000028000000987E010099FF010001000000010000000000000A63220000631F6E6F0EDED4010000000000000000
"D:\Steam\steamapps\common\FINAL FANTASY VII\FF7_GameConverter_7H.exe"=0x5341435001000000000000000700000028000000A1980E030000000001000000000000000000000671020000631F6E6F0EDED40100000000000000000200000050000000000000000000004000000000000000000000000000000000FE2A02000000000001000000010000000000000000000000000000000000000000000000000000008B2A0000000000000100000000000000
"C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe"=0x5341435001000000000000000700000028000000F0EF0B00895F0C0001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000172F0500000000000500000005000000
"C:\Program Files\XtremeTuner\UNWISE.EXE"=0x5341435001000000000000000700000028000000005602000000000001000000000000000000010571200000631F6E6F0EDED4010000000000000000
"D:\Bibliotèque\Downloads\MicrosoftEdgeSetup.exe"=0x5341435001000000000000000700000028000000F0D41B00CF151C0001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000349E0000000000000100000001000000
"SIGN.MEDIA=91FBCD6D setup.exe"=0x5341435001000000000000000700000028000000E21440000000000001000000000000000000010600010000631F6E6F0EDED4010000000000000000020000002800000000000000000000400000000200000000000000000000000030F45300000000000100000001000000
"D:\Games\WWE 2K19\WWE2K19_x64.exe"=0x5341435001000000000000000700000028000000D0866E02992A6C0201000000000000000000000A73220000631F6E6F0EDED4010000000000000000020000002800000000000000200400600000000000000000000000000000000030CCC400000000000600000006000000
"D:\Bibliotèque\Downloads\ACNHDesignPatternEditor0.9.3p1-WinX64\AC NH Design Pattern Editor.exe"=0x534143500100000000000000070000002800000000EE09000000000001000000000000000000000A00210000631F6E6F0EDED4010000000000000000050000001000000000000000000000000000000000000000020000005000000000000000000000000000000000000000000000000000000001E50A00000000000300000003000000000000000000004000000000000000000000000000000000FACD0100000000000100000000000000
"D:\Bibliotèque\Downloads\scoped_dir9876_1731755267\cpu-z_1.92-en.exe"=0x5341435001000000000000000700000028000000702E1D00CDE41D0001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000000A1B0000000000000100000001000000
"C:\Program Files\CPUID\CPU-Z\cpuz.exe"=0x534143500100000000000000070000002800000020CB3D0013573E0001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000400000000000000000000000000000000002BD0100000000000600000006000000
"C:\Program Files\CPUID\CPU-Z\unins000.exe"=0x5341435001000000000000000700000028000000A5260B000000000001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000075CF0000000000000100000001000000
"C:\Users\theos\AppData\Local\Overwolf\Extensions\pcnlobdgkiciplpfkdjojjpekblebkabkphkoafo\1.0.31\downloads\rdt-setup-1588662850290.exe"=0x5341435001000000000000000700000028000000E8E8480042A1490001000000000000000000030600010000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000020050000000000000100000001000000
"C:\Program Files\Black Tree Gaming Ltd\Vortex\Vortex.exe"=0x534143500100000000000000070000002800000070817D0523FD7D0501000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000D8250000000000000100000001000000
"C:\Program Files\Nexus Mod Manager\NexusClient.exe"=0x534143500100000000000000070000002800000000EE34000000000001000000000000000000000A75220000631F6E6F0EDED40100000000000000000200000028000000000000002000006000000000000000000000000000000000DC6CBD00000000000300000003000000
"D:\Steam\steamapps\common\Fallout 4\f4se_loader.exe"=0x5341435001000000000000000700000028000000008802000000000001000000000000000000000A73220000631F6E6F0EDED40100000000000000000200000028000000000000002000006000000000000000000000000000000000B1452800000000001000000010000000
"D:\Bibliotèque\Downloads\PDFCreator-4_0_4-Setup.exe"=0x5341435001000000000000000700000028000000B8A5F9012446FA0101000000000000000000000A65220000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000FE4A0100000000000100000001000000
"C:\Program Files\PDFCreator\PDFCreator.exe"=0x534143500100000000000000070000002800000018600100ECF9010001000000000000000000000A75220000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000001A694200000000000200000002000000
"C:\Program Files\PDF Architect 7\architect.exe"=0x5341435001000000000000000700000028000000286F34007B3B350001000000000000000000030600010000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000096010000000000000200000002000000
"C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe"=0x5341435001000000000000000700000028000000004824004DDF240001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000DC63E600000000000200000002000000
"D:\Cities - Skylines [FitGirl Repack]\setup.exe"=0x5341435001000000000000000700000028000000553857000000000001000000000000000000010600010000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000AA920A00000000000100000001000000
"SIGN.MEDIA=30F3199C setup.exe"=0x5341435001000000000000000700000028000000377124000000000001000000000000000000030600010000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000A5870200000000000100000001000000
"D:\Games\Cuphead\Cuphead.exe"=0x534143500100000000000000070000002800000000C209000000000001000000000000000000000A00210000631F6E6F0EDED40100000000000000000500000010000000000000000000000000000000200000000200000028000000000000002000006000000000000000000000000000000000451F0C00000000000100000001000000
"C:\ProgramData\NVIDIA Corporation\Downloader\c15894515e933d7ad026c4344ec1c99d\GeForce_Experience_Update_v3.20.3.63_Official_09BF92.exe"=0x5341435001000000000000000700000028000000A80954075DE2540701000000000000000000020600010000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000061EF0000000000000100000001000000
"C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe"=0x5341435001000000000000000700000028000000E8650300ADCB030001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000080000000000000000000000000000000000000008C7CF201000000000400000004000000
"D:\Street Fighter V - Champion Edition [FitGirl Repack]\setup.exe"=0x5341435001000000000000000700000028000000D57472000000000001000000000000000000010600010000631F6E6F0EDED4010000000000000000
"C:\Users\theos\AppData\Local\Discord\app-0.0.306\Discord.exe"=0x534143500100000000000000070000002800000038CD6B05227D6C0501000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000B1140000000000000200000002000000
"C:\Users\theos\AppData\Local\Microsoft\OneDrive\20.084.0426.0006\FileSyncConfig.exe"=0x534143500100000000000000070000002800000068AD05007110060001000000000000000000000A00210000631F6E6F0EDED4010000000100000000
"D:\Games\Street Fighter V - Champion Edition\StreetFighterV.exe"=0x5341435001000000000000000700000028000000A0AC020053E7020001000000000000000000000A73200000631F6E6F0EDED40100000000000000000200000028000000000000002000007000000000000000000000000000000000910E0B00000000000400000004000000
"D:\Games\Golf It!\GolfIt.exe"=0x534143500100000000000000070000002800000000E20200EFD6030001000000000000000000000A73200000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000005D720100000000000300000003000000
"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe"=0x534143500100000000000000070000002800000070BB7605293F770501000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000010000000000000000000000000000000005F050000000000000300000003000000
"D:\Games\Cities - Skylines\Cities.exe"=0x5341435001000000000000000700000028000000008E5C010000000001000000000000000000000A00210000631F6E6F0EDED4010000000000000000
"D:\Bibliotèque\Downloads\scoped_dir14384_1263252278\FiveM.exe"=0x5341435001000000000000000700000028000000008E5C000000000001000000000000000000000A00210000631F6E6F0EDED4010000000000000000
"D:\CCleaner Pro Portable 5.67.7763 (Windows)\CCleaner64.exe"=0x5341435001000000000000000700000028000000B89CBB01EBD7BB0101000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000B5F10300000000000100000001000000
"C:\Program Files (x86)\Audacity\unins000.exe"=0x5341435001000000000000000700000028000000432015000000000001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000960E0000000000000100000001000000
"C:\Program Files\WhoCrashed\WhoCrashedEx.exe"=0x534143500100000000000000020000002800000000000000000000400000000000000000000000000000000053EC0A00000000000500000005000000070000002800000090109400B47F940001000000000000000000000A0021000050BB64EDDDACD5010000000000000000
"C:\Users\theos\AppData\Local\Programs\Opera GX\68.0.3618.142\opera.exe"=0x534143500100000000000000070000002800000018C60F00C9A8100001000000000000000000000A00210000631F6E6F0EDED4010000000000000000
"C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.4\Lightshot.exe"=0x5341435001000000000000000700000028000000A89F0700695F080001000000000000000000000A00210000631F6E6F0EDED4010000000000000000
"D:\Games\RisesAndFall\Rise And Fall Civilizations At War.exe"=0x5341435001000000000000000700000028000000003E00000000000001000000000000000000000651000000631F6E6F0EDED401000000000000000002000000500000000000010600000020000000000000000000000000000000006BA12C000000000002000000020000000000000000000000001000000000000000000000000000009E870000000000000100000000000000
"C:\Users\theos\Desktop\ryujinx\Ryujinx.exe"=0x5341435001000000000000000700000028000000005204000000000001000000000000000000000A7322000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000AF153700000000001100000011000000
"SIGN.MEDIA=F5CDF5FD setup.exe"=0x534143500100000000000000070000002800000000C616000000000001000000000000000000030600010000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000C093D000000000000200000002000000
"C:\Users\theos\AppData\Local\Microsoft\OneDrive\20.103.0521.0002\FileSyncConfig.exe"=0x534143500100000000000000070000002800000078FF0500C936060001000000000000000000000A00210000631F6E6F0EDED4010000000100000000
"C:\ProgramData\Package Cache\{df5d5811-d198-4ff7-901d-995c7ffa2e94}\Intel-Driver-and-Support-Assistant-Installer.exe"=0x534143500100000000000000070000002800000050830D00EDA20D0003000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000ACB10000000000000100000001000000
"C:\Program Files (x86)\Microsoft\Skype for Desktop\unins000.exe"=0x53414350010000000000000007000000280000007893160040B6160003000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000770E0000000000000100000001000000
"D:\Games\Halo The Master Chief Collection\Uninstall\unins000.exe"=0x5341435001000000000000000700000028000000692014000000000003000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000069200000000000000100000001000000
"C:\Program Files (x86)\LOOT\unins000.exe"=0x5341435001000000000000000700000028000000C93913000000000003000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000030120000000000000100000001000000
"C:\Users\theos\AppData\Local\RDT\Update.exe"=0x534143500100000000000000070000002800000000E01B000000000003000000000000000000000A00210000631F6E6F0EDED4010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000000000000000000000000000000000000058010000000000000100000001000000
"C:\Program Files\Parsec\uninstall.exe"=0x534143500100000000000000070000002800000089670200EBBDA00003000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000068130000000000000100000001000000
"C:\Program Files (x86)\Xvid\uninstall.exe"=0x53414350010000000000000007000000280000005EAD3E00714CB50003000000000000000000030600010000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000AF580000000000000100000001000000
"D:\Games\Planet Coaster\PlanetCoaster.exe"=0x534143500100000000000000070000002800000000A8CB090000000001000000000000000000000A73200000631F6E6F0EDED401000000000000000002000000280000000000000020000060000000000000000000000000000000004784F001000000000200000002000000
"SIGN.MEDIA=8336531F setup.exe"=0x534143500100000000000000070000002800000000E014000000000001000000000000000000030600010000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000061621100000000000100000001000000
"D:\Games\Far Cry Primal\bin\FCPrimal.exe"=0x5341435001000000000000000700000028000000A84E49076C4C4A0701000000000000000000000A73220000631F6E6F0EDED401000000000000000002000000280000000000000020000070000000000000000000000000000000009B307200000000000100000001000000
"D:\Games\SpongeBob SquarePants Battle for Bikini Bottom - Rehydrated\SpongeBob_BFBB_R.exe"=0x534143500100000000000000070000002800000000240400C507030001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000034774500000000000200000002000000
"C:\Users\theos\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x534143500100000000000000070000002800000070A93302DF54340201000000000000000000000A00210000631F6E6F0EDED4010000000100000000
"C:\Users\theos\AppData\Local\Microsoft\OneDrive\20.114.0607.0001\FileSyncConfig.exe"=0x534143500100000000000000070000002800000068FF0500602A060001000000000000000000000A00210000631F6E6F0EDED4010000000100000000
"C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE"=0x5341435001000000000000000700000028000000380184032CD3840301000000000000000000000A00210000631F6E6F0EDED4010000000100000000
"SIGN.MEDIA=70468DE7 setup.exe"=0x5341435001000000000000000700000028000000358070000000000001000000000000000000010600010000631F6E6F0EDED401000000000000000002000000280000000000000000000040000000000000000000000000000000003B081100000000000100000001000000
"D:\Dragon Ball Z Kakarot by xatab\setup.exe"=0x53414350010000000000000007000000280000005AE442000000000001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000D5851800000000000100000001000000
"D:\Games\Dragon Ball Z Kakarot\AT.exe"=0x5341435001000000000000000500000010000000000000000000000000000000200000000700000028000000D09A090078C2030001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000200000600000000000000000000000000000000052560900000000000300000003000000
"C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe"=0x534143500100000000000000070000002800000098512D00AF302E0001000000000000000000000A0021000050BB64EDDDACD501000000000000000002000000280000000000000080000000000000000000000000000000000000009E260100000000000A0000000A000000
"C:\Users\theos\AppData\Local\Temp\f3df2dc0-579d-4250-882e-c1e30d3a5864\setup.exe"=0x534143500100000000000000070000002800000098D90700E1CE080001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000008000004000000000000000000000000000000000D7390100000000000100000001000000
"D:\Games\Farming Simulator 19 Kverneland and Vicon Equipment Pack\x64\FarmingSimulator2019Game.exe"=0x53414350010000000000000007000000280000006834B500C215B60001000000000000000000000A73220000631F6E6F0EDED4010000000000000000020000002800000000000000200000600000000000000000000000000000000060F90E00000000000100000001000000
"C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"=0x53414350010000000000000007000000280000008851A10041F0A10001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000001DDD0E00000000000100000001000000
"D:\Bibliotèque\Downloads\FL Studio Producer Edition 20.1.1 Build 795 + Patch\FL Studio 20.1.1.795.exe"=0x5341435001000000000000000700000028000000F802E72BCD4EE72B01000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000FBCC0200000000000100000001000000
"D:\Bibliotèque\Downloads\FL Studio Producer Edition 20.1.1 Build 795 + Patch\Patch 20.1.1.exe"=0x534143500100000000000000070000002800000014003A040000000001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000B0770000000000000100000001000000
"C:\Program Files (x86)\Image-Line\FL Studio 20\FL64.exe"=0x5341435001000000000000000700000028000000B85D0400076E040001000000000000000000030600010000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000002BD83900000000000200000002000000
"C:\Users\theos\AppData\Roaming\Spotify\Spotify.exe"=0x5341435001000000000000000700000028000000E850620105E2620101000000000000000000000A0021000050BB64EDDDACD5010000000000000000
"C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe"=0x534143500100000000000000070000002800000040A5DE00C8AEDE0001000000000000000000000A7122000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000006C5D2002000000000400000004000000
"SIGN.MEDIA=38753A48 setup.exe"=0x5341435001000000000000000700000028000000E86C1E000000000001000000000000000000030600010000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000007AAF0000000000000100000001000000
"D:\Games\Game Dev Tycoon\nw.exe"=0x534143500100000000000000070000002800000050AC5902E8E0590201000000000000000000030600010000631F6E6F0EDED4010000000000000000020000002800000000000000200000600000000000000000000000000000000039811000000000000100000001000000
"C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe"=0x534143500100000000000000070000002800000090692A00D77D2A0001000000000000000000000A7122000050BB64EDDDACD5010000000000000000020000002800000000000000800000000000000000000000000000000000000069577905000000000300000003000000
"C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe"=0x53414350010000000000000007000000280000004031070039D7070001000000000000000000000A71220000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000005CAD2300000000000300000003000000
"C:\Program Files\Parsec\parsecd.exe"=0x5341435001000000000000000700000028000000100C060086AD060001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000029010000000000000100000001000000
"D:\Games\The Escapists 22\TheEscapists2.exe"=0x534143500100000000000000070000002800000070C717010000000001000000000000000000000A00210000631F6E6F0EDED40100000000000000000500000010000000000000000000000000000000200000000200000028000000000000002000006000000000000000000000000000000000C3590100000000000200000002000000
"D:\Games\Punch.Club.v1.32.Inclu.AL.DLC\Punch Club.exe"=0x5341435001000000000000000700000028000000003C13010000000001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000AA843504000000000300000003000000
"C:\Program Files (x86)\NordVPN\NordVPN.exe"=0x5341435001000000000000000700000028000000D0251C00F90A1D0001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000B01D5E00000000000100000001000000
"D:\Stardew.Valley.v1.4.5.exe"=0x53414350010000000000000007000000280000004E7B3F170000000001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000010070100000000000100000001000000
"D:\Games\StardewValley\Stardew.Valley.v1.4.5\Stardew Valley.exe"=0x534143500100000000000000070000002800000000223600302F360001000000000000000000000A71200000631F6E6F0EDED40100000000000000000200000028000000000000000000000008000000000000000000000000000000F15E3300000000000100000001000000
"C:\Users\theos\Desktop\ds4\DS4Updater.exe"=0x534143500100000000000000070000002800000000C208000000000001000000000000000000000A75220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000020A0000000000000100000001000000
"C:\Users\theos\Desktop\ds4\DS4Windows.exe"=0x5341435001000000000000000700000028000000005830000000000001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000DFF05400000000000200000002000000
"C:\Program Files (x86)\ZeroTier\One\ZeroTier One.exe"=0x5341435001000000000000000700000028000000F0FB3D008F6A3E0001000000000000000000000A75220000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000054BC8500000000000300000003000000
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe"=0x5341435001000000000000000700000028000000C8E15900B3875A0001000000000000000000000A71220000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000004EE90500000000000100000001000000
"D:\Bibliotèque\Downloads\Portal 2 Complete Edition - CorePack\Setup.exe"=0x53414350010000000000000007000000280000007B6769000000000001000000000000000000010600010000631F6E6F0EDED401000000000000000002000000280000000000000000000040000000000000000000000000000000005F395900000000000100000001000000
"D:\Games\Portal 2 Complete\Portal 2\portal2.exe"=0x5341435001000000000000000700000028000000007A05000000000001000000000000000000030671000000631F6E6F0EDED401000000000000000002000000280000000000000000000090000000000000000000000000000000005D6B0000000000000200000002000000
"D:\Games\Portal 2 Complete\Portal 2\Portal 2 Launcher.exe"=0x5341435001000000000000000700000028000000007606000000000001000000000000000000000A71220000631F6E6F0EDED40100000000000000000200000028000000000000008000000008000000000000000000000000000000D4AE0C00000000000400000004000000
"C:\Windows\SysWOW64\msiexec.exe"=0x534143500100000000000000070000002800000000EA000093EA000003000000010000000000030600010000631F6E6F0EDED4010000000000000000
"C:\Program Files\Streamlabs OBS\Streamlabs OBS.exe"=0x53414350010000000000000007000000280000009065F505AB6FF50501000000000000000000000A00210000631F6E6F0EDED4010000000000000000
"SIGN.MEDIA=AA2EAB29 setup.exe"=0x5341435001000000000000000700000028000000986731000000000001000000000000000000030600010000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000005D4B2500000000000100000001000000
"D:\Games\Dragonica\Patcher.exe"=0x534143500100000000000000070000002800000088590A002C1A0B0001000000000000000000000A71200000631F6E6F0EDED40100000000000000000100000004000000010000000200000050000000000000000008006000000000000000000000000000000000AB3D020000000000020000000200000000000000000800400000200000000000000020000000000006EE0400000000000200000000000000
"C:\Users\theos\AppData\Local\Programs\Opera GX\launcher.exe"=0x5341435001000000000000000700000028000000184416009D6B160001000000000000000000000A0021000050BB64EDDDACD50100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000FC5C0F00000000000400000004000000
"C:\Users\theos\AppData\Local\Microsoft\OneDrive\20.124.0621.0006\FileSyncConfig.exe"=0x534143500100000000000000070000002800000070010600B470060001000000000000000000000A00210000631F6E6F0EDED4010000000100000000
"C:\ProgramData\NVIDIA Corporation\Downloader\21ea54de832929ef1ed36f3fdb9d054a\GeForce_Experience_Update_v3.20.4.14_Official_F8C09F.exe"=0x534143500100000000000000070000002800000060A776074407770701000000000000000000020600010000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000A9A20000000000000100000001000000
"C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe"=0x534143500100000000000000070000002800000038DD09000DC10A0001000000000000000000000A71200000631F6E6F0EDED40100000000000000000200000028000000000000008000000000000000000000000000000000000000D2040000000000000100000001000000
"C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe"=0x5341435001000000000000000700000028000000383F320047BF320001000000000000000000000A0021000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000000A8C0200000000000200000002000000
"C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe"=0x534143500100000000000000070000002800000090FC0300C284040001000000000000000000000A71220000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000C0180500000000000200000002000000
"D:\Games\NosTale(FR)\nostale.exe"=0x5341435001000000000000000700000028000000A0B63300558C340001000000000000000000000A7120000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000DA1AE701000000000B0000000B000000
"C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\windbg.exe"=0x5341435001000000000000000500000010000000000000000000000000000000000000000700000028000000C8CD08004EC5090001000000000000000000000A0021000050BB64EDDDACD501000000C0000000000200000050000000000000000000005000000000000000000000000000000000B5020C00000000000B00000001000000000000000000001000000000000000000000000000000000C2AA0100000000000800000000000000
"C:\ProgramData\NVIDIA Corporation\Downloader\064c43e7ef436aa65e669163cd926991_extracted\setup.exe"=0x5341435001000000000000000700000028000000F0D407004809080001000000000000000000000A00210000631F6E6F0EDED4010000000000000000
"D:\Bibliotèque\Downloads\Mes_Drivers_3.0.4.exe"=0x534143500100000000000000070000002800000078C91800A0D8180001000000000000000000000A71220000631F6E6F0EDED40100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000FD3E0000000000000200000002000000
"C:\Users\theos\AppData\Local\Programs\Opera GX\68.0.3618.197\opera.exe"=0x534143500100000000000000070000002800000018C60F000A1C100001000000000000000000000A00210000631F6E6F0EDED4010000000000000000
"C:\Program Files\AMD\RyzenMaster\bin\AMD Ryzen Master.exe"=0x534143500100000000000000070000002800000000450E00E6010F0001000000000000000000000A73220000631F6E6F0EDED4010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000048D01200000000000200000002000000
"D:\Bibliotèque\Downloads\winsdksetup (1).exe"=0x5341435001000000000000000700000028000000E0AA14008E9A150001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000063070000000000000100000001000000
"D:\Bibliotèque\Downloads\Neon Abyss [GOG]\setup_neon_abyss_1.1.13.12_4_(64bit)_(39746).exe"=0x5341435001000000000000000700000028000000C0EAE013B96FE11301000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000559D0100000000000100000001000000
"D:\Bibliotèque\Downloads\Neon Abyss [GOG]\setup_neon_abyss__the_lovable_rogues_pack_1.1.13.12_4_(64bit)_(39746).exe"=0x534143500100000000000000070000002800000060505F0084CF5F0001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000026B00000000000000100000001000000
"D:\Games\Neon Abyss\NeonAbyss.exe"=0x534143500100000000000000070000002800000000EE09000000000001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000001000002000000000000000000000000000000000186A2A00000000000100000001000000
"C:\Users\theos\AppData\Local\Microsoft\OneDrive\OneDrive.exe"=0x534143500100000000000000070000002800000078131D00F58E1D0001000000000000000000000A0021000050BB64EDDDACD5010000000100000000
"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"=0x534143500100000000000000070000002800000030C71D00B9091E0001000000000000000000000A0021000050BB64EDDDACD5010000000100000000
"D:\Bibliotèque\Downloads\The Binding of Isaac Rebirth v1.05-REVOLUTiONiT\setup.exe"=0x5341435001000000000000000700000028000000E64B0A00000000000100000000000000000003060001000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000D0280100000000000100000001000000
"D:\Games\The Binding of Isaac Rebirth\isaac-ng.exe"=0x5341435001000000000000000700000028000000107C2900FEB6230001000000000000000000000A7122000050BB64EDDDACD501000000000000000002000000500000000000000000000000000000000000000000000000000000003FDF0100000000000100000001000000000000000000004000000000000000000000000000000000F8370000000000000100000000000000
"D:\Games\Doom 2016\DOOMx64.exe"=0x534143500100000000000000070000002800000000EA6D04951D6E0401000000000000000000000A7320000050BB64EDDDACD501000000000000000002000000280000000000000020000060000000000000000000000000000000002F600700000000000100000001000000
"D:\Games\#Emulation\cemu_1.20.0\Cemu.exe"=0x5341435001000000000000000700000028000000008613010000000001000000000000000000000A7322000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000E5AD1000000000000400000004000000
"D:\Games\Getting Over It\GettingOverIt.exe"=0x534143500100000000000000070000002800000000261D010000000001000000000000000000000A0021000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000007C140800000000000200000002000000
"D:\Bibliotèque\Downloads\UserBenchMark.exe"=0x5341435001000000000000000700000028000000090D5900000000000100000000000000000001060001000050BB64EDDDACD5010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000009020C00000000000100000001000000
"C:\Riot Games\Riot Client\RiotClientServices.exe"=0x5341435001000000000000000700000028000000A08A1104F985120401000000000000000000000A7122000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000008DF25900000000001300000013000000
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x5341435001000000000000000700000028000000F0C71B003D721C0001000000000000000000000A0021000050BB64EDDDACD5010000000000000000
"SIGN.MEDIA=5A6D49D6 mSetup.exe"=0x5341435001000000000000000700000028000000D2B30B000000000001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000E5A82700000000000100000001000000
"D:\Games\KovaaK 2 0\FPSAimTrainer.exe"=0x534143500100000000000000070000002800000000C8030026EA030001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000001A70600000000000100000001000000
"D:\Games\Northgard\Northgard.exe"=0x5341435001000000000000000700000028000000007207000000000001000000000000000000000A7322000050BB64EDDDACD5010000000000000000020000002800000000000000000000001000000000000000000000000000000072E64D00000000000400000004000000
"C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2007.9736.0_x64__8wekyb3d8bbwe\Win32Bridge.Server.exe"=0x534143500100000000000000070000002800000000B806000000000001000000000000000000000A7322000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000FE020000000000001100000011000000
"C:\Program Files (x86)\Overwolf\OWUninstaller.exe"=0x5341435001000000000000000700000028000000880D0200B515020001000000000000000000000A0021000050BB64EDDDACD5010000000000000000
"C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe"=0x5341435001000000000000000700000028000000886F1601C821170101000000000000000000000A0021000050BB64EDDDACD5010000000000000000
"C:\Program Files (x86)\Steam\steam.exe"=0x534143500100000000000000070000002800000020893300EF9E330001000000000000000000000A0021000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000001F000000000000000400000004000000
"D:\Games\Banished\Application-steam-x64.exe"=0x5341435001000000000000000700000028000000D06C20000000000001000000000000000000000A7322000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000003C6D0100000000000200000002000000
"D:\Steam\steamapps\common\Portal 2\portal2.exe"=0x5341435001000000000000000700000028000000007A0500000000000100000000000000000003067100000050BB64EDDDACD5010000000000000000020000002800000000000000000000900000000000000000000000000000000054890000000000000100000001000000
"D:\Bibliotèque\Downloads\Windows10-2004-CreationTool.exe"=0x534143500100000000000000070000002800000018102901B88B290101000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000B8974600000000000100000001000000
"C:\Windows10\setup.exe"=0x5341435001000000000000000700000028000000C82101004592010001000000000000000000000A0021000050BB64EDDDACD501000000C100000000
"C:\Program Files\Roberts Space Industries\RSI Launcher\RSI Launcher.exe"=0x534143500100000000000000070000002800000020A308041A97090401000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000020D32400000000000600000006000000
"C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"=0x5341435001000000000000000700000028000000A0B1CC000719CD0001000000000000000000000A7322000050BB64EDDDACD5010000000000000000
"C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe"=0x5341435001000000000000000700000028000000F8D012008AB1130001000000000000000000000A7322000050BB64EDDDACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000BF020000000000000200000002000000
"C:\Users\theos\AppData\Local\Temp\{67D356BD-9DAE-4CCA-984D-5D5A7BA716EA}\{65F0C052-3A4F-4C40-9482-000525E30E3E}.exe"=0x5341435001000000000000000700000028000000B0D14900237F4A0001000000000000000000000A0021000050BB64EDDDACD501000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000000000000000000000000000000000000008B230200000000000100000001000000
"C:\Users\theos\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"=0x534143500100000000000000070000002800000070BB3D02982B3E0201000000000000000000000A0021000050BB64EDDDACD5010000000100000000
"C:\Users\theos\AppData\Local\Microsoft\OneDrive\20.134.0705.0008\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000680D060024A7060001000000000000000000000A0021000050BB64EDDDACD5010000000100000000


---------- | IFEO


---------- | Mountpoints2


---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows   
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"Beep"=#USR:Control Panel\Sound   
"CoolSwitch"=USR:Control Panel\Desktop   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"Beep"=#USR:Control Panel\Sound   
"CoolSwitch"=USR:Control Panel\Desktop   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=132407800486885466

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender
"ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100
"ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000
"RemediationExe"=windowsdefender://
"DisableAntiSpyware"=0
"ProductType"=2
"InstallTime"=0x33514DBFA6C7D501
"InstallLocation"=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\
"ManagedDefenderProductType"=0
"OOBEInstallTime"=0x01173A6E3168D601
"ProductStatus"=0
"DisableAntiVirus"=0
"BackupLocation"=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0
"LastEnabledTime"=0x58CE96A68814D601
"IsServiceRunning"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=1


---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\02294175.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CBDHSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcCtnrSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\02294175.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CBDHSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MsQuic]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NgcCtnrSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NgcSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

---------- | Winsock (Whitelist)


---------- | Hosts


---------- | Ping

Envoi d'une requ?te 'ping' sur google.com [172.217.19.238] avec 32 octets de donn?es?:
R?ponse de 172.217.19.238?: octets=32 temps=8 ms TTL=118
R?ponse de 172.217.19.238?: octets=32 temps=9 ms TTL=118
R?ponse de 172.217.19.238?: octets=32 temps=8 ms TTL=118
R?ponse de 172.217.19.238?: octets=32 temps=9 ms TTL=118

Statistiques Ping pour 172.217.19.238:
    Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%),
Dur?e approximative des boucles en millisecondes :
    Minimum = 8ms, Maximum = 9ms, Moyenne = 8ms

---------- | @

[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Microsoft\Internet Explorer\Main]
"Anchor Underline"=yes
"Cache_Update_Frequency"=yes
"Disable Script Debugger"=yes
"DisableScriptDebuggerIE"=yes
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Local Page"=%11%\blank.htm
"Save_Session_History_On_Exit"=no
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"UseClearType"=no
"XMLHTTP"=1
"Enable Browser Extensions"=yes
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=0x01000000330000001E3AC5A6019CD46DB2E61579444CFBF62196984A921FD2F9AF0BFC3039D7F007C8922940FEF61F5E3EAE709DEEBCE7897BCA26020000000E000000353279336149757145516F253364
"ImageStoreRandomFolder"=01uksiy
"OperationalData"=12
"CompatibilityFlags"=0
"SearchBandMigrationVersion"=1
"FullScreen"=no
"Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2400000024000000D4040000C7020000
"Start Page_TIMESTAMP"=0x51DFA624F2CED501
"IE10RunOncePerInstallCompleted"=1
"IE10RunOnceCompletionTime"=0x1FC5AFD4A6C7D501
"IE10TourShown"=1
"IE10TourShownTime"=0x1FC5AFD4A6C7D501

[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Microsoft\Internet Explorer\TypedURLs]
"url1"=http://go.microsoft.com/fwlink/p/?LinkId=255141

[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"CertificateRevocation"=1
"DisableCachingOfSSLPages"=0
"IE5_UA_Backup_Flag"=5.0
"PrivacyAdvanced"=1
"SecureProtocols"=2688
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"ZonesSecurityUpgrade"=0x30E986932E68D601
"WarnonZoneCrossing"=0
"EnableNegotiate"=1
"MigrateProxy"=1
"ProxyEnable"=0
"LockDatabase"=132311930507261406

[HKLM\Software\Microsoft\Internet Explorer\Main]
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\System32\blank.htm
"Placeholder_Height"=0x1A000000
"Placeholder_Width"=0x1A000000
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Use_Async_DNS"=yes
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1

[HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]
"CallLegacyWCMPolicies"=0

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\SysWOW64\blank.htm
"Placeholder_Height"=0x1A000000
"Placeholder_Width"=0x1A000000
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Use_Async_DNS"=yes
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1

[HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]
"CallLegacyWCMPolicies"=0


---------- | Proxy


---------- | reparsepoint


---------- | Detection of offsets


---------- | Notify 


---------- | Execution FileExts









---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} --  C:\Windows\System32\EhStorShell.dll   [07/12/2019 11:08:52]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81} --  %SystemRoot%\System32\cscui.dll   
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} --     

[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=   


---------- | Toolbar

[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=1   

[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{61E612A7-2382-4570-8D3F-42BC136DDAD7}"=0x00   

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar]
"{61E612A7-2382-4570-8D3F-42BC136DDAD7}"=0x00   

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   


---------- | Extensions

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) -       []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Lync Click to Call) -       []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) -       []

---------- | SearchScopes

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : 

---------- | Browser Helper Objects

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B035CAB-1F3D-4DE6-A32D-39B9E5F456D0}] -> (PDF Architect 7 Helper) : C:\Program Files (x86)\PDF Architect 7\creator\plugins\IEAddin\creator-ie-helper.dll  [07/10/2019 21:05:44]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> () :   
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> () :   
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B035CAB-1F3D-4DE6-A32D-39B9E5F456D0}] -> (PDF Architect 7 Helper) : C:\Program Files (x86)\PDF Architect 7\creator\plugins\IEAddin\creator-ie-helper.dll  [07/10/2019 21:05:44]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> (Skype for Business Browser Helper) : C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll  [31/07/2020 10:55:42]

---------- | Chrome

C:\Users\theos\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\theos\AppData\Local\Google\Chrome\User Data\Default\extensions\aihomhdbhpnpmcnnbckjjcebjoikpihj =  : Google & co -     Universal Bypass - permissions:[alarmsstoragewebRequestwebRequestBlocking\u003Call_urls>] - https://clients2.google.com/service/update2/crx
C:\Users\theos\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\theos\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf =  : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx
C:\Users\theos\AppData\Local\Google\Chrome\User Data\Default\extensions\bfcoihkppmlaldchalnpmolekhkmdoej =  : Google & co - http://ipp-google.innogames.de/?game=staemme&ref=ig_goows - Google & co - [http://www.tribalwars.net/] - https://clients2.google.com/service/update2/crx
C:\Users\theos\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo =  : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\theos\AppData\Local\Google\Chrome\User Data\Default\extensions\canbadmphamemnmdfngmcabnjmjgaiki =  :     Automatically check bans of people you recently played with your friends and group members. -     Ban Checker for Steam - https://clients2.google.com/service/update2/crx
C:\Users\theos\AppData\Local\Google\Chrome\User Data\Default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb =  :     __MSG_description__ -    short_name: __MSG_name__ - permissions:[tabs\u003Call_urls>contextMenuswebRequestwebRequestBlockingwebNavigationstorageunlimitedStoragenotifications] - https://clients2.google.com/service/update2/crx
C:\Users\theos\AppData\Local\Google\Chrome\User Data\Default\extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm =  :     __MSG_extShortDesc__ -    name: uBlock Origin -    short_name: uBlock0 - permissions:[contextMenusprivacystoragetabsunlimitedStoragewebNavigationwebRequestwebRequestBlocking\u003Call_urls>] - https://clients2.google.com/service/update2/crx
C:\Users\theos\AppData\Local\Google\Chrome\User Data\Default\extensions\cmeakgjggjdlcpncigglobpjbkabhmjl =  :     __MSG_extension_description__ -    short_name: SIH - https://clients2.google.com/service/update2/crx
C:\Users\theos\AppData\Local\Google\Chrome\User Data\Default\extensions\ddjkdjlmooeobhagmmadigadffijpoio =  :     Soyez au courant quand votre streameur préféré commence à streamer! -     ZeratoR - https://clients2.google.com/service/update2/crx
C:\Users\theos\AppData\Local\Google\Chrome\User Data\Default\extensions\dggphokdgjikekfiakjcpidcclbmkfga =  :     Years ago YouTube™ hid video tags from view. This extension puts them right back where they used to be. -     Tags for YouTube™ - https://clients2.google.com/service/update2/crx
C:\Users\theos\AppData\Local\Google\Chrome\User Data\Default\extensions\elnpfaoipdfdhikjacbpcfhpnehjjaii =  :     Tenez vous informé de l'heure des streams de Sardoche. -    short_name: Sardalert - https://clients2.google.com/service/update2/crx
C:\Users\theos\AppData\Local\Google\Chrome\User Data\Default\extensions\faccgibalfdoihmenknhpfhldkmgaang =  :     a plug.dj extension -     TastyPlug - https://clients2.google.com/service/update2/crx
C:\Users\theos\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\theos\AppData\Local\Google\Chrome\User Data\Default\extensions\fjifglfkcaipnmhngbigdebkoikioend =  :     See our adjusted rating directly as you shop on Amazon.  Click our icon to open our full review analysis in a new tab. -    short_name: ReviewMeta.com - https://clients2.google.com/service/update2/crx
C:\Users\theos\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi =  :     __MSG_extDesc__ -     __MSG_extName__ - https://clients2.google.com/service/update2/crx
C:\Users\theos\AppData\Local\Google\Chrome\User Data\Default\extensions\iggpfpnahkgpnindfkdncknoldgnccdg =  :     __MSG_extension_description__ -     __MSG_extension_name__ - http://clients2.google.com/service/update2/crx
C:\Users\theos\AppData\Local\Google\Chrome\User Data\Default\extensions\jknkjnpcbbgcbdbaampbjlhkcghmgfhk =  :     __MSG_extension_description__ -    short_name: __MSG_extension_short_name__ - https://clients2.google.com/service/update2/crx
C:\Users\theos\AppData\Local\Google\Chrome\User Data\Default\extensions\mihcahmgecmbnbcchbopgniflfhgnkff =  :     __MSG_gmailcheck_description__ -     __MSG_gmailcheck_name__ - http://clients2.google.com/service/update2/crx
C:\Users\theos\AppData\Local\Google\Chrome\User Data\Default\extensions\nmkinhboiljjkhaknpaeaicmdjhagpep =  :     F.B. Purity cleans up and customises Facebook letting you filter out the junk you dont want to see -    short_name: F.B. Purity - https://clients2.google.com/service/update2/crx
C:\Users\theos\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda =  : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\theos\AppData\Local\Google\Chrome\User Data\Default\extensions\pccplfjdogpbnndhjjbbajhjmaihkcip =  :     Extension navigateur pour le streamer Alderiate -     Alderiate Live - https://clients2.google.com/service/update2/crx
C:\Users\theos\AppData\Local\Google\Chrome\User Data\Default\extensions\pdabfienifkbhoihedcgeogidfmibmhp =  :     __MSG_extDesc__ - https://www.hotcleaner.com/clickclean -     __MSG_extName__ - [https://www.hotcleaner.com/clickclean/] - https://clients2.google.com/service/update2/crx
C:\Users\theos\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia =  : Google & co - https://mail.google.com/mail - Google & co - [*://mail.google.com/mail] - https://clients2.google.com/service/update2/crx
C:\Users\theos\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm =  :     Provider for discovery and services for mirroring of Chrome Media Router -     Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx


---------- | Opera


---------- | Firefox


[HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.231.2] - (Java™ Deployment Toolkit) : C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll
[HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.231.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll
[HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL
[HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL



---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{7c541e51-d617-4c04-b1c9-fc5e521b83d8}]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{a3be8ff8-2b29-4846-922c-c75665300133}]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7c541e51-d617-4c04-b1c9-fc5e521b83d8}]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{a3be8ff8-2b29-4846-922c-c75665300133}]
"DhcpNameServer"=192.168.1.1

---------- | Applications

[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Classes\Applications\opera.exe] : "C:\Users\theos\AppData\Local\Programs\Opera GX\Launcher.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\PDF Architect 7.exe] : "C:\Program Files\PDF Architect 7\architect.exe" --file "%1"
[HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen
[HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\PDF Architect 7.exe] : "C:\Program Files\PDF Architect 7\architect.exe" --file "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

---------- | SvcHost (Whitelist)

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=Power
LSM
BrokerInfrastructure
PlugPlay
DcomLaunch
SystemEventsBroker
DeviceInstall
"rdxgroup"=RetailDemo
"Camera"=FrameS
"LocalServiceNoNetworkFirewall"=BFE
mpssvc
"diagnostics"=DiagSvc
"AarSvcGroup"=AarSvc
"PrintWorkflow"=PrintWorkflowUserSvc
"wusvcs"=WaaSMedicSvc
"BcastDVRUserService"=BcastDVRUserService
"GraphicsPerfSvcGroup"=GraphicsPerfSvc
"autoTimeSvc"=autoTimeSvc
"ClipboardSvcGroup"=cbdhsvc
"BthAppGroup"=BluetoothUserService
"smbsvcs"=lanmanserver
"UdkSvcGroup"=UdkUserSvc
"DevicesFlow"=DeviceAssociationBrokerSvc
DevicesFlowUserSvc
ConsentUxUserSvc
DevicePickerUserSvc
"PeerDist"=PeerDistSvc
"AssignedAccessManagerSvc"=AssignedAccessManagerSvc

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=DcomLaunch
DeviceInstall
"PrintWorkflow"=PrintWorkflowUserSvc
"AarSvcGroup"=AarSvc
"DevicesFlow"=DeviceAssociationBrokerSvc
"smbsvcs"=lanmanserver


---------- | SvcHost - Netsvcs (Whitelist)


---------- | Software

[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\8floor]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\AMD]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Anzu]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\AppDataLow]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\AvastAdSDK]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Bennett Foddy]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Blizzard Entertainment]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\BugSplat]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Chromium]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\CitizenFX]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Clients]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Colossal Order]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Corsair]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Crema]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Datastead]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Discord]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\ElAmigos]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Epic Games]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\epsxe]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Facepunch Studios LTD]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\FiveM]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\FluffyFish]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Gameforge4d]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\GNU]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\GOG.com]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Google]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\GSettings]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Haemimont Games]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Image-Line]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Intel]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\JavaSoft]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\KDiff3]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Khronos]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Landfall]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Lazy Bear Games]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Logitech]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\LumaEmu]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Macromedia]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Malwarebytes]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Microsoft]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Midway Home Entertainment]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Mojang]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Mozilla]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\MSI]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Netscape]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\NoBrakesGames]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\NVIDIA Corporation]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\ODBC]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Opera Software]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\osu!]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Paradox Interactive]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\PCSX2]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\PDF Architect 7]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\PDF Tools AG]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\pdfforge]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Policies]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\PrtScr]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\QtProject]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\RDUtility]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Realtek]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\RegisteredApplications]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Rerl Serv]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Resplendence Sp]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Riot Games]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Rockstar Games]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\SEGA]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Seifert]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Shining Rock Software LLC]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\SoftVoice]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Spotify]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Studio MDHR]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\SyncEngines]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Sysinternals]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Team 17 Digital ltd.]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Terraria]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Twitch Desktop]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Two Point Studios]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Ubisoft]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\UbiSoftCTU]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Unity]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Unknown Worlds]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Unwinder]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Valve]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Veewo]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Voicemod Desktop]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Wastelands Interactive]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\We're Five Games]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\WinRAR]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\WinRAR SFX]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\WixSharp]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Wow6432Node]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\ZHP]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Accessibility]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Active Setup]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\ActiveMovie]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\ActiveSync]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\AppV]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Assistance]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\AuthCookies]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Avalon.Graphics]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Clipboard]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\CommsAPHost]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Connection Manager]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\CTF]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\DeviceDirectory]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\DirectInput]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\DirectX Diagnostic Tool]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Ease of Access]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Edge]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\EdgeUpdate]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\EventSystem]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\F12]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\FamilyStore]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Fax]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Feeds]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\FTP]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\GameBar]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\GameBarApi]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\IdentityCRL]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\IME]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Input]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\InputMethod]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\InputPersonalization]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Installer]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Internet Connection Wizard]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Internet Explorer]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Keyboard]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\LanguageOverlay]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\MediaPlayer]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Messaging]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Microsoft Management Console]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\MicrosoftEdge]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\MobilePC]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\MS Design Tools]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\MSF]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Multimedia]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Narrator]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\NGC]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Notepad]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Office]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\OneDrive]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Osk]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\PeerNet]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Personalization]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Phone]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Pim]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\PlayToReceiver]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Poom]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\PowerShell]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\RAS Phonebook]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Remote Assistance]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\RPM]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\ScreenMagnifier]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Sensors]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Shared]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Shared Tools]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Shell]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Siuf]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\SkyDrive]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Speech]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Speech Virtual]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Speech_OneCore]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Spelling]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\SQMClient]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\SystemCertificates]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\TabletTip]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\TPG]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\UEV]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Unified Store]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Unistore]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\UserData]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\WAB]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\WcmSvc]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\wfs]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Windbg]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Windows]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Windows Defender Security Center]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Windows Kits]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Windows NT]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Windows Script]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Windows Search]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Windows Security Health]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\Wisp]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\XboxLive]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Microsoft\Windows\AssignedAccessConfiguration]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Microsoft\Windows\Winlogon]
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\81bfc699-f883-50c7-b674-2483b6baae23]
[HKLM\Software\AGEIA Technologies]
[HKLM\Software\AMD]
[HKLM\Software\Apple Inc.]
[HKLM\Software\ASIO]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Clients]
[HKLM\Software\CPUID]
[HKLM\Software\CVSM]
[HKLM\Software\DefaultUserEnvironment]
[HKLM\Software\Enmotus]
[HKLM\Software\FileZilla 3]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\GOG.com]
[HKLM\Software\Google]
[HKLM\Software\Image-Line]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\Khronos]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes]
[HKLM\Software\Maxis]
[HKLM\Software\Microsoft]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\NexusModManager]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\ODBC]
[HKLM\Software\OEM]
[HKLM\Software\OpenSSH]
[HKLM\Software\Oracle]
[HKLM\Software\Partner]
[HKLM\Software\PDF Architect 7]
[HKLM\Software\PDF Tools AG]
[HKLM\Software\pdfforge]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Propellerhead Software]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Rockstar Games]
[HKLM\Software\RTLSetup]
[HKLM\Software\SoftVoice]
[HKLM\Software\SteelSeries]
[HKLM\Software\SyncIntegrationClients]
[HKLM\Software\TeamSpeak 3 Client]
[HKLM\Software\VideoLAN]
[HKLM\Software\Windows]
[HKLM\Software\WinRAR]
[HKLM\Software\WOW6432Node]
[HKLM\SOFTWARE\Microsoft\.NETFramework]
[HKLM\SOFTWARE\Microsoft\AccountsControl]
[HKLM\SOFTWARE\Microsoft\Active Setup]
[HKLM\SOFTWARE\Microsoft\ActiveSync]
[HKLM\SOFTWARE\Microsoft\ADs]
[HKLM\SOFTWARE\Microsoft\Advanced INF Setup]
[HKLM\SOFTWARE\Microsoft\ALG]
[HKLM\SOFTWARE\Microsoft\AllUserInstallAgent]
[HKLM\SOFTWARE\Microsoft\AMSI]
[HKLM\SOFTWARE\Microsoft\Analog]
[HKLM\SOFTWARE\Microsoft\AppServiceProtocols]
[HKLM\SOFTWARE\Microsoft\AppV]
[HKLM\SOFTWARE\Microsoft\AppVISV]
[HKLM\SOFTWARE\Microsoft\ASP.NET]
[HKLM\SOFTWARE\Microsoft\Assistance]
[HKLM\SOFTWARE\Microsoft\AuthHost]
[HKLM\SOFTWARE\Microsoft\BidInterface]
[HKLM\SOFTWARE\Microsoft\BitLockerCsp]
[HKLM\SOFTWARE\Microsoft\CallAndMessagingEnhancement]
[HKLM\SOFTWARE\Microsoft\Cellular]
[HKLM\SOFTWARE\Microsoft\Chkdsk]
[HKLM\SOFTWARE\Microsoft\Clipboard]
[HKLM\SOFTWARE\Microsoft\ClipboardServer]
[HKLM\SOFTWARE\Microsoft\COM3]
[HKLM\SOFTWARE\Microsoft\Command Processor]
[HKLM\SOFTWARE\Microsoft\CommsAPHost]
[HKLM\SOFTWARE\Microsoft\CoreShell]
[HKLM\SOFTWARE\Microsoft\Cryptography]
[HKLM\SOFTWARE\Microsoft\CTF]
[HKLM\SOFTWARE\Microsoft\DataAccess]
[HKLM\SOFTWARE\Microsoft\DataCollection]
[HKLM\SOFTWARE\Microsoft\DataSharing]
[HKLM\SOFTWARE\Microsoft\DDDS]
[HKLM\SOFTWARE\Microsoft\DevDiv]
[HKLM\SOFTWARE\Microsoft\Device Association Framework]
[HKLM\SOFTWARE\Microsoft\DeviceReg]
[HKLM\SOFTWARE\Microsoft\Dfrg]
[HKLM\SOFTWARE\Microsoft\DFS]
[HKLM\SOFTWARE\Microsoft\DiagnosticLogCSP]
[HKLM\SOFTWARE\Microsoft\DirectDraw]
[HKLM\SOFTWARE\Microsoft\DirectInput]
[HKLM\SOFTWARE\Microsoft\DirectMusic]
[HKLM\SOFTWARE\Microsoft\DirectPlay8]
[HKLM\SOFTWARE\Microsoft\DirectPlayNATHelp]
[HKLM\SOFTWARE\Microsoft\DirectShow]
[HKLM\SOFTWARE\Microsoft\DirectX]
[HKLM\SOFTWARE\Microsoft\DownloadManager]
[HKLM\SOFTWARE\Microsoft\Driver Signing]
[HKLM\SOFTWARE\Microsoft\DRM]
[HKLM\SOFTWARE\Microsoft\DusmSvc]
[HKLM\SOFTWARE\Microsoft\DVDNavigator]
[HKLM\SOFTWARE\Microsoft\DVR]
[HKLM\SOFTWARE\Microsoft\DXP]
[HKLM\SOFTWARE\Microsoft\EAPSIMMethods]
[HKLM\SOFTWARE\Microsoft\Enrollment]
[HKLM\SOFTWARE\Microsoft\Enrollments]
[HKLM\SOFTWARE\Microsoft\EnterpriseCertificates]
[HKLM\SOFTWARE\Microsoft\EnterpriseDataProtection]
[HKLM\SOFTWARE\Microsoft\EnterpriseResourceManager]
[HKLM\SOFTWARE\Microsoft\EventSounds]
[HKLM\SOFTWARE\Microsoft\EventSystem]
[HKLM\SOFTWARE\Microsoft\F12]
[HKLM\SOFTWARE\Microsoft\FamilyStore]
[HKLM\SOFTWARE\Microsoft\Fax]
[HKLM\SOFTWARE\Microsoft\FaxServer]
[HKLM\SOFTWARE\Microsoft\Feeds]
[HKLM\SOFTWARE\Microsoft\FilePicker]
[HKLM\SOFTWARE\Microsoft\FilterDS]
[HKLM\SOFTWARE\Microsoft\FingerKB]
[HKLM\SOFTWARE\Microsoft\FTH]
[HKLM\SOFTWARE\Microsoft\Function Discovery]
[HKLM\SOFTWARE\Microsoft\Fusion]
[HKLM\SOFTWARE\Microsoft\FuzzyDS]
[HKLM\SOFTWARE\Microsoft\GameOverlay]
[HKLM\SOFTWARE\Microsoft\GamingRuntime]
[HKLM\SOFTWARE\Microsoft\GamingServices]
[HKLM\SOFTWARE\Microsoft\HTMLHelp]
[HKLM\SOFTWARE\Microsoft\Hvsi]
[HKLM\SOFTWARE\Microsoft\IdentityCRL]
[HKLM\SOFTWARE\Microsoft\IdentityStore]
[HKLM\SOFTWARE\Microsoft\IHDS]
[HKLM\SOFTWARE\Microsoft\ImageTimeSettings]
[HKLM\SOFTWARE\Microsoft\IMAPI]
[HKLM\SOFTWARE\Microsoft\IME]
[HKLM\SOFTWARE\Microsoft\IMEJP]
[HKLM\SOFTWARE\Microsoft\IMEKR]
[HKLM\SOFTWARE\Microsoft\IMETC]
[HKLM\SOFTWARE\Microsoft\InProcLogger]
[HKLM\SOFTWARE\Microsoft\Input]
[HKLM\SOFTWARE\Microsoft\InputMethod]
[HKLM\SOFTWARE\Microsoft\InputPersonalization]
[HKLM\SOFTWARE\Microsoft\Internet Account Manager]
[HKLM\SOFTWARE\Microsoft\Internet Domains]
[HKLM\SOFTWARE\Microsoft\Internet Explorer]
[HKLM\SOFTWARE\Microsoft\IsoBurn]
[HKLM\SOFTWARE\Microsoft\KGL]
[HKLM\SOFTWARE\Microsoft\LanguageOverlay]
[HKLM\SOFTWARE\Microsoft\LexiconUpdate]
[HKLM\SOFTWARE\Microsoft\Managed Desktop]
[HKLM\SOFTWARE\Microsoft\MdmCommon]
[HKLM\SOFTWARE\Microsoft\MdmDiagnostics]
[HKLM\SOFTWARE\Microsoft\MediaEngine]
[HKLM\SOFTWARE\Microsoft\MediaPlayer]
[HKLM\SOFTWARE\Microsoft\MemoryDiagnostic]
[HKLM\SOFTWARE\Microsoft\Messaging]
[HKLM\SOFTWARE\Microsoft\MessengerService]
[HKLM\SOFTWARE\Microsoft\Microsoft Camera Codec Pack]
[HKLM\SOFTWARE\Microsoft\MiracastReceiver]
[HKLM\SOFTWARE\Microsoft\MMC]
[HKLM\SOFTWARE\Microsoft\Mobile]
[HKLM\SOFTWARE\Microsoft\MpSigStub]
[HKLM\SOFTWARE\Microsoft\MSBuild]
[HKLM\SOFTWARE\Microsoft\MSDE]
[HKLM\SOFTWARE\Microsoft\MSDRM]
[HKLM\SOFTWARE\Microsoft\MSDTC]
[HKLM\SOFTWARE\Microsoft\MSF]
[HKLM\SOFTWARE\Microsoft\MSIME]
[HKLM\SOFTWARE\Microsoft\MSLicensing]
[HKLM\SOFTWARE\Microsoft\MSMQ]
[HKLM\SOFTWARE\Microsoft\MSN Apps]
[HKLM\SOFTWARE\Microsoft\MTF]
[HKLM\SOFTWARE\Microsoft\MTFFuzzyFactors]
[HKLM\SOFTWARE\Microsoft\MTFInputType]
[HKLM\SOFTWARE\Microsoft\MTFKeyboardMappings]
[HKLM\SOFTWARE\Microsoft\Multimedia]
[HKLM\SOFTWARE\Microsoft\Multivariant]
[HKLM\SOFTWARE\Microsoft\NET Framework Setup]
[HKLM\SOFTWARE\Microsoft\NetSh]
[HKLM\SOFTWARE\Microsoft\Network]
[HKLM\SOFTWARE\Microsoft\Non-Driver Signing]
[HKLM\SOFTWARE\Microsoft\Notepad]
[HKLM\SOFTWARE\Microsoft\ODBC]
[HKLM\SOFTWARE\Microsoft\OEM]
[HKLM\SOFTWARE\Microsoft\Office]
[HKLM\SOFTWARE\Microsoft\OfficeCSP]
[HKLM\SOFTWARE\Microsoft\Ole]
[HKLM\SOFTWARE\Microsoft\OnlineProviders]
[HKLM\SOFTWARE\Microsoft\Outlook Express]
[HKLM\SOFTWARE\Microsoft\Palm]
[HKLM\SOFTWARE\Microsoft\Personalization]
[HKLM\SOFTWARE\Microsoft\Phone]
[HKLM\SOFTWARE\Microsoft\Photos]
[HKLM\SOFTWARE\Microsoft\Pim]
[HKLM\SOFTWARE\Microsoft\PLA]
[HKLM\SOFTWARE\Microsoft\PlayToReceiver]
[HKLM\SOFTWARE\Microsoft\PointOfService]
[HKLM\SOFTWARE\Microsoft\Policies]
[HKLM\SOFTWARE\Microsoft\PolicyManager]
[HKLM\SOFTWARE\Microsoft\Poom]
[HKLM\SOFTWARE\Microsoft\PowerShell]
[HKLM\SOFTWARE\Microsoft\Print]
[HKLM\SOFTWARE\Microsoft\Provisioning]
[HKLM\SOFTWARE\Microsoft\PushRouter]
[HKLM\SOFTWARE\Microsoft\RADAR]
[HKLM\SOFTWARE\Microsoft\Ras]
[HKLM\SOFTWARE\Microsoft\RcsPresence]
[HKLM\SOFTWARE\Microsoft\Reliability Analysis]
[HKLM\SOFTWARE\Microsoft\RemovalTools]
[HKLM\SOFTWARE\Microsoft\RendezvousApps]
[HKLM\SOFTWARE\Microsoft\Router]
[HKLM\SOFTWARE\Microsoft\Rpc]
[HKLM\SOFTWARE\Microsoft\SchedulingAgent]
[HKLM\SOFTWARE\Microsoft\Schema Library]
[HKLM\SOFTWARE\Microsoft\Security Center]
[HKLM\SOFTWARE\Microsoft\SecurityManager]
[HKLM\SOFTWARE\Microsoft\SEMgr]
[HKLM\SOFTWARE\Microsoft\Sensors]
[HKLM\SOFTWARE\Microsoft\Shared]
[HKLM\SOFTWARE\Microsoft\Shared Tools]
[HKLM\SOFTWARE\Microsoft\Shared Tools Location]
[HKLM\SOFTWARE\Microsoft\Shell]
[HKLM\SOFTWARE\Microsoft\SIH]
[HKLM\SOFTWARE\Microsoft\Siuf]
[HKLM\SOFTWARE\Microsoft\SoftGrid]
[HKLM\SOFTWARE\Microsoft\Software]
[HKLM\SOFTWARE\Microsoft\Speech]
[HKLM\SOFTWARE\Microsoft\Speech_OneCore]
[HKLM\SOFTWARE\Microsoft\SQMClient]
[HKLM\SOFTWARE\Microsoft\StrongName]
[HKLM\SOFTWARE\Microsoft\Sync Framework]
[HKLM\SOFTWARE\Microsoft\Sysprep]
[HKLM\SOFTWARE\Microsoft\SystemCertificates]
[HKLM\SOFTWARE\Microsoft\SystemSettings]
[HKLM\SOFTWARE\Microsoft\TableTextService]
[HKLM\SOFTWARE\Microsoft\TabletTip]
[HKLM\SOFTWARE\Microsoft\TaskFlowDataEngine]
[HKLM\SOFTWARE\Microsoft\Tcpip]
[HKLM\SOFTWARE\Microsoft\TelemetryClient]
[HKLM\SOFTWARE\Microsoft\Terminal Server Client]
[HKLM\SOFTWARE\Microsoft\TermServLicensing]
[HKLM\SOFTWARE\Microsoft\TouchPrediction]
[HKLM\SOFTWARE\Microsoft\TPG]
[HKLM\SOFTWARE\Microsoft\Tpm]
[HKLM\SOFTWARE\Microsoft\Tracing]
[HKLM\SOFTWARE\Microsoft\Transaction Server]
[HKLM\SOFTWARE\Microsoft\TV System Services]
[HKLM\SOFTWARE\Microsoft\uDRM]
[HKLM\SOFTWARE\Microsoft\UEV]
[HKLM\SOFTWARE\Microsoft\Unified Store]
[HKLM\SOFTWARE\Microsoft\UNP]
[HKLM\SOFTWARE\Microsoft\UPnP Control Point]
[HKLM\SOFTWARE\Microsoft\UPnP Device Host]
[HKLM\SOFTWARE\Microsoft\UserData]
[HKLM\SOFTWARE\Microsoft\UserManager]
[HKLM\SOFTWARE\Microsoft\Virtual Machine]
[HKLM\SOFTWARE\Microsoft\VisualStudio]
[HKLM\SOFTWARE\Microsoft\WAB]
[HKLM\SOFTWARE\Microsoft\Wallet]
[HKLM\SOFTWARE\Microsoft\Wbem]
[HKLM\SOFTWARE\Microsoft\WcmSvc]
[HKLM\SOFTWARE\Microsoft\WIMMount]
[HKLM\SOFTWARE\Microsoft\Windows]
[HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection]
[HKLM\SOFTWARE\Microsoft\Windows Defender]
[HKLM\SOFTWARE\Microsoft\Windows Defender Security Center]
[HKLM\SOFTWARE\Microsoft\Windows Desktop Search]
[HKLM\SOFTWARE\Microsoft\Windows Embedded]
[HKLM\SOFTWARE\Microsoft\Windows Mail]
[HKLM\SOFTWARE\Microsoft\Windows Media Device Manager]
[HKLM\SOFTWARE\Microsoft\Windows Media Foundation]
[HKLM\SOFTWARE\Microsoft\Windows Media Player NSS]
[HKLM\SOFTWARE\Microsoft\Windows Messaging Subsystem]
[HKLM\SOFTWARE\Microsoft\Windows NT]
[HKLM\SOFTWARE\Microsoft\Windows Photo Viewer]
[HKLM\SOFTWARE\Microsoft\Windows Portable Devices]
[HKLM\SOFTWARE\Microsoft\Windows Script Host]
[HKLM\SOFTWARE\Microsoft\Windows Search]
[HKLM\SOFTWARE\Microsoft\Windows Security Health]
[HKLM\SOFTWARE\Microsoft\Windows10Upgrader]
[HKLM\SOFTWARE\Microsoft\WindowsRuntime]
[HKLM\SOFTWARE\Microsoft\WindowsSelfHost]
[HKLM\SOFTWARE\Microsoft\WindowsUpdate]
[HKLM\SOFTWARE\Microsoft\Wisp]
[HKLM\SOFTWARE\Microsoft\WlanSvc]
[HKLM\SOFTWARE\Microsoft\Wlpasvc]
[HKLM\SOFTWARE\Microsoft\Wow64]
[HKLM\SOFTWARE\Microsoft\WSDAPI]
[HKLM\SOFTWARE\Microsoft\WwanSvc]
[HKLM\SOFTWARE\Microsoft\XAML]
[HKLM\SOFTWARE\Microsoft\XboxGameSaveStorage]
[HKLM\SOFTWARE\Microsoft\XboxLive]
[HKLM\Software\Microsoft\Windows\AssignedAccessConfiguration]
[HKLM\Software\Microsoft\Windows\AssignedAccessCsp]
[HKLM\Software\Microsoft\Windows\Autopilot]
[HKLM\Software\Microsoft\Windows\ClickNote]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\Dwm]
[HKLM\Software\Microsoft\Windows\DynamicManagement]
[HKLM\Software\Microsoft\Windows\EnterpriseResourceManager]
[HKLM\Software\Microsoft\Windows\Heat]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\NcsiUwpApp]
[HKLM\Software\Microsoft\Windows\Notepad]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Shell]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\UpdateApi]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AarSvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AssignedAccessManagerSvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\autotimesvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BcastDVRUserService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\btagservice]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BthAppGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ClipboardSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UdkSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs]
[HKLM\Software\WOW6432Node\Activision]
[HKLM\Software\WOW6432Node\AGEIA Technologies]
[HKLM\Software\WOW6432Node\AMD]
[HKLM\Software\WOW6432Node\ASIO]
[HKLM\Software\WOW6432Node\ASIO4ALL]
[HKLM\Software\WOW6432Node\ATI]
[HKLM\Software\WOW6432Node\ATI Technologies]
[HKLM\Software\WOW6432Node\Bethesda Softworks]
[HKLM\Software\WOW6432Node\Blizzard Entertainment]
[HKLM\Software\WOW6432Node\bohemia interactive]
[HKLM\Software\WOW6432Node\Caphyon]
[HKLM\Software\WOW6432Node\Corsair]
[HKLM\Software\WOW6432Node\DownloadCenter]
[HKLM\Software\WOW6432Node\EasyAntiCheat]
[HKLM\Software\WOW6432Node\Epic Games]
[HKLM\Software\WOW6432Node\EpicGames]
[HKLM\Software\WOW6432Node\FileZilla 3]
[HKLM\Software\WOW6432Node\FileZilla Client]
[HKLM\Software\WOW6432Node\Gameforge4d]
[HKLM\Software\WOW6432Node\GOG.com]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\Image-Line]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\JavaSoft]
[HKLM\Software\WOW6432Node\JreMetrics]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\Maxis]
[HKLM\Software\WOW6432Node\Mephisto]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\MNT Remind Manager]
[HKLM\Software\WOW6432Node\Mojang]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\MSI]
[HKLM\Software\WOW6432Node\NordVPN]
[HKLM\Software\WOW6432Node\Notepad++]
[HKLM\Software\WOW6432Node\NV3D3D]
[HKLM\Software\WOW6432Node\NVIDIA Corporation]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\Origin]
[HKLM\Software\WOW6432Node\PCSX2]
[HKLM\Software\WOW6432Node\PDF Architect 7]
[HKLM\Software\WOW6432Node\Propellerhead Software]
[HKLM\Software\WOW6432Node\re-logic]
[HKLM\Software\WOW6432Node\Realtek]
[HKLM\Software\WOW6432Node\Rockstar Games]
[HKLM\Software\WOW6432Node\SoftVoice]
[HKLM\Software\WOW6432Node\Square Soft, Inc.]
[HKLM\Software\WOW6432Node\Ubisoft]
[HKLM\Software\WOW6432Node\Unwinder]
[HKLM\Software\WOW6432Node\Valve]
[HKLM\Software\WOW6432Node\Wise Solutions]
[HKLM\Software\WOW6432Node\Wow6432Node]
[HKLM\Software\WOW6432Node\Xtreme Tuner]
[HKLM\Software\WOW6432Node\Xvid Team]
[HKLM\Software\WOW6432Node\Zenimax_Online]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\.NETFramework]
[HKLM\Software\WOW6432Node\Microsoft\Active Setup]
[HKLM\Software\WOW6432Node\Microsoft\ADs]
[HKLM\Software\WOW6432Node\Microsoft\Advanced INF Setup]
[HKLM\Software\WOW6432Node\Microsoft\AMSI]
[HKLM\Software\WOW6432Node\Microsoft\AppServiceProtocols]
[HKLM\Software\WOW6432Node\Microsoft\AppV]
[HKLM\Software\WOW6432Node\Microsoft\ASP.NET]
[HKLM\Software\WOW6432Node\Microsoft\Assistance]
[HKLM\Software\WOW6432Node\Microsoft\AuthHost]
[HKLM\Software\WOW6432Node\Microsoft\BidInterface]
[HKLM\Software\WOW6432Node\Microsoft\BitLockerCsp]
[HKLM\Software\WOW6432Node\Microsoft\ClipboardServer]
[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
[HKLM\Software\WOW6432Node\Microsoft\Cryptography]
[HKLM\Software\WOW6432Node\Microsoft\CTF]
[HKLM\Software\WOW6432Node\Microsoft\DataAccess]
[HKLM\Software\WOW6432Node\Microsoft\DevDiv]
[HKLM\Software\WOW6432Node\Microsoft\Device Association Framework]
[HKLM\Software\WOW6432Node\Microsoft\Direct3D]
[HKLM\Software\WOW6432Node\Microsoft\DirectDraw]
[HKLM\Software\WOW6432Node\Microsoft\DirectInput]
[HKLM\Software\WOW6432Node\Microsoft\DirectMusic]
[HKLM\Software\WOW6432Node\Microsoft\DirectPlay]
[HKLM\Software\WOW6432Node\Microsoft\DirectPlay8]
[HKLM\Software\WOW6432Node\Microsoft\DirectPlayNATHelp]
[HKLM\Software\WOW6432Node\Microsoft\DirectShow]
[HKLM\Software\WOW6432Node\Microsoft\DirectX]
[HKLM\Software\WOW6432Node\Microsoft\DownloadManager]
[HKLM\Software\WOW6432Node\Microsoft\DRM]
[HKLM\Software\WOW6432Node\Microsoft\DVDNavigator]
[HKLM\Software\WOW6432Node\Microsoft\DVR]
[HKLM\Software\WOW6432Node\Microsoft\EAPSIMMethods]
[HKLM\Software\WOW6432Node\Microsoft\EdgeUpdate]
[HKLM\Software\WOW6432Node\Microsoft\ENROLLMENTS]
[HKLM\Software\WOW6432Node\Microsoft\EnterpriseResourceManager]
[HKLM\Software\WOW6432Node\Microsoft\Exchange]
[HKLM\Software\WOW6432Node\Microsoft\F12]
[HKLM\Software\WOW6432Node\Microsoft\Fax]
[HKLM\Software\WOW6432Node\Microsoft\Feeds]
[HKLM\Software\WOW6432Node\Microsoft\FilePicker]
[HKLM\Software\WOW6432Node\Microsoft\Function Discovery]
[HKLM\Software\WOW6432Node\Microsoft\Fusion]
[HKLM\Software\WOW6432Node\Microsoft\GameOverlay]
[HKLM\Software\WOW6432Node\Microsoft\HTMLHelp]
[HKLM\Software\WOW6432Node\Microsoft\IdentityCRL]
[HKLM\Software\WOW6432Node\Microsoft\IdentityStore]
[HKLM\Software\WOW6432Node\Microsoft\IMAPI]
[HKLM\Software\WOW6432Node\Microsoft\IME]
[HKLM\Software\WOW6432Node\Microsoft\IMEJP]
[HKLM\Software\WOW6432Node\Microsoft\IMEKR]
[HKLM\Software\WOW6432Node\Microsoft\IMETC]
[HKLM\Software\WOW6432Node\Microsoft\InputMethod]
[HKLM\Software\WOW6432Node\Microsoft\InputPersonalization]
[HKLM\Software\WOW6432Node\Microsoft\Internet Account Manager]
[HKLM\Software\WOW6432Node\Microsoft\Internet Domains]
[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer]
[HKLM\Software\WOW6432Node\Microsoft\IsoBurn]
[HKLM\Software\WOW6432Node\Microsoft\Jet]
[HKLM\Software\WOW6432Node\Microsoft\MediaEngine]
[HKLM\Software\WOW6432Node\Microsoft\MediaPlayer]
[HKLM\Software\WOW6432Node\Microsoft\MessengerService]
[HKLM\Software\WOW6432Node\Microsoft\Microsoft Camera Codec Pack]
[HKLM\Software\WOW6432Node\Microsoft\MiracastReceiver]
[HKLM\Software\WOW6432Node\Microsoft\MMC]
[HKLM\Software\WOW6432Node\Microsoft\MSBuild]
[HKLM\Software\WOW6432Node\Microsoft\MSDE]
[HKLM\Software\WOW6432Node\Microsoft\MSDRM]
[HKLM\Software\WOW6432Node\Microsoft\MSDTC]
[HKLM\Software\WOW6432Node\Microsoft\MSF]
[HKLM\Software\WOW6432Node\Microsoft\MSLicensing]
[HKLM\Software\WOW6432Node\Microsoft\MSN Apps]
[HKLM\Software\WOW6432Node\Microsoft\MTF]
[HKLM\Software\WOW6432Node\Microsoft\Multimedia]
[HKLM\Software\WOW6432Node\Microsoft\NET Framework Setup]
[HKLM\Software\WOW6432Node\Microsoft\NetSh]
[HKLM\Software\WOW6432Node\Microsoft\Network]
[HKLM\Software\WOW6432Node\Microsoft\Notepad]
[HKLM\Software\WOW6432Node\Microsoft\ODBC]
[HKLM\Software\WOW6432Node\Microsoft\OEM]
[HKLM\Software\WOW6432Node\Microsoft\Office]
[HKLM\Software\WOW6432Node\Microsoft\Office Server]
[HKLM\Software\WOW6432Node\Microsoft\OnlineProviders]
[HKLM\Software\WOW6432Node\Microsoft\Outlook Express]
[HKLM\Software\WOW6432Node\Microsoft\Palm]
[HKLM\Software\WOW6432Node\Microsoft\Personalization]
[HKLM\Software\WOW6432Node\Microsoft\Photos]
[HKLM\Software\WOW6432Node\Microsoft\PLA]
[HKLM\Software\WOW6432Node\Microsoft\Policies]
[HKLM\Software\WOW6432Node\Microsoft\PowerShell]
[HKLM\Software\WOW6432Node\Microsoft\Print]
[HKLM\Software\WOW6432Node\Microsoft\Provisioning]
[HKLM\Software\WOW6432Node\Microsoft\RADAR]
[HKLM\Software\WOW6432Node\Microsoft\RendezvousApps]
[HKLM\Software\WOW6432Node\Microsoft\SchedulingAgent]
[HKLM\Software\WOW6432Node\Microsoft\Schema Library]
[HKLM\Software\WOW6432Node\Microsoft\Security Center]
[HKLM\Software\WOW6432Node\Microsoft\Sensors]
[HKLM\Software\WOW6432Node\Microsoft\Shared Tools]
[HKLM\Software\WOW6432Node\Microsoft\Shared Tools Location]
[HKLM\Software\WOW6432Node\Microsoft\Software]
[HKLM\Software\WOW6432Node\Microsoft\SPEECH]
[HKLM\Software\WOW6432Node\Microsoft\Speech_OneCore]
[HKLM\Software\WOW6432Node\Microsoft\SQMClient]
[HKLM\Software\WOW6432Node\Microsoft\Sync Framework]
[HKLM\Software\WOW6432Node\Microsoft\SystemSettings]
[HKLM\Software\WOW6432Node\Microsoft\TableTextService]
[HKLM\Software\WOW6432Node\Microsoft\TabletTip]
[HKLM\Software\WOW6432Node\Microsoft\Tcpip]
[HKLM\Software\WOW6432Node\Microsoft\Terminal Server Client]
[HKLM\Software\WOW6432Node\Microsoft\TouchPrediction]
[HKLM\Software\WOW6432Node\Microsoft\TPG]
[HKLM\Software\WOW6432Node\Microsoft\Tpm]
[HKLM\Software\WOW6432Node\Microsoft\Tracing]
[HKLM\Software\WOW6432Node\Microsoft\TV System Services]
[HKLM\Software\WOW6432Node\Microsoft\uDRM]
[HKLM\Software\WOW6432Node\Microsoft\UEV]
[HKLM\Software\WOW6432Node\Microsoft\Updates]
[HKLM\Software\WOW6432Node\Microsoft\UPnP Control Point]
[HKLM\Software\WOW6432Node\Microsoft\UPnP Device Host]
[HKLM\Software\WOW6432Node\Microsoft\VisualStudio]
[HKLM\Software\WOW6432Node\Microsoft\VSTA Runtime Setup]
[HKLM\Software\WOW6432Node\Microsoft\VSTO Runtime Setup]
[HKLM\Software\WOW6432Node\Microsoft\WAB]
[HKLM\Software\WOW6432Node\Microsoft\WBEM]
[HKLM\Software\WOW6432Node\Microsoft\WIMMount]
[HKLM\Software\WOW6432Node\Microsoft\Windows]
[HKLM\Software\WOW6432Node\Microsoft\Windows Desktop Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows Kits]
[HKLM\Software\WOW6432Node\Microsoft\Windows Mail]
[HKLM\Software\WOW6432Node\Microsoft\Windows Media Device Manager]
[HKLM\Software\WOW6432Node\Microsoft\Windows Media Foundation]
[HKLM\Software\WOW6432Node\Microsoft\Windows Media Player NSS]
[HKLM\Software\WOW6432Node\Microsoft\Windows Messaging Subsystem]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT]
[HKLM\Software\WOW6432Node\Microsoft\Windows Photo Viewer]
[HKLM\Software\WOW6432Node\Microsoft\Windows Portable Devices]
[HKLM\Software\WOW6432Node\Microsoft\Windows Script Host]
[HKLM\Software\WOW6432Node\Microsoft\WindowsRuntime]
[HKLM\Software\WOW6432Node\Microsoft\WindowsUpdate]
[HKLM\Software\WOW6432Node\Microsoft\Wisp]
[HKLM\Software\WOW6432Node\Microsoft\WlanSvc]
[HKLM\Software\WOW6432Node\Microsoft\WSDAPI]
[HKLM\Software\WOW6432Node\Microsoft\XNA]
[HKLM\Software\WOW6432Node\Microsoft\Cellular]
[HKLM\Software\WOW6432Node\Microsoft\COM3]
[HKLM\Software\WOW6432Node\Microsoft\DeviceReg]
[HKLM\Software\WOW6432Node\Microsoft\DFS]
[HKLM\Software\WOW6432Node\Microsoft\Driver Signing]
[HKLM\Software\WOW6432Node\Microsoft\EnterpriseCertificates]
[HKLM\Software\WOW6432Node\Microsoft\EventSystem]
[HKLM\Software\WOW6432Node\Microsoft\FingerKB]
[HKLM\Software\WOW6432Node\Microsoft\FuzzyDS]
[HKLM\Software\WOW6432Node\Microsoft\Input]
[HKLM\Software\WOW6432Node\Microsoft\LanguageOverlay]
[HKLM\Software\WOW6432Node\Microsoft\Messaging]
[HKLM\Software\WOW6432Node\Microsoft\MSMQ]
[HKLM\Software\WOW6432Node\Microsoft\MTFFuzzyFactors]
[HKLM\Software\WOW6432Node\Microsoft\MTFInputType]
[HKLM\Software\WOW6432Node\Microsoft\MTFKeyboardMappings]
[HKLM\Software\WOW6432Node\Microsoft\Non-Driver Signing]
[HKLM\Software\WOW6432Node\Microsoft\Ole]
[HKLM\Software\WOW6432Node\Microsoft\Phone]
[HKLM\Software\WOW6432Node\Microsoft\Pim]
[HKLM\Software\WOW6432Node\Microsoft\Poom]
[HKLM\Software\WOW6432Node\Microsoft\Ras]
[HKLM\Software\WOW6432Node\Microsoft\Rpc]
[HKLM\Software\WOW6432Node\Microsoft\SecurityManager]
[HKLM\Software\WOW6432Node\Microsoft\Semgr]
[HKLM\Software\WOW6432Node\Microsoft\Shell]
[HKLM\Software\WOW6432Node\Microsoft\SystemCertificates]
[HKLM\Software\WOW6432Node\Microsoft\TermServLicensing]
[HKLM\Software\WOW6432Node\Microsoft\Transaction Server]
[HKLM\Software\WOW6432Node\Microsoft\Unified Store]
[HKLM\Software\WOW6432Node\Microsoft\UserData]
[HKLM\Software\WOW6432Node\Microsoft\Windows Search]
[HKLM\Software\WOW6432Node\Microsoft\XAML]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm]
[HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Heat]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows\UpdateApi]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\AarSvc]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs]

---------- | Drives


---------- | C:

[19/03/2019 06:52:43] - |SHD| - [480965407] - C:\$Recycle.Bin
[01/08/2020 18:42:31] - |HD| - [347265] - C:\$Windows.~WS
[19/07/2020 13:51:16] - |HD| - [0] - C:\$WinREAgent
[07/03/2020 12:34:53] - |D| - [11288972] - C:\AdwCleaner
[10/01/2020 13:39:04] - |D| - [415101426] - C:\AMD
[MD5.30BE6A32986BD47950175D234AC94DC6] - [19/07/2020 19:24:50] - |SH| - (.-.) - [112] - (0.0.0.0) - C:\bootTel.dat
[10/01/2020 13:39:29] - |SHD| - [0] - C:\Config.Msi
[19/07/2020 15:48:58] - |D| - [1073741824] - C:\CrystalDiskMark0000F165
[10/01/2020 13:13:08] - |SHD| - [0] - C:\Documents and Settings
[MD5.8D3C1E75A7D469461B0C1A76F20CE383] - [19/07/2020 19:24:10] - |ASH| - (.-.) - [8192] - (0.0.0.0) - C:\DumpStack.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [19/07/2020 19:24:10] - |ASH| - (.-.) - [8192] - (0.0.0.0) - C:\DumpStack.log.tmp
[22/07/2020 14:56:59] - |D| - [4208220509] - C:\ESD
[11/01/2020 11:05:47] - |D| - [101907799131] - C:\Games
[03/07/2019 16:30:11] - |D| - [6527219850] - C:\GTO
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [01/08/2020 20:23:31] - |ASH| - (.-.) - [13722599424] - (0.0.0.0) - C:\hiberfil.sys
[27/03/2020 11:13:04] - |D| - [548405] - C:\Intel
[14/05/2020 15:28:22] - |HD| - [0] - C:\OneDriveTemp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [10/01/2020 13:11:38] - |ASH| - (.-.) - [36507222016] - (0.0.0.0) - C:\pagefile.sys
[07/12/2019 11:14:52] - |D| - [0] - C:\PerfLogs
[07/12/2019 11:14:52] - |RD| - [75454443062] - C:\Program Files
[07/12/2019 11:14:52] - |RD| - [163647139356] - C:\Program Files (x86)
[07/12/2019 11:14:52] - |HD| - [5047920637] - C:\ProgramData
[03/08/2020 11:09:12] - |D| - [68686] - C:\QuickDiag
[MD5.60D534810312DAA6A0CAAC9971BAD73B] - [03/08/2020 11:09:19] - |A| - (.-.) - [244023] - (0.0.0.0) - C:\QuickDiag.txt
[10/01/2020 13:13:09] - |SHD| - [0] - C:\Recovery
[10/01/2020 14:38:27] - |D| - [24044247166] - C:\Riot Games
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [10/01/2020 13:11:38] - |ASH| - (.-.) - [16777216] - (0.0.0.0) - C:\swapfile.sys
[19/07/2020 14:24:51] - |D| - [12057400] - C:\symbolssrvcache
[10/01/2020 13:11:38] - |SHD| - [0] - C:\System Volume Information
[MD5.2D786625E6F93E7EA8A6E8131A789E83] - [02/08/2020 15:44:03] - |A| - (.-.) - [11702] - (0.0.0.0) - C:\TDSSKiller.3.1.0.28_02.08.2020_15.44.03_log.txt
[MD5.3049D3F6FF84283B1FED8D48309B91EC] - [02/08/2020 15:45:44] - |A| - (.-.) - [321546] - (0.0.0.0) - C:\TDSSKiller.3.1.0.28_02.08.2020_15.45.44_log.txt
[07/12/2019 11:03:44] - |RD| - [42087004361] - C:\Users
[07/12/2019 11:03:44] - |D| - [53601194366] - C:\Windows
[01/08/2020 21:21:31] - |D| - [26214765033] - C:\Windows.old
[01/08/2020 19:25:58] - |D| - [4208220510] - C:\Windows10

---------- | C:\WINDOWS

[07/12/2019 16:51:43] - |D| - [802] - C:\WINDOWS\addins
[07/12/2019 11:14:52] - |D| - [8956682] - C:\WINDOWS\appcompat
[07/12/2019 11:14:52] - |D| - [10190692] - C:\WINDOWS\apppatch
[07/12/2019 11:14:52] - |D| - [0] - C:\WINDOWS\AppReadiness
[07/12/2019 11:14:52] - |RD| - [575379891] - C:\WINDOWS\assembly
[07/12/2019 11:14:52] - |D| - [785153] - C:\WINDOWS\bcastdvr
[MD5.A17AFEF5F12F299A512CE2BC773358EB] - [07/12/2019 11:08:07] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [77824] - (10.0.19041.1) - C:\WINDOWS\bfsvc.exe
[07/12/2019 16:53:51] - |SHD| - [578547] - C:\WINDOWS\BitLockerDiscoveryVolumeContents
[07/12/2019 11:14:52] - |D| - [40900280] - C:\WINDOWS\Boot
[MD5.2D7324C1D45DD119DE5A89DD51357E0A] - [01/08/2020 21:19:27] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat
[07/12/2019 11:14:52] - |D| - [2458824] - C:\WINDOWS\Branding
[07/12/2019 11:03:44] - |D| - [0] - C:\WINDOWS\CbsTemp
[MD5.584CC64A5946033EAB804FA50A51A777] - [01/08/2020 20:24:48] - |A| - (.-.) - [762] - (0.0.0.0) - C:\WINDOWS\comsetup.log
[07/12/2019 11:14:52] - |D| - [63991762] - C:\WINDOWS\Containers
[10/01/2020 13:15:09] - |D| - [0] - C:\WINDOWS\CSC
[07/12/2019 11:14:52] - |D| - [11501377] - C:\WINDOWS\Cursors
[07/12/2019 11:14:52] - |D| - [0] - C:\WINDOWS\debug
[MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [01/08/2020 20:26:55] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagerr.xml
[07/12/2019 11:14:52] - |D| - [4575080] - C:\WINDOWS\diagnostics
[07/12/2019 11:14:52] - |D| - [1701715] - C:\WINDOWS\DiagTrack
[MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [01/08/2020 20:26:55] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml
[07/12/2019 16:50:20] - |D| - [0] - C:\WINDOWS\DigitalLocker
[MD5.F201CF8C7FD681DED812275398955F74] - [11/06/2020 21:52:33] - |A| - (.-.) - [37482] - (0.0.0.0) - C:\WINDOWS\DirectX.log
[07/12/2019 11:14:52] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files
[MD5.59ED6633978B0CAFE637697A04319ED4] - [07/12/2019 11:17:33] - |A| - (.-.) - [776] - (0.0.0.0) - C:\WINDOWS\DtcInstall.log
[07/12/2019 11:14:52] - |HD| - [46688] - C:\WINDOWS\ELAMBKUP
[01/08/2020 21:13:22] - |D| - [48128] - C:\WINDOWS\en-GB
[07/12/2019 16:50:20] - |D| - [49664] - C:\WINDOWS\en-US
[MD5.CC48236CD302D8374BB449E71B1E9D58] - [01/08/2020 21:16:37] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4582288] - (10.0.19041.421) - C:\WINDOWS\explorer.exe
[07/12/2019 11:14:52] - |RSD| - [365407198] - C:\WINDOWS\Fonts
[07/12/2019 16:50:20] - |D| - [110592] - C:\WINDOWS\fr-FR
[07/12/2019 11:14:52] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter
[07/12/2019 11:14:52] - |D| - [69996116] - C:\WINDOWS\Globalization
[07/12/2019 11:14:52] - |D| - [1893706] - C:\WINDOWS\Help
[MD5.9A6D44491772E8AA3EBDDC63C1CEF991] - [07/12/2019 11:09:39] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [1075200] - (10.0.19041.1) - C:\WINDOWS\HelpPane.exe
[MD5.2C8FE78D53C8CA27523A71DFD2938241] - [07/12/2019 11:09:39] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [18432] - (10.0.19041.1) - C:\WINDOWS\hh.exe
[07/12/2019 11:14:52] - |D| - [30327] - C:\WINDOWS\IdentityCRL
[07/12/2019 11:14:52] - |D| - [28824518] - C:\WINDOWS\IME
[07/12/2019 11:14:52] - |RD| - [8033880] - C:\WINDOWS\ImmersiveControlPanel
[07/12/2019 11:13:02] - |D| - [62204186] - C:\WINDOWS\INF
[MD5.1CD2C8F6BCD692AE4DE61F3AF88D5724] - [04/05/2020 10:52:42] - |A| - (.-.) - [1438] - (0.0.0.0) - C:\WINDOWS\Info.xml
[07/12/2019 11:14:52] - |D| - [38193580] - C:\WINDOWS\InputMethod
[07/12/2019 11:14:52] - |HD| - [717585591] - C:\WINDOWS\Installer
[01/07/2020 08:03:11] - |D| - [115406414] - C:\WINDOWS\jre
[07/12/2019 11:14:52] - |D| - [109650] - C:\WINDOWS\L2Schemas
[07/12/2019 11:14:52] - |HD| - [0] - C:\WINDOWS\LanguageOverlayCache
[07/12/2019 11:14:52] - |D| - [3570037] - C:\WINDOWS\LiveKernelReports
[07/12/2019 11:14:52] - |D| - [7051474] - C:\WINDOWS\Logs
[07/12/2019 11:14:52] - |RSD| - [20063519] - C:\WINDOWS\Media
[MD5.6A276DB2D295DD5C5C3D27F0BC0F19BA] - [12/06/2020 19:15:19] - |A| - (.-.) - [34307897568] - (0.0.0.0) - C:\WINDOWS\MEMORY.DMP
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [07/12/2019 11:08:58] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin
[07/12/2019 11:14:52] - |RD| - [864789154] - C:\WINDOWS\Microsoft.NET
[07/12/2019 11:14:52] - |D| - [3323] - C:\WINDOWS\Migration
[02/08/2020 14:52:26] - |D| - [1451396] - C:\WINDOWS\Minidump
[07/12/2019 11:14:52] - |D| - [0] - C:\WINDOWS\ModemLogs
[MD5.F65B883128779592CCA7D01CC87937BF] - [10/07/2020 20:16:19] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [202240] - (10.0.19041.117) - C:\WINDOWS\notepad.exe
[MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [10/01/2020 13:36:54] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\WINDOWS\NvContainerRecovery.bat
[07/12/2019 16:52:32] - |D| - [419226] - C:\WINDOWS\OCR
[07/12/2019 11:14:52] - |RD| - [65] - C:\WINDOWS\Offline Web Pages
[01/08/2020 19:33:41] - |DC| - [600618303] - C:\WINDOWS\Panther
[07/12/2019 11:14:52] - |D| - [511521] - C:\WINDOWS\Performance
[MD5.ABBB350AFB3BCA935C648AE8B9DE0783] - [10/01/2020 13:48:39] - |A| - (.-.) - [145476] - (0.0.0.0) - C:\WINDOWS\PFRO.log
[07/12/2019 11:14:52] - |D| - [1283900] - C:\WINDOWS\PLA
[07/12/2019 11:14:52] - |D| - [10319687] - C:\WINDOWS\PolicyDefinitions
[01/08/2020 20:22:02] - |D| - [3394655] - C:\WINDOWS\Prefetch
[07/12/2019 11:14:52] - |RD| - [2230274] - C:\WINDOWS\PrintDialog
[MD5.C186EF70E6825D333E0077831C58BAAA] - [07/12/2019 16:54:16] - |A| - (.-.) - [30831] - (0.0.0.0) - C:\WINDOWS\Professional.xml
[07/12/2019 11:14:52] - |D| - [5976938] - C:\WINDOWS\Provisioning
[MD5.0EE48CC819E58D266827F8605AF17ABD] - [07/12/2019 11:09:45] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [369664] - (10.0.19041.1) - C:\WINDOWS\regedit.exe
[07/12/2019 11:14:52] - |D| - [22588] - C:\WINDOWS\Registration
[07/12/2019 16:53:51] - |D| - [0] - C:\WINDOWS\RemotePackages
[07/12/2019 11:14:52] - |D| - [2143984] - C:\WINDOWS\rescache
[07/12/2019 11:14:52] - |D| - [3744055] - C:\WINDOWS\Resources
[MD5.2F887699ECB55E01D486700FB67E8805] - [13/01/2020 17:15:04] - |A| - (.Copyright (C) 2017 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2856800] - (1.0.7.2) - C:\WINDOWS\RtlExUpd.dll
[07/12/2019 11:14:52] - |D| - [0] - C:\WINDOWS\SchCache
[07/12/2019 11:14:52] - |D| - [195539] - C:\WINDOWS\schemas
[07/12/2019 11:14:52] - |D| - [1133201] - C:\WINDOWS\security
[01/08/2020 21:19:04] - |D| - [63489799] - C:\WINDOWS\ServiceProfiles
[07/12/2019 11:14:52] - |D| - [4096] - C:\WINDOWS\ServiceState
[07/12/2019 11:03:44] - |D| - [73001442] - C:\WINDOWS\servicing
[07/12/2019 11:18:25] - |D| - [33319] - C:\WINDOWS\Setup
[MD5.EB4C9EAC715C82A1683EC57152DDE719] - [01/08/2020 20:22:14] - |A| - (.-.) - [116279] - (0.0.0.0) - C:\WINDOWS\setupact.log
[MD5.C6FAA16C3C81657ABFB731746813D806] - [13/01/2020 19:44:51] - |A| - (.Copyright ©  2012 - SetupAfterRebootService.) - [10752] - (1.0.0.0) - C:\WINDOWS\SetupAfterRebootService.exe
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [01/08/2020 20:22:14] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log
[07/12/2019 11:14:52] - |D| - [5493248] - C:\WINDOWS\ShellComponents
[07/12/2019 11:14:52] - |D| - [18964992] - C:\WINDOWS\ShellExperiences
[07/12/2019 11:14:52] - |D| - [6828144] - C:\WINDOWS\SKB
[10/01/2020 13:14:53] - |D| - [29922409] - C:\WINDOWS\SoftwareDistribution
[07/12/2019 11:14:52] - |D| - [174668262] - C:\WINDOWS\Speech
[07/12/2019 11:14:52] - |D| - [106039865] - C:\WINDOWS\Speech_OneCore
[MD5.AA4138C0FBC6D41F9EBC5C4EFE20ECCA] - [10/07/2020 20:15:26] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [135168] - (10.0.19041.388) - C:\WINDOWS\splwow64.exe
[07/12/2019 11:14:52] - |D| - [31039] - C:\WINDOWS\System
[MD5.286A9EDB379DC3423A528B0864A0F111] - [19/03/2019 06:49:35] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini
[07/12/2019 11:03:44] - |D| - [5019974950] - C:\WINDOWS\System32
[07/12/2019 11:14:52] - |D| - [197089783] - C:\WINDOWS\SystemApps
[07/12/2019 11:14:52] - |D| - [169292509] - C:\WINDOWS\SystemResources
[07/12/2019 11:14:52] - |D| - [1249697572] - C:\WINDOWS\SysWOW64
[07/12/2019 11:14:52] - |D| - [0] - C:\WINDOWS\TAPI
[07/12/2019 11:14:52] - |D| - [6] - C:\WINDOWS\Tasks
[07/12/2019 11:14:52] - |D| - [3578048] - C:\WINDOWS\Temp
[19/03/2019 06:52:46] - |D| - [13787648] - C:\WINDOWS\TextInput
[07/12/2019 11:14:52] - |D| - [0] - C:\WINDOWS\tracing
[07/12/2019 11:14:52] - |D| - [7680] - C:\WINDOWS\twain_32
[MD5.AFE119DD4E17891B227684F38AA25D4D] - [07/12/2019 11:10:00] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [65024] - (1.7.1.3) - C:\WINDOWS\twain_32.dll
[MD5.55A54008AD1BA589AA210D2629C1DF41] - [26/04/2020 14:12:07] - |A| - (.-.) - [1] - (0.0.0.0) - C:\WINDOWS\vgkbootstatus.dat
[07/12/2019 11:14:52] - |D| - [12420] - C:\WINDOWS\Vss
[07/12/2019 11:14:52] - |D| - [33188] - C:\WINDOWS\WaaS
[07/12/2019 11:14:52] - |D| - [16568315] - C:\WINDOWS\Web
[MD5.23CF8138F49416231807E6DE371FB9E6] - [19/03/2019 06:49:35] - |A| - (.-.) - [92] - (0.0.0.0) - C:\WINDOWS\win.ini
[MD5.C844CA459F3B209329984772269B6E56] - [07/12/2019 11:09:09] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest
[MD5.2CC83D93DD1DDE691158CF5E9882420B] - [10/06/2020 15:38:58] - |A| - (.-.) - [276] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log
[MD5.0629E6D130F226C009EA9AB329F37ACC] - [07/12/2019 11:10:00] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [11776] - (10.0.19041.1) - C:\WINDOWS\winhlp32.exe
[07/12/2019 11:03:44] - |D| - [8476797135] - C:\WINDOWS\WinSxS
[MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [07/12/2019 11:10:11] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx
[MD5.B947CCA7F485F6C1156F4D02E8C9874F] - [07/12/2019 16:52:57] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.19041.1) - C:\WINDOWS\write.exe

---------- | C:\WINDOWS\System32\GroupPolicy


---------- | Systemroot\System


---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[17/06/2020 16:10:22] - C:\WINDOWS\Installer\15242c22.msi : (NordVPN network TUN - NordVPN)          [Header ok : D0CF11E0A1B11AE10000000000000000]
[12/07/2020 15:09:23] - C:\WINDOWS\Installer\15242c28.msi : (NordVPN network TAP - NordVPN)          [Header ok : D0CF11E0A1B11AE10000000000000000]
[17/06/2020 16:13:04] - C:\WINDOWS\Installer\15242c2b.msi : (NordVPN - NordVPN)          [Header ok : D0CF11E0A1B11AE10000000000000000]
[12/01/2020 03:21:46] - C:\WINDOWS\Installer\173711.msi : (Paradox Launcher v2 - Paradox Interactive)          [Header ok : D0CF11E0A1B11AE10000000000000000]
[16/04/2020 08:26:06] - C:\WINDOWS\Installer\1949a06.msi : (PDFCreator - pdfforge GmbH)          [Header ok : D0CF11E0A1B11AE10000000000000000]
[19/05/2020 15:30:13] - C:\WINDOWS\Installer\1949a0c.msi : (PDF Architect 7 View Module - pdfforge GmbH)          [Header ok : D0CF11E0A1B11AE10000000000000000]
[19/05/2020 15:30:32] - C:\WINDOWS\Installer\1949a12.msi : (PDF Architect 7 Edit Module - pdfforge GmbH)          [Header ok : D0CF11E0A1B11AE10000000000000000]
[19/05/2020 15:30:44] - C:\WINDOWS\Installer\1949a18.msi : (PDF Architect 7 Create Module - pdfforge GmbH)          [Header ok : D0CF11E0A1B11AE10000000000000000]
[30/05/2020 16:07:40] - C:\WINDOWS\Installer\1e98bd4.msi : (AMD_Chipset_Drivers - Advanced Micro Devices, Inc.)          [Header ok : D0CF11E0A1B11AE10000000000000000]
[04/05/2020 03:52:46] - C:\WINDOWS\Installer\1e98bda.msi : (AMD GPIO2 Driver - Advanced Micro Devices, Inc.)          [Header ok : D0CF11E0A1B11AE10000000000000000]
[04/05/2020 03:52:46] - C:\WINDOWS\Installer\1e98be0.msi : (AMD PCI Driver - Advanced Micro Devices, Inc.)          [Header ok : D0CF11E0A1B11AE10000000000000000]
[04/05/2020 03:52:48] - C:\WINDOWS\Installer\1e98be6.msi : (AMD SBxxxSMBus Driver - Advanced Micro Devices, Inc.)          [Header ok : D0CF11E0A1B11AE10000000000000000]
[04/05/2020 03:52:48] - C:\WINDOWS\Installer\1e98bec.msi : (AMD PSP Driver - Advanced Micro Devices, Inc.)          [Header ok : D0CF11E0A1B11AE10000000000000000]
[04/05/2020 03:52:50] - C:\WINDOWS\Installer\1e98bf2.msi : (Promontory GPIO Driver - Advanced Micro Devices, Inc.)          [Header ok : D0CF11E0A1B11AE10000000000000000]
[04/05/2020 03:52:50] - C:\WINDOWS\Installer\1e98bf8.msi : (AMD Ryzen Balanced Driver - Advanced Micro Devices, Inc.)          [Header ok : D0CF11E0A1B11AE10000000000000000]
[10/01/2020 14:42:44] - C:\WINDOWS\Installer\31a231.msi : (Java SE Runtime Environment 8 Update 231 - Oracle Corporation)          [Header ok : D0CF11E0A1B11AE10000000000000000]
[10/01/2020 14:44:10] - C:\WINDOWS\Installer\31a236.msi : (Java Auto Updater - Oracle Corporation)          [Header ok : D0CF11E0A1B11AE10000000000000000]
[10/01/2020 14:44:07] - C:\WINDOWS\Installer\31a239.msi : (Minecraft Launcher - Mojang)          [Header ok : D0CF11E0A1B11AE10000000000000000]
[10/01/2020 13:51:09] - C:\WINDOWS\Installer\31a23c.msi : (Epic Games Launcher - Epic Games, Inc.)          [Header ok : D0CF11E0A1B11AE10000000000000000]
[28/01/2019 16:42:06] - C:\WINDOWS\Installer\3ed4225.msi : (OEM Application Profile - Advanced Micro Devices, Inc.)          [Header ok : D0CF11E0A1B11AE10000000000000000]
[29/04/2019 08:55:29] - C:\WINDOWS\Installer\3ed422a.msi : (Balanced - Advanced Micro Devices, Inc.)          [Header ok : D0CF11E0A1B11AE10000000000000000]
[18/07/2020 20:06:34] - C:\WINDOWS\Installer\5075.msi : (AMD Ryzen Master - Advanced Micro Devices, Inc.)          [Header ok : D0CF11E0A1B11AE10000000000000000]
[24/06/2020 20:06:32] - C:\WINDOWS\Installer\9cad8.msi : (Intel Driver & Support Assistant - Intel)          [Header ok : D0CF11E0A1B11AE10000000000000000]
[05/04/2020 16:45:03] - C:\WINDOWS\Installer\b8f89d.msi : (Google Update Helper - Google LLC)          [Header ok : D0CF11E0A1B11AE10000000000000000]
[18/06/2020 11:28:42] - C:\WINDOWS\Installer\fba5e35.msi : (Epic Games Launcher Prerequisites (x64) - Epic Games, Inc.)          [Header ok : D0CF11E0A1B11AE10000000000000000]
[28/06/2011 22:27:28] - [4028928] - (.().-. - ()) - C:\WINDOWS\Installer\1ffbd67.msp
[28/06/2011 22:21:32] - [4637184] - (.().-. - ()) - C:\WINDOWS\Installer\1ffceda.msp

---------- | %System%\*.in*

[07/12/2019 11:09:39] - [3329] - C:\WINDOWS\System32\ieuinit.inf
[01/08/2020 20:31:42] - [1770906] - C:\WINDOWS\System32\PerfStringBackup.INI
[07/12/2019 11:09:05] - [60124] - C:\WINDOWS\System32\tcpmon.ini
[07/12/2019 11:08:46] - [2404] - C:\WINDOWS\System32\WimBootCompress.ini
[07/12/2019 11:10:00] - [3329] - C:\WINDOWS\Syswow64\ieuinit.inf
[07/12/2019 11:09:22] - [2404] - C:\WINDOWS\Syswow64\WimBootCompress.ini

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.0B32C11F8C734D934A93B7918FC800E1] - |A| - [01/08/2020 20:22:17] - (.-.) - [0.93 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\ASPNETSetup_00000.log
[MD5.8C7741BD8D827638D010F637C5F0C413] - |A| - [01/08/2020 20:22:18] - (.-.) - [0.94 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\ASPNETSetup_00001.log
[MD5.F88F3360E261C5248F1D62306C7529E4] - |A| - [01/08/2020 20:28:46] - (.-.) - [9.75 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\catalog.json
[MD5.00000000000000000000000000000000] - |D| - [02/08/2020 10:56:04] - [0 Ko] - C:\WINDOWS\Temp\DECFEC6E-2F1A-4728-8C8C-E14FB6020F73-Sigs
[MD5.08983F80D0ADB3AB633BFFDAC34B3F9B] - |A| - [01/08/2020 20:23:46] - (.-.) - [114.23 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GVI7Q33-20200801-2023.log
[MD5.A409FB7CBB23460EF32BA9F1D358F24C] - |A| - [01/08/2020 20:24:49] - (.-.) - [209.61 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GVI7Q33-20200801-2024.log
[MD5.A0A37E0EB81C843F10FDFE7B3D562C23] - |A| - [01/08/2020 20:32:41] - (.-.) - [77.1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GVI7Q33-20200801-2032.log
[MD5.DF6B876E151FD03F0650DFDF89636754] - |A| - [02/08/2020 10:55:40] - (.-.) - [70.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GVI7Q33-20200802-1055.log
[MD5.B6E83DE46F1701351047B1A7CFC352CA] - |A| - [02/08/2020 10:58:40] - (.-.) - [69.6 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GVI7Q33-20200802-1058.log
[MD5.71974EB959A7DE4EAA5D4DCE4597C2E5] - |A| - [02/08/2020 10:58:45] - (.-.) - [86.07 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GVI7Q33-20200802-1058a.log
[MD5.9F0591AABC6741A96EA2FB91B29D7822] - |A| - [02/08/2020 11:00:47] - (.-.) - [75.36 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GVI7Q33-20200802-1100.log
[MD5.DC1EF5EC8FF9DE3657939E912C5D7EE9] - |A| - [02/08/2020 14:52:34] - (.-.) - [118.96 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GVI7Q33-20200802-1452.log
[MD5.1D1EA7945353D89CF8B33A5D53E73C1C] - |A| - [02/08/2020 14:57:36] - (.-.) - [75.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GVI7Q33-20200802-1457.log
[MD5.5B2C1C73771B4C1A1BBAECC923778C1B] - |A| - [02/08/2020 15:45:43] - (.-.) - [97.6 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GVI7Q33-20200802-1545.log
[MD5.C4279C883B0D63292009B8189FCFEE16] - |A| - [02/08/2020 15:50:45] - (.-.) - [75.33 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GVI7Q33-20200802-1550.log
[MD5.4228205E4F5FA930AC1A54C8CA0B37F1] - |A| - [02/08/2020 19:13:48] - (.-.) - [190.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GVI7Q33-20200802-1913.log
[MD5.601D8558FBCB65AB669F5F89EED92C66] - |A| - [02/08/2020 19:18:50] - (.-.) - [79.26 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GVI7Q33-20200802-1918.log
[MD5.726A9701A6805FAC081E4E7E7739A84E] - |A| - [02/08/2020 19:34:01] - (.-.) - [114.69 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GVI7Q33-20200802-1934.log
[MD5.9962839A609A673D320DDE32EC060E84] - |A| - [02/08/2020 19:39:04] - (.-.) - [75.43 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GVI7Q33-20200802-1939.log
[MD5.D6FC3F964B0D91C8AEA25C9D43428FDF] - |A| - [02/08/2020 21:17:46] - (.-.) - [200.72 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GVI7Q33-20200802-2117.log
[MD5.300ACE76BB7F1A6B54967DE639030A71] - |A| - [02/08/2020 21:22:49] - (.-.) - [74.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GVI7Q33-20200802-2122.log
[MD5.AC9CA6A5DCE0066F2ED21EE02B739D87] - |A| - [03/08/2020 09:43:24] - (.-.) - [65.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GVI7Q33-20200803-0943.log
[MD5.B3F221903B7518C6A6AB61CBADF82D1E] - |A| - [03/08/2020 09:46:20] - (.-.) - [64.57 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GVI7Q33-20200803-0946.log
[MD5.FC898593778B2F2C291A3EFE42F36AE3] - |A| - [03/08/2020 09:46:25] - (.-.) - [80.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GVI7Q33-20200803-0946a.log
[MD5.B3527814B280EB814CBEB8617C929B61] - |A| - [03/08/2020 09:48:27] - (.-.) - [75.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GVI7Q33-20200803-0948.log
[MD5.91A18F0F105F273F0E4ECCD6617D1E7C] - |A| - [03/08/2020 10:06:46] - (.-.) - [75.36 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-GVI7Q33-20200803-1006.log
[MD5.2CDD34B8E00E34BF0351E39C51F9B136] - |A| - [01/08/2020 20:27:31] - (.-.) - [21.1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log
[MD5.E2A3F94AC82C73619E442827D8776BA8] - |A| - [02/08/2020 10:56:04] - (.-.) - [30.48 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpSigStub.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [01/08/2020 20:24:44] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20200801202444DA0).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/08/2020 15:45:38] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20200802154538125C).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/08/2020 19:13:43] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(202008021913431134).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/08/2020 21:17:41] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(202008022117411168).log
[MD5.3362C2B2E4D3FAD4A42CA6145DE73092] - |A| - [01/08/2020 20:23:41] - (.-.) - [1465.73 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\ssdtoolservice.log
[MD5.D803A01EDE86A9AF87CF73DA93C8068D] - |A| - [01/08/2020 20:22:09] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\tem374C.tmp
[MD5.B13AF738AA8BE55154B2752979D76827] - |A| - [01/08/2020 20:23:39] - (.-.) - [0.2 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\tem4064.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/08/2020 23:41:46] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{3927895F-5539-434D-B962-F959A8764485} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [01/08/2020 22:18:06] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{D2AEE03C-E7AB-411A-BDC6-8606566A6501} - OProcSessId.dat
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:50:21] - [0 Ko] - C:\WINDOWS\System32\0409
[MD5.C652A5EA6545C98CE71684018E0640E7] - |A| - [07/12/2019 11:09:00] - (.-.) - [3.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AdvancedKeySettingsNotification.png
[MD5.D6F8DD9F561B8A67FFAC2BAD7E989770] - |A| - [07/12/2019 11:08:44] - (.-.) - [0.23 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AppHelpToast.png
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [07/12/2019 11:08:45] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png
[MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [07/12/2019 11:08:21] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png
[MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [07/12/2019 11:08:52] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [07/12/2019 11:08:52] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png
[MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |A| - [07/12/2019 11:08:58] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png
[MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |A| - [07/12/2019 11:09:45] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png
[MD5.A3437673F5766635A8378F67645B81C0] - |A| - [07/12/2019 11:09:37] - (.-.) - [0.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@StorageSenseToastIcon.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [07/12/2019 11:09:07] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png
[MD5.79166EAF65485F1432DD72B72870026B] - |A| - [07/12/2019 11:09:32] - (.-.) - [190.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@windows-hello-V4.1.gif
[MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [07/12/2019 11:09:32] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png
[MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-black.png
[MD5.DAD405CBDE259DE527EBF71BCC28099C] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-white.png
[MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png
[MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [07/12/2019 11:08:19] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WirelessDisplayToast.png
[MD5.147B047B46B79A91CC34499D4F89119E] - |A| - [07/12/2019 11:09:05] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WLOGO_48x48.png
[MD5.31A16C523B62500F83C82217F056A538] - |A| - [07/12/2019 11:08:39] - (.-.) - [8.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ActiveHours.png
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [2771.3 Ko] - C:\WINDOWS\System32\AdvancedInstallers
[MD5.3AF89FB569117419503CC276BBC1A660] - |A| - [10/07/2020 20:15:25] - (.-.) - [13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\agentactivationruntimestarter.exe
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [5.97 Ko] - C:\WINDOWS\System32\am-et
[MD5.CD0EB12BDC11430D6F8375CFFF3C5F7E] - |A| - [24/03/2020 11:11:20] - (.Copyright (c) 2013 - 2020 Advanced Micro Devices, Inc. - amdpsp sys.) - [432.02 Ko] - (4.13.0.0) - C:\WINDOWS\System32\amdtee_api.dll
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\System32\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [2752.37 Ko] - C:\WINDOWS\System32\appraiser
[MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 16:53:51] - [287.49 Ko] - C:\WINDOWS\System32\AppV
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [278.5 Ko] - C:\WINDOWS\System32\ar-SA
[MD5.C9486151C26D64A4933B95BA10BF730A] - |A| - [07/12/2019 11:09:34] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [614 Ko] - (3.3.2.0) - C:\WINDOWS\System32\archiveint.dll
[MD5.477C84C56D7416F481301485EDDDAD98] - |A| - [10/07/2020 20:16:13] - (.-.) - [457 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AssignedAccessCsp.dll
[MD5.C03F0062C0749CDB59A4D60862C3E83E] - |A| - [07/12/2019 11:08:07] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [259 Ko] - C:\WINDOWS\System32\bg-BG
[MD5.705628497C0012302212A46ADD463E6E] - |A| - [07/12/2019 11:08:05] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-black.png
[MD5.F63C615733A3337BF2BEA96C6EE9B568] - |A| - [07/12/2019 11:08:05] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-high.png
[MD5.705628497C0012302212A46ADD463E6E] - |A| - [07/12/2019 11:08:05] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-white.png
[MD5.DAF1DCB4AEE839A1965F4CC160C49A53] - |A| - [07/12/2019 11:08:05] - (.-.) - [8.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.png
[MD5.28ECA83D7F9D10D69E969675D1FF6725] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.contrast-white.png
[MD5.A620186FF1CDE4EE117FC4CAD648B9CC] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [6007.3 Ko] - C:\WINDOWS\System32\Boot
[MD5.18CC6144498E3F5C60752E3EB6A68FDE] - |A| - [07/12/2019 11:08:46] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [186.5 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0.1 Ko] - C:\WINDOWS\System32\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:03:44] - [64277.72 Ko] - C:\WINDOWS\System32\CatRoot
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [43234.39 Ko] - C:\WINDOWS\System32\catroot2
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [20.62 Ko] - C:\WINDOWS\System32\CodeIntegrity
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [382 Ko] - C:\WINDOWS\System32\Com
[MD5.535884123FABC2C15AA7DEC9834B55D4] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.contrast-white.png
[MD5.89F92266DFC6F93961DFFBB2D6C61A15] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:03:44] - [227110.82 Ko] - C:\WINDOWS\System32\config
[MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [86.84 Ko] - C:\WINDOWS\System32\Configuration
[MD5.E09649F642712152DFF9E0524DC165F5] - |A| - [07/12/2019 11:08:34] - (.-.) - [232.02 Ko] - (0.0.0.0) - C:\WINDOWS\System32\containerdevicemanagement.dll
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0.34 Ko] - C:\WINDOWS\System32\ContainerSettingsProviders
[MD5.2D526CCDA77324700833E6A955A300F5] - |A| - [10/07/2020 20:15:25] - (.-.) - [280.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CoreMas.dll
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [06/02/2020 16:08:45] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\System32\courgette.log
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [322.5 Ko] - C:\WINDOWS\System32\cs-CZ
[MD5.1C3645EBDDBE2DA6A32A5F9FB43A3C23] - |A| - [07/12/2019 11:09:34] - (.© 1996 - 2017 Daniel Stenberg, <daniel@haxx.se>. - The curl executable.) - [411.5 Ko] - (7.55.1.0) - C:\WINDOWS\System32\curl.exe
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [325.5 Ko] - C:\WINDOWS\System32\da-DK
[MD5.F077B7ECA3D53F92FBC2B3094424E2E4] - |A| - [01/08/2020 21:16:37] - (.-.) - [150 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [271.02 Ko] - C:\WINDOWS\System32\DDFs
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [363 Ko] - C:\WINDOWS\System32\de-DE
[MD5.C1684AACAAD62889ACFCA988AA46562D] - |A| - [07/12/2019 11:08:21] - (.-.) - [28.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultAccountTile.png
[MD5.057C75B5735EEF2A75ABF8F6770BCA34] - |A| - [01/08/2020 21:16:36] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin
[MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [07/12/2019 11:14:56] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json
[MD5.041A7B079E9776721847031A7CF533E1] - |A| - [07/12/2019 11:09:34] - (.-.) - [15.97 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DeliveryOptimizationMIProv.mof
[MD5.59D5500F74109D59522F5A9457B8D9A2] - |A| - [07/12/2019 11:09:34] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DeliveryOptimizationMIProvUninstall.mof
[MD5.B924F1A7DE5ED8331B3375A778B3FE38] - |A| - [07/12/2019 11:08:52] - (.-.) - [35.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\deploymentcsphelper.exe
[MD5.851A9305E14B348CA0D9C7FB75391FDB] - |A| - [07/12/2019 11:08:39] - (.-.) - [272.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DesktopKeepOnToastImg.gif
[MD5.4A6FA3C0EFD237F104E09A22883D9388] - |A| - [07/12/2019 11:08:43] - (.-.) - [3.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DetailedReading-Default.xml
[MD5.3B5BFF2D6826956AB7D71D61FBA8EC48] - |A| - [07/12/2019 11:10:18] - (.-.) - [131.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DeviceUpdateCenterCsp.dll
[MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [881 Ko] - C:\WINDOWS\System32\DiagSvcs
[MD5.037DF43BCC9F9A4DF6548FED8F4503AF] - |A| - [07/12/2019 11:08:37] - (.-.) - [82.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [10114.03 Ko] - C:\WINDOWS\System32\Dism
[MD5.6AB2B935BF38EB13CFCB9506223FD6E7] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.contrast-white.png
[MD5.FF004E0B30E5E4EC747B3D8EF6E3B89E] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.png
[MD5.73DA8BC1BF7DB9FF13DA95819863BAD6] - |A| - [01/08/2020 21:16:51] - (.-.) - [9.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuthTxt.wim
[MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [214.5 Ko] - C:\WINDOWS\System32\dsc
[MD5.FD45B4640B7A9F9E59092AF1BA20FFCD] - |A| - [07/12/2019 11:08:46] - (.-.) - [2200.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\dwmscene.dll
[MD5.DF84EB7B44D1414284BA384F0061D1DC] - |A| - [07/12/2019 11:08:07] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicLong.bin
[MD5.346870077DFD18867A9693C7A59AA3E6] - |A| - [07/12/2019 11:08:07] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicMedium.bin
[MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |A| - [07/12/2019 11:08:07] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicShort.bin
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [365.5 Ko] - C:\WINDOWS\System32\el-GR
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:50:21] - [3204 Ko] - C:\WINDOWS\System32\en
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [18474.88 Ko] - C:\WINDOWS\System32\en-GB
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [25973.45 Ko] - C:\WINDOWS\System32\en-US
[MD5.7967BE6FC5D8DE759F35EC53D6A85BBE] - |A| - [18/07/2020 21:24:33] - (.-.) - [47.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\energy-report.html
[MD5.A24FD93B52A9B8576AB3A8CD7FA0CB5E] - |A| - [22/07/2020 23:52:02] - (.Copyright (C) 2019 - SteelSeries Engine CoInstaller.) - [298.22 Ko] - (1.0.0.0) - C:\WINDOWS\System32\engineco.dll
[MD5.4D3920C8B3D893CF642042C3600980EC] - |A| - [10/07/2020 20:15:42] - (.-.) - [145.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\EoAExperiences.exe
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [348 Ko] - C:\WINDOWS\System32\es-ES
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [271 Ko] - C:\WINDOWS\System32\es-MX
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [238 Ko] - C:\WINDOWS\System32\et-EE
[MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [16792.14 Ko] - C:\WINDOWS\System32\F12
[MD5.4DED57BD7ACB9B0EBBE82034EC44645A] - |A| - [07/12/2019 11:08:41] - (.-.) - [43.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastBulldogImg.png
[MD5.7F65C93283F31EB39E311DDDC00DFBA6] - |A| - [10/07/2020 20:15:41] - (.-.) - [16.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastDlpImg.png
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [7.11 Ko] - C:\WINDOWS\System32\ff-Adlm-SN
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [330 Ko] - C:\WINDOWS\System32\fi-FI
[MD5.277AFD925FEE2307244DC58115C6E414] - |A| - [01/08/2020 20:22:03] - (.-.) - [283.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:50:21] - [3490.5 Ko] - C:\WINDOWS\System32\fr
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [278.5 Ko] - C:\WINDOWS\System32\fr-CA
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [48312.7 Ko] - C:\WINDOWS\System32\fr-FR
[MD5.D44D9507CAB733013C0518A713269B33] - |A| - [07/12/2019 11:09:47] - (.-.) - [656.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FsNVSDeviceSource.dll
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:51:43] - [0 Ko] - C:\WINDOWS\System32\FxsTmp
[MD5.41FD64AE28A0C932CA7B2A250993D675] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.contrast-white.png
[MD5.6DC77FD8B062264AF1C6DA325ABB7010] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.png
[MD5.2E6AF4D5BF6E31E728F409984C3045D4] - |A| - [07/12/2019 11:09:48] - (.-.) - [86.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers
[MD5.EA99A87E98D995DE6E280CF85CEAD413] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.contrast-white.png
[MD5.B8E586ED92DB703FFA480E254996160E] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [256.5 Ko] - C:\WINDOWS\System32\he-IL
[MD5.6E9E9D56B192B2995493E529CFF2BBFE] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.contrast-white.png
[MD5.7F1E9502267F778F3A8139C35A352190] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.png
[MD5.202A07E4526B050E22624328E64E0470] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.contrast-white.png
[MD5.1892ACC10CAC009BCAC146AD650ABA58] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.png
[MD5.031713BFD5F30E63336D3CA5D2767BE9] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.contrast-white.png
[MD5.C1BD7976C99830E33A713D02374054EC] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.png
[MD5.8F87A4711DD55F4676CE5C4B3DC905D5] - |A| - [10/07/2020 20:15:37] - (.-.) - [299 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll
[MD5.3D43CAC5517F33B91713619F3A429062] - |A| - [01/08/2020 21:16:57] - (.-.) - [133.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HvsiManagementApi.dll
[MD5.E844A45B12C3DFC1DD0896B7EF6DC0B4] - |A| - [07/12/2019 11:09:51] - (.-.) - [44.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HvSocket.dll
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:53:51] - [149.55 Ko] - C:\WINDOWS\System32\Hydrogen
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [5.36 Ko] - C:\WINDOWS\System32\ias
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [36.27 Ko] - C:\WINDOWS\System32\icsxml
[MD5.D0530C1F7C7A1ACB2BD2CEC660F3B394] - |RA| - [07/12/2019 11:08:33] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Combined Library.) - [2207.5 Ko] - (64.2.0.0) - C:\WINDOWS\System32\icu.dll
[MD5.8487436DDAB30187D71B977DEEE80BAC] - |RA| - [07/12/2019 11:08:33] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N Forwarder DLL.) - [24.5 Ko] - (64.2.0.0) - C:\WINDOWS\System32\icuin.dll
[MD5.66C365C160599D54C5953953621DE774] - |RA| - [07/12/2019 11:08:33] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common Forwarder DLL.) - [29 Ko] - (64.2.0.0) - C:\WINDOWS\System32\icuuc.dll
[MD5.64F52521EA449854430F08E95F74054E] - |A| - [07/12/2019 11:08:05] - (.-.) - [192.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [26867.84 Ko] - C:\WINDOWS\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\System32\inetsrv
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [6930 Ko] - C:\WINDOWS\System32\InputMethod
[MD5.8DE9AE82152650C178BF1E24014E8503] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.contrast-white.png
[MD5.0B9FBD6F3ED617CD36D042D3422F1C2B] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\System32\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [349.5 Ko] - C:\WINDOWS\System32\it-IT
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [265.84 Ko] - C:\WINDOWS\System32\ja-jp
[MD5.23AC7515B6D8A794BCC01B582F044078] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.contrast-white.png
[MD5.3DF873E16CCEA9B42857FB5FA085CB00] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [4924.44 Ko] - C:\WINDOWS\System32\Keywords
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [238.5 Ko] - C:\WINDOWS\System32\ko-KR
[MD5.9451D4436E2EA67EB33FCC764E4AABED] - |A| - [07/12/2019 11:08:39] - (.-.) - [186.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LaptopPlugInToastImg.gif
[MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |A| - [07/12/2019 11:08:07] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin
[MD5.157FB82D7141B18624FF2D42190C97E1] - |A| - [07/12/2019 16:51:31] - (.-.) - [1572 Ko] - (2.6.5.1) - C:\WINDOWS\System32\libcrypto.dll
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [625.17 Ko] - C:\WINDOWS\System32\Licenses
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [58580 Ko] - C:\WINDOWS\System32\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [246.5 Ko] - C:\WINDOWS\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [247.5 Ko] - C:\WINDOWS\System32\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [30141.03 Ko] - C:\WINDOWS\System32\Macromed
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:52:40] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync
[MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [07/12/2019 11:10:41] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\manage-bde.wsf
[MD5.B11EA2D4EA3923FD438905B64B1361EA] - |A| - [01/08/2020 21:16:48] - (.-.) - [1131.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE
[MD5.F23EB28468FC8B62AF941308EC30387F] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.contrast-white.png
[MD5.6E27512E38D598E0A60F8E5ADCF032CD] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.png
[MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |A| - [07/12/2019 11:08:07] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [01/08/2020 21:19:04] - [1107.7 Ko] - C:\WINDOWS\System32\Microsoft
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [6804.82 Ko] - C:\WINDOWS\System32\migration
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [45317.53 Ko] - C:\WINDOWS\System32\migwiz
[MD5.08749DCC252AE1148E3BEA32B3FFFBFC] - |A| - [07/12/2019 11:10:11] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MixedRealityRuntime.json
[MD5.C8BF077B236ED2803347BD95DE29BF68] - |A| - [07/12/2019 11:14:56] - (.-.) - [3.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\mmc.exe.config
[MD5.B43E43FFFDD0F06A6925C7C89594042B] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.contrast-white.png
[MD5.5D2F0D3E50BF1129D260AC1405FF2A18] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [10/01/2020 13:44:18] - [0 Ko] - C:\WINDOWS\System32\MRT
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [4148.28 Ko] - C:\WINDOWS\System32\MsDtc
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [21.37 Ko] - C:\WINDOWS\System32\MUI
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [45.64 Ko] - C:\WINDOWS\System32\my-mm
[MD5.74FDEEAC0C0C0F62F4D0D484A36DA23A] - |A| - [07/12/2019 11:08:44] - (.-.) - [30.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NarratorControlTemplates.xml
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [318.5 Ko] - C:\WINDOWS\System32\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [896 Ko] - C:\WINDOWS\System32\NDF
[MD5.6AFA09DB42CC22ED21EF1FC01CDBAEC3] - |A| - [19/07/2020 19:25:39] - (.-.) - [101.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log
[MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [07/12/2019 11:09:48] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml
[MD5.0E2D5DA1C7A1A97E46172AC33AD354EC] - |A| - [07/12/2019 11:09:48] - (.-.) - [70.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nettraceex.dll
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [51 Ko] - C:\WINDOWS\System32\networklist
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [342.5 Ko] - C:\WINDOWS\System32\nl-NL
[MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [3781.5 Ko] - C:\WINDOWS\System32\Nui
[MD5.7BB5643D9D273875AD6B22A8AB01D1D8] - |A| - [18/07/2020 19:56:34] - (.-.) - [76.95 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvinfo.pb
[MD5.8F45EB3E4F15908718498A3EA0ACBB49] - |A| - [18/07/2020 19:56:34] - (.-.) - [658.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvofapi64.dll
[MD5.6976E3F18E775B704AB7887323ABC4B5] - |A| - [07/12/2019 16:53:51] - (.-.) - [19.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml
[MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-black.png
[MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-white.png
[MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.png
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [25951.1 Ko] - C:\WINDOWS\System32\oobe
[MD5.2AD7B4F3C8D2BB686D231EDFF404B7A4] - |A| - [02/04/2020 18:36:22] - (.Copyright (C) 2000-2006 - Standard OpenAL(TM) Implementation.) - [120.02 Ko] - (6.14.357.24) - C:\WINDOWS\System32\OpenAL32.dll
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:51:31] - [3554.5 Ko] - C:\WINDOWS\System32\OpenSSH
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [3.81 Ko] - C:\WINDOWS\System32\osa-Osge-001
[MD5.459FB33AA2114A28C5932FEAA115B072] - |A| - [07/12/2019 11:08:07] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin
[MD5.C3938F5570991DC59774FA2BD0C53705] - |A| - [19/05/2020 15:29:45] - (.Copyright (c) by pdfforge - pdfcmon.) - [114 Ko] - (0.9.8.1) - C:\WINDOWS\System32\pdfcmon.dll
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1739.72 Ko] - C:\WINDOWS\System32\PerceptionSimulation
[MD5.377551C0B270EC79AC5F1354BCCCD5CE] - |A| - [07/12/2019 11:17:25] - (.-.) - [130.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat
[MD5.8C7D6EC2F5EC356F5D6C6DE247F74B71] - |A| - [07/12/2019 16:50:23] - (.-.) - [146.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat
[MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [07/12/2019 11:17:25] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat
[MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [07/12/2019 16:50:23] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat
[MD5.28B5F2B376E76D79EBA3F63A6907B780] - |A| - [07/12/2019 11:17:25] - (.-.) - [684.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat
[MD5.F46DB582300C723E3E2CA0201D7B4A61] - |A| - [07/12/2019 16:50:23] - (.-.) - [773.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat
[MD5.F73A63C24D27F5D4B5BD39B75E77EABC] - |A| - [01/08/2020 20:31:42] - (.-.) - [1729.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI
[MD5.79D34E3B62076D4C875C748F5BE71ECA] - |A| - [07/12/2019 11:08:05] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.contrast-white.png
[MD5.4D9495349D00D9AD907F227FF51F289F] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [342 Ko] - C:\WINDOWS\System32\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [464 Ko] - C:\WINDOWS\System32\PointOfService
[MD5.7700A1F5ECACFB07A92C5960448AFAB8] - |A| - [07/12/2019 11:08:28] - (.-.) - [43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\pospaymentsworker.exe
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:50:21] - [969.13 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\System32\ProximityToast
[MD5.007893E8374C766471239EB291BA8C17] - |A| - [07/12/2019 11:08:19] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [336 Ko] - C:\WINDOWS\System32\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [338.5 Ko] - C:\WINDOWS\System32\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [23.75 Ko] - C:\WINDOWS\System32\ras
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\System32\RasToast
[MD5.1CCB256CE262988EEAB04CC5C337DF35] - |A| - [07/12/2019 11:09:45] - (.-.) - [2315 Ko] - (1.0.1908.26001) - C:\WINDOWS\System32\rdpnano.dll
[MD5.D21833486FB2DEFF5BA2E373461C5B63] - |A| - [07/12/2019 11:08:07] - (.-.) - [72 Ko] - (0.0.0.0) - C:\WINDOWS\System32\rdsxvmaudio.dll
[MD5.97E71398617B6C27F39BE66C596BC4C5] - |A| - [10/07/2020 20:16:13] - (.Copyright (C) 2009 - RemoteFX Helper.) - [109 Ko] - (1.1.0.0) - C:\WINDOWS\System32\RDVGHelper.exe
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [2.16 Ko] - C:\WINDOWS\System32\Recovery
[MD5.826549DF7B1333179BA8CA939B12DAD3] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.contrast-white.png
[MD5.B4DEEC96F9DF6961D5DE054F11BF9C2B] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.png
[MD5.19B5EEEC29F044451D5E8E89B1BE6F5E] - |A| - [07/12/2019 11:09:33] - (.-.) - [110.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResBParser.dll
[MD5.31924C8E78CDBD81DA7905E87B185387] - |A| - [07/12/2019 11:09:54] - (.-.) - [9.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList
[MD5.5504F7F27D0AB178346D643D444A612C] - |A| - [07/12/2019 11:09:54] - (.-.) - [8.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageListLowCost
[MD5.85CF16AF388AE12AAE3E48A883C17A06] - |A| - [07/12/2019 11:09:54] - (.-.) - [8.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList
[MD5.1391FB4E005C208A35E77DF6F3F055E2] - |A| - [07/12/2019 11:09:54] - (.-.) - [8.49 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageListLowCost
[MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-black.png
[MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-white.png
[MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.png
[MD5.AE9FE55FED83149715734CB83339055A] - |A| - [07/12/2019 11:08:39] - (.-.) - [1.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartTonight_80.png
[MD5.AE9FE55FED83149715734CB83339055A] - |A| - [07/12/2019 11:08:39] - (.-.) - [1.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartTonight_80_contrast-black.png
[MD5.891AD355AB777A95695FC8A8A623A614] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartTonight_80_contrast-white.png
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0.07 Ko] - C:\WINDOWS\System32\restore
[MD5.AF47D6660569DFA46BC4E1CD21E1624B] - |A| - [28/09/2012 21:45:18] - (.-.) - [240.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\rtvcvfw64.dll
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [334 Ko] - C:\WINDOWS\System32\ru-RU
[MD5.5D4B866B889347755124B505E2C100EE] - |A| - [10/07/2020 20:15:44] - (.-.) - [59.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\runexehelper.exe
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [07/12/2019 11:10:32] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml
[MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-black.png
[MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-white.png
[MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.png
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [4.85 Ko] - C:\WINDOWS\System32\SecureBootUpdates
[MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [07/12/2019 11:08:41] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [78.59 Ko] - C:\WINDOWS\System32\Sgrm
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1838.5 Ko] - C:\WINDOWS\System32\ShellExperiences
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [23.7 Ko] - C:\WINDOWS\System32\si-lk
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [254.5 Ko] - C:\WINDOWS\System32\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [251.5 Ko] - C:\WINDOWS\System32\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [01/08/2020 20:22:03] - [2112 Ko] - C:\WINDOWS\System32\SleepStudy
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:50:21] - [98.06 Ko] - C:\WINDOWS\System32\slmgr
[MD5.DAC275ABAAD2B689D7BB3685E4032072] - |A| - [07/12/2019 11:08:07] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:03:44] - [15541.02 Ko] - C:\WINDOWS\System32\SMI
[MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-black.png
[MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-white.png
[MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.png
[MD5.DE3EAAF17BC934C77C4FC0C626EEA03B] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.contrast-white.png
[MD5.3308374DB8D20CFDA4D4204E2B5E559E] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.png
[MD5.6DB032025BD266E5A3A52259F57F9247] - |A| - [07/12/2019 11:09:51] - (.-.) - [40 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [7816.3 Ko] - C:\WINDOWS\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [12966.26 Ko] - C:\WINDOWS\System32\Speech_OneCore
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [77418.14 Ko] - C:\WINDOWS\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [18180.12 Ko] - C:\WINDOWS\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [23.6 Ko] - C:\WINDOWS\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [253.5 Ko] - C:\WINDOWS\System32\sr-Latn-RS
[MD5.BA7D4E5FAE64BD0403C7F7E91CD93F77] - |A| - [07/12/2019 11:09:54] - (.-.) - [11.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms-apr-v.dat
[MD5.DC9450258D80F46AEF8EF063A7C629B0] - |A| - [07/12/2019 11:09:54] - (.-.) - [19.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms-apr.dat
[MD5.67894C70461ABD4EF6C116637EBB218A] - |A| - [07/12/2019 11:09:45] - (.-.) - [58.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [48344 Ko] - C:\WINDOWS\System32\sru
[MD5.67AEE39A0FED37306C8D8A204E319114] - |A| - [07/12/2019 11:08:07] - (.-.) - [444 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [324 Ko] - C:\WINDOWS\System32\sv-SE
[MD5.20C4FE2B130D9F0C92D7629E71AFBB66] - |A| - [07/12/2019 11:10:18] - (.-.) - [1.68 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SyncAppvPublishingServer.vbs
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1423.48 Ko] - C:\WINDOWS\System32\Sysprep
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [942.78 Ko] - C:\WINDOWS\System32\SystemResetPlatform
[MD5.91A578E2822436E185117C0A8CEEFE46] - |A| - [24/03/2020 11:11:22] - (.Copyright (c) 2013 - 2020 Advanced Micro Devices, Inc. - amdpsp sys.) - [423.52 Ko] - (4.13.0.0) - C:\WINDOWS\System32\t-base_client_api.dll
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [8.16 Ko] - C:\WINDOWS\System32\ta-in
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [10.73 Ko] - C:\WINDOWS\System32\ta-lk
[MD5.4D188B08E9274E1360062B22E88A2F3F] - |A| - [07/12/2019 11:09:34] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [52 Ko] - (3.3.2.0) - C:\WINDOWS\System32\tar.exe
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [711.61 Ko] - C:\WINDOWS\System32\Tasks
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [698.06 Ko] - C:\WINDOWS\System32\Tasks_Migrated
[MD5.A0140826A682DBE4CF3CDAA8EBD2729A] - |A| - [24/03/2020 11:11:22] - (.Copyright (c) 2013 - 2018 Advanced Micro Devices, Inc. - tbaseregistry dll.) - [471.02 Ko] - (4.6.1.1) - C:\WINDOWS\System32\tbaseregistry64.dll
[MD5.D602CA245CC6774A0981B607F0675609] - |A| - [07/12/2019 11:09:05] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini
[MD5.BFC8458711D121918856CE85742F5F5F] - |A| - [01/08/2020 21:16:41] - (.-.) - [2207 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TextInputMethodFormatter.dll
[MD5.4C754ECE72C566D4396A7C9C65BBC9A6] - |A| - [10/07/2020 20:15:36] - (.-.) - [690.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TextShaping.dll
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [239 Ko] - C:\WINDOWS\System32\th-TH
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [5.97 Ko] - C:\WINDOWS\System32\ti-et
[MD5.8F62B9FD83E2B04251560B55760F32E2] - |A| - [07/12/2019 11:08:13] - (.-.) - [266 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TpmTool.exe
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [312.5 Ko] - C:\WINDOWS\System32\tr-TR
[MD5.B88B8D017386A00D7724519F475317A0] - |A| - [07/12/2019 11:08:13] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt
[MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [07/12/2019 11:08:13] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt
[MD5.D200497DD3A24F138123F0EB6C385D1D] - |A| - [07/12/2019 11:10:19] - (.-.) - [0.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UevAppMonitor.exe.config
[MD5.4AAEE8D86EC81DA2A1514ABC77E71F57] - |A| - [07/12/2019 11:10:19] - (.-.) - [3.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UevCustomActionTypes.tlb
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [249 Ko] - C:\WINDOWS\System32\uk-UA
[MD5.EA034AD86D4E3364D11AC60C3DC8F78E] - |A| - [07/12/2019 11:08:09] - (.-.) - [63.24 Ko] - (0.0.0.0) - C:\WINDOWS\System32\umpdc.dll
[MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [2196.52 Ko] - C:\WINDOWS\System32\UNP
[MD5.8ADD5935D83D0A425C39E369520C4095] - |A| - [07/12/2019 11:08:37] - (.-.) - [48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UsbPmApi.dll
[MD5.46A6DF60907700A148D42CCF1219522E] - |A| - [07/12/2019 11:08:39] - (.-.) - [38.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\usocoreps.dll
[MD5.75BC74AE8B436437B3DDD487DDFFC003] - |A| - [07/12/2019 11:10:21] - (.-.) - [119.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\uwfcfgmgmt.dll
[MD5.0DB7FB3310F135734D305FFCC92FF57E] - |A| - [07/12/2019 11:10:21] - (.-.) - [153 Ko] - (0.0.0.0) - C:\WINDOWS\System32\uwfcsp.dll
[MD5.C2C9BB5DD8F2A32DEE6CCA87447DDD67] - |A| - [07/12/2019 11:10:21] - (.-.) - [31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\uwfservicingapi.dll
[MD5.1E630731AFDFC63DEC4074301D342E4B] - |A| - [07/12/2019 11:08:09] - (.-.) - [36.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\VhfUm.dll
[MD5.1CA3BA14F11DC660B62F23138D5E0ADA] - |A| - [07/12/2019 11:10:11] - (.-.) - [93.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\VirtualMonitorManager.dll
[MD5.4861148B96E24C3C6292E69ACC001A14] - |A| - [18/07/2020 19:56:35] - (.Copyright (C) 2015-2020 - Vulkan Loader.) - [1061.21 Ko] - (1.2.131.2) - C:\WINDOWS\System32\vulkan-1-999-0-0-0.dll
[MD5.4861148B96E24C3C6292E69ACC001A14] - |A| - [18/07/2020 19:56:35] - (.Copyright (C) 2015-2020 - Vulkan Loader.) - [1061.21 Ko] - (1.2.131.2) - C:\WINDOWS\System32\vulkan-1.dll
[MD5.5043F3A12F5FF10703696D28FCC16539] - |A| - [18/07/2020 19:56:35] - (.Copyright (C) 2015-2020 - Vulkan Info.) - [1739.21 Ko] - (1.2.131.2) - C:\WINDOWS\System32\vulkaninfo-1-999-0-0-0.exe
[MD5.5043F3A12F5FF10703696D28FCC16539] - |A| - [18/07/2020 19:56:35] - (.Copyright (C) 2015-2020 - Vulkan Info.) - [1739.21 Ko] - (1.2.131.2) - C:\WINDOWS\System32\vulkaninfo.exe
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [192772.22 Ko] - C:\WINDOWS\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:50:22] - [0 Ko] - C:\WINDOWS\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [78758.26 Ko] - C:\WINDOWS\System32\WDI
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [07/12/2019 11:08:46] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml
[MD5.1D64ACF3675288CC086E6361EAC748C4] - |A| - [07/12/2019 11:08:52] - (.-.) - [144.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Win32AppSettingsProvider.dll
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [50501.05 Ko] - C:\WINDOWS\System32\WinBioPlugIns
[MD5.DBA755D8A56237687EF426857F6ED7F9] - |A| - [10/07/2020 20:15:38] - (.-.) - [629 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowManagementAPI.dll
[MD5.4C3559A0D7E8BEF2040667506721F829] - |A| - [10/01/2020 14:42:58] - (.Copyright © 2019 - Java(TM) Platform SE binary.) - [126.05 Ko] - (8.0.2310.11) - C:\WINDOWS\System32\WindowsAccessBridge-64.dll
[MD5.E9CA21D71E952448B75C45B2467E4DE7] - |A| - [07/12/2019 11:08:27] - (.-.) - [123 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [12075.35 Ko] - C:\WINDOWS\System32\WindowsPowerShell
[MD5.28E98ED0B6B08B7F1D163FFD184B28AF] - |A| - [07/12/2019 11:08:41] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsSecurityIcon.png
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [66396 Ko] - C:\WINDOWS\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [6278.38 Ko] - C:\WINDOWS\System32\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:50:22] - [207.67 Ko] - C:\WINDOWS\System32\winrm
[MD5.F30555AB0E32DA20BCC95F606B644177] - |A| - [23/03/2020 12:35:27] - (.Copyright (C) 2019 - WinTab32.) - [142 Ko] - (1.5.2.0) - C:\WINDOWS\System32\WinTab32.dll
[MD5.1B46E2E85D401A629966A8F62D9B0775] - |A| - [07/12/2019 11:08:12] - (.-.) - [9.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcatltoast.png
[MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [07/12/2019 11:08:12] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png
[MD5.69FEC1494F4C454E994D27CA6750832B] - |A| - [07/12/2019 11:08:49] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml
[MD5.549347BCD4AACD63243D78E8F869DBB1] - |A| - [02/04/2020 18:36:22] - (.Copyright © 2008 - OpenAL32.) - [455.52 Ko] - (2.2.0.5) - C:\WINDOWS\System32\wrap_oal.dll
[MD5.C8A7EAA0B83E05DDD11F37A833F754AC] - |A| - [07/12/2019 11:08:21] - (.-.) - [83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll
[MD5.F7B865265606C41B0E07779D3317E0A8] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\X_80.contrast-black.png
[MD5.6FF92221AF9D6CDF0966C4E44C367975] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\X_80.contrast-white.png
[MD5.F7B865265606C41B0E07779D3317E0A8] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\X_80.png
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [237.99 Ko] - C:\WINDOWS\System32\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [207.5 Ko] - C:\WINDOWS\System32\zh-TW
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:50:22] - [0 Ko] - C:\WINDOWS\SysWOW64\0409
[MD5.D6F8DD9F561B8A67FFAC2BAD7E989770] - |A| - [07/12/2019 11:09:21] - (.-.) - [0.23 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AppHelpToast.png
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [07/12/2019 11:09:21] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [07/12/2019 11:09:26] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [07/12/2019 11:09:32] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png
[MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [07/12/2019 11:09:15] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@WirelessDisplayToast.png
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1860.8 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers
[MD5.E5CDA52CD709780E81013C4D5ABA58BF] - |A| - [07/12/2019 11:09:11] - (.-.) - [10.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
[MD5.23D0E99564939F26C491F99B1896E6BE] - |A| - [24/03/2020 11:11:20] - (.Copyright (c) 2013 - 2020 Advanced Micro Devices, Inc. - amdpsp sys.) - [347.52 Ko] - (4.13.0.0) - C:\WINDOWS\SysWOW64\amdtee_api.dll
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [97.5 Ko] - C:\WINDOWS\SysWOW64\ar-SA
[MD5.DDE41441FE1A8A540354DA849E3FBC79] - |A| - [07/12/2019 11:09:57] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [519.5 Ko] - (3.3.2.0) - C:\WINDOWS\SysWOW64\archiveint.dll
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [58.5 Ko] - C:\WINDOWS\SysWOW64\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0.1 Ko] - C:\WINDOWS\SysWOW64\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [321.5 Ko] - C:\WINDOWS\SysWOW64\Com
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [2.14 Ko] - C:\WINDOWS\SysWOW64\config
[MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [86.84 Ko] - C:\WINDOWS\SysWOW64\Configuration
[MD5.D564F04112AF07AEAFCFE6F9F463933A] - |A| - [07/12/2019 11:09:11] - (.-.) - [235 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\CoreMas.dll
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [118.5 Ko] - C:\WINDOWS\SysWOW64\cs-CZ
[MD5.4329254E74AD91D047E3CEDCC7C138C3] - |A| - [07/12/2019 11:09:57] - (.© 1996 - 2017 Daniel Stenberg, <daniel@haxx.se>. - The curl executable.) - [377.5 Ko] - (7.55.1.0) - C:\WINDOWS\SysWOW64\curl.exe
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [119.5 Ko] - C:\WINDOWS\SysWOW64\da-DK
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [131 Ko] - C:\WINDOWS\SysWOW64\de-DE
[MD5.C1684AACAAD62889ACFCA988AA46562D] - |A| - [07/12/2019 11:09:15] - (.-.) - [28.83 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\DefaultAccountTile.png
[MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [188 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs
[MD5.00000000000000000000000000000000] - |D| - [02/08/2020 14:05:29] - [0 Ko] - C:\WINDOWS\SysWOW64\directx
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [7839.29 Ko] - C:\WINDOWS\SysWOW64\Dism
[MD5.B873A5ABCFBC42B1BAC9EBE8741C6162] - |A| - [07/12/2019 16:51:24] - (.Copyright (C) 2019 - Gracenote SDK component.) - [244 Ko] - (3.9.511.0) - C:\WINDOWS\SysWOW64\gnsdk_fp.dll
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [93 Ko] - C:\WINDOWS\SysWOW64\he-IL
[MD5.EF363E24A6FF08E8084A0EC3F0C3E7A3] - |A| - [07/12/2019 11:09:17] - (.-.) - [230 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [55.5 Ko] - C:\WINDOWS\SysWOW64\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [123 Ko] - C:\WINDOWS\SysWOW64\hu-HU
[MD5.181F3EAA1D32F9C9F4BC53EB31945712] - |A| - [01/08/2020 21:16:57] - (.-.) - [99.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml
[MD5.8DFBAF2E92AAC3D4D94EE60406230ED5] - |RA| - [07/12/2019 11:09:18] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Combined Library.) - [1820.5 Ko] - (64.2.0.0) - C:\WINDOWS\SysWOW64\icu.dll
[MD5.FB475B41189AACF1C607C1E9DC0EBB0B] - |RA| - [07/12/2019 11:09:18] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N Forwarder DLL.) - [24 Ko] - (64.2.0.0) - C:\WINDOWS\SysWOW64\icuin.dll
[MD5.B17445D0DF2C22C924899B5DF8E84475] - |RA| - [07/12/2019 11:09:18] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common Forwarder DLL.) - [28.5 Ko] - (64.2.0.0) - C:\WINDOWS\SysWOW64\icuuc.dll
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [21654.34 Ko] - C:\WINDOWS\SysWOW64\IME
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\inetsrv
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [215 Ko] - C:\WINDOWS\SysWOW64\InputMethod
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [125 Ko] - C:\WINDOWS\SysWOW64\it-IT
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [89 Ko] - C:\WINDOWS\SysWOW64\ja-JP
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [4924.44 Ko] - C:\WINDOWS\SysWOW64\Keywords
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [91 Ko] - C:\WINDOWS\SysWOW64\ko-KR
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [625.17 Ko] - C:\WINDOWS\SysWOW64\Licenses
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [56.5 Ko] - C:\WINDOWS\SysWOW64\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [56 Ko] - C:\WINDOWS\SysWOW64\lv-LV
[MD5.3EB7EC898F80983B102D76BE819DD851] - |A| - [30/05/2020 16:18:17] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\machineclass.txt
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [25111.57 Ko] - C:\WINDOWS\SysWOW64\Macromed
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:52:40] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [2841.09 Ko] - C:\WINDOWS\SysWOW64\migration
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [816.3 Ko] - C:\WINDOWS\SysWOW64\migwiz
[MD5.08749DCC252AE1148E3BEA32B3FFFBFC] - |A| - [07/12/2019 11:10:14] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\MixedRealityRuntime.json
[MD5.C8BF077B236ED2803347BD95DE29BF68] - |A| - [07/12/2019 11:15:00] - (.-.) - [3.03 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\mmc.exe.config
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [52.28 Ko] - C:\WINDOWS\SysWOW64\Msdtc
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [21.37 Ko] - C:\WINDOWS\SysWOW64\MUI
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [116 Ko] - C:\WINDOWS\SysWOW64\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [122 Ko] - C:\WINDOWS\SysWOW64\nl-NL
[MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui
[MD5.65838F445DAE763ADC4C973A4E9A6D48] - |A| - [18/07/2020 19:56:34] - (.-.) - [529.23 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\nvofapi.dll
[MD5.B3B9C8925432FDA674ACCA908FE3CFDE] - |A| - [07/12/2019 11:10:14] - (.-.) - [36.79 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\OneDrive.ico
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [760.3 Ko] - C:\WINDOWS\SysWOW64\oobe
[MD5.235355A8DD26903E75D5E812ECF50E53] - |A| - [02/04/2020 18:36:21] - (.Copyright (C) 2000-2006 - Standard OpenAL(TM) Implementation.) - [106.52 Ko] - (6.14.357.24) - C:\WINDOWS\SysWOW64\OpenAL32.dll
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [79.5 Ko] - C:\WINDOWS\SysWOW64\PerceptionSimulation
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [124 Ko] - C:\WINDOWS\SysWOW64\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:50:22] - [974.02 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [121.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [123 Ko] - C:\WINDOWS\SysWOW64\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0.82 Ko] - C:\WINDOWS\SysWOW64\Recovery
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\restore
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [57.5 Ko] - C:\WINDOWS\SysWOW64\ro-RO
[MD5.03944ABAE856DC164BD167526E07E953] - |A| - [28/09/2012 21:45:08] - (.-.) - [241.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\rtvcvfw32.dll
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [121.5 Ko] - C:\WINDOWS\SysWOW64\ru-RU
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [57 Ko] - C:\WINDOWS\SysWOW64\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [57 Ko] - C:\WINDOWS\SysWOW64\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:50:22] - [98.06 Ko] - C:\WINDOWS\SysWOW64\slmgr
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\SMI
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [4077.3 Ko] - C:\WINDOWS\SysWOW64\Speech
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [8750.16 Ko] - C:\WINDOWS\SysWOW64\Speech_OneCore
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1939.49 Ko] - C:\WINDOWS\SysWOW64\spp
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [23.6 Ko] - C:\WINDOWS\SysWOW64\sppui
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [56.5 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-RS
[MD5.BA7D4E5FAE64BD0403C7F7E91CD93F77] - |A| - [07/12/2019 11:10:05] - (.-.) - [11.03 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\srms-apr-v.dat
[MD5.DC9450258D80F46AEF8EF063A7C629B0] - |A| - [07/12/2019 11:10:05] - (.-.) - [19.03 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\srms-apr.dat
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\sru
[MD5.83052C619E61E9A92384E6E6E4E7CBE7] - |A| - [07/12/2019 11:09:11] - (.-.) - [323 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [117 Ko] - C:\WINDOWS\SysWOW64\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:50:22] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep
[MD5.3044E62934C1CDD27CB085BD1B910A73] - |A| - [24/03/2020 11:11:20] - (.Copyright (c) 2013 - 2020 Advanced Micro Devices, Inc. - amdpsp sys.) - [339.02 Ko] - (4.13.0.0) - C:\WINDOWS\SysWOW64\t-base_client_api.dll
[MD5.4B26D4CD5CD5F7B074E31793979F17C5] - |A| - [07/12/2019 11:09:57] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [42.5 Ko] - (3.3.2.0) - C:\WINDOWS\SysWOW64\tar.exe
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks
[MD5.B1D4864D3AAC15E212A50E462A7FDE51] - |A| - [24/03/2020 11:11:22] - (.Copyright (c) 2013 - 2018 Advanced Micro Devices, Inc. - tbaseregistry dll.) - [375.02 Ko] - (4.6.1.1) - C:\WINDOWS\SysWOW64\tbaseregistry32.dll
[MD5.F28F3EDD9BFF954B363A9D6368FDB20E] - |A| - [01/08/2020 21:16:49] - (.-.) - [1302 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
[MD5.C2BB87A3C64162EC1EBBA224EA8A7859] - |A| - [10/07/2020 20:15:54] - (.-.) - [597.6 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\TextShaping.dll
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [50.5 Ko] - C:\WINDOWS\SysWOW64\th-TH
[MD5.321E99EF65F37E5F7DFC40D1E95684F5] - |A| - [07/12/2019 11:09:13] - (.-.) - [218.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\TpmTool.exe
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [115 Ko] - C:\WINDOWS\SysWOW64\tr-TR
[MD5.01E96A85B337B702AE2BC7F838AE7B65] - |A| - [07/12/2019 11:10:22] - (.-.) - [3.34 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\UevCustomActionTypes.tlb
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [57 Ko] - C:\WINDOWS\SysWOW64\uk-UA
[MD5.D00A324B8940BA407D6091E596FD5151] - |A| - [07/12/2019 11:09:18] - (.-.) - [46.56 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\umpdc.dll
[MD5.4190981C628A333839B47C9F718B4694] - |A| - [18/07/2020 19:56:35] - (.Copyright (C) 2015-2020 - Vulkan Loader.) - [924.21 Ko] - (1.2.131.2) - C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
[MD5.4190981C628A333839B47C9F718B4694] - |A| - [18/07/2020 19:56:35] - (.Copyright (C) 2015-2020 - Vulkan Loader.) - [924.21 Ko] - (1.2.131.2) - C:\WINDOWS\SysWOW64\vulkan-1.dll
[MD5.FD8315F9992543C14C3A7E96B066D98F] - |A| - [18/07/2020 19:56:35] - (.Copyright (C) 2015-2020 - Vulkan Info.) - [1339.21 Ko] - (1.2.131.2) - C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
[MD5.FD8315F9992543C14C3A7E96B066D98F] - |A| - [18/07/2020 19:56:35] - (.Copyright (C) 2015-2020 - Vulkan Info.) - [1339.21 Ko] - (1.2.131.2) - C:\WINDOWS\SysWOW64\vulkaninfo.exe
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [20020.86 Ko] - C:\WINDOWS\SysWOW64\wbem
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:50:22] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN
[MD5.AB6D61B2E9EB3763D117C6FD0C40FC5D] - |A| - [10/07/2020 20:15:55] - (.-.) - [444.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
[MD5.BEDEDB102316C696D36F0D4331E1C2AE] - |A| - [07/12/2019 11:09:17] - (.-.) - [104.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [10791.03 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [6278.38 Ko] - C:\WINDOWS\SysWOW64\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:50:22] - [207.67 Ko] - C:\WINDOWS\SysWOW64\winrm
[MD5.9E1C5310AC4D899DEDCFE5E878155B42] - |A| - [23/03/2020 12:35:27] - (.Copyright (C) 2019 - WinTab32.) - [122 Ko] - (1.5.2.0) - C:\WINDOWS\SysWOW64\WinTab32.dll
[MD5.D494267BC169604FAC5E3679B9A97FED] - |A| - [02/04/2020 18:36:21] - (.Copyright © 2008 - OpenAL32.) - [434.52 Ko] - (2.2.0.5) - C:\WINDOWS\SysWOW64\wrap_oal.dll
[MD5.7A015A6F199516A06C5AFB56FEE7AC51] - |A| - [07/12/2019 11:09:17] - (.-.) - [59 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
[MD5.00000000000000000000000000000000] - |D| - [01/08/2020 21:11:37] - [10.16 Ko] - C:\WINDOWS\SysWOW64\XPSViewer
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [82 Ko] - C:\WINDOWS\SysWOW64\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [82 Ko] - C:\WINDOWS\SysWOW64\zh-TW

---------- | [Public]

[10/01/2020 13:18:40] - |RHD| - [196] - C:\Users\Public\AccountPictures
[19/03/2019 06:52:44] - |RHD| - [54290] - C:\Users\Public\Desktop
[07/12/2019 11:14:54] - |ASH| - [174] - C:\Users\Public\desktop.ini
[19/03/2019 06:52:44] - |RD| - [44738722] - C:\Users\Public\Documents
[19/03/2019 06:52:44] - |RD| - [174] - C:\Users\Public\Downloads
[07/12/2019 11:14:52] - |RHD| - [1135] - C:\Users\Public\Libraries
[19/03/2019 06:52:44] - |RD| - [380] - C:\Users\Public\Music
[19/03/2019 06:52:44] - |RD| - [380] - C:\Users\Public\Pictures
[19/03/2019 06:52:44] - |RD| - [380] - C:\Users\Public\Videos

---------- | [theos]

[07/04/2020 15:30:00] - |D| - [2434324] - C:\Users\theos\.eclipse
[19/01/2020 20:32:54] - |A| - [2255] - C:\Users\theos\.kdiff3rc
[29/01/2020 17:56:40] - |D| - [223] - C:\Users\theos\.mputils
[07/04/2020 15:30:00] - |D| - [227883006] - C:\Users\theos\.p2
[10/03/2020 17:41:42] - |A| - [847] - C:\Users\theos\1b60a086-4e57-3be3-8507-7b13de53948c.dat
[10/01/2020 13:18:40] - |RD| - [298] - C:\Users\theos\3D Objects
[18/07/2020 20:06:36] - |A| - [4272] - C:\Users\theos\AMDRM_Install.log
[30/05/2020 16:07:40] - |A| - [1946300] - C:\Users\theos\AMD_Chipset_IODrivers.log
[18/07/2020 20:06:35] - |A| - [2599186] - C:\Users\theos\AMD_RyzenMaster.log
[10/01/2020 13:37:30] - |D| - [0] - C:\Users\theos\ansel
[01/08/2020 20:22:27] - |HD| - [23496819955] - C:\Users\theos\AppData
[01/08/2020 20:22:27] - |SHD| - [0] - C:\Users\theos\Application Data
[10/01/2020 13:18:40] - |RD| - [412] - C:\Users\theos\Contacts
[01/08/2020 20:22:27] - |SHD| - [0] - C:\Users\theos\Cookies
[10/04/2020 16:55:25] - |A| - [418485] - C:\Users\theos\cssdt.log
[10/01/2020 13:16:47] - |RD| - [3092484454] - C:\Users\theos\Desktop
[30/05/2020 16:06:37] - |A| - [40823] - C:\Users\theos\Device_ID.log
[24/07/2020 21:53:17] - |D| - [4261] - C:\Users\theos\Documents
[07/04/2020 15:31:39] - |D| - [5985768] - C:\Users\theos\eclipse
[10/01/2020 13:16:47] - |RD| - [690] - C:\Users\theos\Favorites
[17/04/2020 18:35:53] - |A| - [8280904990] - C:\Users\theos\ff3eb6c3-5f61-43e0-afd2-2f32685cc6eb_Field_Textures_3.0.iro
[10/01/2020 17:56:18] - |D| - [37894457] - C:\Users\theos\Games
[01/07/2020 08:02:20] - |HD| - [0] - C:\Users\theos\InstallAnywhere
[10/01/2020 13:16:47] - |RD| - [1930] - C:\Users\theos\Links
[01/08/2020 20:22:27] - |SHD| - [0] - C:\Users\theos\Local Settings
[01/08/2020 20:22:27] - |SHD| - [0] - C:\Users\theos\Menu Démarrer
[01/08/2020 20:22:27] - |SHD| - [0] - C:\Users\theos\Mes documents
[10/01/2020 13:18:55] - |HD| - [4782457] - C:\Users\theos\MicrosoftEdgeBackups
[01/08/2020 20:22:27] - |SHD| - [0] - C:\Users\theos\Modèles
[01/08/2020 20:22:27] - |AH| - [8126464] - C:\Users\theos\NTUSER.DAT
[01/08/2020 20:22:27] - |ASH| - [2044928] - C:\Users\theos\ntuser.dat.LOG1
[01/08/2020 20:22:27] - |ASH| - [1572864] - C:\Users\theos\ntuser.dat.LOG2
[01/08/2020 20:22:27] - |ASH| - [65536] - C:\Users\theos\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf
[01/08/2020 20:22:27] - |ASH| - [524288] - C:\Users\theos\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms
[01/08/2020 20:22:27] - |ASH| - [524288] - C:\Users\theos\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms
[01/08/2020 20:27:35] - |SH| - [20] - C:\Users\theos\ntuser.ini
[10/01/2020 13:20:20] - |RAD| - [313353311] - C:\Users\theos\OneDrive
[01/08/2020 20:22:27] - |SHD| - [0] - C:\Users\theos\Recent
[10/01/2020 13:16:47] - |RD| - [29141080] - C:\Users\theos\Saved Games
[10/01/2020 13:18:40] - |RD| - [1879] - C:\Users\theos\Searches
[01/08/2020 20:22:27] - |SHD| - [0] - C:\Users\theos\SendTo
[10/01/2020 15:12:38] - |D| - [1483220857] - C:\Users\theos\Twitch
[01/08/2020 20:22:27] - |SHD| - [0] - C:\Users\theos\Voisinage d'impression
[01/08/2020 20:22:27] - |SHD| - [0] - C:\Users\theos\Voisinage réseau
[01/08/2020 20:22:27] - |D| - [9496031605] - C:\Users\theos\AppData\Local
[10/01/2020 13:16:47] - |D| - [21183100] - C:\Users\theos\AppData\LocalLow
[01/08/2020 20:22:27] - |D| - [13979605250] - C:\Users\theos\AppData\Roaming
[21/03/2020 12:33:06] - |D| - [0] - C:\Users\theos\AppData\Local\Activision
[10/01/2020 13:40:16] - |D| - [1678092] - C:\Users\theos\AppData\Local\AMD
[01/08/2020 20:22:27] - |SHD| - [0] - C:\Users\theos\AppData\Local\Application Data
[12/01/2020 04:08:25] - |D| - [6889690] - C:\Users\theos\AppData\Local\Apps
[26/03/2020 16:54:24] - |D| - [0] - C:\Users\theos\AppData\Local\Astro Gaming
[18/01/2020 09:26:28] - |D| - [2138] - C:\Users\theos\AppData\Local\AT
[16/04/2020 11:17:13] - |D| - [0] - C:\Users\theos\AppData\Local\Audacity
[10/01/2020 15:46:37] - |D| - [56494890] - C:\Users\theos\AppData\Local\Battle.net
[10/01/2020 19:26:55] - |D| - [3] - C:\Users\theos\AppData\Local\BattlEye
[25/06/2020 09:33:49] - |D| - [3390] - C:\Users\theos\AppData\Local\bifrost
[11/01/2020 11:01:18] - |D| - [82314] - C:\Users\theos\AppData\Local\Black_Tree_Gaming
[12/01/2020 19:41:49] - |D| - [561176] - C:\Users\theos\AppData\Local\Blizzard
[10/01/2020 15:46:02] - |D| - [306] - C:\Users\theos\AppData\Local\Blizzard Entertainment
[26/05/2020 15:53:43] - |D| - [15613] - C:\Users\theos\AppData\Local\Bohemia_Interactive
[10/01/2020 13:39:36] - |D| - [306610] - C:\Users\theos\AppData\Local\cache
[10/01/2020 13:37:28] - |D| - [3618538] - C:\Users\theos\AppData\Local\CEF
[26/07/2020 09:47:31] - |D| - [69] - C:\Users\theos\AppData\Local\Cemu
[05/02/2020 12:24:05] - |D| - [210833099] - C:\Users\theos\AppData\Local\Citra
[05/06/2020 10:05:01] - |D| - [2267] - C:\Users\theos\AppData\Local\Colossal Order
[10/01/2020 13:24:24] - |D| - [23289860] - C:\Users\theos\AppData\Local\Comms
[10/01/2020 13:18:40] - |D| - [1088032] - C:\Users\theos\AppData\Local\ConnectedDevicesPlatform
[27/03/2020 11:15:52] - |D| - [0] - C:\Users\theos\AppData\Local\Corsair
[10/01/2020 15:07:57] - |D| - [365945968] - C:\Users\theos\AppData\Local\CrashDumps
[13/01/2020 17:41:39] - |D| - [58948] - C:\Users\theos\AppData\Local\CrashReportClient
[12/01/2020 03:30:14] - |D| - [0] - C:\Users\theos\AppData\Local\CrashRpt
[26/03/2020 19:39:18] - |D| - [145] - C:\Users\theos\AppData\Local\CrystalDiskMark
[10/01/2020 13:22:30] - |D| - [72690548] - C:\Users\theos\AppData\Local\D3DSCache
[02/04/2020 09:45:31] - |D| - [656032] - C:\Users\theos\AppData\Local\Datastead
[26/05/2020 15:53:42] - |D| - [212408] - C:\Users\theos\AppData\Local\DayZ Launcher
[12/07/2020 22:16:50] - |D| - [14089] - C:\Users\theos\AppData\Local\DBFighterZ
[13/01/2020 17:41:39] - |D| - [0] - C:\Users\theos\AppData\Local\DBG
[05/02/2020 12:24:42] - |D| - [0] - C:\Users\theos\AppData\Local\Diagnostics
[06/06/2020 16:04:24] - |D| - [3862] - C:\Users\theos\AppData\Local\DigitalEntitlements
[10/01/2020 13:51:01] - |D| - [348597177] - C:\Users\theos\AppData\Local\Discord
[10/01/2020 13:39:46] - |D| - [165472256] - C:\Users\theos\AppData\Local\Downloaded Installations
[11/01/2020 08:14:30] - |D| - [118163] - C:\Users\theos\AppData\Local\ElevatedDiagnostics
[10/01/2020 14:47:09] - |D| - [149280035] - C:\Users\theos\AppData\Local\EpicGamesLauncher
[13/01/2020 17:41:38] - |D| - [10739012] - C:\Users\theos\AppData\Local\FactoryGame
[07/05/2020 18:10:07] - |D| - [3452] - C:\Users\theos\AppData\Local\Fallout4
[10/03/2020 17:39:49] - |D| - [16656] - C:\Users\theos\AppData\Local\FileZilla
[06/06/2020 16:05:16] - |D| - [0] - C:\Users\theos\AppData\Local\FiveM
[31/07/2020 13:18:46] - |D| - [30425] - C:\Users\theos\AppData\Local\FPSAimTrainer
[19/06/2020 21:25:54] - |D| - [977] - C:\Users\theos\AppData\Local\Frontier Developments
[07/07/2020 15:51:50] - |D| - [1766768] - C:\Users\theos\AppData\Local\Game Dev Tycoon - Steam
[14/01/2020 14:31:44] - |D| - [256095] - C:\Users\theos\AppData\Local\GameAnalytics
[30/01/2020 18:32:19] - |D| - [27185931] - C:\Users\theos\AppData\Local\Gameforge4d
[01/06/2020 20:17:46] - |D| - [368566] - C:\Users\theos\AppData\Local\GolfIt
[05/04/2020 16:44:59] - |D| - [896307250] - C:\Users\theos\AppData\Local\Google
[02/04/2020 18:29:30] - |D| - [0] - C:\Users\theos\AppData\Local\gtk-3.0
[01/08/2020 20:22:27] - |SHD| - [0] - C:\Users\theos\AppData\Local\Historique
[01/08/2020 22:18:05] - |AH| - [70142] - C:\Users\theos\AppData\Local\IconCache.db
[24/07/2020 22:21:23] - |D| - [31] - C:\Users\theos\AppData\Local\id Software
[19/06/2020 17:33:29] - |D| - [0] - C:\Users\theos\AppData\Local\Intel
[13/01/2020 16:05:53] - |D| - [102290940] - C:\Users\theos\AppData\Local\Introversion
[16/05/2020 19:05:29] - |D| - [11963188] - C:\Users\theos\AppData\Local\LGHUB
[01/04/2020 17:28:40] - |D| - [0] - C:\Users\theos\AppData\Local\LogMeIn
[14/04/2020 12:03:39] - |D| - [4772477] - C:\Users\theos\AppData\Local\LOOT
[14/07/2020 14:52:23] - |D| - [8476] - C:\Users\theos\AppData\Local\LumaEmu_SteamCloud
[07/03/2020 12:27:32] - |D| - [2665496] - C:\Users\theos\AppData\Local\mbam
[07/03/2020 12:27:30] - |D| - [42472] - C:\Users\theos\AppData\Local\mbamtray
[21/01/2020 12:35:14] - |D| - [3191380] - C:\Users\theos\AppData\Local\Mephisto
[01/08/2020 20:22:27] - |D| - [535033282] - C:\Users\theos\AppData\Local\Microsoft
[10/01/2020 13:18:45] - |D| - [65571] - C:\Users\theos\AppData\Local\MicrosoftEdge
[01/04/2020 17:26:26] - |D| - [82075] - C:\Users\theos\AppData\Local\MSI
[12/07/2020 15:09:33] - |D| - [5680784] - C:\Users\theos\AppData\Local\NordVPN
[10/01/2020 13:37:27] - |D| - [575396465] - C:\Users\theos\AppData\Local\NVIDIA
[10/01/2020 13:37:28] - |D| - [671119214] - C:\Users\theos\AppData\Local\NVIDIA Corporation
[07/03/2020 12:22:45] - |D| - [74328] - C:\Users\theos\AppData\Local\OneDrive
[10/01/2020 13:20:43] - |D| - [352056671] - C:\Users\theos\AppData\Local\Opera Software
[21/01/2020 15:14:46] - |D| - [25416] - C:\Users\theos\AppData\Local\Origin
[23/03/2020 12:31:29] - |D| - [1614127063] - C:\Users\theos\AppData\Local\osu!
[10/01/2020 13:18:40] - |D| - [1044194499] - C:\Users\theos\AppData\Local\Packages
[10/01/2020 13:24:17] - |D| - [0] - C:\Users\theos\AppData\Local\PackageStaging
[13/01/2020 16:05:29] - |D| - [7070087] - C:\Users\theos\AppData\Local\Paradox Interactive
[19/05/2020 15:30:02] - |D| - [800] - C:\Users\theos\AppData\Local\pdfforge
[12/01/2020 18:17:51] - |D| - [0] - C:\Users\theos\AppData\Local\PeerDistRepub
[23/06/2020 12:52:32] - |D| - [675910] - C:\Users\theos\AppData\Local\Pineapple
[10/01/2020 13:20:25] - |D| - [7101] - C:\Users\theos\AppData\Local\PlaceholderTileLogoFolder
[10/01/2020 13:20:29] - |D| - [808097651] - C:\Users\theos\AppData\Local\Programs
[10/01/2020 13:18:43] - |D| - [830221] - C:\Users\theos\AppData\Local\Publishers
[05/05/2020 09:14:12] - |D| - [1826817] - C:\Users\theos\AppData\Local\RDT
[01/08/2020 10:01:30] - |A| - [1858] - C:\Users\theos\AppData\Local\recently-used.xbel
[02/04/2020 16:33:36] - |A| - [7601] - C:\Users\theos\AppData\Local\Resmon.ResmonCfg
[10/01/2020 14:38:14] - |D| - [40210249] - C:\Users\theos\AppData\Local\Riot Games
[11/01/2020 13:55:52] - |D| - [366723] - C:\Users\theos\AppData\Local\Rockstar Games
[10/01/2020 13:39:34] - |D| - [648464] - C:\Users\theos\AppData\Local\Setup
[26/04/2020 14:10:48] - |D| - [11186690] - C:\Users\theos\AppData\Local\ShooterGame
[11/01/2020 11:02:02] - |D| - [2660] - C:\Users\theos\AppData\Local\Skyrim Special Edition
[18/01/2020 11:18:46] - |D| - [250293128] - C:\Users\theos\AppData\Local\slobs-client-updater
[27/01/2020 18:47:32] - |D| - [3760] - C:\Users\theos\AppData\Local\speech
[26/03/2020 16:19:29] - |D| - [15005459] - C:\Users\theos\AppData\Local\Sports Interactive
[24/01/2020 16:53:58] - |D| - [305049602] - C:\Users\theos\AppData\Local\Spotify
[10/01/2020 13:51:00] - |D| - [12172] - C:\Users\theos\AppData\Local\SquirrelTemp
[02/08/2020 19:33:03] - |D| - [46053585] - C:\Users\theos\AppData\Local\Star Citizen
[10/01/2020 13:50:39] - |D| - [478074121] - C:\Users\theos\AppData\Local\Steam
[31/05/2020 22:47:04] - |D| - [63821674] - C:\Users\theos\AppData\Local\StreetFighterV
[19/01/2020 09:09:06] - |D| - [131072] - C:\Users\theos\AppData\Local\TeamSpeak 3
[01/08/2020 20:22:27] - |D| - [85612915] - C:\Users\theos\AppData\Local\Temp
[01/08/2020 20:22:27] - |SHD| - [0] - C:\Users\theos\AppData\Local\Temporary Internet Files
[10/01/2020 15:42:44] - |D| - [4243] - C:\Users\theos\AppData\Local\Ubisoft Game Launcher
[26/03/2020 19:45:54] - |D| - [4741] - C:\Users\theos\AppData\Local\UNDERTALE
[10/01/2020 14:47:09] - |D| - [322] - C:\Users\theos\AppData\Local\UnrealEngine
[10/01/2020 14:47:10] - |D| - [0] - C:\Users\theos\AppData\Local\UnrealEngineLauncher
[07/04/2020 16:00:20] - |A| - [3] - C:\Users\theos\AppData\Local\updater.log
[07/04/2020 16:00:22] - |A| - [424] - C:\Users\theos\AppData\Local\UserProducts.xml
[04/06/2020 15:35:44] - |D| - [33112943] - C:\Users\theos\AppData\Local\VALORANT
[10/01/2020 13:18:40] - |D| - [0] - C:\Users\theos\AppData\Local\VirtualStore
[22/05/2020 14:35:05] - |D| - [78880711] - C:\Users\theos\AppData\Local\Voicemod
[06/04/2020 20:52:19] - |D| - [1252933] - C:\Users\theos\AppData\Local\Vortex
[14/07/2020 12:43:29] - |D| - [865] - C:\Users\theos\AppData\Local\ZeroTier
[16/06/2020 16:36:07] - |D| - [333280] - C:\Users\theos\AppData\Local\ZHP
[16/01/2020 19:20:07] - |D| - [274] - C:\Users\theos\AppData\LocalLow\8floor
[27/07/2020 17:24:45] - |D| - [7886] - C:\Users\theos\AppData\LocalLow\Bennett Foddy
[12/01/2020 19:41:48] - |D| - [29046] - C:\Users\theos\AppData\LocalLow\Blizzard Entertainment
[07/02/2020 13:46:13] - |D| - [118888] - C:\Users\theos\AppData\LocalLow\Crema
[22/02/2020 01:23:53] - |D| - [272] - C:\Users\theos\AppData\LocalLow\Facepunch Studios LTD
[30/04/2020 20:54:51] - |D| - [109606] - C:\Users\theos\AppData\LocalLow\FluffyFish
[27/05/2020 22:10:41] - |D| - [903499] - C:\Users\theos\AppData\LocalLow\Free Lives
[14/01/2020 13:53:32] - |D| - [111850] - C:\Users\theos\AppData\LocalLow\Landfall
[29/02/2020 18:05:32] - |D| - [31093] - C:\Users\theos\AppData\LocalLow\Landfall Games
[11/07/2020 13:50:19] - |D| - [352708] - C:\Users\theos\AppData\LocalLow\Lazy Bear Games
[20/03/2020 15:25:20] - |D| - [14159714] - C:\Users\theos\AppData\LocalLow\MCC
[10/01/2020 13:18:44] - |SD| - [548215] - C:\Users\theos\AppData\LocalLow\Microsoft
[06/02/2020 16:10:23] - |D| - [0] - C:\Users\theos\AppData\LocalLow\Mozilla
[15/01/2020 11:52:12] - |D| - [1363788] - C:\Users\theos\AppData\LocalLow\NoBrakesGames
[07/03/2020 18:58:43] - |D| - [13735] - C:\Users\theos\AppData\LocalLow\Riot Games
[14/01/2020 13:17:18] - |D| - [8553] - C:\Users\theos\AppData\LocalLow\SEGA
[27/05/2020 21:48:17] - |D| - [19415] - C:\Users\theos\AppData\LocalLow\Studio MDHR
[10/01/2020 14:42:45] - |D| - [718] - C:\Users\theos\AppData\LocalLow\Sun
[11/07/2020 13:31:44] - |D| - [263232] - C:\Users\theos\AppData\LocalLow\Team 17 Digital ltd_
[02/04/2020 16:55:26] - |D| - [103817] - C:\Users\theos\AppData\LocalLow\Team17
[10/07/2020 10:29:57] - |D| - [20034] - C:\Users\theos\AppData\LocalLow\Team17 Digital Limited
[22/02/2020 03:23:41] - |D| - [2385408] - C:\Users\theos\AppData\LocalLow\Two Point Studios
[12/01/2020 01:38:14] - |D| - [21759] - C:\Users\theos\AppData\LocalLow\Unknown Worlds
[20/03/2020 15:25:20] - |D| - [27] - C:\Users\theos\AppData\LocalLow\UnrealEngine
[19/07/2020 18:02:00] - |D| - [267859] - C:\Users\theos\AppData\LocalLow\Veewo
[14/01/2020 14:08:31] - |D| - [341432] - C:\Users\theos\AppData\LocalLow\Wastelands Interactive
[15/04/2020 09:19:30] - |D| - [272] - C:\Users\theos\AppData\LocalLow\We're Five Games
[29/01/2020 17:52:28] - |D| - [214] - C:\Users\theos\AppData\Roaming\.atlauncher
[10/01/2020 14:44:39] - |D| - [1712726141] - C:\Users\theos\AppData\Roaming\.minecraft
[13/02/2020 19:13:03] - |D| - [6887804] - C:\Users\theos\AppData\Roaming\.minefield
[12/01/2020 19:42:04] - |D| - [0] - C:\Users\theos\AppData\Roaming\.mono
[05/02/2020 15:52:15] - |D| - [1395] - C:\Users\theos\AppData\Roaming\7thWorkshop
[10/01/2020 13:18:40] - |D| - [210] - C:\Users\theos\AppData\Roaming\Adobe
[30/05/2020 16:07:40] - |D| - [140583946] - C:\Users\theos\AppData\Roaming\AMD
[10/01/2020 22:29:24] - |D| - [287374] - C:\Users\theos\AppData\Roaming\AnyDesk
[16/04/2020 11:17:13] - |D| - [41202] - C:\Users\theos\AppData\Roaming\audacity
[10/01/2020 15:46:37] - |D| - [5772] - C:\Users\theos\AppData\Roaming\Battle.net
[14/01/2020 14:02:47] - |D| - [0] - C:\Users\theos\AppData\Roaming\c9b0eacc-25c5-11e9-b465-4246a9bb5cb3
[06/06/2020 16:05:54] - |D| - [7175] - C:\Users\theos\AppData\Roaming\CitizenFX
[05/02/2020 12:26:29] - |D| - [3356181543] - C:\Users\theos\AppData\Roaming\Citra
[27/05/2020 21:49:30] - |D| - [49244] - C:\Users\theos\AppData\Roaming\Cuphead
[11/01/2020 08:12:50] - |D| - [1691309] - C:\Users\theos\AppData\Roaming\deluge
[10/01/2020 13:51:04] - |D| - [299960383] - C:\Users\theos\AppData\Roaming\Discord
[04/04/2020 10:35:04] - |D| - [3121] - C:\Users\theos\AppData\Roaming\DS4Windows
[22/02/2020 14:57:14] - |D| - [10144631] - C:\Users\theos\AppData\Roaming\EasyAntiCheat
[10/03/2020 17:39:49] - |D| - [38480] - C:\Users\theos\AppData\Roaming\FileZilla
[19/06/2020 21:25:54] - |D| - [0] - C:\Users\theos\AppData\Roaming\Frontier Developments
[15/07/2020 09:16:58] - |D| - [320] - C:\Users\theos\AppData\Roaming\Gameforge4d
[01/06/2020 20:17:46] - |D| - [37] - C:\Users\theos\AppData\Roaming\Goldberg SteamEmu Saves
[10/01/2020 23:34:25] - |D| - [4551588] - C:\Users\theos\AppData\Roaming\HelloGames
[14/01/2020 14:02:48] - |D| - [11631470] - C:\Users\theos\AppData\Roaming\inst-wrap
[13/01/2020 16:05:49] - |D| - [10926063] - C:\Users\theos\AppData\Roaming\launcher-main
[16/05/2020 19:05:29] - |D| - [22263800] - C:\Users\theos\AppData\Roaming\LGHUB
[15/07/2020 08:23:13] - |D| - [2155] - C:\Users\theos\AppData\Roaming\Macromedia
[01/08/2020 20:22:27] - |SD| - [57244477] - C:\Users\theos\AppData\Roaming\Microsoft
[16/04/2020 10:27:28] - |D| - [8385] - C:\Users\theos\AppData\Roaming\MSI
[19/01/2020 20:22:15] - |D| - [2663345] - C:\Users\theos\AppData\Roaming\Notepad++
[11/01/2020 08:01:34] - |D| - [4823359] - C:\Users\theos\AppData\Roaming\NVIDIA
[18/01/2020 11:18:50] - |D| - [50] - C:\Users\theos\AppData\Roaming\obs-studio-node-server
[10/01/2020 13:20:29] - |D| - [1072788196] - C:\Users\theos\AppData\Roaming\Opera Software
[13/01/2020 16:07:01] - |D| - [104] - C:\Users\theos\AppData\Roaming\Paradox Interactive
[13/01/2020 16:05:49] - |D| - [0] - C:\Users\theos\AppData\Roaming\Paradox Launcher
[11/07/2020 13:24:54] - |D| - [12780096] - C:\Users\theos\AppData\Roaming\Parsec
[19/05/2020 15:31:19] - |D| - [304539] - C:\Users\theos\AppData\Roaming\PDF Architect 7
[23/03/2020 12:35:25] - |D| - [9489268] - C:\Users\theos\AppData\Roaming\Pentablet
[02/04/2020 09:45:32] - |D| - [308810] - C:\Users\theos\AppData\Roaming\Perfect IP Camera Recorder
[02/08/2020 14:05:29] - |D| - [102152592] - C:\Users\theos\AppData\Roaming\RSI Launcher
[02/08/2020 14:05:50] - |D| - [9998286] - C:\Users\theos\AppData\Roaming\rsilauncher
[04/04/2020 14:36:20] - |D| - [723061209] - C:\Users\theos\AppData\Roaming\Ryujinx
[14/01/2020 13:18:06] - |D| - [105232] - C:\Users\theos\AppData\Roaming\Sega
[02/06/2020 13:15:34] - |D| - [0] - C:\Users\theos\AppData\Roaming\Skype
[18/01/2020 11:18:49] - |D| - [79346474] - C:\Users\theos\AppData\Roaming\slobs-client
[18/01/2020 11:18:51] - |D| - [0] - C:\Users\theos\AppData\Roaming\slobs-plugins
[10/01/2020 19:33:24] - |D| - [1083944432] - C:\Users\theos\AppData\Roaming\SpaceEngineers
[16/07/2020 14:45:16] - |D| - [3947181416] - C:\Users\theos\AppData\Roaming\SpaceEngineersDedicated
[24/01/2020 16:53:47] - |D| - [208901348] - C:\Users\theos\AppData\Roaming\Spotify
[12/07/2020 17:26:23] - |D| - [5925871] - C:\Users\theos\AppData\Roaming\StardewValley
[26/01/2020 16:48:10] - |D| - [6345416] - C:\Users\theos\AppData\Roaming\steelseries-engine-3-client
[10/01/2020 14:43:03] - |D| - [0] - C:\Users\theos\AppData\Roaming\Sun
[22/02/2020 03:21:27] - |D| - [419749] - C:\Users\theos\AppData\Roaming\Surviving Mars
[19/01/2020 09:08:58] - |D| - [10209145] - C:\Users\theos\AppData\Roaming\TS3Client
[10/01/2020 15:11:41] - |D| - [742881035] - C:\Users\theos\AppData\Roaming\Twitch
[21/01/2020 11:08:24] - |D| - [0] - C:\Users\theos\AppData\Roaming\Unified Remote
[11/04/2020 10:31:46] - |D| - [97368] - C:\Users\theos\AppData\Roaming\vlc
[12/01/2020 01:48:10] - |D| - [305993210] - C:\Users\theos\AppData\Roaming\Vortex
[10/01/2020 13:44:37] - |D| - [12] - C:\Users\theos\AppData\Roaming\WinRAR
[16/06/2020 16:36:07] - |D| - [14681466] - C:\Users\theos\AppData\Roaming\ZHP
[10/01/2020 13:18:40] - |SH| - [174] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[01/08/2020 20:22:27] - |SHD| - [0] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
[10/01/2020 13:16:47] - |RD| - [87769] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[14/04/2020 10:08:50] - |D| - [1607] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7th Heaven
[01/08/2020 20:22:27] - |RD| - [3888] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[01/08/2020 20:22:27] - |RD| - [1678] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[10/01/2020 13:18:40] - |RD| - [174] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[05/07/2020 11:25:59] - |D| - [3340] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[10/02/2020 12:08:23] - |D| - [1281] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citra
[01/08/2020 20:22:27] - |SH| - [264] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[10/01/2020 13:51:04] - |D| - [2251] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
[07/04/2020 15:32:44] - |D| - [1130] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eclipse
[30/01/2020 18:32:22] - |A| - [1290] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameforge Client.lnk
[05/07/2020 11:25:36] - |D| - [4239] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[01/08/2020 20:22:27] - |D| - [170] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[05/05/2020 09:14:13] - |D| - [0] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobalytics
[18/04/2020 13:04:33] - |D| - [7716] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[10/01/2020 13:20:40] - |A| - [1432] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navigateur Opera GX.lnk
[06/02/2020 21:02:37] - |A| - [1476] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NVIDIA GeForce NOW.lnk
[01/08/2020 20:22:27] - |A| - [2405] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
[23/03/2020 12:28:41] - |A| - [676] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
[11/07/2020 13:24:54] - |D| - [1076] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Parsec
[23/03/2020 12:35:27] - |D| - [1957] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pentablet
[12/01/2020 04:08:28] - |D| - [412] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Remote Desktop assistant
[10/01/2020 14:38:27] - |D| - [0] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Riot Games
[16/07/2020 15:31:04] - |D| - [8166] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
[11/01/2020 13:55:44] - |D| - [1101] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[24/01/2020 16:53:58] - |A| - [1836] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[06/02/2020 16:10:22] - |A| - [910] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
[10/01/2020 13:18:40] - |RD| - [1237] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[10/01/2020 14:28:59] - |D| - [6094] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[01/08/2020 20:22:27] - |RD| - [4913] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[01/07/2020 08:03:18] - |D| - [1344] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online
[10/01/2020 16:20:39] - |A| - [233] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tom Clancy's Rainbow Six Siege.url
[10/01/2020 15:11:42] - |A| - [1109] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch.lnk
[10/01/2020 15:42:44] - |D| - [2709] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[03/02/2020 18:40:08] - |D| - [3460] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
[01/08/2020 20:22:27] - |D| - [7844] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[10/01/2020 13:43:28] - |D| - [4577] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[10/01/2020 13:44:50] - |D| - [3774] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XtremeTuner
[10/01/2020 13:18:40] - |SH| - [174] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[10/01/2020 15:11:42] - |A| - [1063] - C:\Users\theos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk

---------- | C:\ProgramData

[12/01/2020 19:42:04] - |D| - [0] - C:\ProgramData\.mono
[10/01/2020 13:39:49] - |D| - [171] - C:\ProgramData\AMD AutoUpdate
[01/08/2020 20:27:29] - |SHD| - [0] - C:\ProgramData\Application Data
[10/01/2020 15:45:02] - |D| - [20983299] - C:\ProgramData\Battle.net
[10/01/2020 15:49:08] - |D| - [1486937] - C:\ProgramData\Blizzard Entertainment
[18/04/2020 13:05:16] - |D| - [0] - C:\ProgramData\boost_interprocess
[10/01/2020 13:13:08] - |SHD| - [0] - C:\ProgramData\Bureau
[12/07/2020 15:09:36] - |D| - [24924344] - C:\ProgramData\Caphyon
[12/07/2020 16:53:15] - |D| - [0] - C:\ProgramData\Codemasters
[10/01/2020 13:17:11] - |A| - [11799] - C:\ProgramData\DisplaySessionContainer1.log
[10/01/2020 13:17:11] - |A| - [11400] - C:\ProgramData\DisplaySessionContainer1.log_backup1
[23/01/2020 14:15:00] - |A| - [12769] - C:\ProgramData\DisplaySessionContainer10.log
[23/01/2020 14:15:00] - |A| - [12761] - C:\ProgramData\DisplaySessionContainer10.log_backup1
[23/01/2020 20:31:36] - |A| - [12354] - C:\ProgramData\DisplaySessionContainer11.log
[23/01/2020 20:31:36] - |A| - [10644] - C:\ProgramData\DisplaySessionContainer11.log_backup1
[03/02/2020 22:53:13] - |A| - [12761] - C:\ProgramData\DisplaySessionContainer12.log
[04/02/2020 20:49:01] - |A| - [12366] - C:\ProgramData\DisplaySessionContainer13.log
[05/02/2020 13:54:08] - |A| - [10237] - C:\ProgramData\DisplaySessionContainer14.log
[10/01/2020 13:18:39] - |A| - [19483] - C:\ProgramData\DisplaySessionContainer2.log
[10/01/2020 13:18:39] - |A| - [11532] - C:\ProgramData\DisplaySessionContainer2.log_backup1
[10/01/2020 13:22:39] - |A| - [13977] - C:\ProgramData\DisplaySessionContainer3.log
[10/01/2020 13:22:39] - |A| - [14164] - C:\ProgramData\DisplaySessionContainer3.log_backup1
[12/01/2020 04:12:19] - |A| - [11646] - C:\ProgramData\DisplaySessionContainer4.log
[12/01/2020 04:12:19] - |A| - [12616] - C:\ProgramData\DisplaySessionContainer4.log_backup1
[19/01/2020 20:37:49] - |A| - [13005] - C:\ProgramData\DisplaySessionContainer5.log
[19/01/2020 20:37:49] - |A| - [13004] - C:\ProgramData\DisplaySessionContainer5.log_backup1
[20/01/2020 16:49:55] - |A| - [13016] - C:\ProgramData\DisplaySessionContainer6.log
[20/01/2020 16:49:55] - |A| - [13189] - C:\ProgramData\DisplaySessionContainer6.log_backup1
[20/01/2020 20:06:45] - |A| - [13933] - C:\ProgramData\DisplaySessionContainer7.log
[20/01/2020 20:06:45] - |A| - [12760] - C:\ProgramData\DisplaySessionContainer7.log_backup1
[21/01/2020 19:27:50] - |A| - [13576] - C:\ProgramData\DisplaySessionContainer8.log
[21/01/2020 19:27:50] - |A| - [10643] - C:\ProgramData\DisplaySessionContainer8.log_backup1
[22/01/2020 16:28:47] - |A| - [13576] - C:\ProgramData\DisplaySessionContainer9.log
[22/01/2020 16:28:47] - |A| - [13502] - C:\ProgramData\DisplaySessionContainer9.log_backup1
[01/08/2020 20:27:29] - |SHD| - [0] - C:\ProgramData\Documents
[01/07/2020 08:05:29] - |D| - [0] - C:\ProgramData\Elder Scrolls Online
[30/05/2020 16:05:26] - |D| - [9648] - C:\ProgramData\EN92656-65
[10/01/2020 14:47:03] - |D| - [86281383] - C:\ProgramData\Epic
[11/01/2020 08:36:30] - |D| - [1328063] - C:\ProgramData\FPSMonitor
[30/01/2020 18:44:23] - |D| - [64] - C:\ProgramData\Gameforge4d
[19/07/2020 17:57:49] - |D| - [730662] - C:\ProgramData\GOG.com
[03/03/2020 19:54:09] - |D| - [27162] - C:\ProgramData\HP
[19/06/2020 17:33:20] - |D| - [8618161] - C:\ProgramData\Intel
[16/05/2020 19:04:02] - |D| - [1049957518] - C:\ProgramData\LGHUB
[01/04/2020 17:28:40] - |D| - [0] - C:\ProgramData\LogMeIn
[07/03/2020 12:27:21] - |D| - [135928686] - C:\ProgramData\Malwarebytes
[19/01/2020 11:57:36] - |D| - [94989326] - C:\ProgramData\Maniaplanet
[10/01/2020 13:13:08] - |SHD| - [0] - C:\ProgramData\Menu Démarrer
[07/12/2019 11:14:52] - |SD| - [906240673] - C:\ProgramData\Microsoft
[01/08/2020 20:29:22] - |D| - [0] - C:\ProgramData\Microsoft OneDrive
[10/01/2020 13:13:08] - |SHD| - [0] - C:\ProgramData\Modèles
[15/07/2020 08:06:13] - |D| - [8287218] - C:\ProgramData\Nexon
[12/07/2020 15:09:32] - |D| - [80147] - C:\ProgramData\NordVPN
[10/01/2020 13:36:39] - |A| - [1209] - C:\ProgramData\NvcDispCorePlugin.log
[10/01/2020 13:36:39] - |A| - [1209] - C:\ProgramData\NvcDispCorePlugin.log_backup1
[10/01/2020 13:17:10] - |A| - [20698] - C:\ProgramData\NVDisplay.ContainerLocalSystem.log
[10/01/2020 13:17:10] - |A| - [13384] - C:\ProgramData\NVDisplay.ContainerLocalSystem.log_backup1
[10/01/2020 13:17:10] - |A| - [49851] - C:\ProgramData\NVDisplayContainerWatchdog.log
[10/01/2020 13:17:10] - |A| - [35769] - C:\ProgramData\NVDisplayContainerWatchdog.log_backup1
[10/01/2020 13:36:44] - |D| - [108546433] - C:\ProgramData\NVIDIA
[10/01/2020 13:17:10] - |D| - [1670602600] - C:\ProgramData\NVIDIA Corporation
[10/07/2020 10:15:01] - |D| - [428034] - C:\ProgramData\obs-studio-hook
[10/01/2020 14:42:50] - |D| - [82551976] - C:\ProgramData\Oracle
[10/01/2020 13:36:53] - |D| - [242012325] - C:\ProgramData\Package Cache
[10/01/2020 13:17:20] - |D| - [1179648] - C:\ProgramData\Packages
[19/05/2020 15:29:47] - |D| - [119563470] - C:\ProgramData\PDF Architect 7
[05/05/2020 09:14:16] - |D| - [169] - C:\ProgramData\RDT
[07/12/2019 11:14:52] - |D| - [4218] - C:\ProgramData\regid.1991-06.com.microsoft
[14/07/2020 12:43:06] - |D| - [1444] - C:\ProgramData\regid.2010-01.com.zerotier
[22/03/2020 10:09:07] - |D| - [0] - C:\ProgramData\RELOADED
[10/01/2020 14:38:14] - |D| - [12829568] - C:\ProgramData\Riot Games
[11/01/2020 13:55:42] - |D| - [1154451] - C:\ProgramData\Rockstar Games
[07/12/2019 11:14:52] - |D| - [0] - C:\ProgramData\SoftwareDistribution
[10/07/2020 20:19:03] - |D| - [0] - C:\ProgramData\ssh
[01/04/2020 17:16:51] - |D| - [5413] - C:\ProgramData\Steam
[26/01/2020 16:46:13] - |D| - [111999044] - C:\ProgramData\SteelSeries
[10/07/2020 10:56:14] - |D| - [68229001] - C:\ProgramData\Trackmania
[10/01/2020 15:11:46] - |D| - [4199232] - C:\ProgramData\Twitch
[10/01/2020 15:42:48] - |D| - [0] - C:\ProgramData\Ubisoft
[21/01/2020 11:08:24] - |D| - [7527093] - C:\ProgramData\Unified Remote
[12/01/2020 01:41:14] - |D| - [0] - C:\ProgramData\Unknown Worlds
[07/12/2019 11:14:52] - |D| - [188416] - C:\ProgramData\USOPrivate
[07/12/2019 11:14:52] - |D| - [753664] - C:\ProgramData\USOShared
[22/05/2020 14:35:16] - |D| - [198726909] - C:\ProgramData\Voicemod
[12/01/2020 01:48:03] - |D| - [77247888] - C:\ProgramData\Vortex
[07/12/2019 16:53:51] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices
[14/07/2020 12:43:06] - |D| - [1666] - C:\ProgramData\ZeroTier

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[07/12/2019 11:14:54] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[30/01/2020 18:32:16] - |A| - [37] - C:\ProgramData\Microsoft\Windows\Start Menu\Gameforge Client.url
[10/01/2020 13:13:08] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes
[07/12/2019 11:14:52] - |RD| - [218075] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[07/12/2019 11:14:52] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
[07/12/2019 11:14:52] - |RD| - [14467] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[07/12/2019 11:14:52] - |RD| - [25497] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[30/05/2020 16:05:39] - |D| - [1269] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD
[10/01/2020 13:39:50] - |D| - [4556] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Ryzen Master
[10/01/2020 15:46:27] - |D| - [886] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
[12/01/2020 01:48:10] - |D| - [2074] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Tree Gaming Ltd
[14/01/2020 14:06:48] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cooking Simulator Cooking with Food Network
[27/03/2020 11:15:51] - |D| - [2410] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair SSD Toolbox
[10/01/2020 14:32:07] - |D| - [5139] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[16/01/2020 08:08:36] - |D| - [3644] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[16/01/2020 08:10:41] - |D| - [3662] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskMark7
[27/05/2020 21:47:56] - |D| - [2153] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cuphead
[11/01/2020 08:12:45] - |D| - [3031] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
[07/12/2019 11:14:54] - |ASH| - [400] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[12/01/2020 19:56:39] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[15/07/2020 08:29:39] - |D| - [2104] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Doom 2016
[22/03/2020 00:20:22] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOOM Eternal
[18/01/2020 09:26:12] - |D| - [3078] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Ball Z Kakarot
[10/01/2020 14:47:07] - |A| - [1270] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
[20/03/2020 15:18:57] - |A| - [2413] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
[22/06/2020 18:43:13] - |D| - [1567] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Far Cry Primal
[27/06/2020 17:29:19] - |D| - [2135] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farming Simulator 19 Kverneland and Vicon Equipment Pack
[10/03/2020 17:39:48] - |D| - [2167] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[07/07/2020 15:35:37] - |D| - [1467] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Dev Tycoon
[18/04/2020 13:09:03] - |D| - [3685] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
[05/04/2020 16:45:19] - |A| - [2299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[12/01/2020 19:40:53] - |D| - [711] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
[05/07/2020 11:25:36] - |D| - [2151] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[07/12/2019 11:10:31] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
[27/03/2020 11:13:47] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[10/01/2020 14:42:58] - |D| - [6752] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[07/04/2020 16:00:17] - |D| - [130] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
[22/05/2020 06:58:21] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
[07/12/2019 11:14:52] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[07/03/2020 12:27:30] - |D| - [4150] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[21/01/2020 12:41:12] - |D| - [1450] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mephisto
[12/01/2020 20:19:20] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metal Gear Solid V The Phantom Pain
[16/04/2020 10:23:23] - |D| - [2747] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MICRO-STAR INT'L,.LTD
[17/07/2020 07:16:44] - |D| - [15221] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
[10/01/2020 14:44:29] - |D| - [1207] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Launcher
[19/07/2020 17:57:51] - |D| - [1522] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neon Abyss [GOG.com]
[11/01/2020 11:01:13] - |D| - [3122] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
[12/07/2020 15:09:32] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
[15/07/2020 08:51:19] - |D| - [1304] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nostale(FR)
[19/01/2020 20:22:16] - |A| - [1104] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
[10/01/2020 13:36:57] - |D| - [1465] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[11/07/2020 13:24:52] - |D| - [800] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Parsec
[13/02/2020 15:48:42] - |D| - [3983] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
[19/05/2020 15:30:17] - |D| - [2985] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 7
[19/05/2020 15:30:17] - |A| - [1136] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 7.lnk
[19/05/2020 15:29:40] - |D| - [1006] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[02/04/2020 09:45:12] - |D| - [3452] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect IP Camera Recorder
[17/06/2020 14:07:33] - |D| - [2306] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Planet Coaster
[14/07/2020 13:21:21] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Portal 2 Complete
[17/01/2020 10:15:10] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prison Architect Psych Ward Wardens Edition
[21/03/2020 16:03:49] - |D| - [2336] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project64 2.3
[23/07/2020 11:02:37] - |D| - [2248] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrtScr
[10/01/2020 14:38:27] - |D| - [4917] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[02/08/2020 14:05:29] - |D| - [2257] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roberts Space Industries
[21/03/2020 22:42:59] - |A| - [677] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonic Adventure 2.lnk
[05/02/2020 15:48:32] - |D| - [102] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Square Enix
[07/12/2019 11:14:52] - |RD| - [2447] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
[10/01/2020 13:50:17] - |D| - [1112] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[26/01/2020 16:46:14] - |D| - [2269] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteelSeries
[18/01/2020 11:18:47] - |A| - [1976] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Streamlabs OBS.lnk
[07/12/2019 11:14:52] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
[19/01/2020 09:08:56] - |A| - [970] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
[01/04/2020 17:08:03] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Behemoth
[24/07/2020 21:53:13] - |D| - [1649] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Binding of Isaac Rebirth
[11/07/2020 13:30:06] - |D| - [1524] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Escapists 2
[12/01/2020 12:14:15] - |D| - [1396] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher® 3 - Wild Hunt [GOG.com]
[21/01/2020 11:08:27] - |D| - [2549] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unified Remote 3
[11/04/2020 10:31:36] - |D| - [5850] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[22/05/2020 14:35:07] - |D| - [962] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voicemod Desktop
[04/06/2020 15:42:58] - |D| - [905] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
[18/07/2020 19:02:46] - |D| - [15085] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
[07/12/2019 16:53:04] - |RD| - [2800] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[10/01/2020 13:43:28] - |D| - [4505] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[20/03/2020 15:18:57] - |A| - [2451] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
[25/04/2020 14:49:43] - |D| - [1420] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WWE 2K19

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[07/12/2019 11:14:54] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[26/01/2020 16:46:47] - |A| - [2273] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk

---------- | C:\Program Files (x86)

[10/04/2020 16:22:59] - |D| - [93667190] - C:\Program Files (x86)\AMD
[05/07/2020 11:25:59] - |D| - [561489] - C:\Program Files (x86)\ASIO4ALL v2
[26/03/2020 16:54:14] - |D| - [0] - C:\Program Files (x86)\Astro SW
[10/04/2020 16:22:59] - |D| - [8952] - C:\Program Files (x86)\ATI Technologies
[16/04/2020 11:17:08] - |D| - [5100461] - C:\Program Files (x86)\Audacity
[10/01/2020 15:46:04] - |D| - [510397082] - C:\Program Files (x86)\Battle.net
[02/04/2020 09:41:11] - |D| - [48649770] - C:\Program Files (x86)\Camtrace SAS
[07/12/2019 11:14:52] - |D| - [76130491] - C:\Program Files (x86)\Common Files
[27/03/2020 11:15:51] - |D| - [23323985] - C:\Program Files (x86)\Corsair SSD Toolbox
[11/01/2020 08:12:39] - |D| - [54133007] - C:\Program Files (x86)\Deluge
[07/12/2019 11:14:54] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[22/02/2020 14:57:13] - |D| - [2499312] - C:\Program Files (x86)\EasyAntiCheat
[10/01/2020 14:47:03] - |D| - [987004950] - C:\Program Files (x86)\Epic Games
[30/01/2020 18:32:09] - |D| - [223010351] - C:\Program Files (x86)\GameforgeClient
[15/07/2020 09:16:23] - |D| - [191396827] - C:\Program Files (x86)\GameforgeLoginMS2
[05/04/2020 16:45:03] - |D| - [429439279] - C:\Program Files (x86)\Google
[05/07/2020 11:24:02] - |D| - [2113829429] - C:\Program Files (x86)\Image-Line
[01/04/2020 17:26:14] - |HD| - [12135822] - C:\Program Files (x86)\InstallShield Installation Information
[07/12/2019 11:14:52] - |D| - [1992263] - C:\Program Files (x86)\Internet Explorer
[18/07/2020 17:51:42] - |D| - [760976] - C:\Program Files (x86)\Microsoft GameInput
[18/05/2020 16:06:18] - |D| - [6076507] - C:\Program Files (x86)\Microsoft XNA
[07/12/2019 11:14:52] - |D| - [8175999] - C:\Program Files (x86)\Microsoft.NET
[10/01/2020 14:44:29] - |D| - [303002707] - C:\Program Files (x86)\Minecraft Launcher
[01/08/2020 21:11:36] - |D| - [25757] - C:\Program Files (x86)\MSBuild
[18/04/2020 13:04:26] - |D| - [59033817] - C:\Program Files (x86)\MSI Afterburner
[12/07/2020 15:09:23] - |D| - [412237] - C:\Program Files (x86)\NordVPN network TAP
[19/01/2020 20:22:15] - |D| - [8977487] - C:\Program Files (x86)\Notepad++
[10/01/2020 13:36:41] - |D| - [295516143] - C:\Program Files (x86)\NVIDIA Corporation
[02/04/2020 18:36:22] - |D| - [809496] - C:\Program Files (x86)\OpenAL
[19/05/2020 15:30:15] - |D| - [3404608] - C:\Program Files (x86)\PDF Architect 7
[02/04/2020 09:45:09] - |D| - [84780581] - C:\Program Files (x86)\Perfect IP Camera Recorder
[21/03/2020 16:03:49] - |D| - [6918047] - C:\Program Files (x86)\Project64 2.3
[23/07/2020 11:02:37] - |D| - [23676538] - C:\Program Files (x86)\PrtScr
[10/01/2020 20:01:02] - |D| - [750855581] - C:\Program Files (x86)\Realtek
[01/08/2020 21:11:36] - |D| - [38479105] - C:\Program Files (x86)\Reference Assemblies
[16/07/2020 15:31:01] - |D| - [58196990] - C:\Program Files (x86)\RivaTuner Statistics Server
[11/01/2020 13:55:02] - |D| - [145047604] - C:\Program Files (x86)\Rockstar Games
[10/01/2020 13:50:17] - |D| - [156454400994] - C:\Program Files (x86)\Steam
[10/01/2020 20:00:57] - |HD| - [0] - C:\Program Files (x86)\Temp
[10/01/2020 15:42:43] - |D| - [286805103] - C:\Program Files (x86)\Ubisoft
[21/01/2020 11:08:24] - |D| - [10500524] - C:\Program Files (x86)\Unified Remote 3
[05/07/2020 11:25:41] - |D| - [4778864] - C:\Program Files (x86)\VstPlugins
[03/02/2020 18:40:08] - |D| - [812064] - C:\Program Files (x86)\WinDirStat
[07/12/2019 11:14:52] - |D| - [1875216] - C:\Program Files (x86)\Windows Defender
[18/07/2020 17:09:08] - |D| - [302726486] - C:\Program Files (x86)\Windows Kits
[07/12/2019 11:14:52] - |D| - [625664] - C:\Program Files (x86)\Windows Mail
[07/12/2019 16:53:51] - |D| - [3310445] - C:\Program Files (x86)\Windows Media Player
[07/12/2019 16:53:51] - |D| - [40232] - C:\Program Files (x86)\Windows Multimedia Platform
[07/12/2019 11:14:52] - |D| - [6109528] - C:\Program Files (x86)\Windows NT
[07/12/2019 16:53:51] - |D| - [5305280] - C:\Program Files (x86)\Windows Photo Viewer
[07/12/2019 16:53:51] - |D| - [40232] - C:\Program Files (x86)\Windows Portable Devices
[07/12/2019 11:14:52] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar
[07/12/2019 11:14:52] - |D| - [2373157] - C:\Program Files (x86)\WindowsPowerShell
[01/07/2020 08:02:24] - |HD| - [3747] - C:\Program Files (x86)\Zero G Registry
[14/07/2020 12:43:06] - |D| - [806] - C:\Program Files (x86)\ZeroTier

---------- | C:\Program Files

[10/01/2020 13:39:49] - |D| - [484370735] - C:\Program Files\AMD
[12/01/2020 01:47:58] - |D| - [293076288] - C:\Program Files\Black Tree Gaming Ltd
[07/12/2019 11:14:52] - |D| - [180076255] - C:\Program Files\Common Files
[10/01/2020 14:32:07] - |D| - [8048549] - C:\Program Files\CPUID
[16/01/2020 08:08:35] - |D| - [14555988] - C:\Program Files\CrystalDiskInfo
[16/01/2020 08:10:41] - |D| - [10950852] - C:\Program Files\CrystalDiskMark7
[07/12/2019 11:14:54] - |ASH| - [174] - C:\Program Files\desktop.ini
[10/01/2020 13:13:08] - |SHD| - [0] - C:\Program Files\Fichiers communs
[10/03/2020 17:39:47] - |D| - [28503152] - C:\Program Files\FileZilla FTP Client
[16/04/2020 10:23:22] - |D| - [327919905] - C:\Program Files\GamingOSD
[18/04/2020 13:08:56] - |D| - [153824406] - C:\Program Files\Geeks3D
[19/06/2020 17:33:21] - |D| - [11759] - C:\Program Files\Intel
[07/12/2019 11:14:52] - |D| - [2669650] - C:\Program Files\Internet Explorer
[10/01/2020 14:42:49] - |D| - [206345158] - C:\Program Files\Java
[07/03/2020 12:27:10] - |D| - [227923138] - C:\Program Files\Malwarebytes
[20/03/2020 15:18:14] - |D| - [2427894850] - C:\Program Files\Microsoft Office
[20/03/2020 15:18:13] - |D| - [6907744] - C:\Program Files\Microsoft Office 15
[07/12/2019 11:14:52] - |D| - [0] - C:\Program Files\ModifiableWindowsApps
[01/08/2020 21:11:36] - |D| - [25757] - C:\Program Files\MSBuild
[11/01/2020 11:01:12] - |D| - [34619660] - C:\Program Files\Nexus Mod Manager
[12/07/2020 15:09:22] - |D| - [51924] - C:\Program Files\NordVPN network TUN
[10/01/2020 13:17:09] - |D| - [685823452] - C:\Program Files\NVIDIA Corporation
[11/07/2020 13:24:49] - |D| - [14817272] - C:\Program Files\Parsec
[19/05/2020 15:30:15] - |D| - [268757487] - C:\Program Files\PDF Architect 7
[19/05/2020 15:29:38] - |D| - [68366844] - C:\Program Files\PDFCreator
[23/03/2020 12:35:22] - |D| - [16079390] - C:\Program Files\Pentablet
[01/08/2020 21:11:36] - |D| - [36883625] - C:\Program Files\Reference Assemblies
[26/04/2020 14:08:39] - |AD| - [21169771] - C:\Program Files\Riot Vanguard
[02/08/2020 14:05:25] - |D| - [65244990788] - C:\Program Files\Roberts Space Industries
[11/01/2020 13:54:58] - |D| - [485000420] - C:\Program Files\Rockstar Games
[11/01/2020 11:18:22] - |D| - [0] - C:\Program Files\skse64_2_00_17
[26/01/2020 16:46:22] - |D| - [284852990] - C:\Program Files\SteelSeries
[18/01/2020 11:18:33] - |D| - [636295319] - C:\Program Files\Streamlabs OBS
[19/01/2020 09:08:56] - |D| - [203026055] - C:\Program Files\TeamSpeak 3 Client
[10/01/2020 13:11:50] - |HD| - [0] - C:\Program Files\Uninstall Information
[29/05/2020 10:10:11] - |D| - [13107200] - C:\Program Files\UNP
[11/04/2020 10:31:25] - |D| - [178481227] - C:\Program Files\VideoLAN
[22/05/2020 14:35:05] - |D| - [29695871] - C:\Program Files\Voicemod Desktop
[04/06/2020 15:42:57] - |D| - [31847927] - C:\Program Files\WhoCrashed
[07/12/2019 11:14:52] - |D| - [14097158] - C:\Program Files\Windows Defender
[07/12/2019 16:53:51] - |D| - [16823600] - C:\Program Files\Windows Defender Advanced Threat Protection
[07/12/2019 11:14:52] - |D| - [639488] - C:\Program Files\Windows Mail
[07/12/2019 16:53:51] - |D| - [4705681] - C:\Program Files\Windows Media Player
[07/12/2019 16:53:51] - |D| - [48536] - C:\Program Files\Windows Multimedia Platform
[07/12/2019 11:14:52] - |D| - [6453592] - C:\Program Files\Windows NT
[07/12/2019 16:53:51] - |D| - [6217160] - C:\Program Files\Windows Photo Viewer
[07/12/2019 16:53:51] - |D| - [48528] - C:\Program Files\Windows Portable Devices
[07/12/2019 11:14:52] - |D| - [111181] - C:\Program Files\Windows Security
[07/12/2019 11:14:52] - |SHD| - [0] - C:\Program Files\Windows Sidebar
[07/12/2019 11:14:52] - |HD| - [2748594140] - C:\Program Files\WindowsApps
[07/12/2019 11:14:52] - |D| - [2699677] - C:\Program Files\WindowsPowerShell
[10/01/2020 13:43:25] - |D| - [7818806] - C:\Program Files\WinRAR
[10/01/2020 13:44:48] - |D| - [19224857] - C:\Program Files\XtremeTuner

---------- | C:\Program Files (x86)\Common Files

[10/01/2020 19:26:56] - |D| - [34261064] - C:\Program Files (x86)\Common Files\BattlEye
[10/01/2020 14:44:10] - |D| - [2037808] - C:\Program Files (x86)\Common Files\Java
[07/12/2019 11:14:52] - |D| - [20441333] - C:\Program Files (x86)\Common Files\Microsoft Shared
[10/01/2020 14:42:58] - |D| - [1541456] - C:\Program Files (x86)\Common Files\Oracle
[05/07/2020 11:25:41] - |D| - [1435256] - C:\Program Files (x86)\Common Files\Propellerhead Software
[07/12/2019 11:14:52] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[10/01/2020 13:50:18] - |D| - [6559597] - C:\Program Files (x86)\Common Files\Steam
[07/12/2019 11:14:52] - |D| - [9851275] - C:\Program Files (x86)\Common Files\System

---------- | C:\Program Files\Common files

[20/03/2020 15:18:34] - |D| - [23832] - C:\Program Files\Common files\DESIGNER
[07/12/2019 11:14:52] - |D| - [159750966] - C:\Program Files\Common files\microsoft shared
[05/07/2020 11:25:41] - |D| - [2193016] - C:\Program Files\Common files\Propellerhead Software
[07/12/2019 11:14:52] - |D| - [2702] - C:\Program Files\Common files\Services
[07/12/2019 11:14:52] - |D| - [10845579] - C:\Program Files\Common files\System
[05/07/2020 11:25:41] - |D| - [7260160] - C:\Program Files\Common files\VST2

---------- | Tasks

[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [01/08/2020 20:27:27] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT
[MD5.9041DBF22BAC4A79E0FA2B59465342E1] - [01/08/2020 20:27:27] - |A| - [2582] - C:\WINDOWS\System32\Tasks\AMDAutoUpdate         :   "C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe"
[MD5.945B3C33C243947C37174B8218978E02] - [01/08/2020 20:27:27] - |A| - [2378] - C:\WINDOWS\System32\Tasks\GamingOSDAutoStartUp         :   C:\Program Files\GamingOSD\GamingOSD.exe
[MD5.9BEFBC4A508800D4460983A0EC947062] - [01/08/2020 20:27:27] - |A| - [3294] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore         :   C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.030633D51F1CD80779C256D169D1958D] - [01/08/2020 20:27:27] - |A| - [3518] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA         :   C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.00000000000000000000000000000000] - [07/12/2019 11:14:52] - |D| - [662798] - C:\WINDOWS\System32\Tasks\Microsoft
[MD5.026781FC1265F7E1ABB28B64ECCF7D8A] - [01/08/2020 20:27:27] - |A| - [3338] - C:\WINDOWS\System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore         :   C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
[MD5.E47D498063B09CFD6650870AFE3BE49B] - [01/08/2020 20:27:27] - |A| - [3562] - C:\WINDOWS\System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA         :   C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
[MD5.1590EE60C1CE2FE9B7B773DB9A8479B6] - [01/08/2020 20:27:27] - |A| - [2312] - C:\WINDOWS\System32\Tasks\MonitorMicroKey         :   C:\Program Files\GamingOSD\MonitorMicroKeyDetector.exe
[MD5.7579F07A2D682BB232045A532958AADA] - [01/08/2020 20:27:27] - |A| - [2338] - C:\WINDOWS\System32\Tasks\MonitorMysticLight         :   C:\Program Files\GamingOSD\MysticLight\MysticLightController.exe
[MD5.CE702B314438D2CEE80C4E49C6671D49] - [01/08/2020 20:27:27] - |A| - [2310] - C:\WINDOWS\System32\Tasks\MonitorWeatherDetector         :   C:\Program Files\GamingOSD\WeatherDetector.exe
[MD5.CE78C9444B2F71389B32531EEAF76375] - [01/08/2020 20:27:27] - |A| - [3142] - C:\WINDOWS\System32\Tasks\MSIAfterburner         :   C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
[MD5.CE0E61838C45A2197B7A48BA49DEC62C] - [01/08/2020 20:27:27] - |A| - [3196] - C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}         :   C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
[MD5.A81776C8042E87206EBEB2052A7174D3] - [01/08/2020 20:27:27] - |A| - [3398] - C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}         :   C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
[MD5.D6E7E563512D61018992A38D791ADD11] - [01/08/2020 20:27:27] - |A| - [3152] - C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}         :   "C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe"
[MD5.4C16A7D7D4E05C74CF806CADB99C4205] - [01/08/2020 20:27:27] - |A| - [2914] - C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}         :   C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe
[MD5.E935A235F347DE2335F2F04217EEECDA] - [01/08/2020 20:27:27] - |A| - [2984] - C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}         :   C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
[MD5.A416713998B405C15DF29DC980393AF6] - [01/08/2020 20:27:27] - |A| - [2744] - C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}         :   C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
[MD5.EDC674D3FF32DFF50F005DA6581F4DBA] - [01/08/2020 20:27:27] - |A| - [2948] - C:\WINDOWS\System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}         :   C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe
[MD5.6A81BC555EA5EA33DF378655D397B86F] - [01/08/2020 20:27:27] - |A| - [2948] - C:\WINDOWS\System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}         :   C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe
[MD5.336FE3F282ED3BA00A6D21E63C047281] - [01/08/2020 20:27:27] - |A| - [2948] - C:\WINDOWS\System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}         :   C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe
[MD5.8CDBD2FDD2F6E3AA47D5D7A2B8163AC3] - [01/08/2020 20:27:27] - |A| - [2948] - C:\WINDOWS\System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}         :   C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe
[MD5.32F07BF2AC56775EC98393663B25E4BC] - [01/08/2020 20:27:27] - |A| - [3380] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3426726900-1680016901-4063642811-1001         :   %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
[MD5.A0A16DAA5B0D076C369555405B1AFD88] - [01/08/2020 20:27:27] - |A| - [3552] - C:\WINDOWS\System32\Tasks\Opera GX scheduled Autoupdate 1578655239         :   C:\Users\theos\AppData\Local\Programs\Opera GX\launcher.exe
[MD5.00000000000000000000000000000000] - [07/12/2019 11:14:52] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
"WiFiDirect-KM-Driver-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-Out-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-In-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-Out-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"DeliveryOptimization-TCP-In"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"DeliveryOptimization-UDP-In"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"WirelessDisplay-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Out-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Out-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Infra-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100|
"{FD89790C-0B0C-46C4-B911-52BEE04EC634}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=NcsiUwpApp|Desc=NcsiUwpApp|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-138780814-3997110584-2874353029-2041838810-3659441231-3169655024-3643974355|EmbedCtxt=NcsiUwpApp|Platform=2:6:2|Platform2=GTEQ|
"{2052712E-DC57-43EF-92DB-51BA22618A2F}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ|
"{0135D673-72C1-4B03-8746-17FDB491DEE7}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|App=C:\ProgramData\ZeroTier\One\zerotier-one_x64.exe|Name=ZeroTier One|
"{0F9A10A7-F479-4306-AAC1-C8DD674F7397}"=v2.30|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\ZeroTier\One\zerotier-one_x64.exe|Name=ZeroTier One|
"UDP Query User{88EA80BA-111A-48BE-AD12-F6EDD0C7D162}D:\games\theescapists2\theescapists2.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=D:\games\theescapists2\theescapists2.exe|Name=theescapists2|Desc=theescapists2|Defer=User|
"TCP Query User{EB2EA330-0168-4AE7-AECC-C6058B51AFFD}D:\games\theescapists2\theescapists2.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=D:\games\theescapists2\theescapists2.exe|Name=theescapists2|Desc=theescapists2|Defer=User|
"UDP Query User{AFD598F1-CF74-4264-B7D8-25B959D706FA}D:\games\the escapists 22\theescapists2.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=D:\games\the escapists 22\theescapists2.exe|Name=theescapists2|Desc=theescapists2|Defer=User|
"TCP Query User{20DF869A-FCE2-4FF7-8527-C2444B8FE393}D:\games\the escapists 22\theescapists2.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=D:\games\the escapists 22\theescapists2.exe|Name=theescapists2|Desc=theescapists2|Defer=User|
"{F96662F5-2AD0-4BC8-8B1F-6434EB6AFA4C}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Private|Profile=Public|App=C:\Program Files\Parsec\parsecd.exe|Name=Parsec|
"{92DEBD24-EA1D-462D-AB58-B2CC2B2DABD7}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2350|App=D:\Games\Trackmania\trackmania.exe|Name=Trackmania TCP|
"{4B543B54-190A-4A25-B93D-22A9720CD448}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=2350|App=D:\Games\Trackmania\trackmania.exe|Name=Trackmania UDP|
"{F60E15B6-470B-4A47-BBE5-FC2F805314CB}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Name=Forza Horizon 4|Desc=Forza Horizon 4|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-4229748693-3326341846-1495081741-1528692508-1131203849-336638721-4261848658|EmbedCtxt=Forza Horizon 4|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{8589188E-7128-4AB2-9C73-A19A9AB61055}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=Forza Horizon 4|Desc=Forza Horizon 4|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-4229748693-3326341846-1495081741-1528692508-1131203849-336638721-4261848658|EmbedCtxt=Forza Horizon 4|Platform=2:6:2|Platform2=GTEQ|
"{2BC5D4A3-B732-4A66-B814-9A206BAD9678}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-1723189366-2159580849-2248400763-1481059666-1951766778-2756563051-3565589001|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|
"{B6D73A43-8837-4D95-A23F-F8CAAC749C7E}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Name=Minecraft for Windows 10|Desc=Minecraft for Windows 10|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-1958404141-86561845-1752920682-3514627264-368642714-62675701-733520436|EmbedCtxt=Minecraft for Windows 10|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{575F3A1E-F458-4E40-BD7C-7C8B01D04DAD}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=Minecraft for Windows 10|Desc=Minecraft for Windows 10|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-1958404141-86561845-1752920682-3514627264-368642714-62675701-733520436|EmbedCtxt=Minecraft for Windows 10|Platform=2:6:2|Platform2=GTEQ|
"{EB0F6C48-732A-4AEB-B968-B70B433E7854}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=D:\Games\WATCH_DOGS2\EAC.exe|Name=EACWD2-UDP|
"{784C2440-3C1B-4CFA-A345-AD149AC06D87}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=D:\Games\WATCH_DOGS2\EAC.exe|Name=EACWD2-TCP|
"{2739F4AC-E056-47C2-AB37-D76A9E6DCB86}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=D:\Games\WATCH_DOGS2\bin_plus\WatchDogs2.exe|Name=WatchDogs2Plus-UDP|
"{0939A969-CCF2-423C-858C-46F4B44480BF}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=D:\Games\WATCH_DOGS2\bin_plus\WatchDogs2.exe|Name=WatchDogs2Plus-TCP|
"{26C69685-5687-4317-AD77-29CF5882F2DA}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=D:\Games\WATCH_DOGS2\bin\WatchDogs2.exe|Name=WatchDogs2-UDP|
"{0A668C26-E94F-4945-9F35-562EAF79E9A6}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=D:\Games\WATCH_DOGS2\bin\WatchDogs2.exe|Name=WatchDogs2-TCP|
"{7F0D90DF-BFF4-4D71-982E-B927CF2E2F7D}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ|
"{5124B953-EF3F-4D84-A894-9B5C210DC57F}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ|
"{DE7A9AED-2ED8-4104-93FE-0A49D0F83BFB}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ|
"{EB6EA2F8-F349-4351-B329-3BF899062BB8}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Name=FINAL FANTASY XV WINDOWS EDITION|Desc=FINAL FANTASY XV WINDOWS EDITION|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-2888017041-2039655366-2992338114-1800312189-1592916289-2318754513-901396951|EmbedCtxt=FINAL FANTASY XV WINDOWS EDITION|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{4FB1741C-56FB-42D1-B14B-D5DA4B667A6A}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=FINAL FANTASY XV WINDOWS EDITION|Desc=FINAL FANTASY XV WINDOWS EDITION|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-2888017041-2039655366-2992338114-1800312189-1592916289-2318754513-901396951|EmbedCtxt=FINAL FANTASY XV WINDOWS EDITION|Platform=2:6:2|Platform2=GTEQ|
"UDP Query User{140DE3BD-5670-486B-9BE7-AF06A061E684}D:\games\far cry primal\bin\fcprimal.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=D:\games\far cry primal\bin\fcprimal.exe|Name=Far Cry Primal|Desc=Far Cry Primal|
"TCP Query User{5A8B91CB-0060-4742-99CE-25F1D8FB0A99}D:\games\far cry primal\bin\fcprimal.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=D:\games\far cry primal\bin\fcprimal.exe|Name=Far Cry Primal|Desc=Far Cry Primal|
"UDP Query User{56FB3DF5-B59E-4A70-9238-A7C8D32981D8}C:\users\theos\appdata\local\programs\opera gx\68.0.3618.142\opera.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\theos\appdata\local\programs\opera gx\68.0.3618.142\opera.exe|Name=opera.exe|Desc=opera.exe|
"TCP Query User{BF6F3CC8-1193-4099-9B03-002B88253D43}C:\users\theos\appdata\local\programs\opera gx\68.0.3618.142\opera.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\theos\appdata\local\programs\opera gx\68.0.3618.142\opera.exe|Name=opera.exe|Desc=opera.exe|
"UDP Query User{D25BFA0B-C2DC-4F86-9C1A-7C327D6CE3AB}D:\games\risesandfall\riseandfall.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=D:\games\risesandfall\riseandfall.exe|Name=Rise And Fall|Desc=Rise And Fall|Defer=User|
"TCP Query User{0946FAEA-6014-4B4C-BF00-42AB6F217922}D:\games\risesandfall\riseandfall.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=D:\games\risesandfall\riseandfall.exe|Name=Rise And Fall|Desc=Rise And Fall|Defer=User|
"{BC218A80-A8E3-4AEF-A853-3C22A10E7080}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=Xbox Game Bar Plugin|Desc=Xbox Game Bar Plugin|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game Bar Plugin|Platform=2:6:2|Platform2=GTEQ|
"UDP Query User{867A792B-17DD-4A43-BF47-905AC395DD55}D:\bibliotèque\downloads\scoped_dir14384_1263252278\fivem.app\cache\subprocess\fivem_gtaprocess.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=D:\bibliotèque\downloads\scoped_dir14384_1263252278\fivem.app\cache\subprocess\fivem_gtaprocess.exe|Name=FiveM Game subprocess|Desc=FiveM Game subprocess|Defer=User|
"TCP Query User{0E12ECE4-B851-4008-A2DC-D04099213385}D:\bibliotèque\downloads\scoped_dir14384_1263252278\fivem.app\cache\subprocess\fivem_gtaprocess.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=D:\bibliotèque\downloads\scoped_dir14384_1263252278\fivem.app\cache\subprocess\fivem_gtaprocess.exe|Name=FiveM Game subprocess|Desc=FiveM Game subprocess|Defer=User|
"{B16934FF-4CB5-4F32-A1CA-F2691482D7E7}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=Totally Accurate Battle Simulator (Game Preview)|Desc=This game is a work in progress. It may or may not change over time or release as a final product. Purchase only if you are comfortable with the current state of he unfinished game. Totally Accurate Battle Simulator is a wacky physics-based tactics game. Experience accurate warfare through the ages. From medieval peasants to modern-day weaponry, TABS uses state of the art physics-based simulation to provide you with never-before-seen insight to our greatest battles of history.|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-1284152886-828228912-3480608847-203572652-1433116341-543196827-1477885593|EmbedCtxt=Totally Accurate Battle Simulator (Game Preview)|Platform=2:6:2|Platform2=GTEQ|
"UDP Query User{45C5EFE2-1A45-41AF-96A7-6D387424ABD8}D:\bibliotèque\downloads\scoped_dir14384_1263252278\fivem.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=D:\bibliotèque\downloads\scoped_dir14384_1263252278\fivem.exe|Name=FiveM|Desc=FiveM|Defer=User|
"TCP Query User{64B21731-C775-4349-AFFE-6C5C819E10BD}D:\bibliotèque\downloads\scoped_dir14384_1263252278\fivem.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=D:\bibliotèque\downloads\scoped_dir14384_1263252278\fivem.exe|Name=FiveM|Desc=FiveM|Defer=User|
"UDP Query User{E0C4306C-9042-43BE-A9BE-0EAC280A362C}D:\games\golf it!\golfit\binaries\win64\golfit-win64-shipping.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=D:\games\golf it!\golfit\binaries\win64\golfit-win64-shipping.exe|Name=Golf It!|Desc=Golf It!|Defer=User|
"TCP Query User{0C56066A-D480-4E7E-A755-48CB3F949F6B}D:\games\golf it!\golfit\binaries\win64\golfit-win64-shipping.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=D:\games\golf it!\golfit\binaries\win64\golfit-win64-shipping.exe|Name=Golf It!|Desc=Golf It!|Defer=User|
"{6178D28A-065E-44CC-80EA-3F055375DCAD}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{A68AD65D-C045-435E-8860-C9F504A87DA6}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ|
"{3838201A-25BE-4D78-AAE9-36A46E187CE9}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=Broforce|Desc=When evil threatens the world, the world calls on Broforce - an under-funded, over-powered paramilitary organization dealing exclusively in excessive force. Brace your loins with up to four players to run ‘n’ gun as dozens of different bros and eliminate the opposing terrorist forces that threaten our way of life.|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-518517026-1084586762-1147840666-2000447468-4210225252-882748488-2850419691|EmbedCtxt=Broforce|Platform=2:6:2|Platform2=GTEQ|
"{6E05C8D5-FEAF-416F-A757-57704491A657}"=v2.30|Action=Allow|Active=TRUE|Dir=In|App=C:\program files\GamingOSD\GamingOSD.exe|Name=GamingOSD|
"{898F9987-5C1E-4A93-B350-B3FDE720074E}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort2_10=7800-7809|Name=Overcooked2|Desc=Allow inbound network traffic to Overcooked2|EmbedCtxt=Overcooked2|Edge=TRUE|
"{D168F8F5-5FA9-488B-8749-54263C368F9A}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=7800-7809|Name=Overcooked2|Desc=Allow inbound network traffic to Overcooked2|EmbedCtxt=Overcooked2|Edge=TRUE|
"{93C6DCC7-3D32-4E91-8382-75F026223B89}"=v2.30|Action=Allow|Active=TRUE|Dir=In|App=C:\program files\GamingOSD\GamingOSD.exe|Name=GamingOSD|
"{E9C9FF50-EA62-46E7-8144-869C71722F66}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=Astro Command Center|Desc=Astro Command Center|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-216250287-3581794911-1010115859-3029228433-1929400333-2632574281-2368472852|EmbedCtxt=Astro Command Center|Platform=2:6:2|Platform2=GTEQ|
"{6AFA0AEE-B1D1-44C5-A6E8-4097160A085F}"=v2.30|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=D:\games\halo the master chief collection\mcc\binaries\win64\mcc-win64-shipping.exe|Name=Halo: The Master Chief Collection|Desc=Halo: The Master Chief Collection|
"{42F98ABB-C263-4A28-A536-7F46D7AA8CC4}"=v2.30|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=D:\games\halo the master chief collection\mcc\binaries\win64\mcc-win64-shipping.exe|Name=Halo: The Master Chief Collection|Desc=Halo: The Master Chief Collection|
"UDP Query User{A716FAD7-1FDD-43EE-B58D-E2ADE92B0F12}D:\games\halo the master chief collection\mcc\binaries\win64\mcc-win64-shipping.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=D:\games\halo the master chief collection\mcc\binaries\win64\mcc-win64-shipping.exe|Name=Halo: The Master Chief Collection|Desc=Halo: The Master Chief Collection|Defer=User|
"TCP Query User{858136C0-27D2-4C6C-9250-6FE0D7850B44}D:\games\halo the master chief collection\mcc\binaries\win64\mcc-win64-shipping.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=D:\games\halo the master chief collection\mcc\binaries\win64\mcc-win64-shipping.exe|Name=Halo: The Master Chief Collection|Desc=Halo: The Master Chief Collection|Defer=User|
"UDP Query User{EDFD08BF-A935-4120-B24D-708F08B2C4E4}C:\users\theos\appdata\local\citra\canary-mingw\citra-qt.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\theos\appdata\local\citra\canary-mingw\citra-qt.exe|Name=citra-qt.exe|Desc=citra-qt.exe|Defer=User|
"TCP Query User{1A0DF44D-D7F8-4903-8D33-868C2A02AE8A}C:\users\theos\appdata\local\citra\canary-mingw\citra-qt.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\theos\appdata\local\citra\canary-mingw\citra-qt.exe|Name=citra-qt.exe|Desc=citra-qt.exe|Defer=User|
"UDP Query User{42597185-4CE1-4C9C-809F-026D1DA9707E}C:\program files\java\jre1.8.0_231\bin\javaw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\program files\java\jre1.8.0_231\bin\javaw.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary|Defer=User|
"TCP Query User{BD690B2A-37D1-4F3F-915D-ED599ADA5A67}C:\program files\java\jre1.8.0_231\bin\javaw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\program files\java\jre1.8.0_231\bin\javaw.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary|Defer=User|
"UDP Query User{572E134F-69E7-4217-9722-E9288D31574C}C:\users\theos\appdata\roaming\spotify\spotify.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\theos\appdata\roaming\spotify\spotify.exe|Name=spotify.exe|Desc=spotify.exe|Defer=User|
"TCP Query User{91B1355F-7250-4091-A006-D2CFDE47FAAE}C:\users\theos\appdata\roaming\spotify\spotify.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\theos\appdata\roaming\spotify\spotify.exe|Name=spotify.exe|Desc=spotify.exe|Defer=User|
"UDP Query User{73591D23-B2F5-4F96-9879-733286FBA042}C:\games\the sims 4\game\bin\ts4_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\games\the sims 4\game\bin\ts4_x64.exe|Name=The Sims™ 4|Desc=The Sims™ 4|Defer=User|
"TCP Query User{32908881-81F7-477A-87B2-2CD5C87BD66D}C:\games\the sims 4\game\bin\ts4_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\games\the sims 4\game\bin\ts4_x64.exe|Name=The Sims™ 4|Desc=The Sims™ 4|Defer=User|
"{3918FCF4-7D97-4EDA-8F4E-64057B117898}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe|Name=Unified Remote|
"{FB22358B-1BC0-4CD9-9F7A-435D8965DF3E}"=v2.30|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe|Name=Unified Remote|
"{DC144E75-5F9B-4470-A4B0-25C2ACFEBE30}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=Human Fall Flat|Desc=Human Fall Flat|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-1228565134-3294714514-392319230-3763357626-3501111867-3190431523-1744783489|EmbedCtxt=Human Fall Flat|Platform=2:6:2|Platform2=GTEQ|
"UDP Query User{27D03D6A-240D-4B1D-8F19-7A54D64D06B8}C:\program files (x86)\deluge\deluge.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\deluge\deluge.exe|Name=Deluge Bittorrent Client|Desc=Deluge Bittorrent Client|Defer=User|
"TCP Query User{72CF90A2-4F92-4E68-9390-6E9E575CCCF3}C:\program files (x86)\deluge\deluge.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\deluge\deluge.exe|Name=Deluge Bittorrent Client|Desc=Deluge Bittorrent Client|Defer=User|
"UDP Query User{7DDF2F4D-119E-439D-B21F-661FD806C0F6}C:\program files (x86)\deluge\deluge.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\deluge\deluge.exe|Name=Deluge Bittorrent Client|Desc=Deluge Bittorrent Client|Edge=TRUE|Defer=App|
"TCP Query User{1C1FE22C-F5DF-4133-A31D-E55C27E8DF44}C:\program files (x86)\deluge\deluge.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\deluge\deluge.exe|Name=Deluge Bittorrent Client|Desc=Deluge Bittorrent Client|Edge=TRUE|Defer=App|
"{DF448CAA-B9B0-4ED2-ACA2-C38BF293F112}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=Xbox TCUI|Desc=Xbox TCUI|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-2603511428-3224021693-1028932517-3941269705-3349582775-2312504883-4057327947|EmbedCtxt=Xbox TCUI|Platform=2:6:2|Platform2=GTEQ|
"{A116C453-C9C4-4293-BAC5-5CF6BD77E9D8}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=Subnautica|Desc=Subnautica|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-3153962432-4097518767-1918724703-2113794119-3259233971-257215472-3033487154|EmbedCtxt=Subnautica|Platform=2:6:2|Platform2=GTEQ|
"UDP Query User{08D10E73-8494-4AB5-8FF2-262A71B77EAF}C:\riot games\league of legends\game\league of legends.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\riot games\league of legends\game\league of legends.exe|Name=League of Legends (TM) Client|Desc=League of Legends (TM) Client|Defer=User|
"TCP Query User{53D4307F-9BC1-4DDA-BAD7-4F0AC2E0E130}C:\riot games\league of legends\game\league of legends.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\riot games\league of legends\game\league of legends.exe|Name=League of Legends (TM) Client|Desc=League of Legends (TM) Client|Defer=User|
"UDP Query User{B874B929-10DE-4EA9-8621-07881F5B0744}C:\users\theos\twitch\minecraft\install\runtime\jre-x64\bin\javaw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\theos\twitch\minecraft\install\runtime\jre-x64\bin\javaw.exe|Name=javaw|Desc=javaw|Defer=User|
"TCP Query User{453AA056-78A9-4FD8-9848-B9AAC3D9495E}C:\users\theos\twitch\minecraft\install\runtime\jre-x64\bin\javaw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\theos\twitch\minecraft\install\runtime\jre-x64\bin\javaw.exe|Name=javaw|Desc=javaw|Defer=User|
"UDP Query User{04F51687-434E-4E8B-AD7E-190B5BD2C839}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary|Defer=User|
"TCP Query User{2C34552D-9EB8-4C06-9294-B91AE1D3AEDD}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary|Defer=User|
"{8D652ABB-32A0-4E97-A241-A791D67E15A8}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=Microsoft Pay|Desc=Microsoft Pay|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Microsoft Pay|Platform=2:6:2|Platform2=GTEQ|
"{5931479B-D7D9-4BE5-B873-ABDD52C0C973}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ|
"{6D561189-8450-4868-A924-191AD3E788F3}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=Cortana|Desc=Cortana|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-1880626798-2296700190-2192216202-2581987570-949377748-777141861-2889999867|EmbedCtxt=Cortana|Platform=2:6:2|Platform2=GTEQ|
"{C0047631-E6A0-4C77-9527-5E899EB0A719}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Name=Cortana|Desc=Cortana|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-1880626798-2296700190-2192216202-2581987570-949377748-777141861-2889999867|EmbedCtxt=Cortana|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{D4253325-6C33-409F-B6A3-E21A7FD45D06}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ|
"{350379A3-B656-4027-A275-C6260047CD5C}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ|
"{989A295D-B5FA-4D6A-AD68-F7E9B8445574}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=@{SystemEraSoftworks.29415440E1269_1.13.128.0_x64__ftk5pbg2rayv2?ms-resource://SystemEraSoftworks.29415440E1269/resources/PackageDisplayName}|Desc=@{SystemEraSoftworks.29415440E1269_1.13.128.0_x64__ftk5pbg2rayv2?ms-resource://SystemEraSoftworks.29415440E1269/resources/PackageDescription}|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-540815482-2833344629-1021556062-3742370454-2728162795-1177280155-2865869413|EmbedCtxt=@{SystemEraSoftworks.29415440E1269_1.13.128.0_x64__ftk5pbg2rayv2?ms-resource://SystemEraSoftworks.29415440E1269/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{79686F2D-6367-4612-9A9D-242B323382D3}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Name=@{SystemEraSoftworks.29415440E1269_1.13.128.0_x64__ftk5pbg2rayv2?ms-resource://SystemEraSoftworks.29415440E1269/resources/PackageDisplayName}|Desc=@{SystemEraSoftworks.29415440E1269_1.13.128.0_x64__ftk5pbg2rayv2?ms-resource://SystemEraSoftworks.29415440E1269/resources/PackageDescription}|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-540815482-2833344629-1021556062-3742370454-2728162795-1177280155-2865869413|EmbedCtxt=@{SystemEraSoftworks.29415440E1269_1.13.128.0_x64__ftk5pbg2rayv2?ms-resource://SystemEraSoftworks.29415440E1269/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"TCP Query User{659B895F-4FD0-472B-BAA5-27F5D9449AD7}D:\games\doom 2016\doomx64.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=D:\games\doom 2016\doomx64.exe|Name=DOOM|Desc=DOOM|
"UDP Query User{AE83B87A-40C7-439D-BC9D-C6EAF935FF99}D:\games\doom 2016\doomx64.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=D:\games\doom 2016\doomx64.exe|Name=DOOM|Desc=DOOM|
"TCP Query User{F6768D2A-679D-4799-9E46-E5F94F688E8C}C:\users\theos\appdata\local\programs\opera gx\68.0.3618.197\opera.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\theos\appdata\local\programs\opera gx\68.0.3618.197\opera.exe|Name=opera.exe|Desc=opera.exe|
"UDP Query User{E548DD54-7D3A-4F91-93C1-898DA96CA12A}C:\users\theos\appdata\local\programs\opera gx\68.0.3618.197\opera.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\theos\appdata\local\programs\opera gx\68.0.3618.197\opera.exe|Name=opera.exe|Desc=opera.exe|
"{C557E45B-0A25-4B05-ABB2-51DD01E95567}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=Xbox Game Bar|Desc=Xbox Game Bar|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-1714399563-1326177402-2048222277-143663168-2151391019-765408921-4098702777|EmbedCtxt=Xbox Game Bar|Platform=2:6:2|Platform2=GTEQ|
"{BBAEFD5A-F40E-40FE-9271-2DB13CD5E8CD}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Name=Xbox Game Bar|Desc=Xbox Game Bar|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-1714399563-1326177402-2048222277-143663168-2151391019-765408921-4098702777|EmbedCtxt=Xbox Game Bar|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{877A3EEF-C3F0-4F8C-A69D-8E08942DBC16}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=Golf With Your Friends|Desc=@{Team17DigitalLimited.GolfWithYourFriendsWin10_1.0.11.0_x64__j5x4vj4y67jhc?ms-resource://Team17DigitalLimited.GolfWithYourFriendsWin10_j5x4vj4y67jhc/resources/PackageDescription}|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-581855578-258473532-3513326927-3446807283-2198326081-580779638-4261711818|EmbedCtxt=Golf With Your Friends|Platform=2:6:2|Platform2=GTEQ|
"{2F90FB84-47D1-4E8C-A8F5-E54420677EBA}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=Age of Empires II: Definitive Edition|Desc=Age of Empires II: Definitive Edition|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-4159412053-3876499947-1540344375-408651030-1461374823-3236376724-1723810107|EmbedCtxt=Age of Empires II: Definitive Edition|Platform=2:6:2|Platform2=GTEQ|
"{40A20B72-160C-4641-9E42-0CFC56F3B82A}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Age of Empires II: Definitive Edition|Desc=Age of Empires II: Definitive Edition|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-4159412053-3876499947-1540344375-408651030-1461374823-3236376724-1723810107|EmbedCtxt=Age of Empires II: Definitive Edition|Platform=2:6:2|Platform2=GTEQ|
"{312A31D4-E3D9-496D-A48B-C02A1A336326}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome|
"{48C57C85-4596-4F53-9E51-9BA5C0BB2138}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=OneNote for Windows 10|Desc=OneNote for Windows 10|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote for Windows 10|Platform=2:6:2|Platform2=GTEQ|
"{9F944A37-C8FA-45FF-9038-47EB1B0C2A96}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote for Windows 10|Desc=OneNote for Windows 10|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote for Windows 10|Platform=2:6:2|Platform2=GTEQ|
"TCP Query User{56F1C32E-8143-4314-81AF-9DAA50CE2AD8}D:\games\kovaak 2 0\fpsaimtrainer\binaries\win64\fpsaimtrainer-win64-shipping.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=D:\games\kovaak 2 0\fpsaimtrainer\binaries\win64\fpsaimtrainer-win64-shipping.exe|Name=fpsaimtrainer-win64-shipping|Desc=fpsaimtrainer-win64-shipping|
"UDP Query User{D19E79A6-6BCA-4E4E-886D-09BE97F65803}D:\games\kovaak 2 0\fpsaimtrainer\binaries\win64\fpsaimtrainer-win64-shipping.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=D:\games\kovaak 2 0\fpsaimtrainer\binaries\win64\fpsaimtrainer-win64-shipping.exe|Name=fpsaimtrainer-win64-shipping|Desc=fpsaimtrainer-win64-shipping|
"{3F2FC5F9-01FC-48F3-AD2E-34D78F75553E}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ|
"{B2AA98A3-1235-4C7E-857A-3522ED53FF83}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Windows Feature Experience Pack|Desc=Windows Feature Experience Pack|LUOwn=S-1-5-21-3426726900-1680016901-4063642811-1001|AppPkgId=S-1-15-2-283421221-3183566570-1718213290-751554359-3541592344-2312209569-3374928651|EmbedCtxt=Windows Feature Experience Pack|Platform=2:6:2|Platform2=GTEQ|
"TCP Query User{2DFDF537-D97B-42F9-9697-B7B03ED8D331}C:\program files\roberts space industries\starcitizen\live\bin64\starcitizen.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\program files\roberts space industries\starcitizen\live\bin64\starcitizen.exe|Name=starcitizen|Desc=starcitizen|Defer=User|
"UDP Query User{3EB00FE8-EDAE-4D2C-864F-DB3A8556B3EC}C:\program files\roberts space industries\starcitizen\live\bin64\starcitizen.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\program files\roberts space industries\starcitizen\live\bin64\starcitizen.exe|Name=starcitizen|Desc=starcitizen|Defer=User|





---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{091bc97e-2352-4362-a539-10a6d8ff7596}] : (RDPDR) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760f-a5c8-4bfe-b314-d56a7b44a362}] : (DXGKrnl) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163c566-d381-4467-87bc-a65a18d5b648}] : (fvevol) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163c566-d381-4467-87bc-a65a18d5b649}] : (fvevol) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @c_display.inf,%ClassDesc%;Display adapters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @c_media.inf,%ClassDesc%;Sound, video and game controllers
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53487c23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) [] -> @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53b3cf03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) [] -> @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs)
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6fae73b7-b735-4b50-a0da-0dc2484b1f1a}] : (BasicDisplay) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{81c87465-de07-4efc-9d93-61e891d52fd2}] : (RdpVideoMiniport) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9164fbf8-1925-4b46-b3a8-206547b3a587}] : (LGHUBWinUSB) [] -> @oem18.inf,%DEVICEMANAGERCATEGORY%;Logitech G HUB USB Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a3e32dba-ba89-4f17-8386-2d0127fbd4cc}] : (rdpbus) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a73c93f1-9727-4d1d-ace1-0e333ba4e7db}] : (nvlddmkm) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{aa018edf-4915-415e-9c17-d7ebec8917d2}] : (NvModuleTracker) [] -> @oem25.inf,%ClassName%;NvModuleTracker
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b2728d24-ac56-42db-9e02-8edaf5db652f}] : (RDCamera) [] -> @rdcameradriver.inf,%ClassName%;Remote Desktop Camera devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{ca3e7ab9-b4c3-4ae6-8251-579ef933890f}] : (Camera) [] -> @c_camera.inf,%ClassDesc%;Cameras
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{cc41eba2-ab57-4f4e-8c3d-1bc33b1e74e3}] : (RDPDR) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e6f1aa1c-7f3b-4473-b2e8-c97d8ac71d53}] : (UCM) [] -> @c_ucm.inf,%ClassDesc%;USB Connector Managers
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f01a9d53-3ff6-48d2-9f97-c8a7004be10c}] : (ComputeAccelerator) [] -> @c_computeaccelerator.inf,%ClassDesc%;Compute accelerators
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[10/10/2019 23:19:38] - (1.5.8543.22165) - (AMD - AHCI Virtual Storage Driver) - C:\WINDOWS\System32\drivers\envirtahci.sys
[26/04/2020 14:08:39] - (1.0.2.2) - (Riot Games, Inc. - Vanguard kernel-mode driver.) - C:\Program Files\Riot Vanguard\vgk.sys
[07/12/2019 11:08:34] - (0.0.0.0) - ( -) - C:\WINDOWS\System32\Drivers\CimFS.SYS
[11/01/2020 08:36:42] - (10.32.0.0) - (REALiX(tm) - HWiNFO AMD64 Kernel Driver) - C:\Windows\system32\drivers\HWiNFO64A.SYS
[09/06/2020 10:25:46] - (9.0.0.23) - (The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6.0)) - C:\WINDOWS\System32\drivers\tapnordvpn.sys
[18/07/2020 19:56:34] - (27.21.14.5167) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 451.67) - C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edab19158bdd0d0a\nvlddmkm.sys
[01/07/2020 07:37:48] - (1.42.831.832) - (NVIDIA Corporation - NVIDIA PPC Function Driver.) - C:\WINDOWS\System32\DriverStore\FileRepository\nvppc.inf_amd64_0f22333f160a8f42\UcmCxUcsiNvppc.sys
[10/01/2020 13:35:53] - (4.13.0.0) - (NVIDIA Corporation - NVIDIA Virtual Audio Driver) - C:\WINDOWS\system32\drivers\nvvad64v.sys
[18/07/2020 19:58:22] - (304.0.0.0) - (NVIDIA Corporation - Virtual USB Host Controller driver) - C:\WINDOWS\System32\drivers\nvvhci.sys
[16/07/2020 14:16:36] - (100.0.0.0) - (NVIDIA Corporation - Process and module monitoring driver) - C:\WINDOWS\System32\drivers\NvModuleTracker.sys
[23/12/2019 18:49:52] - (0.0.0.0) - ( -) - C:\WINDOWS\System32\drivers\ssdevfactory.sys
[22/03/2020 11:03:41] - (1.0.0.103) - (Scarlet.Crush Productions - Scp Virtual Bus Driver) - C:\WINDOWS\System32\drivers\ScpVBus.sys
[10/01/2020 23:14:50] - (1.16.112.0) - (Benjamin Höglinger-Stelzer - Virtual Gamepad Emulation Bus Driver) - C:\WINDOWS\System32\drivers\ViGEmBus.sys
[21/01/2020 11:08:27] - (6.1.7600.16385) - (Windows (R) Win 7 DDK provider - HID mini driver for Unified Virtual HID) - C:\WINDOWS\System32\drivers\uvhid.sys
[23/03/2020 12:35:27] - (6.1.7600.16385) - (Windows (R) Win 7 DDK provider - HID mini driver for Virtual Multitouch Device) - C:\WINDOWS\System32\drivers\vmulti.sys
[22/05/2020 14:35:05] - (10.0.10011.16384) - (Windows (R) Win 7 DDK provider - Microsoft Virtual Audio Device) - C:\WINDOWS\system32\drivers\vmdrv.sys
[18/07/2020 19:58:22] - (1.3.38.34) - (NVIDIA Corporation - NVIDIA HDMI Audio Driver) - C:\WINDOWS\system32\drivers\nvhda64v.sys
[23/12/2019 18:49:52] - (2.7.0.0) - (SteelSeries ApS - SteelSeries HID Driver) - C:\WINDOWS\System32\drivers\sshid.sys

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - amdpsp (@oem26.inf,%amdpsp.SVCDESC%;AMD PSP Service) -> System32\drivers\amdpsp.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - bttflt (@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter) -> System32\drivers\bttflt.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - cht4iscsi () -> System32\drivers\cht4sx64.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - envirtahci () -> System32\drivers\envirtahci.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorAVC (@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller) -> System32\drivers\iaStorAVC.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - ItSas35i () -> System32\drivers\ItSas35i.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - MbamElam (MbamElam) -> system32\DRIVERS\MbamElam.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas35i () -> System32\drivers\megasas35i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - MsSecFlt (@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001) -> system32\drivers\mssecflt.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - nvdimm (@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver) -> System32\drivers\nvdimm.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;PCI Bus Driver) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - pmem (@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver) -> System32\drivers\pmem.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) -> system32\DRIVERS\ramdisk.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - SgrmAgent (@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001) -> system32\drivers\SgrmAgent.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SmartSAMD () -> System32\drivers\SmartSAMD.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Telemetry (@intelta.inf,%Telemetry.SVCDESC%;Intel(R) Telemetry Service) -> System32\drivers\IntelTA.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vpci (@wvpci.inf,%vpci.SVCDESC%;Microsoft Hyper-V Virtual PCI Bus) -> System32\drivers\vpci.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - WdBoot (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390) -> system32\drivers\wd\WdBoot.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - WdFilter (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330) -> system32\drivers\wd\WdFilter.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - afunix (afunix) -> \SystemRoot\system32\drivers\afunix.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - bam (@%SystemRoot%\system32\drivers\bam.sys,-100) -> system32\drivers\bam.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_62ba5773ba05edee\BasicDisplay.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\DriverStore\FileRepository\basicrender.inf_amd64_49a8589f00d970d9\BasicRender.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - CimFS () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - CSC (@%systemroot%\system32\cscsvc.dll,-202) -> system32\drivers\csc.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False
R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - HWiNFO (HWiNFO Kernel Driver) -> \??\C:\Windows\system32\drivers\HWiNFO64A.SYS - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NdisCap (@%SystemRoot%\System32\drivers\ndiscap.sys,-5000) -> System32\drivers\ndiscap.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - vgk (vgk) -> \??\C:\Program Files\Riot Vanguard\vgk.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Vid () -> \SystemRoot\System32\drivers\Vid.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - AMDRyzenMasterDriverV16 (AMDRyzenMasterDriverV16) -> \??\C:\Program Files\AMD\RyzenMaster\bin\AMDRyzenMasterDriver.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - bindflt (@%systemroot%\system32\drivers\bindflt.sys,-100) -> \SystemRoot\system32\drivers\bindflt.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - LGHUBTemperatureService (LGHUB Core Temperature Service) -> \??\C:\ProgramData\LGHUB\depots\55731\driver_cpu_temperature\logi_core_temp.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - MBAMChameleon (MBAMChameleon) -> \SystemRoot\System32\Drivers\MbamChameleon.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True

---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted)


---------- | Uninstall (Whitelist)

[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\4ffdbc81071cec8e] : (Remote Desktop assistant.-.Remote Desktop assistant) -> rundll32.exe dfshim.dll,ShArpMaintain rdassistant.application, Culture=en-US, PublicKeyToken=a8eee8aa09b0c4a7, processorArchitecture=msil
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Discord] : (Discord.-.Discord Inc.) -> C:\Users\theos\AppData\Local\Discord\Update.exe --uninstall
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Opera GX 68.0.3618.197] : (Opera GX Stable 68.0.3618.197.-.Opera Software) -> "C:\Users\theos\AppData\Local\Programs\Opera GX\Launcher.exe" /uninstall
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Riot Game bacon.live] : (Legends of Runeterra.-.Riot Games, Inc) -> "C:\Riot Games\Riot Client\RiotClientServices.exe" --uninstall-product=bacon --uninstall-patchline=live
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Riot Game league_of_legends.live] : (League of Legends.-.Riot Games, Inc) -> "C:\Riot Games\Riot Client\RiotClientServices.exe" --uninstall-product=league_of_legends --uninstall-patchline=live
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Riot Game valorant.live] : (VALORANT.-.Riot Games, Inc) -> "C:\Riot Games\Riot Client\RiotClientServices.exe" --uninstall-product=valorant --uninstall-patchline=live
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Spotify] : (Spotify.-.Spotify AB) -> "C:\Users\theos\AppData\Roaming\Spotify\Spotify.exe" /uninstall
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Super Monkey Ball Banana Blitz HD] : (Super Monkey Ball Banana Blitz HD.-.HOODLUM) -> C:\Users\theos\AppData\Local\Temp\\Super Monkey Ball Banana Blitz HD\uninstall.exe
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WinDirStat] : (WinDirStat 1.1.2.-.) -> "C:\Program Files (x86)\WinDirStat\Uninstall.exe"
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7565fb0a-bee1-4e29-aa5d-d83be41474b3}] : (Citra.-.Citra Team) -> C:\Users\theos\AppData\Local\Citra\maintenancetool.exe
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GeforceNOW] : (NVIDIA GeForce NOW 2.0.16.148.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Users\theos\AppData\Local\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage GeforceNOW -noUAC
----------[{Hidden}][HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) -> 
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{dd4e22d6-00d1-44b9-8126-d8b40e0cd7c9_FRA_fra}] : (.-.) -> 
[HKU\S-1-5-21-3426726900-1680016901-4063642811-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}] : (Twitch.-.Twitch Interactive, Inc.) -> "C:\Users\theos\AppData\Roaming\Twitch\Bin\UninstallTwitch.exe" /X{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\029c4619-0385-5543-9426-46f9987161d9] : (Streamlabs OBS 0.20.1.-.General Workings, Inc.) -> "C:\Program Files\Streamlabs OBS\Uninstall Streamlabs OBS.exe" /allusers
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\57979c68-f490-55b8-8fed-8b017a5af2fe] : (Vortex.-.Black Tree Gaming Ltd.) -> "C:\Program Files\Black Tree Gaming Ltd\Vortex\Uninstall Vortex.exe" /allusers
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\6af12c54-643b-4752-87d0-8335503010de_is1] : (Nexus Mod Manager.-.Black Tree Gaming) -> "C:\Program Files\Nexus Mod Manager\uninstall\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\81bfc699-f883-50c7-b674-2483b6baae23] : (RSI Launcher 1.4.3.-.Cloud Imperium Games) -> "C:\Program Files\Roberts Space Industries\RSI Launcher\Uninstall RSI Launcher.exe" /allusers
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager] : (AMD Software.-.Advanced Micro Devices, Inc.) -> "C:\Program Files\AMD\CIM\BIN64\RadeonInstaller.exe" /EXPRESS_UNINSTALL /IGNORE_UPGRADE /ON_REBOOT_MESSAGE:NO
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AMD Ryzen Master] : (AMD Ryzen Master.-.Advanced Micro Devices, Inc.) -> C:\Program Files\AMD\RyzenMaster\bin\Setup.exe /U {02247819-03CD-414E-AC8D-FD518BFBA445}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AMD StoreMI] : (AMD StoreMI.-.Advanced Micro Devices, Inc.) -> "C:\Program Files\AMD\StoreMI\uninstall.exe"
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CPUID CPU-Z_is1] : (CPUID CPU-Z 1.92.-.CPUID, Inc.) -> "C:\Program Files\CPUID\CPU-Z\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CPUID HWMonitor_is1] : (CPUID HWMonitor 1.41.-.CPUID, Inc.) -> "C:\Program Files\CPUID\HWMonitor\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CrystalDiskInfo_is1] : (CrystalDiskInfo 8.3.2.-.Crystal Dew World) -> "C:\Program Files\CrystalDiskInfo\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CrystalDiskMark7_is1] : (CrystalDiskMark 7.0.0g.-.Crystal Dew World) -> "C:\Program Files\CrystalDiskMark7\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Riot Vanguard] : (Riot Vanguard.-.Riot Games, Inc.) -> "C:\Program Files\Riot Vanguard\uninstall.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 105600] : (Terraria.-.Re-Logic) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/105600
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 1106850] : (Totally Reliable Delivery Service Beta.-.We're Five Games) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/1106850
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 1281930] : (tModLoader.-.TML Team) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/1281930
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 202990] : (Call of Duty: Black Ops II - Multiplayer.-.Treyarch) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/202990
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 227300] : (Euro Truck Simulator 2.-.SCS Software) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/227300
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 232910] : (TrackMania² Stadium.-.Nadeo) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/232910
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 233450] : (Prison Architect.-.Double Eleven) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/233450
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 238460] : (BattleBlock Theater.-.The Behemoth) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/238460
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 238960] : (Path of Exile.-.Grinding Gear Games) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/238960
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 244850] : (Space Engineers.-.Keen Software House) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/244850
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 252490] : (Rust.-.Facepunch Studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/252490
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 252950] : (Rocket League.-.Psyonix LLC) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/252950
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 271590] : (Grand Theft Auto V.-.Rockstar North) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/271590
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 275850] : (No Man's Sky.-.Hello Games) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/275850
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 298740] : (Space Engineers Dedicated Server.-.) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/298740
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 306130] : (The Elder Scrolls Online.-.Zenimax Online Studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/306130
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 326880] : (Space Engineers - Mod SDK.-.) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/326880
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 377160] : (Fallout 4.-.Bethesda Game Studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/377160
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 39140] : (FINAL FANTASY VII.-.Square Enix) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/39140
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 397900] : (Business Tour - Online Multiplayer Board Game.-.Creobit) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/397900
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 4000] : (Garry's Mod.-.Facepunch Studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/4000
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 42710] : (Call of Duty: Black Ops - Multiplayer.-.Treyarch) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/42710
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 427520] : (Factorio.-.Wube Software LTD.) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/427520
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 440] : (Team Fortress 2.-.Valve) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/440
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 466240] : (Deceit.-.Baseline) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/466240
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 470220] : (UNO.-.Ubisoft Entertainment) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/470220
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 477160] : (Human: Fall Flat.-.No Brakes Games) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/477160
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 489830] : (The Elder Scrolls V: Skyrim Special Edition.-.Bethesda Game Studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/489830
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 49520] : (Borderlands 2.-.Gearbox Software) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/49520
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 571740] : (Golf It!.-.Perfuse Entertainment) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/571740
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 620] : (Portal 2.-.Valve) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/620
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 678950] : (DRAGON BALL FighterZ.-.Arc System Works) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/678950
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 730] : (Counter-Strike: Global Offensive.-.Valve) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/730
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 745920] : (Temtem.-.Crema) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/745920
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SteelSeries Engine 3] : (SteelSeries Engine 3.18.1.-.SteelSeries ApS) -> C:\Program Files\SteelSeries\SteelSeries Engine 3\uninst.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\TeamSpeak 3 Client] : (TeamSpeak 3 Client.-.TeamSpeak Systems GmbH) -> "C:\Program Files\TeamSpeak 3 Client\uninstall.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\TinyISO - KovaaK 2 0] : (KovaaK 2 0.-.TinyISO) -> D:\Games\KovaaK 2 0\uninstall.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\VLC media player] : (VLC media player.-.VideoLAN) -> "C:\Program Files\VideoLAN\VLC\uninstall.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WhoCrashed_is1] : (WhoCrashed 6.65.-.Resplendence Software Projects Sp.) -> "C:\Program Files\WhoCrashed\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WinRAR archiver] : (WinRAR 5.80 (64-bit).-.win.rar GmbH) -> C:\Program Files\WinRAR\uninstall.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{00010FEF-82A2-497E-983A-7105A0168FA7}] : (PDFCreator.-.pdfforge GmbH) -> MsiExec.exe /I{00010FEF-82A2-497E-983A-7105A0168FA7}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{02247819-03CD-414E-AC8D-FD518BFBA445}] : (AMD Ryzen Master.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /X{02247819-03CD-414E-AC8D-FD518BFBA445}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{11E14722-1213-4021-AD72-32252315CB8B}] : (GamingOSD(x64).-.MICRO-STAR INT'L,.LTD.) -> MsiExec.exe /I{11E14722-1213-4021-AD72-32252315CB8B}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F64180231F0}] : (Java 8 Update 231 (64-bit).-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F64180231F0}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1] : (Malwarebytes version 4.1.0.56.-.Malwarebytes) -> "C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe" /Uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5DAB8C1A-6D8E-467D-BE62-AC13087AA950}_is1] : (Pentablet version 1.6.4.1948.-.XPPEN Technology) -> "C:\Program Files\Pentablet\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{77DA107A-7AE4-497D-A84A-B143C3A21676}] : (NordVPN network TUN.-.NordVPN) -> MsiExec.exe /X{77DA107A-7AE4-497D-A84A-B143C3A21676}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{8435A407-F778-4647-9CDB-46E5EC50BAD0}_is1] : (Voicemod.-.Voicemod S.L.) -> "C:\Program Files\Voicemod Desktop\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver] : (NVIDIA Pilote graphique 451.67.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Driver
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience] : (NVIDIA GeForce Experience 3.20.4.14.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.GFExperience
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus] : (NVIDIA Optimus Update 38.0.5.0.-.NVIDIA Corporation) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX] : (NVIDIA Logiciel système PhysX 9.19.0218.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] : (Mises à jour NVIDIA 38.0.5.0.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv] : (NVIDIA SHIELD Streaming.-.NVIDIA Corporation) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver] : (NVIDIA Pilote audio HD : 1.3.38.34.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage HDAudio.Driver
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvAbHub] : (NVIDIA ABHub.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvBackend] : (NVIDIA Backend.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer] : (NVIDIA Container.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.ContainerTelemetryApiHelper] : (NVIDIA TelemetryApi helper for NvContainer.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.LocalSystem] : (NVIDIA LocalSystem Container.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.MessageBus] : (NVIDIA Message Bus for NvContainer.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor] : (NVAPI Monitor plugin for NvContainer.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.ServiceUser] : (NVIDIA NetworkService Container.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.Session] : (NVIDIA Session Container.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.User] : (NVIDIA User Container.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver] : (NvModuleTracker.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs] : (NVIDIA NodeJS.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvPlugin.Watchdog] : (NVIDIA Watchdog Plugin for NvContainer.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry] : (NVIDIA Telemetry Client.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvVHCI] : (NVIDIA Virtual Host Controller.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_OSC] : (Nvidia Share.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay] : (NVIDIA ShadowPlay 3.20.4.14.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController] : (NVIDIA SHIELD Wireless Controller Driver.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core] : (NVIDIA Update Core.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver] : (NVIDIA Virtual Audio 4.13.0.0.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B600CC13-8F68-4D44-8867-93490894FAE5}] : (PDF Architect 7 Create Module.-.pdfforge GmbH) -> MsiExec.exe /I{B600CC13-8F68-4D44-8867-93490894FAE5}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BA2C2671-B379-4101-A21C-4C549671FC8D}] : (PDF Architect 7 Edit Module.-.pdfforge GmbH) -> MsiExec.exe /X{BA2C2671-B379-4101-A21C-4C549671FC8D}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E947A304-6110-4CFE-98AD-E6909072E87D}] : (PDF Architect 7 View Module.-.pdfforge GmbH) -> MsiExec.exe /I{E947A304-6110-4CFE-98AD-E6909072E87D}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F0072197-FCF6-41BF-9D38-832B145922DC}] : (Paradox Launcher v2.-.Paradox Interactive) -> MsiExec.exe /X{F0072197-FCF6-41BF-9D38-832B145922DC}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F3D3CC6B-9AD7-4F43-8C69-40D5902FDC5C}}_is1] : (MSI Kombustor 4.1.3.0 (64-bit).-.MSI / Geeks3D) -> "C:\Program Files\Geeks3D\MSI Kombustor 4 x64\unins000.exe"
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}] : (Epic Games Launcher Prerequisites (x64).-.Epic Games, Inc.) -> MsiExec.exe /X{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\1495134320_is1] : (The Witcher 3 - Wild Hunt - Game of the Year Edition.-.GOG.com) -> "D:\Steam\steamapps\common\The Witcher 3 Wild Hunt GOTY\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\1743370862_is1] : (Neon Abyss.-.GOG.com) -> "D:\Games\Neon Abyss\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\2064492751_is1] : (Neon Abyss – The Lovable Rogues Pack.-.GOG.com) -> "D:\Games\Neon Abyss\unins001.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\7th Heaven] : (7th Heaven.-.) -> D:\Games\7th Heaven\Uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Afterburner] : (MSI Afterburner 4.6.2.-.MSI Co., LTD) -> "C:\Program Files (x86)\MSI Afterburner\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AMD_Chipset_IODrivers] : (AMD Chipset Software.-.Advanced Micro Devices, Inc.) -> C:\Program Files (x86)\AMD\Chipset_IODrivers\Setup.exe /U {810a2b63-212d-4a59-bfb5-f2d575cd44f0}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\ASIO4ALL] : (ASIO4ALL.-.Michael Tippach) -> C:\Program Files (x86)\ASIO4ALL v2\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Assassin's Creed: Odyssey_is1] : (Assassin's Creed: Odyssey.-.) -> "D:\Steam\steamapps\common\Assassin's Creed - Odyssey\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Battle.net] : (Battle.net.-.Blizzard Entertainment) -> "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=frFR --uid=battle.net --displayname="Battle.net"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Call of Duty Modern Warfare] : (Call of Duty Modern Warfare.-.Blizzard Entertainment) -> "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=frFR --uid=odin --displayname="Call of Duty Modern Warfare"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Cities: Skylines_is1] : (Cities: Skylines.-.) -> "D:\Games\Cities - Skylines\unins000.exe"
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Deluge] : (Deluge 1.3.15.-.) -> C:\Program Files (x86)\Deluge\deluge-uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Diablo III] : (Diablo III.-.Blizzard Entertainment) -> "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=frFR --uid=diablo3 --displayname="Diablo III"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DOOM Eternal_is1] : (DOOM Eternal.-.) -> "D:\Games\DOOM Eternal\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Dragon Ball Z Kakarot_is1] : (Dragon Ball Z Kakarot v.1.10.-.) -> "D:\Games\Dragon Ball Z Kakarot\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Farming Simulator 19 Kverneland and Vicon Equipment Pack_is1] : (Farming Simulator 19 Kverneland and Vicon Equipment Pack.-.) -> "D:\Games\Farming Simulator 19 Kverneland and Vicon Equipment Pack\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\FileZilla Client] : (FileZilla Client 3.47.1.-.Tim Kosse) -> "C:\Program Files\FileZilla FTP Client\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\FL Studio 20] : (FL Studio 20.-.Image-Line) -> C:\Program Files (x86)\Image-Line\FL Studio 20\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\FL Studio ASIO] : (FL Studio ASIO.-.Image-Line) -> C:\Program Files (x86)\Image-Line\FL Studio ASIO\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Google Chrome] : (Google Chrome.-.Google LLC) -> "C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.105\Installer\setup.exe" --uninstall --system-level --verbose-logging
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Hearthstone] : (Hearthstone.-.Blizzard Entertainment) -> "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=frFR --uid=hs_beta --displayname="Hearthstone"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Installshield_{11E14722-1213-4021-AD72-32252315CB8B}] : (GamingOSD(x64).-.MICRO-STAR INT'L,.LTD.) -> "C:\Program Files (x86)\InstallShield Installation Information\{11E14722-1213-4021-AD72-32252315CB8B}\setup.exe" -runfromtemp -l0x0409 -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Microsoft Edge Update] : (Microsoft Edge Update.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\NordVPN 6.30.10] : (NordVPN.-.NordVPN) -> C:\ProgramData\Caphyon\Advanced Installer\{D50EFE85-BA30-4E86-A181-50F6694005A5}\NordVPNSetup.exe /i {D50EFE85-BA30-4E86-A181-50F6694005A5} AI_UNINSTALLER_CTP=1
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\NosTale(FR)_is1] : (Nostale(FR).-.Gameforge 4D GmbH) -> "D:\Games\NosTale(FR)\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Notepad++] : (Notepad++ (32-bit x86).-.Notepad++ Team) -> C:\Program Files (x86)\Notepad++\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\OpenAL] : (OpenAL.-.) -> "C:\Program Files (x86)\OpenAL\oalinst.exe" /U
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Parsec] : (Parsec.-.Parsec Cloud Inc.) -> "C:\Program Files\Parsec\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\pcsx2] : (PCSX2 - Playstation 2 Emulator.-.) -> D:\Games\#Emulation\PCSX2 1.4.0\Uninst-pcsx2 1.4.0.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\PDF Architect 7] : (PDF Architect 7.-.pdfforge GmbH) -> C:\ProgramData\PDF Architect 7\Installation\PDF_Architect_7_Installer.exe /uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Perfect IP Camera Recorder_is1] : (Perfect IP Camera Recorder 4.6.-.Perfect Surveillance) -> "C:\Program Files (x86)\Perfect IP Camera Recorder\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Portal 2 Complete_is1] : (Portal 2 Complete.-.THE KNIGHT) -> "D:\Games\Portal 2 Complete\Uninstall\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\PrtScr_is1] : (PrtScr 1.7.-.FireStarter) -> "C:\Program Files (x86)\PrtScr\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Rise and Fall Civilizations at War Multiplayer 1.15] : (Rise and Fall Civilizations at War Multiplayer 1.15.-.Stainless Steel Studios and Midway Games) -> D:\Games\RisesAndFall\Uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Rockstar Games Launcher] : (Rockstar Games Launcher.-.Rockstar Games) -> "C:\Program Files\Rockstar Games\Launcher\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Rockstar Games Social Club] : (Rockstar Games Social Club.-.Rockstar Games) -> C:\Program Files\Rockstar Games\Social Club\uninstallRGSCRedistributable.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\RTSS] : (RivaTuner Statistics Server 7.2.3.-.Unwinder) -> "C:\Program Files (x86)\RivaTuner Statistics Server\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Sonic Adventure 2 (c) SEGA_is1] : (Sonic Adventure 2 (c) SEGA version 1.-.) -> "D:\Games\Sonic Adventure 2\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Steam] : (Steam.-.Valve Corporation) -> C:\Program Files (x86)\Steam\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Steam App 252950] : (.-.Psyonix, Inc) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Street Fighter V: CE_is1] : (Street Fighter V: CE.-.) -> "D:\Games\Street Fighter V - Champion Edition\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\The Elder Scrolls Online] : (The Elder Scrolls Online.-.Zenimax Online Studios) -> "E:\Steam\steamapps\common\Zenimax Online\uninstall\Uninstall The Elder Scrolls Online.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\The Escapists 2_is1] : (The Escapists 2.-.) -> "D:\Games\The Escapists 22\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\The Sims 4_is1] : (The Sims 4 v.1.59.73.1020.-.) -> "C:\Games\The Sims 4\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\The Witcher 3: GotY Edition_is1] : (The Witcher 3: GotY Edition.-.) -> "D:\Games\The Witcher 3 - Wild Hunt\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Two Point Hospital_is1] : (Two Point Hospital.-.) -> "D:\Games\Two Point Hospital\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Uplay] : (Uplay.-.Ubisoft) -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Uplay Install 2688] : (WATCH_DOGS2.-.Ubisoft) -> "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe" uplay://uninstall/2688
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Uplay Install 5595] : (Trackmania.-.Ubisoft) -> "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe" uplay://uninstall/5595
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Uplay Install 635] : (Tom Clancy's Rainbow Six Siege.-.Ubisoft Montreal) -> "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe" uplay://uninstall/635
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WWE 2K19_is1] : (WWE 2K19.-.) -> "D:\Games\WWE 2K19\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\XtremeTuner] : (XtremeTuner.-.Galaxy Microsystems Ltd.) -> C:\PROGRA~1\XTREME~1\UNWISE.EXE C:\PROGRA~1\XTREME~1\INSTALL.LOG
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0EA45DD4-A825-420C-AFED-C659EFE3B84F}] : (Balanced.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /X{0EA45DD4-A825-420C-AFED-C659EFE3B84F}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{11235E7D-CE13-4D10-A26A-B14FFA1A9F97}_is1] : (Planet Coaster Thrillseeker Edition MULTi9 - ElAmigos version 1.11.-.Frontier Developments) -> "D:\Games\Planet Coaster\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{127FCEFB-20E3-4F45-8CAE-491608C56B63}_is1] : (Northgard.-.Shiro Games) -> "D:\Games\Northgard\uninstall\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2C9D5C4F-5A0D-4361-9DD3-16D036632940}_is1] : (Subnautica.-.Grip Games) -> "D:\Games\Subnautica\Uninstall\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{415B4714-4F8C-49C6-B310-881EAF892CFB}_is1] : (Unified Remote.-.Unified Intents AB) -> "C:\Program Files (x86)\Unified Remote 3\unins000.exe"
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{43a03b9c-4770-409c-a999-587b60700b63}] : (Launcher Prerequisites (x64).-.Epic Games, Inc.) -> "C:\ProgramData\Package Cache\{43a03b9c-4770-409c-a999-587b60700b63}\LauncherPrereqSetup_x64.exe"  /uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4724CAB0-EABC-4D3F-AFDE-8848BD7EF555}_is1] : (Game Dev Tycoon version 1.6.15.-.Greenheart Games) -> "D:\Games\Game Dev Tycoon\unins000.exe"
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{52CC87AA-645D-40FB-8411-510142191678}_is1] : (QModManager (Subnautica).-.QModManager) -> "D:\Games\Subnautica\unins000.exe"
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google LLC) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6653362F-9365-4A3C-9BF8-71494529DE06}] : (Epic Games Launcher.-.Epic Games, Inc.) -> MsiExec.exe /X{6653362F-9365-4A3C-9BF8-71494529DE06}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6C967A93-A95F-4F65-A33A-EC8BC8750C2D}_is1] : (Doom 2016 MULTi10 - ElAmigos version 6.66.-.Bethesda Softworks) -> "D:\Games\Doom 2016\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{703bd6d7-79c0-4005-8cd7-89522a05a546}_is1] : (Gameforge Login MS2.-.Gameforge) -> "C:\Program Files (x86)\GameforgeLoginMS2\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{70DE02E8-FBDD-4892-9B21-117DCA1DD553}_is1] : (Corsair SSD Toolbox 1.2.5.7.-.Corsair) -> "C:\Program Files (x86)\Corsair SSD Toolbox\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{769FAE74-94DA-476F-8C88-300E6E932232}_is1] : (Cuphead Deluxe Edition - ElAmigos version 1.2.-.StudioMDHR) -> "D:\Games\Cuphead\unins000.exe"
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{80EC3CEE-2940-42A1-A776-B5D810D39F1E}] : (AMD PCI Driver.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /X{80EC3CEE-2940-42A1-A776-B5D810D39F1E}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{810a2b63-212d-4a59-bfb5-f2d575cd44f0}] : (AMD_Chipset_Drivers.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /X{810a2b63-212d-4a59-bfb5-f2d575cd44f0}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{810F1419-7760-402E-8772-B4054FAA2B72}] : (Minecraft Launcher.-.Mojang) -> MsiExec.exe /X{810F1419-7760-402E-8772-B4054FAA2B72}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{84AD2AF7-10C8-0395-66F9-FFAEB4C5DBF1}] : (OEM Application Profile.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /X{84AD2AF7-10C8-0395-66F9-FFAEB4C5DBF1}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}] : (Realtek Ethernet Controller Driver.-.Realtek) -> "C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe" -runfromtemp -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{93bdcd2c-3dd3-4b2e-908e-a2335626b73a}] : (Intel® Driver & Support Assistant.-.Intel) -> "C:\ProgramData\Package Cache\{93bdcd2c-3dd3-4b2e-908e-a2335626b73a}\Intel-Driver-and-Support-Assistant-Installer.exe"  /uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}] : (NordVPN network TAP.-.NordVPN) -> MsiExec.exe /X{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{988F14B8-79A8-475D-BAC7-83F96AD3D821}] : (AMD PSP Driver.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /X{988F14B8-79A8-475D-BAC7-83F96AD3D821}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}] : (AMD Ryzen Balanced Driver.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /X{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A42DC186-C963-41A8-991E-152C1B53B985}_is1] : (The Binding of Isaac Rebirth version 1.05.-.REVOLUTiONiT) -> "D:\Games\The Binding of Isaac Rebirth\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{a7f142b8-8488-41d3-a57a-09755e437cd3}] : (osu!.-.ppy Pty Ltd) -> D:\Bibliotèque\Downloads\scoped_dir9368_1910379733\osu!.exe -uninstall
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}] : (AMD SBxxx SMBus Driver Alpha.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /X{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}] : (Promontory_GPIO Driver.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /X{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1] : (Project64 version 2.3.2.202.-.) -> "C:\Program Files (x86)\Project64 2.3\unins000.exe"
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}] : (Launcher Prerequisites (x64).-.Epic Games, Inc.) -> "C:\ProgramData\Package Cache\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}\LauncherPrereqSetup_x64.exe"  /uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CD12C586-6F0E-4F89-ACE2-B57BFA299144}_is1] : (Far Cry Primal Apex Edition MULTi19 - ElAmigos version 1.3.3.-.Ubisoft) -> "D:\Games\Far Cry Primal\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{d3b2a0c1-f0d0-4888-ae0b-1c5e1febdafb}_is1] : (Gameforge Client.-.Gameforge) -> "C:\Program Files (x86)\GameforgeClient\unins000.exe"
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D50EFE85-BA30-4E86-A181-50F6694005A5}] : (NordVPN.-.NordVPN) -> MsiExec.exe /I{D50EFE85-BA30-4E86-A181-50F6694005A5}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{dd4e22d6-00d1-44b9-8126-d8b40e0cd7c9.fr-FR}] : (NosTale fr-FR.-.Gameforge) -> "C:\Program Files (x86)\GameforgeClient\gfclient.exe" gfclient://uninstall?game=dd4e22d6-00d1-44b9-8126-d8b40e0cd7c9&region=fr-FR
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E1C3385B-A188-4174-9302-A526B453CC1C}] : (Intel Driver && Support Assistant.-.Intel) -> MsiExec.exe /X{E1C3385B-A188-4174-9302-A526B453CC1C}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}] : (AMD GPIO2 Driver.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /X{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}

---------- | Ports 


---------- | Installer

[HKCR\Installer\Products\00006109C80000000100000000F01FEC] : Office 16 Click-to-Run Extensibility Component
[HKCR\Installer\Products\00006109C800C0400100000000F01FEC] : Office 16 Click-to-Run Localization Component
[HKCR\Installer\Products\00006109E70000000100000000F01FEC] : Office 16 Click-to-Run Licensing Component
[HKCR\Installer\Products\023D171AC24CB3F42A8D6C0AF97688CC] : AMD Ryzen Balanced Driver -> C:\Windows\Installer\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\1762C2AB973B10142AC1C4456917CFD8] : PDF Architect 7 Edit Module -> C:\Windows\Installer\{BA2C2671-B379-4101-A21C-4C549671FC8D}\edit_icon
[HKCR\Installer\Products\22741E1131211204DA2723523251BCB8] : GamingOSD(x64) -> C:\Windows\Installer\{11E14722-1213-4021-AD72-32252315CB8B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\31CC006B86F844D4887639948049AF5E] : PDF Architect 7 Create Module -> C:\Windows\Installer\{B600CC13-8F68-4D44-8867-93490894FAE5}\create_icon
[HKCR\Installer\Products\36b2a018d21295a4fb5b2f5d57dc440f] : AMD_Chipset_Drivers -> C:\Windows\Installer\{810a2b63-212d-4a59-bfb5-f2d575cd44f0}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\3BBA3DF6A33E1BF30141F7B703413F24] : Windows SDK EULA
[HKCR\Installer\Products\403A749E0116EFC489DA6E0909278ED7] : PDF Architect 7 View Module -> C:\Windows\Installer\{E947A304-6110-4CFE-98AD-E6909072E87D}\main_icon
[HKCR\Installer\Products\499C5C9F9B6F57D43B7EDA108B04379E] : Epic Games Launcher Prerequisites (x64) -> C:\WINDOWS\Installer\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}\UnrealEngineLauncher.ico
[HKCR\Installer\Products\4DD54AE0528AC024FADE6C95FE3E8BF4] : Balanced -> C:\Windows\Installer\{0EA45DD4-A825-420C-AFED-C659EFE3B84F}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\4EA42A62D9304AC4784BF2468120130F] : Java 8 Update 231 (64-bit) -> C:\Program Files\Java\jre1.8.0_231\\bin\javaws.exe
[HKCR\Installer\Products\4EAB0176955CC3D9ADBD6484971F1884] : GameInput Redistributable
[HKCR\Installer\Products\58EFE05D03AB68E41A18056F9604505A] : NordVPN -> C:\Windows\Installer\{D50EFE85-BA30-4E86-A181-50F6694005A5}\AI_PROPPATH_FILENAME_PERBUILD_NordVPN.exe
[HKCR\Installer\Products\6D5CED799EB2BB54FB5C72B458B184B6] : NordVPN network TAP -> C:\Windows\Installer\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}\appwindow.exe
[HKCR\Installer\Products\7FA2DA488C015930669FFFEA4B5CBD1F] : OEM Application Profile -> C:\Windows\Installer\{84AD2AF7-10C8-0395-66F9-FFAEB4C5DBF1}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\8B41F8898A97D574AB7C389FA63D8D12] : AMD PSP Driver -> C:\Windows\Installer\{988F14B8-79A8-475D-BAC7-83F96AD3D821}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\9141F0180677E20478274B50F4AAB227] : Minecraft Launcher -> C:\Windows\Installer\{810F1419-7760-402E-8772-B4054FAA2B72}\minecraft.ico
[HKCR\Installer\Products\91874220DC30E414CAD8DF15B8BF4A54] : AMD Ryzen Master -> C:\Windows\Installer\{02247819-03CD-414E-AC8D-FD518BFBA445}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\99E80CA9B0328e74791254777B1F42AE] : 
[HKCR\Installer\Products\9B8E768893513F8145BA1B1F6E14CA41] : Kits Configuration Installer
[HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper
[HKCR\Installer\Products\A701AD774EA7D7948AA41B343C2A6167] : NordVPN network TUN -> C:\Windows\Installer\{77DA107A-7AE4-497D-A84A-B143C3A21676}\appwindow.exe
[HKCR\Installer\Products\AD370C1947420C270322D3002A124FC3] : SDK Debuggers
[HKCR\Installer\Products\B5833C1E881A471439205A624B35CCC1] : Intel Driver && Support Assistant -> C:\Windows\Installer\{E1C3385B-A188-4174-9302-A526B453CC1C}\Icon.exe
[HKCR\Installer\Products\CCB2155BDC4F9514684A2BDAD783FF9A] : Promontory_GPIO Driver -> C:\Windows\Installer\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\D72E0EAAA88CAB94785177DADC24683A] : AMD SBxxx SMBus Driver Alpha -> C:\Windows\Installer\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\EEC3CE0804921A247A675B8D013DF9E1] : AMD PCI Driver -> C:\Windows\Installer\{80EC3CEE-2940-42A1-A776-B5D810D39F1E}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\F26335665639C3A4B98F17945492ED60] : Epic Games Launcher -> C:\Windows\Installer\{6653362F-9365-4A3C-9BF8-71494529DE06}\Installer.ico
[HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater
[HKCR\Installer\Products\F993DD9E3A12E9747AFD6DFCB4A2BD3F] : AMD GPIO2 Driver -> C:\Windows\Installer\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\FEF010002A28E79489A317500A61F87A] : PDFCreator -> C:\Windows\Installer\{00010FEF-82A2-497E-983A-7105A0168FA7}\app_icon.ico

---------- | ADS


---------- | Drives


---------- | MBR


64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin

---------- | 20 LastEventLog

La création du contexte d’activation a échoué pour « D:\Games\NosTale(FR)\nostale.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active. Les composants en conflit sont : Composant 1 : C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_fd031af45b0106f2.manifest. Composant 2 : C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_b555e41d4684ddec.manifest.
------------

La création du contexte d’activation a échoué pour « D:\Games\NosTale(FR)\nostale.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active. Les composants en conflit sont : Composant 1 : C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_fd031af45b0106f2.manifest. Composant 2 : C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_b555e41d4684ddec.manifest.
------------

Le service ne peut pas être démarré. System.NullReferenceException: La référence d'objet n'est pas définie à une instance d'un objet.
   à SetupAfterRebootService.SetupARService.OnStart(String[] args)
   à System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
------------

Les notifications ne sont pas actives pour le volume D:\. 

Contexte : Application Windows

Détails :
	Le journal de modification du volume n’est pas actif.  (HRESULT : 0x8007049b) (0x8007049b)

------------

La création du contexte d’activation a échoué pour « D:\Games\NosTale(FR)\nostale.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active. Les composants en conflit sont : Composant 1 : C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_fd031af45b0106f2.manifest. Composant 2 : C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_b555e41d4684ddec.manifest.
------------

Le service ne peut pas être démarré. System.NullReferenceException: La référence d'objet n'est pas définie à une instance d'un objet.
   à SetupAfterRebootService.SetupARService.OnStart(String[] args)
   à System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
------------

La création du contexte d’activation a échoué pour « D:\Games\NosTale(FR)\nostale.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active. Les composants en conflit sont : Composant 1 : C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_fd031af45b0106f2.manifest. Composant 2 : C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_b555e41d4684ddec.manifest.
------------

Le service ne peut pas être démarré. System.NullReferenceException: La référence d'objet n'est pas définie à une instance d'un objet.
   à SetupAfterRebootService.SetupARService.OnStart(String[] args)
   à System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
------------

La création du contexte d’activation a échoué pour « D:\Games\NosTale(FR)\nostale.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active. Les composants en conflit sont : Composant 1 : C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_fd031af45b0106f2.manifest. Composant 2 : C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_b555e41d4684ddec.manifest.
------------

La création du contexte d’activation a échoué pour « D:\Games\NosTale(FR)\nostale.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active. Les composants en conflit sont : Composant 1 : C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_fd031af45b0106f2.manifest. Composant 2 : C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_b555e41d4684ddec.manifest.
------------

La création du contexte d’activation a échoué pour « D:\Games\NosTale(FR)\nostale.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active. Les composants en conflit sont : Composant 1 : C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_fd031af45b0106f2.manifest. Composant 2 : C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_b555e41d4684ddec.manifest.
------------

La création du contexte d’activation a échoué pour « D:\Games\NosTale(FR)\nostale.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active. Les composants en conflit sont : Composant 1 : C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_fd031af45b0106f2.manifest. Composant 2 : C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_b555e41d4684ddec.manifest.
------------

Nom de l’application défaillante Maine-WinAnvil-Shipping.exe, version : 0.0.0.0, horodatage : 0x5f1c5213
Nom du module défaillant : xgameruntime.dll, version : 10.0.19041.3225, horodatage : 0xbcc879dc
Code d’exception : 0xc0000005
Décalage d’erreur : 0x00000000000a3086
ID du processus défaillant : 0x2ff4
Heure de début de l’application défaillante : 0x01d668d3d8dc12ca
Chemin d’accès de l’application défaillante : C:\Program Files\WindowsApps\Microsoft.Maine_1.1.7.0_x64__8wekyb3d8bbwe\Maine\Binaries\WinAnvil\Maine-WinAnvil-Shipping.exe
Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\xgameruntime.dll
ID de rapport : e09ed55a-0606-4a5b-9db9-50e7acb97959
Nom complet du package défaillant : Microsoft.Maine_1.1.7.0_x64__8wekyb3d8bbwe
ID de l’application relative au package défaillant : AppGroundedShipping
------------

La création du contexte d’activation a échoué pour « D:\Games\NosTale(FR)\nostale.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active. Les composants en conflit sont : Composant 1 : C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_fd031af45b0106f2.manifest. Composant 2 : C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_b555e41d4684ddec.manifest.
------------

Le service ne peut pas être démarré. System.NullReferenceException: La référence d'objet n'est pas définie à une instance d'un objet.
   à SetupAfterRebootService.SetupARService.OnStart(String[] args)
   à System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
------------

La création du contexte d’activation a échoué pour « D:\Games\NosTale(FR)\nostale.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active. Les composants en conflit sont : Composant 1 : C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_fd031af45b0106f2.manifest. Composant 2 : C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_b555e41d4684ddec.manifest.
------------

La création du contexte d’activation a échoué pour « D:\Games\NosTale(FR)\nostale.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active. Les composants en conflit sont : Composant 1 : C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_fd031af45b0106f2.manifest. Composant 2 : C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_b555e41d4684ddec.manifest.
------------

Nom de l’application défaillante Maine-WinAnvil-Shipping.exe, version : 0.0.0.0, horodatage : 0x5f1c5213
Nom du module défaillant : PhysX3_x64.dll, version : 0.0.0.0, horodatage : 0x5d239a45
Code d’exception : 0xc0000005
Décalage d’erreur : 0x00000000000d3c7c
ID du processus défaillant : 0x3e14
Heure de début de l’application défaillante : 0x01d668d1d75d7c62
Chemin d’accès de l’application défaillante : C:\Program Files\WindowsApps\Microsoft.Maine_1.1.7.0_x64__8wekyb3d8bbwe\Maine\Binaries\WinAnvil\Maine-WinAnvil-Shipping.exe
Chemin d’accès du module défaillant: C:\Program Files\WindowsApps\Microsoft.Maine_1.1.7.0_x64__8wekyb3d8bbwe\Engine\Binaries\ThirdParty\PhysX3\Win64\VS2015\PhysX3_x64.dll
ID de rapport : e71723d6-356b-46b9-95cf-78d3379718f9
Nom complet du package défaillant : Microsoft.Maine_1.1.7.0_x64__8wekyb3d8bbwe
ID de l’application relative au package défaillant : AppGroundedShipping
------------

Nom de l’application défaillante Maine-WinAnvil-Shipping.exe, version : 0.0.0.0, horodatage : 0x5f1c5213
Nom du module défaillant : PhysX3_x64.dll, version : 0.0.0.0, horodatage : 0x5d239a45
Code d’exception : 0xc0000005
Décalage d’erreur : 0x00000000000d3c7c
ID du processus défaillant : 0x279c
Heure de début de l’application défaillante : 0x01d668d15e84e30e
Chemin d’accès de l’application défaillante : C:\Program Files\WindowsApps\Microsoft.Maine_1.1.7.0_x64__8wekyb3d8bbwe\Maine\Binaries\WinAnvil\Maine-WinAnvil-Shipping.exe
Chemin d’accès du module défaillant: C:\Program Files\WindowsApps\Microsoft.Maine_1.1.7.0_x64__8wekyb3d8bbwe\Engine\Binaries\ThirdParty\PhysX3\Win64\VS2015\PhysX3_x64.dll
ID de rapport : b08ed04d-b9e7-452a-9d0c-13ecb92c5d0a
Nom complet du package défaillant : Microsoft.Maine_1.1.7.0_x64__8wekyb3d8bbwe
ID de l’application relative au package défaillant : AppGroundedShipping
------------


----------( EOF)---------- - 5193 | 11:17:47