Meu PC foi infectado com o malware "URL:Blacklist"

Francisco Narde · 13 de agosto de 2023

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 12-08-2023
Executado por Francisco Narde (13-08-2023 17:06:25) Run:4
Executando a partir de D:\Desktop
Perfis Carregados: Francisco Narde
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
Start::
CreateRestorePoint:
CloseProcesses:

C:\Users\Francisco Narde\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!003\MicrosoftEdge\ExtensionsByteCodeCache\Extensions\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp
C:\Users\Francisco Narde\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\ExtensionsByteCodeCache\Extensions\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp
C:\Users\Francisco Narde\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_br.norton.com_0.indexeddb.leveldb
C:\ProgramData\Norton
C:\ProgramData\NortonInstaller
C:\Program Files\Common Files\AV\Norton Security

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\Compatibility\NortonSystemInfo]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\NortonSecurity.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{30744133-1E94-7B35-F4A3-82A5AEF1CBAA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{30744133-1E94-7B35-F4A3-82A5AEF1CBAA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{30744133-1E94-7B35-F4A3-82A5AEF1CBAA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{084FC016-54FB-7A6D-DFFC-2B9050228CD1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{084FC016-54FB-7A6D-DFFC-2B9050228CD1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{084FC016-54FB-7A6D-DFFC-2B9050228CD1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-3907471261-615860086-2012423866-1001\SymantecCorporation.NortonSafeWeb_3.11.6.0_neutral__v68kp9n051hdp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InstallService\State\CategoryCache]
"87badf37-13d1-7ba7-6b16-211bdec46258BR"="-"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\DownloadCenter\Sub]
"Norton Internet Security(NIS)"="-"
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\DirectDraw\Compatibility\NortonSystemInfo]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules]
"C:\Program Files\Norton Security\NortonData\22.11.1.5\Definitions\IPSDefs\20200604.061\IPSEng32.dll"="-"
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\AppxAllUserStore\S-1-5-21-3907471261-615860086-2012423866-1001\SymantecCorporation.NortonSafeWeb_3.11.6.0_neutral__v68kp9n051hdp]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Main\SymantecCorporation.NortonSafeWeb_3.11.6.0_neutral__v68kp9n051hdp]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\SymantecCorporation.NortonSafeWeb_3.11.6.0_neutral__v68kp9n051hdp]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\S-1-5-21-3907471261-615860086-2012423866-1001\SymantecCorporation.NortonSafeWeb_3.11.6.0_neutral__v68kp9n051hdp]
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\SymantecCorporation.NortonSafeWeb_3.11.6.0_neutral__v68kp9n051hdp]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\NS]
[-HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CSymantecCorporation.NortonSafeWeb_3.11.6.0_neutral__v68kp9n051hdp%5Cresources.pri]
[-HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CSymantecCorporation.NortonSafeWeb_3.11.6.0_neutral__v68kp9n051hdp%5Cresources.pri\1d65a941e4f925a\19d2e443]
[-HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CSymantecCorporation.NortonSafeWeb_3.11.6.0_neutral__v68kp9n051hdp%5Cresources.pri\1d65a941e4f925a\19d2e443]
[-HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CSymantecCorporation.NortonSafeWeb_3.13.0.0_neutral__v68kp9n051hdp%5Cresources.pri]
[-HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CSymantecCorporation.NortonSafeWeb_3.13.0.0_neutral__v68kp9n051hdp%5Cresources.pri\1d6a11fa1811712\19d2e443]
[-HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CSymantecCorporation.NortonSafeWeb_3.13.0.0_neutral__v68kp9n051hdp%5Cresources.pri\1d6a11fa1811712\19d2e443]
[-HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CSymantecCorporation.NortonSafeWeb_3.13.1.0_neutral__v68kp9n051hdp%5Cresources.pri]
[-HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CSymantecCorporation.NortonSafeWeb_3.13.1.0_neutral__v68kp9n051hdp%5Cresources.pri\1d6a11fa1811712\19d2e443]
[-HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CSymantecCorporation.NortonSafeWeb_3.13.1.0_neutral__v68kp9n051hdp%5Cresources.pri\1d6a11fa1811712\19d2e443]
[-HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CSymantecCorporation.NortonSafeWeb_3.14.1.0_neutral__v68kp9n051hdp%5Cresources.pri]
[-HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CSymantecCorporation.NortonSafeWeb_3.14.1.0_neutral__v68kp9n051hdp%5Cresources.pri\1d6eace60218b5\19d2e443]
[-HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CSymantecCorporation.NortonSafeWeb_3.14.1.0_neutral__v68kp9n051hdp%5Cresources.pri\1d6eace60218b5\19d2e443]
[-HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CSymantecCorporation.NortonSafeWeb_3.14.3.0_neutral__v68kp9n051hdp%5Cresources.pri]
[-HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CSymantecCorporation.NortonSafeWeb_3.14.3.0_neutral__v68kp9n051hdp%5Cresources.pri\1d718841db8d8c4\19d2e443]
[-HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CSymantecCorporation.NortonSafeWeb_3.14.3.0_neutral__v68kp9n051hdp%5Cresources.pri\1d718841db8d8c4\19d2e443]
[-HKEY_USERS\.DEFAULT\Software\Norton]
[-HKEY_USERS\.DEFAULT\Software\Norton\NortonInstaller]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\AppDataLow\Software\Norton]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Office\Outlook\Addins\MsouPlug.OutlookPlug]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Office\Outlook\Addins\MsouPlug.OutlookPlug]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\UserData\UninstallTimes]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{65bff9cd-1d54-46dc-95a8-6a54ff530f2c}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$symanteccorporation.nortonsafeweb_v68kp9n051hdp]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{65bff9cd-1d54-46dc-95a8-6a54ff530f2c}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$symanteccorporation.nortonsafeweb_v68kp9n051hdp]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.com/search?q=norton+security+scan&form=WNSGPH&qs=AS&cvid=174fc6e0bead416983c9561ec79dc302&porque=norton+security&cc=BR&setlang=pt-BR&nclid=E]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Symantec.Norton Security]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Namespace\packagestate\symanteccorporation.nortonsafeweb_v68kp9n051hdp-0]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\symanteccorporation.nortonsafeweb_v68kp9n051hdp-0]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\RemoteNamespace\packagestate\symanteccorporation.nortonsafeweb_v68kp9n051hdp-0]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Telemetry\SaveKnowledgeLastSuccess]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\norton.com]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\security.norton.com]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\norton.com]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\security.norton.com]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\003\Internet Explorer\DOMStorage\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\003\Internet Explorer\EdpDomStorage\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\EdgeExtensions\Configuration\EdgeExtensions\ConfigurationStore\Extensions\ms-browser-extension://EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp/]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\EdgeExtensions\Configuration\EdgeExtensions\ConfigurationStore\Extensions\ms-browser-extension://EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp/]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\EdgeExtensions\Configuration\EdgeExtensions\ConfigurationStore\State]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Extensions\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_startup\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscm_author\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscm_author\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscm_backg\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscm_baction\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscm_baction\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp\default_icon\20]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscm_baction\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscm_baction\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscm_desc\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscm_Icons\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscm_loc\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscm_name\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscm_perm\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscm_ver\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\keyvaluestore\keyvaluestore\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\WebRuntimeExtensions\EventStore\webNavigation.onTabReplaced\1\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\WebRuntimeExtensions\EventStore\webRequest.onBeforeRequest\1\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\WebRuntimeExtensions\EventStore\webRequest.onBeforeSendHeaders\1\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\WebRuntimeExtensions\EventStore\webRequest.onCompleted\1\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\WebRuntimeExtensions\EventStore\webRequest.onHeadersReceived\1\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\ManagedByApp\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp]
[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\ManagedByApp\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp]
Edge Extension: (Sem Nome) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [não encontrado (a)]
Edge Extension: (Sem Nome) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [não encontrado (a)]
Edge Extension: (Norton Safe Web) -> EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.11.6.0_neutral__v68kp9n051hdp [não encontrado (a)]
Edge Extension: (Sem Nome) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [não encontrado (a)]
Edge Extension: (Sem Nome) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [não encontrado (a)]
C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.14.3.0_neutral__v68kp9n051hdp

EmptyTemp:
End::
*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.

"C:\Users\Francisco Narde\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!003\MicrosoftEdge\ExtensionsByteCodeCache\Extensions\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp" pasta mover:

C:\Users\Francisco Narde\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!003\MicrosoftEdge\ExtensionsByteCodeCache\Extensions\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => movido com sucesso

"C:\Users\Francisco Narde\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\ExtensionsByteCodeCache\Extensions\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp" pasta mover:

C:\Users\Francisco Narde\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\ExtensionsByteCodeCache\Extensions\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => movido com sucesso
"C:\Users\Francisco Narde\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_br.norton.com_0.indexeddb.leveldb" => não encontrado (a)

"C:\ProgramData\Norton" pasta mover:

C:\ProgramData\Norton => movido com sucesso

"C:\ProgramData\NortonInstaller" pasta mover:

C:\ProgramData\NortonInstaller => movido com sucesso

"C:\Program Files\Common Files\AV\Norton Security" pasta mover:

C:\Program Files\Common Files\AV\Norton Security => movido com sucesso
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\Compatibility\NortonSystemInfo => removido (a) com sucesso.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\NortonSecurity.exe => removido (a) com sucesso.
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{30744133-1E94-7B35-F4A3-82A5AEF1CBAA}" => removido (a) com sucesso.
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{30744133-1E94-7B35-F4A3-82A5AEF1CBAA}" => não encontrado (a)
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{30744133-1E94-7B35-F4A3-82A5AEF1CBAA}" => não encontrado (a)
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{084FC016-54FB-7A6D-DFFC-2B9050228CD1}" => removido (a) com sucesso.
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{084FC016-54FB-7A6D-DFFC-2B9050228CD1}" => não encontrado (a)
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{084FC016-54FB-7A6D-DFFC-2B9050228CD1}" => não encontrado (a)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-3907471261-615860086-2012423866-1001\SymantecCorporation.NortonSafeWeb_3.11.6.0_neutral__v68kp9n051hdp => removido (a) com sucesso.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InstallService\State\CategoryCache] => Erro: Nenhuma correção automática foi encontrada para esta entrada.
"87badf37-13d1-7ba7-6b16-211bdec46258BR"="-" => Erro: Nenhuma correção automática foi encontrada para esta entrada.
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\DownloadCenter\Sub] => Erro: Nenhuma correção automática foi encontrada para esta entrada.
"Norton Internet Security(NIS)"="-" => Erro: Nenhuma correção automática foi encontrada para esta entrada.
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\DirectDraw\Compatibility\NortonSystemInfo => removido (a) com sucesso.
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules] => Erro: Nenhuma correção automática foi encontrada para esta entrada.
"C:\Program Files\Norton Security\NortonData\22.11.1.5\Definitions\IPSDefs\20200604.061\IPSEng32.dll"="-" => não encontrado (a)
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\AppxAllUserStore\S-1-5-21-3907471261-615860086-2012423866-1001\SymantecCorporation.NortonSafeWeb_3.11.6.0_neutral__v68kp9n051hdp => removido (a) com sucesso.
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Main\SymantecCorporation.NortonSafeWeb_3.11.6.0_neutral__v68kp9n051hdp => removido (a) com sucesso.
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\SymantecCorporation.NortonSafeWeb_3.11.6.0_neutral__v68kp9n051hdp => removido (a) com sucesso.
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\S-1-5-21-3907471261-615860086-2012423866-1001\SymantecCorporation.NortonSafeWeb_3.11.6.0_neutral__v68kp9n051hdp => removido (a) com sucesso.
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\SymantecCorporation.NortonSafeWeb_3.11.6.0_neutral__v68kp9n051hdp => removido (a) com sucesso.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\NS => removido (a) com sucesso.
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CSymantecCorporation.NortonSafeWeb_3.11.6.0_neutral__v68kp9n051hdp%5Cresources.pri => removido (a) com sucesso.
"HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CSymantecCorporation.NortonSafeWeb_3.11.6.0_neutral__v68kp9n051hdp%5Cresources.pri\1d65a941e4f925a\19d2e443" => não encontrado (a)
"HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CSymantecCorporation.NortonSafeWeb_3.11.6.0_neutral__v68kp9n051hdp%5Cresources.pri\1d65a941e4f925a\19d2e443" => não encontrado (a)
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CSymantecCorporation.NortonSafeWeb_3.13.0.0_neutral__v68kp9n051hdp%5Cresources.pri => removido (a) com sucesso.
"HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CSymantecCorporation.NortonSafeWeb_3.13.0.0_neutral__v68kp9n051hdp%5Cresources.pri\1d6a11fa1811712\19d2e443" => não encontrado (a)
"HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CSymantecCorporation.NortonSafeWeb_3.13.0.0_neutral__v68kp9n051hdp%5Cresources.pri\1d6a11fa1811712\19d2e443" => não encontrado (a)
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CSymantecCorporation.NortonSafeWeb_3.13.1.0_neutral__v68kp9n051hdp%5Cresources.pri => removido (a) com sucesso.
"HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CSymantecCorporation.NortonSafeWeb_3.13.1.0_neutral__v68kp9n051hdp%5Cresources.pri\1d6a11fa1811712\19d2e443" => não encontrado (a)
"HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CSymantecCorporation.NortonSafeWeb_3.13.1.0_neutral__v68kp9n051hdp%5Cresources.pri\1d6a11fa1811712\19d2e443" => não encontrado (a)
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CSymantecCorporation.NortonSafeWeb_3.14.1.0_neutral__v68kp9n051hdp%5Cresources.pri => removido (a) com sucesso.
"HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CSymantecCorporation.NortonSafeWeb_3.14.1.0_neutral__v68kp9n051hdp%5Cresources.pri\1d6eace60218b5\19d2e443" => não encontrado (a)
"HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CSymantecCorporation.NortonSafeWeb_3.14.1.0_neutral__v68kp9n051hdp%5Cresources.pri\1d6eace60218b5\19d2e443" => não encontrado (a)
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CSymantecCorporation.NortonSafeWeb_3.14.3.0_neutral__v68kp9n051hdp%5Cresources.pri => removido (a) com sucesso.
"HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CSymantecCorporation.NortonSafeWeb_3.14.3.0_neutral__v68kp9n051hdp%5Cresources.pri\1d718841db8d8c4\19d2e443" => não encontrado (a)
"HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CSymantecCorporation.NortonSafeWeb_3.14.3.0_neutral__v68kp9n051hdp%5Cresources.pri\1d718841db8d8c4\19d2e443" => não encontrado (a)
HKEY_USERS\.DEFAULT\Software\Norton => removido (a) com sucesso.
"HKEY_USERS\.DEFAULT\Software\Norton\NortonInstaller" => não encontrado (a)
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\AppDataLow\Software\Norton => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Office\Outlook\Addins\MsouPlug.OutlookPlug => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Office\Outlook\Addins\MsouPlug.OutlookPlug => não encontrado (a)
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\UserData\UninstallTimes => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{65bff9cd-1d54-46dc-95a8-6a54ff530f2c}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$symanteccorporation.nortonsafeweb_v68kp9n051hdp => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{65bff9cd-1d54-46dc-95a8-6a54ff530f2c}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$symanteccorporation.nortonsafeweb_v68kp9n051hdp => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched => não encontrado (a)
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.com/search?q=norton+security+scan&form=WNSGPH&qs=AS&cvid=174fc6e0bead416983c9561ec79dc302&porque=norton+security&cc=BR&setlang=pt-BR&nclid=E => não encontrado (a)
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Symantec.Norton Security => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Namespace\packagestate\symanteccorporation.nortonsafeweb_v68kp9n051hdp-0 => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\symanteccorporation.nortonsafeweb_v68kp9n051hdp-0 => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\RemoteNamespace\packagestate\symanteccorporation.nortonsafeweb_v68kp9n051hdp-0 => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Telemetry\SaveKnowledgeLastSuccess => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\norton.com => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\security.norton.com => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\norton.com => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\security.norton.com => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\003\Internet Explorer\DOMStorage\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\003\Internet Explorer\EdpDomStorage\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\EdgeExtensions\Configuration\EdgeExtensions\ConfigurationStore\Extensions\ms-browser-extension://EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp/ => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\EdgeExtensions\Configuration\EdgeExtensions\ConfigurationStore\Extensions\ms-browser-extension://EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp/ => não encontrado (a)
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\EdgeExtensions\Configuration\EdgeExtensions\ConfigurationStore\State => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Extensions\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => não encontrado (a)
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => não encontrado (a)
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => não encontrado (a)
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => não encontrado (a)
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => não encontrado (a)
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => não encontrado (a)
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_startup\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscm_author\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscm_author\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => não encontrado (a)
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscm_backg\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscm_baction\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => removido (a) com sucesso.
"HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscm_baction\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp\default_icon\20" => não encontrado (a)
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscm_baction\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => não encontrado (a)
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscm_baction\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => não encontrado (a)
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscm_desc\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscm_Icons\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscm_loc\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscm_name\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscm_perm\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscm_ver\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\keyvaluestore\keyvaluestore\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\WebRuntimeExtensions\EventStore\webNavigation.onTabReplaced\1\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\WebRuntimeExtensions\EventStore\webRequest.onBeforeRequest\1\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\WebRuntimeExtensions\EventStore\webRequest.onBeforeSendHeaders\1\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\WebRuntimeExtensions\EventStore\webRequest.onCompleted\1\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\WebRuntimeExtensions\EventStore\webRequest.onHeadersReceived\1\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\ManagedByApp\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\ManagedByApp\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => não encontrado (a)
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removido (a) com sucesso.
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removido (a) com sucesso.
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => não encontrado (a)
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removido (a) com sucesso.
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removido (a) com sucesso.
"C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.14.3.0_neutral__v68kp9n051hdp" => não encontrado (a)

=========== EmptyTemp: ==========

FlushDNS => completado
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 210815602 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 98829771 B
Edge => 0 B
Chrome => 552046962 B
Firefox => 70237141 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Francisco Narde => 102213627 B

RecycleBin => 2384896 B
EmptyTemp: => 989.8 MB de dados temporários Removidos.

================================

O sistema precisou ser reiniciado.

==== Fim de Fixlog 17:07:19 ====

Elias Pereira · 13 de agosto de 2023

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está no CODE abaixo:

CreateRestorePoint:
CloseProcesses:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InstallService\State\CategoryCache] => Erro: Nenhuma correção automática foi encontrada para esta entrada.
"87badf37-13d1-7ba7-6b16-211bdec46258BR"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\DownloadCenter\Sub] => Erro: Nenhuma correção automática foi encontrada para esta entrada.
"Norton Internet Security(NIS)"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules] => Erro: Nenhuma correção automática foi encontrada para esta entrada.
"C:\Program Files\Norton Security\NortonData\22.11.1.5\Definitions\IPSDefs\20200604.061\IPSEng32.dll"=-

EmptyTemp:
CreateRestorePoint:

Salve este arquivo na na sua área de trabalho com o nome fixlist

OBS: É de extrema importância que o arquivo "fixlist" seja salvo na sua Área de Trabalho/Desktop. Verifique também se o FRST.exe encontra-se na Área de Trabalho/Desktop.

** Clique com o direito sobre o arquivo FRST.EXE, depois clique em http://i.imgur.com/VRIfczU.png

Clique no botão

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Abra o arquivo Fixlog.txt, copie e cole seu conteudo na sua proxima resposta.

Depois da remoção acima, após o reinicio do computador, verifique qual Antivirus e Firewall estão como default.

Francisco Narde · 14 de agosto de 2023

Desinstalei o AVG, portanto não estou com nenhum antivírus instalado no momento. O Firewall do Windows continua como default.

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 12-08-2023
Executado por Francisco Narde (14-08-2023 18:37:51) Run:5
Executando a partir de D:\Desktop
Perfis Carregados: Francisco Narde
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
CloseProcesses:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InstallService\State\CategoryCache] => Erro: Nenhuma correção automática foi encontrada para esta entrada.
"87badf37-13d1-7ba7-6b16-211bdec46258BR"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\DownloadCenter\Sub] => Erro: Nenhuma correção automática foi encontrada para esta entrada.
"Norton Internet Security(NIS)"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules] => Erro: Nenhuma correção automática foi encontrada para esta entrada.
"C:\Program Files\Norton Security\NortonData\22.11.1.5\Definitions\IPSDefs\20200604.061\IPSEng32.dll"=-

EmptyTemp:
CreateRestorePoint:
*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InstallService\State\CategoryCache] => Erro: Nenhuma correção automática foi encontrada para esta entrada. => Erro: Nenhuma correção automática foi encontrada para esta entrada.
"87badf37-13d1-7ba7-6b16-211bdec46258BR"=- => Erro: Nenhuma correção automática foi encontrada para esta entrada.
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\DownloadCenter\Sub] => Erro: Nenhuma correção automática foi encontrada para esta entrada. => Erro: Nenhuma correção automática foi encontrada para esta entrada.
"Norton Internet Security(NIS)"=- => Erro: Nenhuma correção automática foi encontrada para esta entrada.
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules] => Erro: Nenhuma correção automática foi encontrada para esta entrada. => Erro: Nenhuma correção automática foi encontrada para esta entrada.
"C:\Program Files\Norton Security\NortonData\22.11.1.5\Definitions\IPSDefs\20200604.061\IPSEng32.dll"=-" => não encontrado (a)
Ponto de Restauração criado com sucesso.

=========== EmptyTemp: ==========

FlushDNS => completado
BITS transfer queue => 786432 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 42289308 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 93947 B
Edge => 0 B
Chrome => 315051914 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Francisco Narde => 43409820 B

RecycleBin => 0 B
EmptyTemp: => 383 MB de dados temporários Removidos.

================================

O sistema precisou ser reiniciado.

==== Fim de Fixlog 18:38:30 ====

Elias Pereira · 14 de agosto de 2023

A central de segurança está ok?

Francisco Narde · 15 de agosto de 2023

Não, o aviso de que o Serviço Central de Segurança do Windows está desativado se mantém após inicia o Windows e sem sucesso de conseguir ativá-lo, surgindo o mesmo aviso dizendo que não é possível.

A tela que deveria mostrar as opções de Segurança do Windows continua em branco, inclusive.

Elias Pereira · 15 de agosto de 2023

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está no CODE abaixo:

Start::
CreateRestorePoint:
CMD: winmgmt /verifyrepository
ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc
End::

Salve este arquivo na na sua área de trabalho com o nome fixlist

OBS: É de extrema importância que o arquivo "fixlist" seja salvo na sua Área de Trabalho/Desktop. Verifique também se o FRST.exe encontra-se na Área de Trabalho/Desktop.

** Execute o FRST.EXE como administrador

Clique no botão Corrigir/Fix

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Abra o arquivo Fixlog.txt, copie e cole seu conteudo na sua proxima resposta.

Depois da remoção acima, após o reinicio do computador, verifique qual Antivirus e Firewall estão como default.

Francisco Narde · 16 de agosto de 2023

O Firewall do Windows continua com o erro.

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 15-08-2023 01
Executado por Francisco Narde (15-08-2023 21:14:34) Run:6
Executando a partir de D:\Desktop
Perfis Carregados: Francisco Narde
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
Start::
CreateRestorePoint:
CMD: winmgmt /verifyrepository
ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc
End::
*****************

Ponto de Restauração criado com sucesso.

========= winmgmt /verifyrepository =========

O reposit¢rio WMI est consistente

========= Fim de CMD: =========

================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]
"DelayedAutoStart"="1"
"DependOnService"="RpcSs"
"Description"="@%SystemRoot%\System32\wscsvc.dll,-201"
"DisplayName"="@%SystemRoot%\System32\wscsvc.dll,-200"
"ErrorControl"="1"
"FailureActions"="805101000000000000000000030000001400000001000000c0d4010001000000e09304000000000000000000"
"ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p"
"LaunchProtected"="2"
"ObjectName"="NT AUTHORITY\LocalService"
"RequiredPrivileges"="SeChangeNotifyPrivilege*SeImpersonatePrivilege"
"ServiceSidType"="1"
"Start"="4"
"Type"="32"
[HKLM\SYSTEM\CurrentControlSet\services\wscsvc\Parameters]
"ServiceDll"="%SystemRoot%\System32\wscsvc.dll"
"ServiceDllUnloadOnStop"="1"
[HKLM\SYSTEM\CurrentControlSet\services\wscsvc\Security]
"Security"="010014801c01000028010000140000003000000002001c000100000002801400ff010f000101000000000001000000000200ec0008000000000018009d00020001020000000000052000000021020000000014009d010200010100000000000512000000 (a entrada de dados tem 416 mais caracteres)."

=== Fim de ExportKey ===

==== Fim de Fixlog 21:14:50 ====

Elias Pereira · 16 de agosto de 2023

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está no CODE abaixo:

Start::
CreateRestorePoint:
CMD: net stop wscsvc
SetDefaultFilePermissions: %SystemRoot%\System32\wscsvc.dll
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc
StartRegedit:
Windows Registry Editor Version 5.00 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]
"DisplayName"="@%SystemRoot%\\System32\\wscsvc.dll,-200"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
00,65,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,52,00,65,00,73,00,74,00,\
72,00,69,00,63,00,74,00,65,00,64,00,00,00
"Start"=dword:00000002
"Type"=dword:00000020
"Description"="@%SystemRoot%\\System32\\wscsvc.dll,-201"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,57,00,69,00,6e,00,\
4d,00,67,00,6d,00,74,00,00,00,00,00
"ObjectName"="NT AUTHORITY\\LocalService"
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\ 00,00,00,00
"DelayedAutoStart"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Parameters]
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Security]
"Security"=hex:01,00,14,80,c8,00,00,00,d4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,98,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,\
00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,28,00,15,00,00,00,01,06,00,\
00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,\
7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,\
00,00,00
EndRegedit:
CMD: net start wscsvc
ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc
End::

Salve este arquivo na na sua área de trabalho com o nome fixlist

OBS: É de extrema importância que o arquivo "fixlist" seja salvo na sua Área de Trabalho/Desktop. Verifique também se o FRST.exe encontra-se na Área de Trabalho/Desktop.

** Execute o FRST.EXE como administrador

Clique no botão Corrigir/Fix

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Abra o arquivo Fixlog.txt, copie e cole seu conteudo na sua proxima resposta.

Francisco Narde · 17 de agosto de 2023

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 15-08-2023 01
Executado por Francisco Narde (16-08-2023 21:26:28) Run:7
Executando a partir de D:\Desktop
Perfis Carregados: Francisco Narde
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
Start::
CreateRestorePoint:
CMD: net stop wscsvc
SetDefaultFilePermissions: %SystemRoot%\System32\wscsvc.dll
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc
StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]
"DisplayName"="@%SystemRoot%\\System32\\wscsvc.dll,-200"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
00,65,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,52,00,65,00,73,00,74,00,\
72,00,69,00,63,00,74,00,65,00,64,00,00,00
"Start"=dword:00000002
"Type"=dword:00000020
"Description"="@%SystemRoot%\\System32\\wscsvc.dll,-201"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,57,00,69,00,6e,00,\
4d,00,67,00,6d,00,74,00,00,00,00,00
"ObjectName"="NT AUTHORITY\\LocalService"
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\ 00,00,00,00
"DelayedAutoStart"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Parameters]
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Security]
"Security"=hex:01,00,14,80,c8,00,00,00,d4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,98,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,\
00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,28,00,15,00,00,00,01,06,00,\
00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,\
7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,\
00,00,00
EndRegedit:
CMD: net start wscsvc
ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc
End::
*****************

Ponto de Restauração criado com sucesso.

========= net stop wscsvc =========

O servi‡o de Central de Seguran‡a nÆo foi iniciado.

Para obter mais ajuda, digite NET HELPMSG 3521.

========= Fim de CMD: =========

SetDefaultFilePermissions: %SystemRoot%\System32\wscsvc.dll => Erro: Nenhuma correção automática foi encontrada para esta entrada.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc => removido (a) com sucesso.
Registro ====> A opera��o foi conclu�da com �xito.

========= net start wscsvc =========

Erro de sistema 1058.

O servi‡o nÆo pode ser iniciado porque est desativado ou nÆo tem dispositivos ativados associados.

========= Fim de CMD: =========

================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]
"DisplayName"="@%SystemRoot%\System32\wscsvc.dll,-200"
"ErrorControl"="1"
"ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted"
"Start"="2"
"Type"="32"
"Description"="@%SystemRoot%\System32\wscsvc.dll,-201"
"DependOnService"="RpcSs*WinMgmt"
"ObjectName"="NT AUTHORITY\LocalService"
"ServiceSidType"="1"
"DelayedAutoStart"="1"
"FailureActions"="805101000000000000000000030000001400000001000000c0d4010001000000e09304000000000000000000"
[HKLM\SYSTEM\CurrentControlSet\services\wscsvc\Parameters]
"ServiceDllUnloadOnStop"="1"
[HKLM\SYSTEM\CurrentControlSet\services\wscsvc\Security]
"Security"="01001480c8000000d4000000140000003000000002001c000100000002801400ff010f00010100000000000100000000020098000600000000001400fd01020001010000000000051200000000001800ff010f0001020000000000052000000020020000 (a entrada de dados tem 248 mais caracteres)."

=== Fim de ExportKey ===

==== Fim de Fixlog 21:26:42 ====

Elias Pereira · 17 de agosto de 2023

Ocorreu um erro. Vamos executar novamente.

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está no CODE abaixo:

Start::
CreateRestorePoint:
CMD: net stop wscsvc
SetDefaultFilePermissions: C:\Windows\System32\wscsvc.dll
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc
StartRegedit:
Windows Registry Editor Version 5.00 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]
"DisplayName"="@%SystemRoot%\\System32\\wscsvc.dll,-200"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
00,65,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,52,00,65,00,73,00,74,00,\
72,00,69,00,63,00,74,00,65,00,64,00,00,00
"Start"=dword:00000002
"Type"=dword:00000020
"Description"="@%SystemRoot%\\System32\\wscsvc.dll,-201"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,57,00,69,00,6e,00,\
4d,00,67,00,6d,00,74,00,00,00,00,00
"ObjectName"="NT AUTHORITY\\LocalService"
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\ 00,00,00,00
"DelayedAutoStart"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Parameters]
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Security]
"Security"=hex:01,00,14,80,c8,00,00,00,d4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,98,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,\
00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,28,00,15,00,00,00,01,06,00,\
00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,\
7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,\
00,00,00
EndRegedit:
CMD: net start wscsvc
ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc
End::

Salve este arquivo na na sua área de trabalho com o nome fixlist

OBS: É de extrema importância que o arquivo "fixlist" seja salvo na sua Área de Trabalho/Desktop. Verifique também se o FRST.exe encontra-se na Área de Trabalho/Desktop.

** Execute o FRST.EXE como administrador

Clique no botão Corrigir/Fix

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

>>>>>>> Reinicie seu computador <<<<<<<

Abra o arquivo Fixlog.txt, copie e cole seu conteudo na sua proxima resposta.

Francisco Narde · 18 de agosto de 2023

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 17-08-2023 01
Executado por Francisco Narde (18-08-2023 01:35:36) Run:9
Executando a partir de D:\Desktop
Perfis Carregados: Francisco Narde
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
Start::
CreateRestorePoint:
CMD: net stop wscsvc
SetDefaultFilePermissions: C:\Windows\System32\wscsvc.dll
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc
StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]
"DisplayName"="@%SystemRoot%\\System32\\wscsvc.dll,-200"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
00,65,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,52,00,65,00,73,00,74,00,\
72,00,69,00,63,00,74,00,65,00,64,00,00,00
"Start"=dword:00000002
"Type"=dword:00000020
"Description"="@%SystemRoot%\\System32\\wscsvc.dll,-201"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,57,00,69,00,6e,00,\
4d,00,67,00,6d,00,74,00,00,00,00,00
"ObjectName"="NT AUTHORITY\\LocalService"
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\ 00,00,00,00
"DelayedAutoStart"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Parameters]
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Security]
"Security"=hex:01,00,14,80,c8,00,00,00,d4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,98,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,\
00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,28,00,15,00,00,00,01,06,00,\
00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,\
7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,\
00,00,00
EndRegedit:
CMD: net start wscsvc
ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc
End::
*****************

Ponto de Restauração criado com sucesso.

========= net stop wscsvc =========

O servi‡o de Central de Seguran‡a nÆo foi iniciado.

Para obter mais ajuda, digite NET HELPMSG 3521.

========= Fim de CMD: =========

"C:\Windows\System32\wscsvc.dll" => Padrão permissões restaurado com sucesso.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc => removido (a) com sucesso.
Registro ====> A opera��o foi conclu�da com �xito.

========= net start wscsvc =========

Erro de sistema 1058.

O servi‡o nÆo pode ser iniciado porque est desativado ou nÆo tem dispositivos ativados associados.

========= Fim de CMD: =========

================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]
"DisplayName"="@%SystemRoot%\System32\wscsvc.dll,-200"
"ErrorControl"="1"
"ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted"
"Start"="2"
"Type"="32"
"Description"="@%SystemRoot%\System32\wscsvc.dll,-201"
"DependOnService"="RpcSs*WinMgmt"
"ObjectName"="NT AUTHORITY\LocalService"
"ServiceSidType"="1"
"DelayedAutoStart"="1"
"FailureActions"="805101000000000000000000030000001400000001000000c0d4010001000000e09304000000000000000000"
[HKLM\SYSTEM\CurrentControlSet\services\wscsvc\Parameters]
"ServiceDllUnloadOnStop"="1"
[HKLM\SYSTEM\CurrentControlSet\services\wscsvc\Security]
"Security"="01001480c8000000d4000000140000003000000002001c000100000002801400ff010f00010100000000000100000000020098000600000000001400fd01020001010000000000051200000000001800ff010f0001020000000000052000000020020000 (a entrada de dados tem 248 mais caracteres)."

=== Fim de ExportKey ===

==== Fim de Fixlog 01:35:51 ====

Elias Pereira · 18 de agosto de 2023

Clique na tecla Windows + R e digite: services.msc

Procure pelo serviço "Central de segurança/Security center"
Dois cliques sobre o serviço
Selecione a opção Automatico (delayed start)
Clique em aplicar e OK.
No canto superior esquerdo clique em Restart

Me informe se resolveu.

Francisco Narde · 18 de agosto de 2023

Fui lá, mas o serviço já estava na opção Automático (delayed start), de qualquer forma refiz o procedimento como você recomendou, mas a opção de Restart/Reiniciar sempre fica inacessível depois que aperto em OK; tentei várias vezes inclusive, mas ela não fica visível. Mesmo assim reiniciei o PC, mas o Windows continua a me alertar para ativar o serviço da Central de Segurança e nada de conseguir ativá-lo.

Elias Pereira · 18 de agosto de 2023

Faça o download do Windows Repair Portable.
https://www.majorgeeks.com/mg/getmirror/tweaking_com_windows_repair_portable,1.html

Após o download, descompacte o arquivo .zip na sua Área de Trabalho.

IMPORTANTE: Reinicie seu computador em modo seguro com rede.

Estando em modo seguro, execute o Repair_Windows.exe

Clique na aba no botão JUMP TO REPAIRS
Verifique se a opção "Automatically do a registry backup" está marcada.
Clique no botão Preset: Malware Cleanup Repairs
Clique no botão START REPAIRS
Aguarde e ao término da reparação. Ao final será solicitado que o computador seja reiniciado. Clique em SIM para reiniciar.

Após isso me informe se os problemas ainda ocorrem.

Francisco Narde · 20 de agosto de 2023

Olá, Elias! Boa noite!

Fiz todo o processo como recomendou e o alerta para ativar o serviço da Central de Segurança parou de aparecer quando o Windows se inicia, além disso o Windows Defender Firewall começou a me alertar sobre possíveis ameaças (Print 1 em anexo), o que não acontecia antes. Por outro lado, quando acesso a Segurança do Windows (Print 2 em anexo) continua sem aparecer nenhuma opção, a tela fica em branco. Já quando eu acesso a Segurança e Manutenção, aparenta ter voltado ao normal (Print 3 em anexo), sendo que antes aparecia o alerta para ativar a Central de Segurança (Print 4 em anexo).

De qualquer forma fiz a análise novamente com o FRST e ele continua acusando que Windows Defender está desativado e o Norton Security está ativado (coloquei em anexo o Addition pra você dar uma olhada).

Addition.txt

Elias Pereira · 21 de agosto de 2023

1. Remova o qbitorrent.

2. Me parece que não tem nada para mostrar, por isso está vazio.

3. Bom!!

Execute novamente o FRST em modo administrador.

Na caixa de texto da tela inicial, coloque:

searchAll: norton

Ápos isso, clique em Search Files.

Abra o logs gerados, copie e cole em sua próxima resposta.

Francisco Narde · 21 de agosto de 2023

Farbar Recovery Scan Tool (x64) Versão: 21-08-2023
Executado por Francisco Narde (21-08-2023 20:04:11)
Executando a partir de D:\Desktop
Modo da Inicialização: Normal

================== Pesquisar Arquivos: "searchAll: norton" =============

Arquivo:
========

pasta:
========
2020-07-15 07:39 - 2020-07-15 07:39 _____ C:\FRST\Quarantine\C\Users\Francisco Narde\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!003\MicrosoftEdge\ExtensionsByteCodeCache\Extensions\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp
2020-07-15 07:45 - 2020-07-15 07:45 _____ C:\FRST\Quarantine\C\Users\Francisco Narde\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\ExtensionsByteCodeCache\Extensions\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp
2020-06-03 22:51 - 2020-07-15 03:35 _____ C:\FRST\Quarantine\C\ProgramData\Norton
2020-06-03 22:51 - 2020-07-15 02:59 _____ C:\FRST\Quarantine\C\ProgramData\NortonInstaller
2020-06-24 07:18 - 2020-07-15 02:22 _____ C:\FRST\Quarantine\C\Program Files\Common Files\AV\Norton Security

Registro:
========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InstallService\State\CategoryCache]
"87badf37-13d1-7ba7-6b16-211bdec46258BR"="{"FulfillmentData":"{\"ProductId\":\"9MXHFHKR097P\",\"SkuId\":\"0010\",\"PackageFamilyName\":\"SymantecCorporation.NortonSafeWeb_v68kp9n051hdp\",\"WuCategoryId\":\"349d152b-5e0b-44ef-9b21-cb43556bbf75\"}"}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules]
"C:\Program Files\Norton Security\NortonData\22.11.1.5\Definitions\IPSDefs\20200604.061\IPSEng64.dll"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant]
"ExecutablesToExclude"="c:\program files (x86)\nortoninstaller\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\ns\a5e82d02\22.11.1.5\inststub.exe
C:\Program Files (x86)\Windows Live\Installer\wlarp.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings]
"TargetingAttributes"="{
"Version": 244,
"SchemaVersion": 1,
"PartA": [
"App",
"AppVer",
"AttrDataVer"
],
"Default": [
"DeviceFamily",
"f:FlightRing",
"t:OSVersionFull"
],
"PartB": {
"ACSOVERRIDE": [
"OSArchitecture",
"c:IsAlwaysOnAlwaysConnectedCapable"
],
"APPTARGETEDFEATUREDB": [
"c:FlightingBranchName",
"f:FlightRing",
"t:OSVersionFull",
"DeviceFamily"
],
"CASSCLIENT": [
"OSVersion",
"c:OSEdition",
"f:FlightRing",
"c:OSUILocale",
"f:FlightingBranchName",
"r:OEMMode"
],
"CDM": [
"ChassisTypeId",
"r:CurrentBranch",
"DeviceFamily",
"f:FlightingBranchName",
"f:FlightRing",
"c:InstallLanguage",
"c:IsDomainJoined",
"t:IsTestLab",
"OEMModel",
"OSArchitecture",
"OSVersion",
"t:OSSkuId",
"c:ProcessorIdentifier",
"c:TelemetryLevel",
"t:IsMsftOwned",
"t:WCOSProductId",
"c:OSUILocale",
"c:CommercialId",
"s:MinShellVersion",
"s:MaxShellVersion",
"c:ActivationChannel",
"c:SCCMClientId",
"c:IsCloudDomainJoined",
"r:WebExperience",
"FX_FlightIds",
"AccountFirstChar",
"r:WSX_Windows_Settings_Account",
"r:InstallDate",
"r:WSX_Runtime",
"r:DefaultUserRegion",
"a:GatedFeature_NI22H2",
"r:WSX_Windows_Shell_Start",
"a:GatedFeature_CU23H2",
"r:ExpStates",
"MX_FlightIds",
"n:MXVersion",
"r:CIOptin",
"c:ProcessorCores",
"c:TotalPhysicalRAM",
"r:TestRN",
"u:UpdateServiceUrl",
"u:WUfBClientManaged",
"r:UUSVersion",
"DL_OSVersion",
"r:ExpPkgs",
"u:AllowOptionalContent",
"n:IsMicrosoftAAD"
],
"COMPATLOGGER": [
"osVer",
"ring",
"deviceId"
],
"CONTENT_DELIVERY_MANAGER": [
"c:OSEdition",
"t:OSSkuId",
"c:OSUILocale",
"a:UpgEx_CO21H2",
"a:GStatus_CO21H2",
"a:DataExpDateEpoch_CO21H2",
"a:TimestampEpochString_CO21H2",
"r:AndroidUserOptinValue",
"f:FlightingBranchName",
"f:FlightRing",
"r:CurrentBranch",
"c:ProcessorModel",
"r:NPUEnabledDevice",
"MX_FlightIds",
"r:KnownFoldersBackupStatus",
"c:IsDomainJoined"
],
"CORTANA_GATEKEEPER": [
"r:CurrentBranch",
"f:FlightRing",
"f:IsRetailOS"
],
"CORTANAUWP": [
"c:OSUILocale",
"t:OSVersionFull",
"v:CortanaAppVer"
],
"CORTANAUWPTEST": [
"+CORTANAUWP",
"v:CortanaAppVerTest"
],
"CTAC": [
"+FSS"
],
"DDC": [
"+WU_STORE",
"+_WU_PTI"
],
"DXDB": [
"DeviceFamily",
"f:FlightRing",
"r:IsHybridOrXGpu",
"t:OSVersionFull",
"OSVersion"
],
"EDGE_SERVICEUI": [
"t:LocalDeviceID",
"t:LocalUserID"
],
"FCON": [
"+CDM"
],
"FSS": [
"r:PreviewBuildsManagerEnabled",
"f:BranchReadinessLevelRaw",
"u:BranchReadinessLevelSource",
"r:BuildFID",
"t:DeviceFamily",
"DeviceId",
"c:EnablePreviewBuilds",
"f:FlightingPolicyValue",
"f:IsRetailOS",
"f:ManagePreviewBuilds",
"OSVersionFull",
"t:WCOSProductId",
"r:SmartActiveHoursState",
"r:ActiveHoursStart",
"r:ActiveHoursEnd",
"r:IsCHCapableBuild",
"r:FSRing",
"s:MaxShellVersion",
"s:MinShellVersion",
"c:TPMVersion",
"c:SecureBootCapable",
"c:ProcessorClockSpeed",
"c:ProcessorCores",
"c:TotalPhysicalRAM",
"t:SMode",
"c:SystemVolumeTotalCapacity",
"c:OEMManufacturerName",
"c:OEMModelNumber",
"a:ISVM",
"r:AllowUpgradesWithUnsupportedTPMOrCPU",
"r:IntelPlatformId",
"r:IsConfigMgrEnabled",
"f:IsFlightingEnabled",
"r:DeviceInfoGatherSuccessful"
],
"FXIRISCLIENT": [
"+IRISCLIENT"
],
"GS": [
"t:OSSkuId",
"t:OSVersionFull",
"r:CurrentBranch",
"r:DefaultUserRegion",
"DeviceFamily",
"c:FlightIds",
"f:FlightingBranchName",
"f:FlightRing",
"c:IsCloudDomainJoined",
"t:IsMsftOwned",
"f:IsRetailOS",
"c:OSUILocale",
"c:IsDomainJoined"
],
"IRISCLIENT": [
"+IRISCLIENTBASE",
"c:FlightIds"
],
"IRISCLIENTBASE": [
"DeviceFamily",
"OSVersion",
"t:OSSkuId",
"OSArchitecture",
"c:TelemetryLevel",
"f:FlightRing",
"f:FlightingBranchName",
"c:InternalPrimaryDisplayResolutionHorizontal",
"c:InternalPrimaryDisplayResolutionVetical",
"t:IsMsftOwned",
"c:ChassisType",
"OEMModel",
"c:OSUILocale",
"c:OSEdition",
"r:CurrentBranch",
"t:WCOSProductId",
"c:InstallationType",
"r:InstallDate",
"c:IsCloudDomainJoined",
"c:IsDeviceRetailDemo",
"f:IsRetailOS",
"c:ProcessorClockSpeed",
"c:ProcessorCores",
"c:ProcessorManufacturer",
"c:TotalPhysicalRAM",
"c:D3DMaxFeatureLevel",
"c:IsAlwaysOnAlwaysConnectedCapable",
"t:SMode",
"t:LocalUserID",
"r:AndroidUserOptinValue",
"c:ProcessorModel",
"MX_FlightIds",
"a:UpgEx_CO21H2",
"r:KnownFoldersBackupStatus",
"c:OEMModelSystemFamily",
"OEMName_Uncleaned",
"r:IsSpotlightEnabledInOEMTheme",
"r:IsSpotlightThemeEnabledByOEM"
],
"IRISCLIENTV2": [
"+IRISCLIENTBASE",
"IX_FlightIds"
],
"MICROSOFT.WINDOWSFEEDBACKHUB_8WEKYB3D8BBWE": [
"t:OSVersionFull",
"t:IsTestLab",
"f:FlightRing"
],
"MITIGATION": [
"t:DeviceFamily",
"f:FlightRing",
"c:FlightIds",
"c:IsDomainJoined",
"t:IsMsftOwned",
"f:IsRetailOS",
"t:IsTestLab",
"IsVM",
"OEMModel",
"c:OSEdition",
"t:OSSkuId",
"t:OSVersionFull",
"c:OSUILocale",
"t:SMode",
"f:IsFlightingEnabled",
"c:FirmwareVersion",
"c:TelemetryLevel",
"f:FlightingBranchName",
"r:CurrentBranch",
"OSVersion",
"w:FirstStorageSpaceDeviceId",
"r:IsCldFltSyncRoots",
"c:OSInstallType",
"v:IsNotepadExePresent",
"r:StrictHiveSecurityReg",
"a:GatedBlockId_21H1",
"r:UpdateOfferedDays",
"r:UsoScanMitigation",
"r:GamingServicesInstalledKey",
"v:FileExistsMscoreeDll",
"w:NetFx3State",
"r:WCFHTTPActivationNotificationState",
"w:WCFHTTPActivationState",
"r:WCFNonHTTPActivationNotificationState",
"w:WCFNonHTTPActivationState",
"r:DotNetMissingComponentsTroubleshooterSuccess",
"r:IIS_ASPNET",
"w:IIS_ASPNET_WMI",
"r:IIS_NetFxExtensibility",
"w:IIS_NetFxExtensibility_WMI",
"r:WAS_NetFxEnvironment",
"w:WAS_NetFxEnvironment_WMI",
"v:XamlCbsActivationStore",
"v:XamlCbsActivationStoreArm64",
"v:OnnxruntimeVer",
"w:ElanFingerprintDriverVersion",
"r:AADBrokerPluginNotRegistered",
"r:TenantId",
"r:IppPrinterBadDefaultPdc",
"r:FlightingOptOutState",
"r:CloudFilesFilter",
"r:PSAKyoceraMissingDEH",
"r:PSATATriumphMissingDEH",
"r:PSAXeroxMissingDEH",
"w:PSAKyoceraInstalledName",
"w:PSATATriumphInstalledName",
"w:XeroxPsaInstalledName"
],
"MLMOD": [
"ChassisTypeId",
"t:DeviceFamily",
"f:FlightingBranchName",
"f:FlightRing",
"f:IsRetailOS",
"t:OSSkuId",
"t:OSVersionFull",
"c:OSUILocale",
"OSVersion",
"c:TelemetryLevel",
"r:CurrentBranch",
"t:IsTestLab",
"c:PrimaryDiskType",
"FX_FlightIds"
],
"MTP": [
"+_WU_OS_CORE"
],
"MUSE": [
"+_WU_FB",
"ChassisTypeId",
"deviceClass",
"deviceId",
"c:FlightIds",
"locale",
"ms",
"os",
"osVer",
"ring",
"sampleId",
"sku",
"r:DaysSince19H1FUOffer",
"u:DisableDualScan",
"u:UpdateServiceUrl",
"c:CommercialId",
"f:FlightingBranchName",
"c:SystemVolumeTotalCapacity",
"c:IsAlwaysOnAlwaysConnectedCapable",
"c:ProcessorCores",
"c:PrimaryDiskType",
"c:TotalPhysicalRAM",
"c:ProcessorClockSpeed",
"c:ProcessorIdentifier",
"c:ProcessorModel",
"c:ActivationChannel",
"c:IsCloudDomainJoined",
"c:isCommercial",
"c:IsDomainJoined",
"c:IsMDMEnrolled",
"c:SCCMClientID",
"r:OEMSubModel",
"c:OEMModelNumber",
"c:OEMManufacturerName",
"r:OobeSeeker",
"r:DefaultUserRegion"
],
"NARRATORNNV": [
"+WU_STORE"
],
"NOISYHAMMER": [
"+WU_OS"
],
"PHS": [
"r:GridZoneName",
"OEMModel",
"c:OEMManufacturerName",
"c:OSUILocale",
"r:OEMSubModel",
"DeviceFamily"
],
"RULESENGINE": [
"c:OSEdition",
"t:OSSkuId",
"c:OSUILocale",
"a:UpgEx_CO21H2",
"a:GStatus_CO21H2",
"a:DataExpDateEpoch_CO21H2",
"a:TimestampEpochString_CO21H2",
"r:AndroidUserOptinValue",
"f:FlightingBranchName",
"f:FlightRing",
"r:CurrentBranch",
"c:ProcessorModel",
"r:NPUEnabledDevice",
"MX_FlightIds",
"r:KnownFoldersBackupStatus",
"c:IsDomainJoined"
],
"RUXIM": [
"+WU_OS"
],
"SEDIMENTPACK": [
"+WU_OS"
],
"SERVICEEXPERIENCES": [
"f:FlightingBranchName",
"f:FlightRing",
"s:MaxShellVersion",
"s:MinShellVersion",
"t:IsTestLab",
"c:TelemetryLevel",
"t:OSSkuId",
"r:CurrentBranch",
"OSVersion",
"DeviceFamily",
"r:WSX_Windows_Settings_Account",
"c:FlightIds",
"r:WSX_Runtime",
"r:WSX_Windows_Shell_Start",
"r:WSX_Windows_AppSample"
],
"SERVICING_CBS": [
"+WU",
"osVer"
],
"SETUP360": [
"t:OSSkuId",
"f:FlightRing"
],
"SMARTOPTOUT": [
"+CDM"
],
"STORAGEGROVELER": [
"a:Free",
"c:TelemetryLevel",
"f:FlightRing",
"f:IsFlightingEnabled",
"IsVM",
"t:OSVersionFull"
],
"UTC": [
"+UTC_STATIC",
"osVer",
"locale",
"ring",
"f:PilotRing",
"f:IsRetailOS",
"ms",
"expId",
"t:SMode",
"f:FlightingBranchName",
"c:CommercialId",
"r:IsFeedbackHubSelfhost",
"c:AzureVMType",
"t:IsTestLab",
"c:TelemetryLevel",
"c:IsVirtualDevice",
"r:IsProcessorMode",
"r:UtcDataHandlingPolicies"
],
"UTC_STATIC": [
"os",
"deviceId",
"sampleId",
"deviceClass",
"sku",
"OEMModel",
"OEMName_Uncleaned",
"c:PrimaryDiskType",
"c:ProcessorModel",
"c:TotalPhysicalRAM"
],
"UUS": [
"OSVersion",
"f:FlightRing",
"t:IsTestLab",
"t:OSVersionFull",
"f:FlightingBranchName",
"r:CurrentBranch",
"f:IsFlightingEnabled"
],
"WAASASSESSMENT": [
"+WU_OS"
],
"WAASMEDIC": [
"os",
"osVer",
"ring",
"deviceClass",
"deviceId",
"locale",
"sku",
"c:ActivationChannel",
"c:CommercialId",
"r:CurrentBranch",
"f:FlightingBranchName",
"c:IsCloudDomainJoined",
"c:IsDomainJoined",
"t:IsTestLab",
"OSVersion",
"c:SCCMClientID",
"c:TelemetryLevel",
"r:FlightingOptOutState"
],
"WOSC": [
"t:DeviceFamily",
"f:FlightRing",
"f:IsFlightingEnabled",
"t:IsMsftOwned",
"t:LocalDeviceID",
"t:OSSkuId",
"c:OSUILocale",
"t:OSVersionFull",
"c:TelemetryLevel",
"r:IsHybridOrXGpu",
"r:PlayFabPartyRelay",
"OSVersion"
],
"WPSHIFT": [
"+MTP"
],
"WU": [
"+WU_OS",
"r:DUInternal"
],
"_WU_AV": [
"r:AvastReg",
"r:AvastBlackScreen",
"v:AvastVer",
"r:AvgReg",
"v:AvgVer",
"r:EsetReg",
"v:EsetVer",
"r:KasperskyReg",
"v:KasperskyVer",
"v:SymantecVer",
"r:TencentReg",
"r:TencentType",
"r:AhnlabInstalledKey",
"r:AvastInstalledKey",
"r:AVGInstalledKey",
"r:AviraInstalledKey",
"r:BullguardInstalledKey",
"r:ESETInstalledKey",
"r:ESTSecurityInstalledKey",
"r:FSecureInstalledKey",
"v:GDataInstalledVer",
"r:K7InstalledKey",
"r:KasperskyInstalledKey",
"r:KingsoftInstalledKey",
"r:LenovoInstalledKey",
"r:MalwarebytesInstalledKey",
"r:McAfeeInstalledKey",
"r:PandaInstalledKey",
"r:QuickhealInstalledKey1",
"r:SophosInstalledKey1",
"r:SymantecInstalledKey",
"r:TencentInstalledKey",
"r:ThreatTrackInstalledKey",
"r:TrendInstalledKey",
"r:WebrootInstalledKey",
"v:K7InstalledVer"
],
"_WU_COMMON": [
"r:CurrentBranch",
"r:DefaultUserRegion",
"DeviceFamily",
"r:DriverPartnerRing",
"r:FlightContent",
"f:FlightingBranchName",
"f:FlightRing",
"HoloLens",
"c:InstallationType",
"c:InstallLanguage",
"f:IsFlightingEnabled",
"r:IsFlightingEnabled",
"c:MobileOperatorCommercialized",
"OEMModel",
"OEMName_Uncleaned",
"r:OemPartnerRing",
"OSArchitecture",
"OSVersion",
"t:OSSkuId",
"c:OSUILocale",
"c:ProcessorManufacturer",
"r:ReleaseType",
"v:SkypeRoomSystem",
"t:SMode",
"c:TelemetryLevel",
"r:WindowsMixedReality",
"v:WuClientVer",
"p:DucPublisherId",
"p:DucDeviceModelId",
"p:DucOemPartnerRing",
"p:DucCustomPackageId",
"p:DesiredOsVersion",
"p:DesiredSystemManifestVersion",
"r:TenantId"
],
"_WU_FB": [
"u:BranchReadinessLevel",
"u:DeferQualityUpdatePeriodInDays",
"u:DeferFeatureUpdatePeriodInDays",
"r:PausedFeatureStatus",
"r:PausedQualityStatus",
"u:TargetReleaseVersion",
"r:QUDeadline",
"r:UpdatePreference",
"r:UpdateOfferedDays",
"u:TargetProductVersion",
"DSS_Enrolled",
"r:NonSecurityUpdate"
],
"WU_OS": [
"+_WU_OS_CORE",
"+_WU_FB"
],
"_WU_OS_CORE": [
"+_WU_COMMON",
"+_WU_AV",
"r:AhnLabKeyboard",
"a:BIOS",
"r:BlockFeatureUpdates",
"c:CommercialId",
"a:DataVer_RS5",
"r:DisconnectedStandby",
"r:DchuNvidiaGrfxExists",
"r:DchuNvidiaGrfxVen",
"r:DchuIntelGrfxExists",
"r:DchuIntelGrfxVen",
"r:DchuAmdGrfxExists",
"r:DchuAmdGrfxVen",
"c:FirmwareVersion",
"a:Free",
"a:GStatus_RS3",
"a:GStatus_RS4",
"a:GStatus_RS5",
"r:HidOverGattReg",
"r:InstallDate",
"c:IsDeviceRetailDemo",
"c:IsPortableOperatingSystem",
"IsVM",
"c:OEMModelBaseBoard",
"r:OobeSeeker",
"r:OSRollbackBuild",
"r:OSRollbackCount",
"r:OSRollbackDate",
"PhoneTargetingName",
"r:PonchAllow",
"r:PonchBlock",
"c:ProcessorIdentifier",
"r:RecoveredFromBuild",
"r:RecoveredOnDate",
"r:Steam",
"v:TobiiVer",
"v:TrendMicroVer",
"r:UninstallActive",
"l:UpdateManagementGroup",
"a:UpgEx_RS3",
"a:UpgEx_RS4",
"a:UpgEx_RS5",
"a:Version_RS5",
"r:DisableWUfBOfferBlock",
"a:UpgEx_19H1",
"a:SdbVer_19H1",
"a:GStatus_19H1",
"a:GStatus_19H1Setup",
"a:TimestampEpochString_19H1Setup",
"a:GenTelRunTimestamp_19H1",
"a:DataExpDateEpoch_19H1",
"u:EnableWUfBUpgradeGates",
"r:GStatusBlockIDs_All",
"TimestampDelta_19H1Subtract19H1Setup",
"DataExpDateDelta_19H1Subtract19H1Setup",
"a:DataExpDateEpoch_19H1Setup",
"a:TimestampEpochString_19H1",
"r:IsContainerMgrInstalled",
"r:IsWDAGEnabled",
"r:MTPTargetingInfo",
"r:EKB19H2InstallCount",
"r:EKB19H2UnInstallCount",
"r:EKB19H2InstallTimeEpoch",
"r:EKB19H2UnInstallTimeEpoch",
"r:BlockEdgeWithChromiumUpdate",
"r:IsWDATPEnabled",
"r:IsAutopilotRegistered",
"r:EdgeWithChromiumInstallVersion",
"r:EdgeWithChromiumInstallFailureCount",
"r:IsEdgeWithChromiumInstalled",
"r:KioskMode",
"c:IsCloudDomainJoined",
"c:IsDomainJoined",
"a:DataExpDateEpoch_20H1",
"a:DataExpDateEpoch_20H1Setup",
"a:GStatus_20H1",
"a:GStatus_20H1Setup",
"a:SdbVer_20H1",
"a:TimestampEpochString_20H1",
"a:TimestampEpochString_20H1Setup",
"DataExpDateDelta_20H1Subtract20H1Setup",
"TimestampDelta_20H1Subtract20H1Setup",
"a:UpgEx_20H1",
"r:AutopilotUpdateInProgress",
"r:UHSEnrolled",
"r:HotPatchEKBInstalled",
"r:LCUVer",
"c:isCommercial",
"c:ActivationChannel",
"c:IsMDMEnrolled",
"c:SCCMClientID",
"r:ChinaTypeApproval_CTA",
"p:DesiredOcpVersion",
"r:UpgradeEligible",
"r:AllowInPlaceUpgrade",
"r:SH_SIPolicyCleanup",
"r:FeatureUpdateDeadline",
"a:DataExpDateEpoch_21H1",
"a:UpgEx_CO21H2",
"a:GStatus_21H1",
"DataExpDateDelta_21H1Subtract20H1Setup",
"TimestampDelta_21H1Subtract20H1Setup",
"a:TimestampEpochString_21H1",
"r:OEMSubModel",
"c:ProcessorModel",
"c:TPMVersion",
"r:StayOnWindows10Timestamp",
"a:GStatus_CO21H2Setup",
"TimestampDelta_CO21H2SubtractCO21H2Setup",
"DataExpDateDelta_CO21H2SubtractCO21H2Setup",
"a:TimestampEpochString_CO21H2Setup",
"a:DataExpDateEpoch_CO21H2Setup",
"a:TimestampEpochString_CO21H2",
"a:DataExpDateEpoch_CO21H2",
"a:GStatus_CO21H2",
"p:SetPolicyDrivenUpdateSourceForFeatureUpdates",
"r:DchuNvidiaGrfxVenTest",
"a:DataExpDateDelta_21H2Subtract20H1Setup",
"a:TimestampEpochString_21H2",
"a:TimestampDelta_21H2Subtract20H1Setup",
"a:GStatus_21H2",
"a:DataExpDateEpoch_21H2",
"r:DSS_Enrolled_DF",
"r:UpgradeAccepted",
"r:SetupDisplayedEulaVersion",
"c:ProcessorCores",
"c:ProcessorClockSpeed",
"c:TotalPhysicalRAM",
"c:SecureBootCapable",
"c:PrimaryDiskTotalCapacity",
"r:BitDefenderInstalledKey",
"r:BroadcomInstalledKey",
"v:CrowdStrikeInstalledVer",
"r:QihooInstalledKey",
"r:Win11UpgradeAcceptedTimestamp",
"a:UpgEx_NI22H2",
"r:OobeNdupAcceptedTarget",
"r:OobeNdupFU22621CommitChoice",
"a:DataExpDateEpoch_NI22H2",
"a:GStatus_NI22H2",
"a:GStatus_NI22H2Setup",
"a:TimestampEpochString_NI22H2Setup",
"TimestampDelta_NI22H2SubtractNI22H2Setup",
"DataExpDateDelta_NI22H2SubtractNI22H2Setup",
"a:DataExpDateEpoch_NI22H2Setup",
"a:TimestampEpochString_NI22H2",
"r:IsVbsEnabled",
"r:FODRetryPending",
"r:UserInPlaceUpgrade",
"v:HidparseDriversVer",
"v:HidparseSystem32Ver",
"v:HidparseSystem32Ver1",
"r:CIOptin",
"r:FlightingOptOutState",
"p:WSUSconfigured_csp",
"a:UpgEx_NI22H2Setup",
"a:UpgEx_CO21H2Setup",
"u:WUfBClientManaged",
"u:UpdateServiceUrl",
"u:AllowOptionalContent",
"FX_FlightIds",
"DL_OSVersion",
"r:ExpPkgs",
"r:UUSVersion"
],
"_WU_PTI": [
"c:FrontFacingCameraResolution",
"c:RearFacingCameraResolution",
"c:TotalPhysicalRAM",
"c:NFCProximity",
"c:Magnetometer",
"c:Gyroscope",
"c:D3DMaxFeatureLevel",
"c:InternalPrimaryDisplayResolutionHorizontal",
"c:InternalPrimaryDisplayResolutionVetical"
],
"WU_STORE": [
"+_WU_COMMON",
"r:AppChannels",
"r:AppRMIDs",
"u:BranchReadinessLevel"
]
},
"Required": [
"App",
"AppVer",
"AttrDataVer"
],
"Aliases": {
"AccountFirstChar": "c:MSA_Accounts",
"ChassisTypeId": "c:ChassisType",
"DataExpDateDelta_19H1Subtract19H1Setup": "a:DataExpDateEpoch_19H1_Subtract_DataExpDateEpoch_19H1Setup",
"DataExpDateDelta_20H1Subtract20H1Setup": "a:DataExpDateEpoch_20H1_Subtract_DataExpDateEpoch_20H1Setup",
"DataExpDateDelta_21H1Subtract20H1Setup": "a:DataExpDateEpoch_21H1_Subtract_DataExpDateEpoch_20H1Setup",
"DataExpDateDelta_CO21H2SubtractCO21H2Setup": "a:DataExpDateEpoch_CO21H2_Subtract_DataExpDateEpoch_CO21H2Setup",
"DataExpDateDelta_NI22H2SubtractNI22H2Setup": "a:DataExpDateEpoch_NI22H2_Subtract_DataExpDateEpoch_NI22H2Setup",
"deviceClass": "DeviceFamily",
"deviceId": "t:LocalDeviceID",
"DeviceId": "t:LocalDeviceID",
"DL_OSVersion2": "DL_OSVersion",
"DSS_Enrolled": "r:DSS_Enrolled_State",
"expId": "c:FlightIds",
"FlightRing": "f:FlightRing",
"FX_FlightIds": "c:FlightIds",
"IsVM": "a:ISVM",
"IX_FlightIds": "c:FlightIds",
"locale": "c:OSUILocale",
"ms": "t:IsMsftOwned",
"MX_FlightIds": "c:FlightIds",
"OEMModel": "c:OEMModelNumber",
"OEMName_Uncleaned": "c:OEMManufacturerName",
"osVer": "t:OSVersionFull",
"OSVersionFull": "t:OSVersionFull",
"PhoneTargetingName": "c:OEMModelName",
"ring": "f:FlightRing",
"sampleId": "t:PopVal",
"sku": "t:OSSkuId",
"TimestampDelta_19H1Subtract19H1Setup": "a:TimestampEpochString_19H1_Subtract_TimestampEpochString_19H1Setup",
"TimestampDelta_20H1Subtract20H1Setup": "a:TimestampEpochString_20H1_Subtract_TimestampEpochString_20H1Setup",
"TimestampDelta_21H1Subtract20H1Setup": "a:TimestampEpochString_21H1_Subtract_TimestampEpochString_20H1Setup",
"TimestampDelta_CO21H2SubtractCO21H2Setup": "a:TimestampEpochString_CO21H2_Subtract_TimestampEpochString_CO21H2Setup",
"TimestampDelta_NI22H2SubtractNI22H2Setup": "a:TimestampEpochString_NI22H2_Subtract_TimestampEpochString_NI22H2Setup"
},
"Fallback": {
"r:AhnlabInstalledKey": "r:AhnlabInstalledWowKey",
"r:AvastBlackScreen": "r:AvgBlackScreen",
"r:AvastInstalledKey": "r:AvastInstalledWowKey",
"r:AVGInstalledKey": "r:AVGInstalledWowKey",
"r:AviraInstalledKey": "r:AviraInstalledWowKey",
"a:BIOS": "a:Bios_RS3",
"a:Bios_RS3": "a:Bios_RS4",
"a:Bios_RS4": "a:Bios_RS5",
"r:BlockFeatureUpdates": "r:BlockWUUpgrades",
"r:BlockWUUpgrades": "r:BlockWUUpgradesWow",
"r:BuildFID": "r:BuildFID_WCOS",
"r:BuildFID_WCOS": "r:BuildFID_WCOS2",
"r:BullguardInstalledKey": "v:BullguardInstalledVer",
"a:DataExpDateEpoch_CO21H2": "r:DataExpDateEpoch_CO21H2RegFb",
"r:DchuAmdGrfxVen": "r:DchuAmdGrfxVen2",
"r:DchuAmdGrfxVen2": "r:DchuAmdGrfxDeletePending",
"r:DchuIntelGrfxDeletePending": "r:DchuIntelGrfxNExists",
"r:DchuIntelGrfxVen": "r:DchuIntelGrfxVen2",
"r:DchuIntelGrfxVen2": "r:DchuIntelGrfxDeletePending",
"r:DchuNvidiaGrfxVen": "r:DchuNvidiaGrfxVen2",
"r:DchuNvidiaGrfxVen2": "r:DchuNvidiaGrfxDeletePending",
"DL_OSVersion": "OSVersion",
"r:DriverPartnerRing": "r:OSDataDriverPartnerRing",
"r:EdgeWithChromiumInstallFailureCount": "r:EdgeWithChromiumInstallFailureCountWow",
"r:EdgeWithChromiumInstallVersion": "r:EdgeWithChromiumInstallVersionWow",
"u:EnableWUfBUpgradeGates": "r:EnableWUfBUpgradeGatesRS5",
"r:ESETInstalledKey": "r:ESETInstalledWowKey",
"r:ESTSecurityInstalledKey": "r:ESTSecurityInstalledWowKey",
"f:FlightingBranchName": "c:FlightingBranchName",
"a:Free": "a:Free_RS3",
"a:Free_RS3": "a:Free_RS4",
"a:Free_RS4": "a:Free_RS5",
"r:FSecureInstalledKey": "r:FSecureInstalledWowKey",
"a:GatedFeature_NI22H2": "r:Migrated_GatedFeature_NI22H2Setup",
"a:GStatus_CO21H2": "r:GStatus_CO21H2RegFb",
"HoloLens": "r:WindowsMixedReality",
"r:IsEdgeWithChromiumInstalled": "r:IsEdgeWithChromiumInstalledWow",
"a:ISVM": "a:ISVM_RS3",
"a:ISVM_RS3": "a:ISVM_RS4",
"a:ISVM_RS4": "a:ISVM_RS5",
"r:K7InstalledKey": "r:K7InstalledWowKey",
"r:KasperskyInstalledKey": "r:KasperskyInstalledWowKey",
"r:KingsoftInstalledKey": "r:KingsoftInstalledWowKey",
"r:LenovoInstalledKey": "r:LenovoInstalledWowKey",
"r:MalwarebytesInstalledKey": "r:MalwarebytesInstalledWowKey",
"r:McAfeeInstalledKey": "r:McAfeeInstalledWowKey",
"r:Migrated_GatedFeature_NI22H2Setup": "r:Migrated_GatedFeature_NI22H2",
"c:OEMModelBaseBoard": "r:OEMModelBaseBoard",
"r:PandaInstalledKey": "r:PandaInstalledWowKey",
"r:PandaInstalledWowKey": "v:PandaInstalledVer",
"r:PonchAllow": "r:PonchAllowKey",
"r:PonchAllowKey": "r:PonchAllowWow",
"r:PonchAllowWow": "r:PonchAllowWowKey",
"r:QUDeadline": "r:QUDeadlineMDM",
"r:QuickhealInstalledKey1": "r:QuickhealInstalledKey2",
"r:SophosInstalledKey1": "r:SophosInstalledKey2",
"r:SymantecInstalledKey": "r:SymantecInstalledWowKey",
"v:SymantecVer": "v:SymantecVer64",
"u:TargetReleaseVersion": "r:TargetReleaseVersionGP",
"r:TargetReleaseVersionGP": "r:TargetReleaseVersionMDM",
"r:TencentInstalledKey": "r:TencentInstalledWowKey",
"r:ThreatTrackInstalledKey": "r:ThreatTrackInstalledWowKey",
"a:TimestampEpochString_CO21H2": "r:TimestampEpochString_CO21H2RegFb",
"v:TobiiVer": "v:TobiiVerx86",
"v:TobiiVerx86": "v:TobiiVer1x86",
"r:TrendInstalledKey": "r:TrendInstalledWowKey",
"r:TrendInstalledWowKey": "v:TrendInstalledVer",
"a:UpgEx_CO21H2": "r:UpgEx_CO21H2RegFb",
"r:UpgradeAccepted": "r:Win11UpgradeAcceptedWUSeeker",
"r:WebExperience": "r:WebExperienceWow",
"r:WebrootInstalledKey": "r:WebrootInstalledWowKey"
},
"Transform": {
"AccountFirstChar": {
"SubLength": 1
},
"DeviceInfoGatherSuccessful": {
"Ignore": [
"0"
]
},
"FlightingOptOutState": {
"Ignore": [
"0"
]
},
"FX_FlightIds": {
"Regex": "FX:[^,]*",
"RegexDelimiter": ","
},
"IppPrinterBadDefaultPdc": {
"Contains": "V4_No_ChangeID_Present"
},
"IsDomainJoined": {
"Ignore": [
"0"
]
},
"IsHybridOrXGpu": {
"Ignore": [
"0"
]
},
"IsMsftOwned": {
"Ignore": [
"0"
]
},
"IsPortableOperatingSystem": {
"Ignore": [
"0"
]
},
"IsTestLab": {
"Ignore": [
"0"
]
},
"IsVM": {
"Ignore": [
"0"
]
},
"IX_FlightIds": {
"Regex": "IX:[^,]*",
"RegexDelimiter": ","
},
"MX_FlightIds": {
"Regex": "ME:[^,]*|MD:[^,]*",
"RegexDelimiter": ","
},
"OEMModel": {
"SubLength": 100
},
"OEMName_Uncleaned": {
"SubLength": 100
},
"PausedFeatureStatus": {
"Ignore": [
"0"
]
},
"PausedQualityStatus": {
"Ignore": [
"0"
]
},
"PSAKyoceraInstalledName": {
"Contains": "A97ECD55.KYOCERAPrintCenter"
},
"PSATATriumphInstalledName": {
"Contains": "TATriumph-AdlerGmbH.TAUTAXPrintCenter"
},
"SMode": {
"Ignore": [
"0"
]
},
"StayOnWindows10Timestamp": {
"SubLength": -3,
"Ignore": [
""
]
},
"XeroxPsaInstalledName": {
"Contains": "XeroxCorp.PrintExperience"
}
},
"Registry": {
"AADBrokerPluginNotRegistered": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsMitigationData\\AADBrokerPluginNotRegistered",
"IfExists": true
},
"ActiveHoursEnd": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UX\\Settings",
"ValueName": "ActiveHoursEnd",
"RegValueType": "REG_DWORD"
},
"ActiveHoursStart": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UX\\Settings",
"ValueName": "ActiveHoursStart",
"RegValueType": "REG_DWORD"
},
"AhnlabInstalledKey": {
"FullPath": "SOFTWARE\\Ahnlab",
"IfExists": true
},
"AhnlabInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Ahnlab",
"IfExists": true
},
"AhnLabKeyboard": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\Mkd2kfNt",
"ValueName": "NbTpMsExist"
},
"AllowInPlaceUpgrade": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\\\Windows\\\\CurrentVersion",
"ValueName": "AllowInPlaceUpgrade",
"RegValueType": "REG_DWORD"
},
"AllowUpgradesWithUnsupportedTPMOrCPU": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\MoSetup",
"ValueName": "AllowUpgradesWithUnsupportedTPMOrCPU",
"RegValueType": "REG_DWORD"
},
"AndroidUserOptinValue": {
"HKey": "HKEY_CURRENT_USER",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Mobility\\",
"ValueName": "OptedIn",
"RegValueType": "REG_DWORD"
},
"AppChannels": {
"FullPath": "SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*",
"ValueName": "ChannelId",
"EncodingType": "Json"
},
"AppRMIDs": {
"FullPath": "SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*",
"ValueName": "ReleaseManagementId",
"EncodingType": "Json"
},
"AutopilotUpdateInProgress": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Provisioning\\AutopilotSettings\\VolatileAutopilotUpdate",
"ValueName": "AutopilotUpdateInProgress",
"RegValueType": "REG_DWORD"
},
"AvastBlackScreen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters",
"ValueName": "Win10-1803"
},
"AvastInstalledKey": {
"FullPath": "SOFTWARE\\Avast Software\\Avast",
"IfExists": true
},
"AvastInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Avast Software\\Avast",
"IfExists": true
},
"AvastReg": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters",
"ValueName": "QualityCompat"
},
"AvgBlackScreen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters",
"ValueName": "Win10-1803"
},
"AVGInstalledKey": {
"FullPath": "SOFTWARE\\AVG\\Antivirus",
"IfExists": true
},
"AVGInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\AVG\\Antivirus",
"IfExists": true
},
"AvgReg": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters",
"ValueName": "QualityCompat"
},
"AviraInstalledKey": {
"FullPath": "SOFTWARE\\X-AVCSD\\Workstation\\Antivirus",
"IfExists": true
},
"AviraInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\X-AVCSD\\Workstation\\Antivirus",
"IfExists": true
},
"BitDefenderInstalledKey": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}",
"IfExists": true
},
"BlockEdgeWithChromiumUpdate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
"ValueName": "DoNotUpdateToEdgeWithChromium",
"RegValueType": "REG_DWORD"
},
"BlockFeatureUpdates": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Windows Update\\OSUpgrade",
"ValueName": "BlockFeatureUpdates",
"RegValueType": "REG_DWORD"
},
"BlockWUUpgrades": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows10Upgrader\\Volatile",
"ValueName": "BlockWUUpgrades",
"RegValueType": "REG_DWORD"
},
"BlockWUUpgradesWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows10Upgrader\\Volatile",
"ValueName": "BlockWUUpgrades",
"RegValueType": "REG_DWORD"
},
"BroadcomInstalledKey": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Symantec\\Symantec Endpoint Protection",
"IfExists": true
},
"BuildFID": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
"ValueName": "EsdFlightData",
"RegValueType": "REG_SZ"
},
"BuildFID_WCOS": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "OSDATA\\Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
"ValueName": "EsdFlightData",
"RegValueType": "REG_SZ"
},
"BuildFID_WCOS2": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "OSDATA\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
"ValueName": "EsdFlightData",
"RegValueType": "REG_SZ"
},
"BullguardInstalledKey": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\BullGuard",
"IfExists": true
},
"ChinaTypeApproval_CTA": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeviceAccess",
"ValueName": "ActivePolicyCode",
"RegValueType": "REG_SZ"
},
"CIOptin": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UX\\Settings",
"ValueName": "IsContinuousInnovationOptedIn",
"RegValueType": "REG_DWORD"
},
"CloudFilesFilter": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\CldFlt\\Instances\\",
"ValueName": "DefaultInstance",
"RegValueType": "REG_SZ"
},
"CurrentBranch": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"ValueName": "BuildBranch",
"RegValueType": "REG_SZ"
},
"DataExpDateEpoch_CO21H2RegFb": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
"ValueName": "DataExpDateEpoch",
"RegValueType": "REG_SZ"
},
"DaysSince19H1FUOffer": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\rempl\\irplugin",
"ValueName": "DaysSinceLastOffer",
"RegValueType": "REG_QWORD"
},
"DchuAmdGrfxDeletePending": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
"ValueName": "DriverDelete"
},
"DchuAmdGrfxExists": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
"IfExists": true
},
"DchuAmdGrfxVen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
"ValueName": "DCHUVen"
},
"DchuAmdGrfxVen2": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag\\Parameters",
"ValueName": "DCHUVen"
},
"DchuIntelGrfxDeletePending": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
"ValueName": "DriverDelete"
},
"DchuIntelGrfxExists": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
"IfExists": true
},
"DchuIntelGrfxNExists": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfxn",
"IfExists": true
},
"DchuIntelGrfxVen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
"ValueName": "DCHUVen"
},
"DchuIntelGrfxVen2": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx\\Parameters",
"ValueName": "DCHUVen"
},
"DchuNvidiaGrfxDeletePending": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
"ValueName": "DriverDelete"
},
"DchuNvidiaGrfxExists": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
"IfExists": true
},
"DchuNvidiaGrfxVen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
"ValueName": "DCHUVen"
},
"DchuNvidiaGrfxVen2": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm\\Parameters",
"ValueName": "DCHUVen"
},
"DchuNvidiaGrfxVenTest": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
"ValueName": "DCHUVenTest",
"RegValueType": "REG_DWORD"
},
"DefaultUserRegion": {
"HKey": "HKEY_USERS",
"FullPath": ".DEFAULT\\Control Panel\\International\\Geo",
"ValueName": "Nation",
"RegValueType": "REG_SZ"
},
"DeviceInfoGatherSuccessful": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing",
"ValueName": "DeviceInfoGatherSuccessful",
"RegValueType": "REG_DWORD"
},
"DisableWUfBOfferBlock": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UpdatePolicy\\Settings",
"ValueName": "DisableWUfBOfferBlock",
"RegValueType": "REG_DWORD"
},
"DisconnectedStandby": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Control\\Power",
"ValueName": "EnforceDisconnectedStandby",
"RegValueType": "REG_DWORD"
},
"DotNetMissingComponentsTroubleshooterSuccess": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\.NETFramework",
"ValueName": "DotNetMissingComponentsTroubleshooterSuccess",
"RegValueType": "REG_DWORD"
},
"DriverPartnerRing": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\DriverFlighting\\Partner",
"ValueName": "TargetRing",
"RegValueType": "REG_SZ"
},
"DSS_Enrolled_DF": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows\\\\Windows Update",
"ValueName": "WUfBDF",
"RegValueType": "REG_DWORD"
},
"DSS_Enrolled_State": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WufbDS",
"ValueName": "enrollmenttype",
"RegValueType": "REG_SZ"
},
"DUInternal": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\MoSetup",
"ValueName": "DynamicUpdateInternalTest",
"RegValueType": "REG_DWORD"
},
"EdgeWithChromiumInstallFailureCount": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
"ValueName": "WindowsUpdateAttempts"
},
"EdgeWithChromiumInstallFailureCountWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate",
"ValueName": "WindowsUpdateAttempts"
},
"EdgeWithChromiumInstallVersion": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
"ValueName": "WindowsUpdateVersion"
},
"EdgeWithChromiumInstallVersionWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate",
"ValueName": "WindowsUpdateVersion"
},
"EKB19H2InstallCount": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\2",
"ValueName": "Count"
},
"EKB19H2InstallTimeEpoch": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\2",
"ValueName": "Timestamp"
},
"EKB19H2UnInstallCount": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\0",
"ValueName": "Count"
},
"EKB19H2UnInstallTimeEpoch": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\0",
"ValueName": "Timestamp"
},
"EnableWUfBUpgradeGatesRS5": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\Windows NT\\CurrentVersion\\502505fe-762c-4e80-911e-0c3fa4c63fb0",
"ValueName": "DataRequireGatedScanForFeatureUpdates",
"RegValueType": "REG_DWORD"
},
"ESETInstalledKey": {
"FullPath": "SOFTWARE\\ESET\\ESET Security",
"IfExists": true
},
"ESETInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\ESET\\ESET Security",
"IfExists": true
},
"EsetReg": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\ehdrv\\Parameters",
"ValueName": "WindowsCompatibilityLevel",
"RegValueType": "REG_DWORD"
},
"ESTSecurityInstalledKey": {
"FullPath": "SOFTWARE\\ESTsoft",
"IfExists": true
},
"ESTSecurityInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\ESTsoft",
"IfExists": true
},
"ExpPkgs": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfhost\\Applicability",
"ValueName": "ExpPkgs",
"RegValueType": "REG_SZ"
},
"ExpStates": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\FIDs",
"ValueName": "PreviewConfigs",
"RegValueType": "REG_SZ"
},
"FeatureUpdateDeadline": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Policies\\Microsoft\\Windows\\Windows Update\\",
"ValueName": "ConfigureDeadlineForFeatureUpdates",
"RegValueType": "REG_DWORD"
},
"FlightContent": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability",
"ValueName": "ContentType",
"RegValueType": "REG_SZ"
},
"FlightingOptOutState": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\UI\\Selection",
"ValueName": "OptOutState",
"RegValueType": "REG_DWORD"
},
"FODRetryPending": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing",
"ValueName": "FODRetry",
"RegValueType": "REG_DWORD"
},
"FSecureInstalledKey": {
"FullPath": "SOFTWARE\\F-Secure\\OneClient",
"IfExists": true
},
"FSecureInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\F-Secure\\OneClient",
"IfExists": true
},
"FSRing": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfhost\\Applicability",
"ValueName": "FSRing",
"RegValueType": "REG_SZ"
},
"GamingServicesInstalledKey": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\GamingServices",
"IfExists": true
},
"GridZoneName": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\COAWOS",
"ValueName": "GridZoneName",
"RegValueType": "REG_SZ",
"PersistedSourceId": "COAWOSRoot"
},
"GStatus_CO21H2RegFb": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
"ValueName": "GStatus",
"RegValueType": "REG_SZ"
},
"GStatusBlockIDs_All": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Appraiser\\GWX",
"ValueName": "SdbEntries",
"RegValueType": "REG_SZ"
},
"HidOverGattReg": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemRoot%/System32/drivers/UMDF/Microsoft.Bluetooth.Profiles.HidOverGatt.dll",
"ValueName": "Source",
"RegValueType": "REG_SZ"
},
"HotPatchEKBInstalled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo\\DynamicInstalled\\Hotpatch.amd64",
"IfExists": true
},
"IIS_ASPNET": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\IIS-ASPNET",
"ValueName": "Selection",
"RegValueType": "REG_DWORD"
},
"IIS_NetFxExtensibility": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\IIS-NetFxExtensibility",
"ValueName": "Selection",
"RegValueType": "REG_DWORD"
},
"InstallDate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"ValueName": "InstallDate",
"RegValueType": "REG_DWORD"
},
"IntelPlatformId": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0",
"ValueName": "Platform Specific Field 1",
"RegValueType": "REG_DWORD"
},
"IppPrinterBadDefaultPdc": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print\\Printers\\*\\PrinterDriverData",
"ValueName": "V4_PDC_ChangeID",
"RegValueType": "REG_SZ",
"EncodingType": "Json"
},
"IsAutopilotRegistered": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Provisioning\\AutopilotPolicyCache",
"ValueName": "ProfileAvailable",
"RegValueType": "REG_DWORD"
},
"IsFlightingEnabled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability",
"ValueName": "IsBuildFlightingEnabled",
"RegValueType": "REG_DWORD"
},
"IsCHCapableBuild": {
"HKey": "HKEY_CLASSES_ROOT",
"FullPath": "CLSID\\{2C57C51B-FD43-4E74-B077-551AE6228AD6}",
"IfExists": true
},
"IsCldFltSyncRoots": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager\\*",
"IfExists": true
},
"IsConfigMgrEnabled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\ClientState",
"ValueName": "ConfigMgrEnabled",
"RegValueType": "REG_DWORD"
},
"IsContainerMgrInstalled": {
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Containers\\CmService",
"IfExists": true
},
"IsEdgeWithChromiumInstalled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
"IfExists": true
},
"IsEdgeWithChromiumInstalledWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
"IfExists": true
},
"IsFeedbackHubSelfhost": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack\\Partners\\IsFeedbackHubSelfhost",
"IfExists": true
},
"IsHybridOrXGpu": {
"FullPath": "SOFTWARE\\Microsoft\\DirectX",
"ValueName": "HybridDeviceApplicableForDxDbGpuPreferences"
},
"IsProcessorMode": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack\\RegionalSettings",
"ValueName": "IsProcessorMode",
"RegValueType": "REG_QWORD"
},
"IsSpotlightEnabledInOEMTheme": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes",
"ValueName": "WindowsSpotlight",
"RegValueType": "REG_DWORD"
},
"IsSpotlightThemeEnabledByOEM": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DesktopOptimization",
"ValueName": "WindowsSpotlightTheme",
"RegValueType": "REG_DWORD"
},
"IsVbsEnabled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\ControlSet001\\Control\\DeviceGuard",
"ValueName": "EnableVirtualizationBasedSecurity",
"RegValueType": "REG_DWORD"
},
"IsWDAGEnabled": {
"FullPath": "SYSTEM\\ControlSet001\\Services\\hvsics",
"IfExists": true
},
"IsWDATPEnabled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Advanced Threat Protection\\Status",
"ValueName": "OnboardingState"
},
"K7InstalledKey": {
"FullPath": "SOFTWARE\\K7 Computing",
"IfExists": true
},
"K7InstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\K7 Computing",
"IfExists": true
},
"KasperskyInstalledKey": {
"FullPath": "SOFTWARE\\KasperskyLab",
"IfExists": true
},
"KasperskyInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\KasperskyLab",
"IfExists": true
},
"KasperskyReg": {
"FullPath": "System\\CurrentControlSet\\Services\\klhk\\Parameters",
"ValueName": "UseVtHardware"
},
"KingsoftInstalledKey": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet Security",
"IfExists": true
},
"KingsoftInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet Security",
"IfExists": true
},
"KioskMode": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\AssignedAccessCsp\\AutoLogonAccount",
"ValueName": "ConfigSource",
"RegValueType": "REG_DWORD"
},
"KnownFoldersBackupStatus": {
"HKey": "HKEY_CURRENT_USER",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StorageProviderStatus",
"ValueName": "OneDrive",
"RegValueType": "REG_SZ"
},
"LCUVer": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"ValueName": "LCUVer"
},
"LenovoInstalledKey": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1",
"IfExists": true
},
"LenovoInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1",
"IfExists": true
},
"MalwarebytesInstalledKey": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1",
"IfExists": true
},
"MalwarebytesInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1",
"IfExists": true
},
"McAfeeInstalledKey": {
"FullPath": "SOFTWARE\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams",
"IfExists": true
},
"McAfeeInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams",
"IfExists": true
},
"Migrated_GatedFeature_NI22H2": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\MigratedMarkers\\TargetVersionUpgradeExperienceIndicators\\NI22H2",
"ValueName": "GatedFeatureSingleString",
"RegValueType": "REG_SZ"
},
"Migrated_GatedFeature_NI22H2Setup": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\MigratedMarkers\\TargetVersionUpgradeExperienceIndicators\\NI22H2Setup",
"ValueName": "GatedFeatureSingleString",
"RegValueType": "REG_SZ"
},
"MTPTargetingInfo": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Platform\\MTPTargetingInfo",
"ValueName": "TargetRing"
},
"NonSecurityUpdate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Update",
"ValueName": "NonSecurityRelease",
"RegValueType": "REG_DWORD"
},
"NPUEnabledDevice": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Media Foundation\\FrameServer\\WindowsCameraEffects",
"ValueName": "EffectsCameraAvailable",
"RegValueType": "REG_DWORD"
},
"OEMMode": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Office\\16.0\\Common\\OEM",
"ValueName": "OOBEMode",
"RegValueType": "REG_SZ"
},
"OEMModelBaseBoard": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "HARDWARE\\DESCRIPTION\\System\\BIOS",
"ValueName": "BaseBoardProduct",
"RegValueType": "REG_SZ"
},
"OemPartnerRing": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Platform\\DeviceTargetingInfo",
"ValueName": "TargetRing",
"RegValueType": "REG_SZ"
},
"OEMSubModel": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "HARDWARE\\DESCRIPTION\\System\\BIOS",
"ValueName": "SystemSKU",
"RegValueType": "REG_SZ"
},
"OobeNdupAcceptedTarget": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OOBE\\NDUP\\Updates",
"ValueName": "Target",
"RegValueType": "REG_SZ"
},
"OobeNdupFU22621CommitChoice": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\NDUP\\Updates\\FeatureUpdate_22621",
"ValueName": "CommitChoice",
"RegValueType": "REG_DWORD"
},
"OobeSeeker": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates",
"ValueName": "OOBEUpdateStarted"
},
"OSDataDriverPartnerRing": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "OSData\\SOFTWARE\\Microsoft\\DriverFlighting\\Partner",
"ValueName": "TargetRing",
"RegValueType": "REG_SZ"
},
"OSRollbackBuild": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Windows Update\\OSUpgrade\\Rollback",
"ValueName": "BuildString",
"RegValueType": "REG_SZ"
},
"OSRollbackCount": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Windows Update\\OSUpgrade\\Rollback",
"ValueName": "Count",
"RegValueType": "REG_DWORD"
},
"OSRollbackDate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Windows Update\\OSUpgrade\\Rollback",
"ValueName": "DateStamp",
"RegValueType": "REG_DWORD"
},
"PandaInstalledKey": {
"FullPath": "SOFTWARE\\Panda Software\\Setup",
"IfExists": true
},
"PandaInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Panda Software\\Setup",
"IfExists": true
},
"PausedFeatureStatus": {
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UpdatePolicy\\Settings",
"ValueName": "PausedFeatureStatus"
},
"PausedQualityStatus": {
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UpdatePolicy\\Settings",
"ValueName": "PausedQualityStatus"
},
"PlayFabPartyRelay": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\PlayFabPartyRelay",
"IfExists": true
},
"PonchAllow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
"ValueName": "cadca5fe-87d3-4b96-b7fb-a231484277cc",
"RegValueType": "REG_DWORD"
},
"PonchAllowKey": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc",
"IfExists": true
},
"PonchAllowWow": {
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
"ValueName": "cadca5fe-87d3-4b96-b7fb-a231484277cc"
},
"PonchAllowWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc",
"IfExists": true
},
"PonchBlock": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
"ValueName": "65d75b03-6f4d-46e9-b870-517731e06cf9",
"RegValueType": "REG_DWORD"
},
"PreviewBuildsManagerEnabled": {
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfhost\\Manager",
"ValueName": "ArePreviewBuildsAllowed"
},
"PSAKyoceraMissingDEH": {
"HKey": "HKEY_CLASSES_ROOT",
"FullPath": "Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\A97ECD55.KYOCERAPrintCenter_4.1.11108.0_x64__kqmhh0ktdt7dg",
"IfExists": true
},
"PSATATriumphMissingDEH": {
"HKey": "HKEY_CLASSES_ROOT",
"FullPath": "Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\TATriumph-AdlerGmbH.TAUTAXPrintCenter_4.1.11108.0_x64__h5e8vsnevp54y",
"IfExists": true
},
"PSAXeroxMissingDEH": {
"HKey": "HKEY_CLASSES_ROOT",
"FullPath": "Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\XeroxCorp.PrintExperience_8.29.32.0_x64__f7egpvdyrs2a8",
"IfExists": true
},
"QihooInstalledKey": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\360TotalSecurity",
"IfExists": true
},
"QUDeadline": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Update",
"ValueName": "ConfigureDeadlineForQualityUpdates",
"RegValueType": "REG_DWORD"
},
"QUDeadlineMDM": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update",
"ValueName": "ConfigureDeadlineForQualityUpdates",
"RegValueType": "REG_DWORD"
},
"QuickhealInstalledKey1": {
"FullPath": "SYSTEM\\CurrentControlSet\\Servicescatflt",
"IfExists": true
},
"QuickhealInstalledKey2": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\scanner.exe",
"IfExists": true
},
"RecoveredFromBuild": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom",
"ValueName": "LastBuild",
"RegValueType": "REG_DWORD"
},
"RecoveredOnDate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom",
"ValueName": "DateStamp",
"RegValueType": "REG_DWORD"
},
"ReleaseType": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo",
"ValueName": "ReleaseType",
"RegValueType": "REG_SZ"
},
"SetupDisplayedEulaVersion": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OOBE\\",
"ValueName": "SetupDisplayedEulaVersion",
"RegValueType": "REG_DWORD"
},
"SH_SIPolicyCleanup": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\PPI\\Settings",
"ValueName": "SIPolicyCleanup",
"RegValueType": "REG_DWORD"
},
"SmartActiveHoursState": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UX\\Settings",
"ValueName": "SmartActiveHoursState",
"RegValueType": "REG_DWORD"
},
"SophosInstalledKey1": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\SAVService",
"IfExists": true
},
"SophosInstalledKey2": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\hmpalertsvc",
"IfExists": true
},
"StayOnWindows10Timestamp": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UX\\Settings",
"ValueName": "SvOfferDeclined",
"RegValueType": "REG_QWORD"
},
"Steam": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Classes\\Steam",
"ValueName": "",
"RegValueType": "REG_SZ"
},
"StrictHiveSecurityReg": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\*",
"ValueName": "StrictHiveSecuritySet"
},
"SymantecInstalledKey": {
"FullPath": "SOFTWARE\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}",
"IfExists": true
},
"SymantecInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}",
"IfExists": true
},
"TargetReleaseVersionGP": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Update",
"ValueName": "TargetReleaseVersionInfo",
"RegValueType": "REG_SZ"
},
"TargetReleaseVersionMDM": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update",
"ValueName": "TargetReleaseVersion",
"RegValueType": "REG_SZ"
},
"TenantId": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Control\\CloudDomainJoin\\JoinInfo\\*",
"ValueName": "TenantId"
},
"TencentInstalledKey": {
"FullPath": "SOFTWARE\\Tencent\\QQPCMgr",
"IfExists": true
},
"TencentInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Tencent\\QQPCMgr",
"IfExists": true
},
"TencentReg": {
"FullPath": "SYSTEM\\CurrentControlSet\\services\\TesSafe",
"ValueName": "LoadStartTime"
},
"TencentType": {
"FullPath": "SYSTEM\\CurrentControlSet\\services\\TesSafe",
"ValueName": "Type"
},
"TestRN": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Wosc\\Client\\Persistent\\ClientState\\FCON",
"ValueName": "TestRing"
},
"ThreatTrackInstalledKey": {
"FullPath": "SOFTWARE\\SBAMSvc",
"IfExists": true
},
"ThreatTrackInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\SBAMSvc",
"IfExists": true
},
"TimestampEpochString_CO21H2RegFb": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
"ValueName": "TimestampEpochString",
"RegValueType": "REG_SZ"
},
"TrendInstalledKey": {
"FullPath": "SOFTWARE\\TrendMicro",
"IfExists": true
},
"TrendInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\TrendMicro",
"IfExists": true
},
"UHSEnrolled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"ValueName": "UHSEnrolled",
"RegValueType": "REG_SZ",
"IfExists": true
},
"UninstallActive": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "System\\Setup",
"ValueName": "UninstallActive",
"RegValueType": "REG_DWORD"
},
"UpdateOfferedDays": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WaaSAssessment\\Cache\\",
"ValueName": "UpToDateDays",
"RegValueType": "REG_DWORD"
},
"UpdatePreference": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Update",
"ValueName": "UpdatePreference",
"RegValueType": "REG_DWORD"
},
"UpgEx_CO21H2RegFb": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
"ValueName": "UpgEx",
"RegValueType": "REG_SZ"
},
"UpgradeAccepted": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates\\",
"ValueName": "UpgradeAccepted",
"RegValueType": "REG_DWORD",
"IfExists": true
},
"UpgradeEligible": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion",
"ValueName": "UpgradeEligible",
"RegValueType": "REG_DWORD"
},
"UserInPlaceUpgrade": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\\\Windows\\\\CurrentVersion",
"ValueName": "UserInPlaceUpgrade",
"RegValueType": "REG_DWORD"
},
"UsoScanMitigation": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Windows Update\\Orchestrator\\Mitigation\\",
"ValueName": "UsoScanNotStartingMitigationCompleted",
"RegValueType": "REG_DWORD",
"IfExists": true
},
"UtcDataHandlingPolicies": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack",
"ValueName": "UtcDataHandlingPolicies",
"RegValueType": "REG_QWORD"
},
"UUSVersion": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Windows Update\\Orchestrator",
"ValueName": "LastRunVersion",
"RegValueType": "REG_SZ"
},
"WAS_NetFxEnvironment": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\WAS-NetFxEnvironment",
"ValueName": "Selection",
"RegValueType": "REG_DWORD"
},
"WCFHTTPActivationNotificationState": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Component Based Servicing\\\\Notifications\\\\OptionalFeatures\\\\WCF-HTTP-Activation",
"ValueName": "Selection",
"RegValueType": "REG_DWORD"
},
"WCFNonHTTPActivationNotificationState": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Component Based Servicing\\\\Notifications\\\\OptionalFeatures\\\\WCF-NonHTTP-Activation",
"ValueName": "Selection",
"RegValueType": "REG_DWORD"
},
"WebExperience": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
"IfExists": true
},
"WebExperienceWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
"IfExists": true
},
"WebrootInstalledKey": {
"FullPath": "SOFTWARE\\WRData",
"IfExists": true
},
"WebrootInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\WRData",
"IfExists": true
},
"Win11UpgradeAcceptedTimestamp": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UX\\Settings",
"ValueName": "SvOfferAccepted",
"RegValueType": "REG_QWORD"
},
"Win11UpgradeAcceptedWUSeeker": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UX\\Settings",
"ValueName": "SvOfferAccepted",
"RegValueType": "REG_QWORD",
"IfExists": true
},
"WindowsMixedReality": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\WUDF\\Services\\HoloLensSensors",
"ValueName": "WdfMajorVersion",
"RegValueType": "REG_DWORD"
},
"WSX_Runtime": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
"ValueName": "ExperienceExtensions",
"RegValueType": "REG_SZ"
},
"WSX_Windows_AppSample": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
"ValueName": "Windows.AppSample",
"RegValueType": "REG_SZ"
},
"WSX_Windows_Settings_Account": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
"ValueName": "Windows.Settings.Account",
"RegValueType": "REG_SZ"
},
"WSX_Windows_Shell_Start": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
"ValueName": "Windows.Shell.StartMenu",
"RegValueType": "REG_SZ"
}
},
"FileInfo": {
"AvastVer": {
"Path": "\\system32\\Drivers\\aswVmm.sys",
"FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
},
"AvgVer": {
"Path": "\\system32\\Drivers\\avgVmm.sys",
"FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
},
"BullguardInstalledVer": {
"Path": "\\BullGuard Ltd\\BullGuard\\BullGuard.exe",
"IfExists": true,
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"CortanaAppVer": {
"Path": "\\WindowsApps\\Microsoft.549981C3F5F10_8wekyb3d8bbwe\\CortanaApp.View.exe",
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"CortanaAppVerTest": {
"Path": "\\WindowsApps\\3242f7d9-db60-4380-a379-4205ea768bfc_1.0.0.0_x64__zs4v8rx04ex0m\\UndockingTestApp.exe",
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"CrowdStrikeInstalledVer": {
"Path": "drivers\\CrowdStrike\\CSAgent.sys",
"IfExists": true,
"FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
},
"EsetVer": {
"Path": "\\drivers\\ehdrv.sys",
"FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
},
"FileExistsMscoreeDll": {
"Path": "%windir%\\\\system32\\\\mscoree.dll",
"IfExists": true
},
"GDataInstalledVer": {
"Path": "\\drivers\\MiniIcpt.sys",
"IfExists": true,
"FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
},
"HidparseDriversVer": {
"Path": "%windir%\\system32\\drivers\\hidparse.sys"
},
"HidparseSystem32Ver": {
"Path": "%windir%\\system32"
},
"HidparseSystem32Ver1": {
"Path": "%windir%\\system32\\hidparse.sys"
},
"IsNotepadExePresent": {
"Path": "%windir%\\system32\\notepad.exe",
"IfExists": true
},
"K7InstalledVer": {
"Path": "\\K7 Computing",
"IfExists": true,
"FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
},
"KasperskyVer": {
"Path": "\\system32\\Drivers\\klhk.sys",
"FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
},
"OnnxruntimeVer": {
"Path": "%windir%\\\\system32\\\\onnxruntime.dll"
},
"PandaInstalledVer": {
"Path": "\\Panda Security",
"IfExists": true,
"FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
},
"SkypeRoomSystem": {
"Path": "%systemdrive%\\Recovery\\OEM\\$oem$\\$1\\Rigel\\x64\\Scripts\\Provisioning\\AutoUnattend.xml",
"IfExists": true
},
"SymantecVer": {
"Path": "\\Symantec\\Shared\\EENGINE\\eeCtrl.sys",
"FolderGuid": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
},
"SymantecVer64": {
"Path": "\\Symantec\\Shared\\EENGINE\\eeCtrl64.sys",
"FolderGuid": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
},
"TobiiVer": {
"Path": "\\Tobii\\Tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"TobiiVer1x86": {
"Path": "\\Tobii\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
"FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
},
"TobiiVerx86": {
"Path": "\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
"FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
},
"TrendInstalledVer": {
"Path": "\\Trend Micro\\Titanium\\plugin\\plugVizor.dll",
"IfExists": true,
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"TrendMicroVer": {
"Path": "\\drivers\\TMUMH.sys",
"FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
},
"WuClientVer": {
"Path": "\\system32\\wuaueng.dll",
"FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
},
"XamlCbsActivationStore": {
"Path": "%ProgramData%\\\\Microsoft\\\\Windows\\\\AppRepository\\\\Packages\\\\Microsoft.UI.Xaml.CBS_8.2205.4001.0_x64__8wekyb3d8bbwe\\\\ActivationStore.dat",
"IfExists": true
},
"XamlCbsActivationStoreArm64": {
"Path": "%ProgramData%\\\\Microsoft\\\\Windows\\\\AppRepository\\\\Packages\\\\Microsoft.UI.Xaml.CBS_8.2205.4001.0_arm64__8wekyb3d8bbwe\\\\ActivationStore.dat",
"IfExists": true
}
},
"Licensing": {
"UpdateManagementGroup": {
"Name": "UpdatePolicy-UpdateManagementGroup"
}
},
"UpdatePolicy": {
"AllowOptionalContent": {
"PolicyEnum": 58,
"Enterprise": true
},
"BranchReadinessLevel": {
"PolicyEnum": 5,
"Enterprise": true
},
"BranchReadinessLevelSource": {
"PolicyEnum": 5,
"Enterprise": true,
"UseSource": true
},
"DeferFeatureUpdatePeriodInDays": {
"PolicyEnum": 9,
"Enterprise": true
},
"DeferQualityUpdatePeriodInDays": {
"PolicyEnum": 7,
"Enterprise": true
},
"DisableDualScan": {
"PolicyEnum": 42,
"Enterprise": true
},
"EnableWUfBUpgradeGates": {
"PolicyEnum": 51,
"Enterprise": true
},
"TargetProductVersion": {
"PolicyEnum": 53,
"Enterprise": true
},
"TargetReleaseVersion": {
"PolicyEnum": 50,
"Enterprise": true
},
"UpdateServiceUrl": {
"PolicyEnum": 12
},
"WUfBClientManaged": {
"PolicyEnum": 32,
"Enterprise": true
}
},
"Policy": {
"DesiredOcpVersion": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OcpVersion/"
},
"DesiredOsVersion": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OsVersion"
},
"DesiredSystemManifestVersion": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/SystemManifestVersion"
},
"DucCustomPackageId": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/CustomPackageId"
},
"DucDeviceModelId": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/DeviceModelId"
},
"DucOemPartnerRing": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/OemPartnerRing"
},
"DucPublisherId": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/PublisherId"
},
"SetPolicyDrivenUpdateSourceForFeatureUpdates": {
"LocUri": "./Device/Vendor/MSFT/Policy/Config/Update/SetPolicyDrivenUpdateSourceForFeatureUpdates"
},
"WSUSconfigured_csp": {
"LocUri": "./Device/Vendor/MSFT/Policy/Config/Update/UpdateServiceUrl"
}
},
"WMI": {
"ElanFingerprintDriverVersion": {
"Query": "SELECT DriverVersion, Manufacturer FROM Win32_PnPSignedDriver WHERE Manufacturer = 'ELAN'",
"Name": "DriverVersion",
"Timeout": 2000
},
"FirstStorageSpaceDeviceId": {
"Query": "SELECT DeviceID FROM Win32_DiskDrive WHERE Model = 'Microsoft Storage Space Device'",
"Name": "DeviceID",
"Timeout": 2000
},
"IIS_ASPNET_WMI": {
"Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'IIS-ASPNET'",
"Name": "InstallState",
"Timeout": 2000
},
"IIS_NetFxExtensibility_WMI": {
"Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'IIS-NetFxExtensibility'",
"Name": "InstallState",
"Timeout": 2000
},
"NetFx3State": {
"Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'NetFX3'",
"Name": "InstallState",
"Timeout": 2000
},
"PSAKyoceraInstalledName": {
"Query": "SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'A97ECD55.KYOCERAPrintCenter_4.1.11108.0_x64__kqmhh0ktdt7dg'",
"Name": "Name",
"Timeout": 2000
},
"PSATATriumphInstalledName": {
"Query": "SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'TATriumph-AdlerGmbH.TAUTAXPrintCenter_4.1.11108.0_x64__h5e8vsnevp54y'",
"Name": "Name",
"Timeout": 2000
},
"WAS_NetFxEnvironment_WMI": {
"Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'WAS-NetFxEnvironment'",
"Name": "InstallState",
"Timeout": 2000
},
"WCFHTTPActivationState": {
"Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'WCF-HTTP-Activation'",
"Name": "InstallState",
"Timeout": 2000
},
"WCFNonHTTPActivationState": {
"Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'WCF-NonHTTP-Activation'",
"Name": "InstallState",
"Timeout": 2000
},
"XeroxPsaInstalledName": {
"Query": "SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'XeroxCorp.PrintExperience_8.29.32.0_x64__f7egpvdyrs2a8'",
"Name": "Name",
"Timeout": 2000
}
}
}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings]
"TargetingAttributesVerified"="{
"Version": 244,
"SchemaVersion": 1,
"PartA": [
"App",
"AppVer",
"AttrDataVer"
],
"Default": [
"DeviceFamily",
"f:FlightRing",
"t:OSVersionFull"
],
"PartB": {
"ACSOVERRIDE": [
"OSArchitecture",
"c:IsAlwaysOnAlwaysConnectedCapable"
],
"APPTARGETEDFEATUREDB": [
"c:FlightingBranchName",
"f:FlightRing",
"t:OSVersionFull",
"DeviceFamily"
],
"CASSCLIENT": [
"OSVersion",
"c:OSEdition",
"f:FlightRing",
"c:OSUILocale",
"f:FlightingBranchName",
"r:OEMMode"
],
"CDM": [
"ChassisTypeId",
"r:CurrentBranch",
"DeviceFamily",
"f:FlightingBranchName",
"f:FlightRing",
"c:InstallLanguage",
"c:IsDomainJoined",
"t:IsTestLab",
"OEMModel",
"OSArchitecture",
"OSVersion",
"t:OSSkuId",
"c:ProcessorIdentifier",
"c:TelemetryLevel",
"t:IsMsftOwned",
"t:WCOSProductId",
"c:OSUILocale",
"c:CommercialId",
"s:MinShellVersion",
"s:MaxShellVersion",
"c:ActivationChannel",
"c:SCCMClientId",
"c:IsCloudDomainJoined",
"r:WebExperience",
"FX_FlightIds",
"AccountFirstChar",
"r:WSX_Windows_Settings_Account",
"r:InstallDate",
"r:WSX_Runtime",
"r:DefaultUserRegion",
"a:GatedFeature_NI22H2",
"r:WSX_Windows_Shell_Start",
"a:GatedFeature_CU23H2",
"r:ExpStates",
"MX_FlightIds",
"n:MXVersion",
"r:CIOptin",
"c:ProcessorCores",
"c:TotalPhysicalRAM",
"r:TestRN",
"u:UpdateServiceUrl",
"u:WUfBClientManaged",
"r:UUSVersion",
"DL_OSVersion",
"r:ExpPkgs",
"u:AllowOptionalContent",
"n:IsMicrosoftAAD"
],
"COMPATLOGGER": [
"osVer",
"ring",
"deviceId"
],
"CONTENT_DELIVERY_MANAGER": [
"c:OSEdition",
"t:OSSkuId",
"c:OSUILocale",
"a:UpgEx_CO21H2",
"a:GStatus_CO21H2",
"a:DataExpDateEpoch_CO21H2",
"a:TimestampEpochString_CO21H2",
"r:AndroidUserOptinValue",
"f:FlightingBranchName",
"f:FlightRing",
"r:CurrentBranch",
"c:ProcessorModel",
"r:NPUEnabledDevice",
"MX_FlightIds",
"r:KnownFoldersBackupStatus",
"c:IsDomainJoined"
],
"CORTANA_GATEKEEPER": [
"r:CurrentBranch",
"f:FlightRing",
"f:IsRetailOS"
],
"CORTANAUWP": [
"c:OSUILocale",
"t:OSVersionFull",
"v:CortanaAppVer"
],
"CORTANAUWPTEST": [
"+CORTANAUWP",
"v:CortanaAppVerTest"
],
"CTAC": [
"+FSS"
],
"DDC": [
"+WU_STORE",
"+_WU_PTI"
],
"DXDB": [
"DeviceFamily",
"f:FlightRing",
"r:IsHybridOrXGpu",
"t:OSVersionFull",
"OSVersion"
],
"EDGE_SERVICEUI": [
"t:LocalDeviceID",
"t:LocalUserID"
],
"FCON": [
"+CDM"
],
"FSS": [
"r:PreviewBuildsManagerEnabled",
"f:BranchReadinessLevelRaw",
"u:BranchReadinessLevelSource",
"r:BuildFID",
"t:DeviceFamily",
"DeviceId",
"c:EnablePreviewBuilds",
"f:FlightingPolicyValue",
"f:IsRetailOS",
"f:ManagePreviewBuilds",
"OSVersionFull",
"t:WCOSProductId",
"r:SmartActiveHoursState",
"r:ActiveHoursStart",
"r:ActiveHoursEnd",
"r:IsCHCapableBuild",
"r:FSRing",
"s:MaxShellVersion",
"s:MinShellVersion",
"c:TPMVersion",
"c:SecureBootCapable",
"c:ProcessorClockSpeed",
"c:ProcessorCores",
"c:TotalPhysicalRAM",
"t:SMode",
"c:SystemVolumeTotalCapacity",
"c:OEMManufacturerName",
"c:OEMModelNumber",
"a:ISVM",
"r:AllowUpgradesWithUnsupportedTPMOrCPU",
"r:IntelPlatformId",
"r:IsConfigMgrEnabled",
"f:IsFlightingEnabled",
"r:DeviceInfoGatherSuccessful"
],
"FXIRISCLIENT": [
"+IRISCLIENT"
],
"GS": [
"t:OSSkuId",
"t:OSVersionFull",
"r:CurrentBranch",
"r:DefaultUserRegion",
"DeviceFamily",
"c:FlightIds",
"f:FlightingBranchName",
"f:FlightRing",
"c:IsCloudDomainJoined",
"t:IsMsftOwned",
"f:IsRetailOS",
"c:OSUILocale",
"c:IsDomainJoined"
],
"IRISCLIENT": [
"+IRISCLIENTBASE",
"c:FlightIds"
],
"IRISCLIENTBASE": [
"DeviceFamily",
"OSVersion",
"t:OSSkuId",
"OSArchitecture",
"c:TelemetryLevel",
"f:FlightRing",
"f:FlightingBranchName",
"c:InternalPrimaryDisplayResolutionHorizontal",
"c:InternalPrimaryDisplayResolutionVetical",
"t:IsMsftOwned",
"c:ChassisType",
"OEMModel",
"c:OSUILocale",
"c:OSEdition",
"r:CurrentBranch",
"t:WCOSProductId",
"c:InstallationType",
"r:InstallDate",
"c:IsCloudDomainJoined",
"c:IsDeviceRetailDemo",
"f:IsRetailOS",
"c:ProcessorClockSpeed",
"c:ProcessorCores",
"c:ProcessorManufacturer",
"c:TotalPhysicalRAM",
"c:D3DMaxFeatureLevel",
"c:IsAlwaysOnAlwaysConnectedCapable",
"t:SMode",
"t:LocalUserID",
"r:AndroidUserOptinValue",
"c:ProcessorModel",
"MX_FlightIds",
"a:UpgEx_CO21H2",
"r:KnownFoldersBackupStatus",
"c:OEMModelSystemFamily",
"OEMName_Uncleaned",
"r:IsSpotlightEnabledInOEMTheme",
"r:IsSpotlightThemeEnabledByOEM"
],
"IRISCLIENTV2": [
"+IRISCLIENTBASE",
"IX_FlightIds"
],
"MICROSOFT.WINDOWSFEEDBACKHUB_8WEKYB3D8BBWE": [
"t:OSVersionFull",
"t:IsTestLab",
"f:FlightRing"
],
"MITIGATION": [
"t:DeviceFamily",
"f:FlightRing",
"c:FlightIds",
"c:IsDomainJoined",
"t:IsMsftOwned",
"f:IsRetailOS",
"t:IsTestLab",
"IsVM",
"OEMModel",
"c:OSEdition",
"t:OSSkuId",
"t:OSVersionFull",
"c:OSUILocale",
"t:SMode",
"f:IsFlightingEnabled",
"c:FirmwareVersion",
"c:TelemetryLevel",
"f:FlightingBranchName",
"r:CurrentBranch",
"OSVersion",
"w:FirstStorageSpaceDeviceId",
"r:IsCldFltSyncRoots",
"c:OSInstallType",
"v:IsNotepadExePresent",
"r:StrictHiveSecurityReg",
"a:GatedBlockId_21H1",
"r:UpdateOfferedDays",
"r:UsoScanMitigation",
"r:GamingServicesInstalledKey",
"v:FileExistsMscoreeDll",
"w:NetFx3State",
"r:WCFHTTPActivationNotificationState",
"w:WCFHTTPActivationState",
"r:WCFNonHTTPActivationNotificationState",
"w:WCFNonHTTPActivationState",
"r:DotNetMissingComponentsTroubleshooterSuccess",
"r:IIS_ASPNET",
"w:IIS_ASPNET_WMI",
"r:IIS_NetFxExtensibility",
"w:IIS_NetFxExtensibility_WMI",
"r:WAS_NetFxEnvironment",
"w:WAS_NetFxEnvironment_WMI",
"v:XamlCbsActivationStore",
"v:XamlCbsActivationStoreArm64",
"v:OnnxruntimeVer",
"w:ElanFingerprintDriverVersion",
"r:AADBrokerPluginNotRegistered",
"r:TenantId",
"r:IppPrinterBadDefaultPdc",
"r:FlightingOptOutState",
"r:CloudFilesFilter",
"r:PSAKyoceraMissingDEH",
"r:PSATATriumphMissingDEH",
"r:PSAXeroxMissingDEH",
"w:PSAKyoceraInstalledName",
"w:PSATATriumphInstalledName",
"w:XeroxPsaInstalledName"
],
"MLMOD": [
"ChassisTypeId",
"t:DeviceFamily",
"f:FlightingBranchName",
"f:FlightRing",
"f:IsRetailOS",
"t:OSSkuId",
"t:OSVersionFull",
"c:OSUILocale",
"OSVersion",
"c:TelemetryLevel",
"r:CurrentBranch",
"t:IsTestLab",
"c:PrimaryDiskType",
"FX_FlightIds"
],
"MTP": [
"+_WU_OS_CORE"
],
"MUSE": [
"+_WU_FB",
"ChassisTypeId",
"deviceClass",
"deviceId",
"c:FlightIds",
"locale",
"ms",
"os",
"osVer",
"ring",
"sampleId",
"sku",
"r:DaysSince19H1FUOffer",
"u:DisableDualScan",
"u:UpdateServiceUrl",
"c:CommercialId",
"f:FlightingBranchName",
"c:SystemVolumeTotalCapacity",
"c:IsAlwaysOnAlwaysConnectedCapable",
"c:ProcessorCores",
"c:PrimaryDiskType",
"c:TotalPhysicalRAM",
"c:ProcessorClockSpeed",
"c:ProcessorIdentifier",
"c:ProcessorModel",
"c:ActivationChannel",
"c:IsCloudDomainJoined",
"c:isCommercial",
"c:IsDomainJoined",
"c:IsMDMEnrolled",
"c:SCCMClientID",
"r:OEMSubModel",
"c:OEMModelNumber",
"c:OEMManufacturerName",
"r:OobeSeeker",
"r:DefaultUserRegion"
],
"NARRATORNNV": [
"+WU_STORE"
],
"NOISYHAMMER": [
"+WU_OS"
],
"PHS": [
"r:GridZoneName",
"OEMModel",
"c:OEMManufacturerName",
"c:OSUILocale",
"r:OEMSubModel",
"DeviceFamily"
],
"RULESENGINE": [
"c:OSEdition",
"t:OSSkuId",
"c:OSUILocale",
"a:UpgEx_CO21H2",
"a:GStatus_CO21H2",
"a:DataExpDateEpoch_CO21H2",
"a:TimestampEpochString_CO21H2",
"r:AndroidUserOptinValue",
"f:FlightingBranchName",
"f:FlightRing",
"r:CurrentBranch",
"c:ProcessorModel",
"r:NPUEnabledDevice",
"MX_FlightIds",
"r:KnownFoldersBackupStatus",
"c:IsDomainJoined"
],
"RUXIM": [
"+WU_OS"
],
"SEDIMENTPACK": [
"+WU_OS"
],
"SERVICEEXPERIENCES": [
"f:FlightingBranchName",
"f:FlightRing",
"s:MaxShellVersion",
"s:MinShellVersion",
"t:IsTestLab",
"c:TelemetryLevel",
"t:OSSkuId",
"r:CurrentBranch",
"OSVersion",
"DeviceFamily",
"r:WSX_Windows_Settings_Account",
"c:FlightIds",
"r:WSX_Runtime",
"r:WSX_Windows_Shell_Start",
"r:WSX_Windows_AppSample"
],
"SERVICING_CBS": [
"+WU",
"osVer"
],
"SETUP360": [
"t:OSSkuId",
"f:FlightRing"
],
"SMARTOPTOUT": [
"+CDM"
],
"STORAGEGROVELER": [
"a:Free",
"c:TelemetryLevel",
"f:FlightRing",
"f:IsFlightingEnabled",
"IsVM",
"t:OSVersionFull"
],
"UTC": [
"+UTC_STATIC",
"osVer",
"locale",
"ring",
"f:PilotRing",
"f:IsRetailOS",
"ms",
"expId",
"t:SMode",
"f:FlightingBranchName",
"c:CommercialId",
"r:IsFeedbackHubSelfhost",
"c:AzureVMType",
"t:IsTestLab",
"c:TelemetryLevel",
"c:IsVirtualDevice",
"r:IsProcessorMode",
"r:UtcDataHandlingPolicies"
],
"UTC_STATIC": [
"os",
"deviceId",
"sampleId",
"deviceClass",
"sku",
"OEMModel",
"OEMName_Uncleaned",
"c:PrimaryDiskType",
"c:ProcessorModel",
"c:TotalPhysicalRAM"
],
"UUS": [
"OSVersion",
"f:FlightRing",
"t:IsTestLab",
"t:OSVersionFull",
"f:FlightingBranchName",
"r:CurrentBranch",
"f:IsFlightingEnabled"
],
"WAASASSESSMENT": [
"+WU_OS"
],
"WAASMEDIC": [
"os",
"osVer",
"ring",
"deviceClass",
"deviceId",
"locale",
"sku",
"c:ActivationChannel",
"c:CommercialId",
"r:CurrentBranch",
"f:FlightingBranchName",
"c:IsCloudDomainJoined",
"c:IsDomainJoined",
"t:IsTestLab",
"OSVersion",
"c:SCCMClientID",
"c:TelemetryLevel",
"r:FlightingOptOutState"
],
"WOSC": [
"t:DeviceFamily",
"f:FlightRing",
"f:IsFlightingEnabled",
"t:IsMsftOwned",
"t:LocalDeviceID",
"t:OSSkuId",
"c:OSUILocale",
"t:OSVersionFull",
"c:TelemetryLevel",
"r:IsHybridOrXGpu",
"r:PlayFabPartyRelay",
"OSVersion"
],
"WPSHIFT": [
"+MTP"
],
"WU": [
"+WU_OS",
"r:DUInternal"
],
"_WU_AV": [
"r:AvastReg",
"r:AvastBlackScreen",
"v:AvastVer",
"r:AvgReg",
"v:AvgVer",
"r:EsetReg",
"v:EsetVer",
"r:KasperskyReg",
"v:KasperskyVer",
"v:SymantecVer",
"r:TencentReg",
"r:TencentType",
"r:AhnlabInstalledKey",
"r:AvastInstalledKey",
"r:AVGInstalledKey",
"r:AviraInstalledKey",
"r:BullguardInstalledKey",
"r:ESETInstalledKey",
"r:ESTSecurityInstalledKey",
"r:FSecureInstalledKey",
"v:GDataInstalledVer",
"r:K7InstalledKey",
"r:KasperskyInstalledKey",
"r:KingsoftInstalledKey",
"r:LenovoInstalledKey",
"r:MalwarebytesInstalledKey",
"r:McAfeeInstalledKey",
"r:PandaInstalledKey",
"r:QuickhealInstalledKey1",
"r:SophosInstalledKey1",
"r:SymantecInstalledKey",
"r:TencentInstalledKey",
"r:ThreatTrackInstalledKey",
"r:TrendInstalledKey",
"r:WebrootInstalledKey",
"v:K7InstalledVer"
],
"_WU_COMMON": [
"r:CurrentBranch",
"r:DefaultUserRegion",
"DeviceFamily",
"r:DriverPartnerRing",
"r:FlightContent",
"f:FlightingBranchName",
"f:FlightRing",
"HoloLens",
"c:InstallationType",
"c:InstallLanguage",
"f:IsFlightingEnabled",
"r:IsFlightingEnabled",
"c:MobileOperatorCommercialized",
"OEMModel",
"OEMName_Uncleaned",
"r:OemPartnerRing",
"OSArchitecture",
"OSVersion",
"t:OSSkuId",
"c:OSUILocale",
"c:ProcessorManufacturer",
"r:ReleaseType",
"v:SkypeRoomSystem",
"t:SMode",
"c:TelemetryLevel",
"r:WindowsMixedReality",
"v:WuClientVer",
"p:DucPublisherId",
"p:DucDeviceModelId",
"p:DucOemPartnerRing",
"p:DucCustomPackageId",
"p:DesiredOsVersion",
"p:DesiredSystemManifestVersion",
"r:TenantId"
],
"_WU_FB": [
"u:BranchReadinessLevel",
"u:DeferQualityUpdatePeriodInDays",
"u:DeferFeatureUpdatePeriodInDays",
"r:PausedFeatureStatus",
"r:PausedQualityStatus",
"u:TargetReleaseVersion",
"r:QUDeadline",
"r:UpdatePreference",
"r:UpdateOfferedDays",
"u:TargetProductVersion",
"DSS_Enrolled",
"r:NonSecurityUpdate"
],
"WU_OS": [
"+_WU_OS_CORE",
"+_WU_FB"
],
"_WU_OS_CORE": [
"+_WU_COMMON",
"+_WU_AV",
"r:AhnLabKeyboard",
"a:BIOS",
"r:BlockFeatureUpdates",
"c:CommercialId",
"a:DataVer_RS5",
"r:DisconnectedStandby",
"r:DchuNvidiaGrfxExists",
"r:DchuNvidiaGrfxVen",
"r:DchuIntelGrfxExists",
"r:DchuIntelGrfxVen",
"r:DchuAmdGrfxExists",
"r:DchuAmdGrfxVen",
"c:FirmwareVersion",
"a:Free",
"a:GStatus_RS3",
"a:GStatus_RS4",
"a:GStatus_RS5",
"r:HidOverGattReg",
"r:InstallDate",
"c:IsDeviceRetailDemo",
"c:IsPortableOperatingSystem",
"IsVM",
"c:OEMModelBaseBoard",
"r:OobeSeeker",
"r:OSRollbackBuild",
"r:OSRollbackCount",
"r:OSRollbackDate",
"PhoneTargetingName",
"r:PonchAllow",
"r:PonchBlock",
"c:ProcessorIdentifier",
"r:RecoveredFromBuild",
"r:RecoveredOnDate",
"r:Steam",
"v:TobiiVer",
"v:TrendMicroVer",
"r:UninstallActive",
"l:UpdateManagementGroup",
"a:UpgEx_RS3",
"a:UpgEx_RS4",
"a:UpgEx_RS5",
"a:Version_RS5",
"r:DisableWUfBOfferBlock",
"a:UpgEx_19H1",
"a:SdbVer_19H1",
"a:GStatus_19H1",
"a:GStatus_19H1Setup",
"a:TimestampEpochString_19H1Setup",
"a:GenTelRunTimestamp_19H1",
"a:DataExpDateEpoch_19H1",
"u:EnableWUfBUpgradeGates",
"r:GStatusBlockIDs_All",
"TimestampDelta_19H1Subtract19H1Setup",
"DataExpDateDelta_19H1Subtract19H1Setup",
"a:DataExpDateEpoch_19H1Setup",
"a:TimestampEpochString_19H1",
"r:IsContainerMgrInstalled",
"r:IsWDAGEnabled",
"r:MTPTargetingInfo",
"r:EKB19H2InstallCount",
"r:EKB19H2UnInstallCount",
"r:EKB19H2InstallTimeEpoch",
"r:EKB19H2UnInstallTimeEpoch",
"r:BlockEdgeWithChromiumUpdate",
"r:IsWDATPEnabled",
"r:IsAutopilotRegistered",
"r:EdgeWithChromiumInstallVersion",
"r:EdgeWithChromiumInstallFailureCount",
"r:IsEdgeWithChromiumInstalled",
"r:KioskMode",
"c:IsCloudDomainJoined",
"c:IsDomainJoined",
"a:DataExpDateEpoch_20H1",
"a:DataExpDateEpoch_20H1Setup",
"a:GStatus_20H1",
"a:GStatus_20H1Setup",
"a:SdbVer_20H1",
"a:TimestampEpochString_20H1",
"a:TimestampEpochString_20H1Setup",
"DataExpDateDelta_20H1Subtract20H1Setup",
"TimestampDelta_20H1Subtract20H1Setup",
"a:UpgEx_20H1",
"r:AutopilotUpdateInProgress",
"r:UHSEnrolled",
"r:HotPatchEKBInstalled",
"r:LCUVer",
"c:isCommercial",
"c:ActivationChannel",
"c:IsMDMEnrolled",
"c:SCCMClientID",
"r:ChinaTypeApproval_CTA",
"p:DesiredOcpVersion",
"r:UpgradeEligible",
"r:AllowInPlaceUpgrade",
"r:SH_SIPolicyCleanup",
"r:FeatureUpdateDeadline",
"a:DataExpDateEpoch_21H1",
"a:UpgEx_CO21H2",
"a:GStatus_21H1",
"DataExpDateDelta_21H1Subtract20H1Setup",
"TimestampDelta_21H1Subtract20H1Setup",
"a:TimestampEpochString_21H1",
"r:OEMSubModel",
"c:ProcessorModel",
"c:TPMVersion",
"r:StayOnWindows10Timestamp",
"a:GStatus_CO21H2Setup",
"TimestampDelta_CO21H2SubtractCO21H2Setup",
"DataExpDateDelta_CO21H2SubtractCO21H2Setup",
"a:TimestampEpochString_CO21H2Setup",
"a:DataExpDateEpoch_CO21H2Setup",
"a:TimestampEpochString_CO21H2",
"a:DataExpDateEpoch_CO21H2",
"a:GStatus_CO21H2",
"p:SetPolicyDrivenUpdateSourceForFeatureUpdates",
"r:DchuNvidiaGrfxVenTest",
"a:DataExpDateDelta_21H2Subtract20H1Setup",
"a:TimestampEpochString_21H2",
"a:TimestampDelta_21H2Subtract20H1Setup",
"a:GStatus_21H2",
"a:DataExpDateEpoch_21H2",
"r:DSS_Enrolled_DF",
"r:UpgradeAccepted",
"r:SetupDisplayedEulaVersion",
"c:ProcessorCores",
"c:ProcessorClockSpeed",
"c:TotalPhysicalRAM",
"c:SecureBootCapable",
"c:PrimaryDiskTotalCapacity",
"r:BitDefenderInstalledKey",
"r:BroadcomInstalledKey",
"v:CrowdStrikeInstalledVer",
"r:QihooInstalledKey",
"r:Win11UpgradeAcceptedTimestamp",
"a:UpgEx_NI22H2",
"r:OobeNdupAcceptedTarget",
"r:OobeNdupFU22621CommitChoice",
"a:DataExpDateEpoch_NI22H2",
"a:GStatus_NI22H2",
"a:GStatus_NI22H2Setup",
"a:TimestampEpochString_NI22H2Setup",
"TimestampDelta_NI22H2SubtractNI22H2Setup",
"DataExpDateDelta_NI22H2SubtractNI22H2Setup",
"a:DataExpDateEpoch_NI22H2Setup",
"a:TimestampEpochString_NI22H2",
"r:IsVbsEnabled",
"r:FODRetryPending",
"r:UserInPlaceUpgrade",
"v:HidparseDriversVer",
"v:HidparseSystem32Ver",
"v:HidparseSystem32Ver1",
"r:CIOptin",
"r:FlightingOptOutState",
"p:WSUSconfigured_csp",
"a:UpgEx_NI22H2Setup",
"a:UpgEx_CO21H2Setup",
"u:WUfBClientManaged",
"u:UpdateServiceUrl",
"u:AllowOptionalContent",
"FX_FlightIds",
"DL_OSVersion",
"r:ExpPkgs",
"r:UUSVersion"
],
"_WU_PTI": [
"c:FrontFacingCameraResolution",
"c:RearFacingCameraResolution",
"c:TotalPhysicalRAM",
"c:NFCProximity",
"c:Magnetometer",
"c:Gyroscope",
"c:D3DMaxFeatureLevel",
"c:InternalPrimaryDisplayResolutionHorizontal",
"c:InternalPrimaryDisplayResolutionVetical"
],
"WU_STORE": [
"+_WU_COMMON",
"r:AppChannels",
"r:AppRMIDs",
"u:BranchReadinessLevel"
]
},
"Required": [
"App",
"AppVer",
"AttrDataVer"
],
"Aliases": {
"AccountFirstChar": "c:MSA_Accounts",
"ChassisTypeId": "c:ChassisType",
"DataExpDateDelta_19H1Subtract19H1Setup": "a:DataExpDateEpoch_19H1_Subtract_DataExpDateEpoch_19H1Setup",
"DataExpDateDelta_20H1Subtract20H1Setup": "a:DataExpDateEpoch_20H1_Subtract_DataExpDateEpoch_20H1Setup",
"DataExpDateDelta_21H1Subtract20H1Setup": "a:DataExpDateEpoch_21H1_Subtract_DataExpDateEpoch_20H1Setup",
"DataExpDateDelta_CO21H2SubtractCO21H2Setup": "a:DataExpDateEpoch_CO21H2_Subtract_DataExpDateEpoch_CO21H2Setup",
"DataExpDateDelta_NI22H2SubtractNI22H2Setup": "a:DataExpDateEpoch_NI22H2_Subtract_DataExpDateEpoch_NI22H2Setup",
"deviceClass": "DeviceFamily",
"deviceId": "t:LocalDeviceID",
"DeviceId": "t:LocalDeviceID",
"DL_OSVersion2": "DL_OSVersion",
"DSS_Enrolled": "r:DSS_Enrolled_State",
"expId": "c:FlightIds",
"FlightRing": "f:FlightRing",
"FX_FlightIds": "c:FlightIds",
"IsVM": "a:ISVM",
"IX_FlightIds": "c:FlightIds",
"locale": "c:OSUILocale",
"ms": "t:IsMsftOwned",
"MX_FlightIds": "c:FlightIds",
"OEMModel": "c:OEMModelNumber",
"OEMName_Uncleaned": "c:OEMManufacturerName",
"osVer": "t:OSVersionFull",
"OSVersionFull": "t:OSVersionFull",
"PhoneTargetingName": "c:OEMModelName",
"ring": "f:FlightRing",
"sampleId": "t:PopVal",
"sku": "t:OSSkuId",
"TimestampDelta_19H1Subtract19H1Setup": "a:TimestampEpochString_19H1_Subtract_TimestampEpochString_19H1Setup",
"TimestampDelta_20H1Subtract20H1Setup": "a:TimestampEpochString_20H1_Subtract_TimestampEpochString_20H1Setup",
"TimestampDelta_21H1Subtract20H1Setup": "a:TimestampEpochString_21H1_Subtract_TimestampEpochString_20H1Setup",
"TimestampDelta_CO21H2SubtractCO21H2Setup": "a:TimestampEpochString_CO21H2_Subtract_TimestampEpochString_CO21H2Setup",
"TimestampDelta_NI22H2SubtractNI22H2Setup": "a:TimestampEpochString_NI22H2_Subtract_TimestampEpochString_NI22H2Setup"
},
"Fallback": {
"r:AhnlabInstalledKey": "r:AhnlabInstalledWowKey",
"r:AvastBlackScreen": "r:AvgBlackScreen",
"r:AvastInstalledKey": "r:AvastInstalledWowKey",
"r:AVGInstalledKey": "r:AVGInstalledWowKey",
"r:AviraInstalledKey": "r:AviraInstalledWowKey",
"a:BIOS": "a:Bios_RS3",
"a:Bios_RS3": "a:Bios_RS4",
"a:Bios_RS4": "a:Bios_RS5",
"r:BlockFeatureUpdates": "r:BlockWUUpgrades",
"r:BlockWUUpgrades": "r:BlockWUUpgradesWow",
"r:BuildFID": "r:BuildFID_WCOS",
"r:BuildFID_WCOS": "r:BuildFID_WCOS2",
"r:BullguardInstalledKey": "v:BullguardInstalledVer",
"a:DataExpDateEpoch_CO21H2": "r:DataExpDateEpoch_CO21H2RegFb",
"r:DchuAmdGrfxVen": "r:DchuAmdGrfxVen2",
"r:DchuAmdGrfxVen2": "r:DchuAmdGrfxDeletePending",
"r:DchuIntelGrfxDeletePending": "r:DchuIntelGrfxNExists",
"r:DchuIntelGrfxVen": "r:DchuIntelGrfxVen2",
"r:DchuIntelGrfxVen2": "r:DchuIntelGrfxDeletePending",
"r:DchuNvidiaGrfxVen": "r:DchuNvidiaGrfxVen2",
"r:DchuNvidiaGrfxVen2": "r:DchuNvidiaGrfxDeletePending",
"DL_OSVersion": "OSVersion",
"r:DriverPartnerRing": "r:OSDataDriverPartnerRing",
"r:EdgeWithChromiumInstallFailureCount": "r:EdgeWithChromiumInstallFailureCountWow",
"r:EdgeWithChromiumInstallVersion": "r:EdgeWithChromiumInstallVersionWow",
"u:EnableWUfBUpgradeGates": "r:EnableWUfBUpgradeGatesRS5",
"r:ESETInstalledKey": "r:ESETInstalledWowKey",
"r:ESTSecurityInstalledKey": "r:ESTSecurityInstalledWowKey",
"f:FlightingBranchName": "c:FlightingBranchName",
"a:Free": "a:Free_RS3",
"a:Free_RS3": "a:Free_RS4",
"a:Free_RS4": "a:Free_RS5",
"r:FSecureInstalledKey": "r:FSecureInstalledWowKey",
"a:GatedFeature_NI22H2": "r:Migrated_GatedFeature_NI22H2Setup",
"a:GStatus_CO21H2": "r:GStatus_CO21H2RegFb",
"HoloLens": "r:WindowsMixedReality",
"r:IsEdgeWithChromiumInstalled": "r:IsEdgeWithChromiumInstalledWow",
"a:ISVM": "a:ISVM_RS3",
"a:ISVM_RS3": "a:ISVM_RS4",
"a:ISVM_RS4": "a:ISVM_RS5",
"r:K7InstalledKey": "r:K7InstalledWowKey",
"r:KasperskyInstalledKey": "r:KasperskyInstalledWowKey",
"r:KingsoftInstalledKey": "r:KingsoftInstalledWowKey",
"r:LenovoInstalledKey": "r:LenovoInstalledWowKey",
"r:MalwarebytesInstalledKey": "r:MalwarebytesInstalledWowKey",
"r:McAfeeInstalledKey": "r:McAfeeInstalledWowKey",
"r:Migrated_GatedFeature_NI22H2Setup": "r:Migrated_GatedFeature_NI22H2",
"c:OEMModelBaseBoard": "r:OEMModelBaseBoard",
"r:PandaInstalledKey": "r:PandaInstalledWowKey",
"r:PandaInstalledWowKey": "v:PandaInstalledVer",
"r:PonchAllow": "r:PonchAllowKey",
"r:PonchAllowKey": "r:PonchAllowWow",
"r:PonchAllowWow": "r:PonchAllowWowKey",
"r:QUDeadline": "r:QUDeadlineMDM",
"r:QuickhealInstalledKey1": "r:QuickhealInstalledKey2",
"r:SophosInstalledKey1": "r:SophosInstalledKey2",
"r:SymantecInstalledKey": "r:SymantecInstalledWowKey",
"v:SymantecVer": "v:SymantecVer64",
"u:TargetReleaseVersion": "r:TargetReleaseVersionGP",
"r:TargetReleaseVersionGP": "r:TargetReleaseVersionMDM",
"r:TencentInstalledKey": "r:TencentInstalledWowKey",
"r:ThreatTrackInstalledKey": "r:ThreatTrackInstalledWowKey",
"a:TimestampEpochString_CO21H2": "r:TimestampEpochString_CO21H2RegFb",
"v:TobiiVer": "v:TobiiVerx86",
"v:TobiiVerx86": "v:TobiiVer1x86",
"r:TrendInstalledKey": "r:TrendInstalledWowKey",
"r:TrendInstalledWowKey": "v:TrendInstalledVer",
"a:UpgEx_CO21H2": "r:UpgEx_CO21H2RegFb",
"r:UpgradeAccepted": "r:Win11UpgradeAcceptedWUSeeker",
"r:WebExperience": "r:WebExperienceWow",
"r:WebrootInstalledKey": "r:WebrootInstalledWowKey"
},
"Transform": {
"AccountFirstChar": {
"SubLength": 1
},
"DeviceInfoGatherSuccessful": {
"Ignore": [
"0"
]
},
"FlightingOptOutState": {
"Ignore": [
"0"
]
},
"FX_FlightIds": {
"Regex": "FX:[^,]*",
"RegexDelimiter": ","
},
"IppPrinterBadDefaultPdc": {
"Contains": "V4_No_ChangeID_Present"
},
"IsDomainJoined": {
"Ignore": [
"0"
]
},
"IsHybridOrXGpu": {
"Ignore": [
"0"
]
},
"IsMsftOwned": {
"Ignore": [
"0"
]
},
"IsPortableOperatingSystem": {
"Ignore": [
"0"
]
},
"IsTestLab": {
"Ignore": [
"0"
]
},
"IsVM": {
"Ignore": [
"0"
]
},
"IX_FlightIds": {
"Regex": "IX:[^,]*",
"RegexDelimiter": ","
},
"MX_FlightIds": {
"Regex": "ME:[^,]*|MD:[^,]*",
"RegexDelimiter": ","
},
"OEMModel": {
"SubLength": 100
},
"OEMName_Uncleaned": {
"SubLength": 100
},
"PausedFeatureStatus": {
"Ignore": [
"0"
]
},
"PausedQualityStatus": {
"Ignore": [
"0"
]
},
"PSAKyoceraInstalledName": {
"Contains": "A97ECD55.KYOCERAPrintCenter"
},
"PSATATriumphInstalledName": {
"Contains": "TATriumph-AdlerGmbH.TAUTAXPrintCenter"
},
"SMode": {
"Ignore": [
"0"
]
},
"StayOnWindows10Timestamp": {
"SubLength": -3,
"Ignore": [
""
]
},
"XeroxPsaInstalledName": {
"Contains": "XeroxCorp.PrintExperience"
}
},
"Registry": {
"AADBrokerPluginNotRegistered": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsMitigationData\\AADBrokerPluginNotRegistered",
"IfExists": true
},
"ActiveHoursEnd": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UX\\Settings",
"ValueName": "ActiveHoursEnd",
"RegValueType": "REG_DWORD"
},
"ActiveHoursStart": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UX\\Settings",
"ValueName": "ActiveHoursStart",
"RegValueType": "REG_DWORD"
},
"AhnlabInstalledKey": {
"FullPath": "SOFTWARE\\Ahnlab",
"IfExists": true
},
"AhnlabInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Ahnlab",
"IfExists": true
},
"AhnLabKeyboard": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\Mkd2kfNt",
"ValueName": "NbTpMsExist"
},
"AllowInPlaceUpgrade": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\\\Windows\\\\CurrentVersion",
"ValueName": "AllowInPlaceUpgrade",
"RegValueType": "REG_DWORD"
},
"AllowUpgradesWithUnsupportedTPMOrCPU": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\MoSetup",
"ValueName": "AllowUpgradesWithUnsupportedTPMOrCPU",
"RegValueType": "REG_DWORD"
},
"AndroidUserOptinValue": {
"HKey": "HKEY_CURRENT_USER",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Mobility\\",
"ValueName": "OptedIn",
"RegValueType": "REG_DWORD"
},
"AppChannels": {
"FullPath": "SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*",
"ValueName": "ChannelId",
"EncodingType": "Json"
},
"AppRMIDs": {
"FullPath": "SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*",
"ValueName": "ReleaseManagementId",
"EncodingType": "Json"
},
"AutopilotUpdateInProgress": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Provisioning\\AutopilotSettings\\VolatileAutopilotUpdate",
"ValueName": "AutopilotUpdateInProgress",
"RegValueType": "REG_DWORD"
},
"AvastBlackScreen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters",
"ValueName": "Win10-1803"
},
"AvastInstalledKey": {
"FullPath": "SOFTWARE\\Avast Software\\Avast",
"IfExists": true
},
"AvastInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Avast Software\\Avast",
"IfExists": true
},
"AvastReg": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters",
"ValueName": "QualityCompat"
},
"AvgBlackScreen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters",
"ValueName": "Win10-1803"
},
"AVGInstalledKey": {
"FullPath": "SOFTWARE\\AVG\\Antivirus",
"IfExists": true
},
"AVGInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\AVG\\Antivirus",
"IfExists": true
},
"AvgReg": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters",
"ValueName": "QualityCompat"
},
"AviraInstalledKey": {
"FullPath": "SOFTWARE\\X-AVCSD\\Workstation\\Antivirus",
"IfExists": true
},
"AviraInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\X-AVCSD\\Workstation\\Antivirus",
"IfExists": true
},
"BitDefenderInstalledKey": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}",
"IfExists": true
},
"BlockEdgeWithChromiumUpdate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
"ValueName": "DoNotUpdateToEdgeWithChromium",
"RegValueType": "REG_DWORD"
},
"BlockFeatureUpdates": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Windows Update\\OSUpgrade",
"ValueName": "BlockFeatureUpdates",
"RegValueType": "REG_DWORD"
},
"BlockWUUpgrades": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows10Upgrader\\Volatile",
"ValueName": "BlockWUUpgrades",
"RegValueType": "REG_DWORD"
},
"BlockWUUpgradesWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows10Upgrader\\Volatile",
"ValueName": "BlockWUUpgrades",
"RegValueType": "REG_DWORD"
},
"BroadcomInstalledKey": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Symantec\\Symantec Endpoint Protection",
"IfExists": true
},
"BuildFID": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
"ValueName": "EsdFlightData",
"RegValueType": "REG_SZ"
},
"BuildFID_WCOS": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "OSDATA\\Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
"ValueName": "EsdFlightData",
"RegValueType": "REG_SZ"
},
"BuildFID_WCOS2": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "OSDATA\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
"ValueName": "EsdFlightData",
"RegValueType": "REG_SZ"
},
"BullguardInstalledKey": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\BullGuard",
"IfExists": true
},
"ChinaTypeApproval_CTA": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeviceAccess",
"ValueName": "ActivePolicyCode",
"RegValueType": "REG_SZ"
},
"CIOptin": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UX\\Settings",
"ValueName": "IsContinuousInnovationOptedIn",
"RegValueType": "REG_DWORD"
},
"CloudFilesFilter": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\CldFlt\\Instances\\",
"ValueName": "DefaultInstance",
"RegValueType": "REG_SZ"
},
"CurrentBranch": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"ValueName": "BuildBranch",
"RegValueType": "REG_SZ"
},
"DataExpDateEpoch_CO21H2RegFb": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
"ValueName": "DataExpDateEpoch",
"RegValueType": "REG_SZ"
},
"DaysSince19H1FUOffer": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\rempl\\irplugin",
"ValueName": "DaysSinceLastOffer",
"RegValueType": "REG_QWORD"
},
"DchuAmdGrfxDeletePending": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
"ValueName": "DriverDelete"
},
"DchuAmdGrfxExists": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
"IfExists": true
},
"DchuAmdGrfxVen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
"ValueName": "DCHUVen"
},
"DchuAmdGrfxVen2": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag\\Parameters",
"ValueName": "DCHUVen"
},
"DchuIntelGrfxDeletePending": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
"ValueName": "DriverDelete"
},
"DchuIntelGrfxExists": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
"IfExists": true
},
"DchuIntelGrfxNExists": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfxn",
"IfExists": true
},
"DchuIntelGrfxVen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
"ValueName": "DCHUVen"
},
"DchuIntelGrfxVen2": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx\\Parameters",
"ValueName": "DCHUVen"
},
"DchuNvidiaGrfxDeletePending": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
"ValueName": "DriverDelete"
},
"DchuNvidiaGrfxExists": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
"IfExists": true
},
"DchuNvidiaGrfxVen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
"ValueName": "DCHUVen"
},
"DchuNvidiaGrfxVen2": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm\\Parameters",
"ValueName": "DCHUVen"
},
"DchuNvidiaGrfxVenTest": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
"ValueName": "DCHUVenTest",
"RegValueType": "REG_DWORD"
},
"DefaultUserRegion": {
"HKey": "HKEY_USERS",
"FullPath": ".DEFAULT\\Control Panel\\International\\Geo",
"ValueName": "Nation",
"RegValueType": "REG_SZ"
},
"DeviceInfoGatherSuccessful": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing",
"ValueName": "DeviceInfoGatherSuccessful",
"RegValueType": "REG_DWORD"
},
"DisableWUfBOfferBlock": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UpdatePolicy\\Settings",
"ValueName": "DisableWUfBOfferBlock",
"RegValueType": "REG_DWORD"
},
"DisconnectedStandby": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Control\\Power",
"ValueName": "EnforceDisconnectedStandby",
"RegValueType": "REG_DWORD"
},
"DotNetMissingComponentsTroubleshooterSuccess": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\.NETFramework",
"ValueName": "DotNetMissingComponentsTroubleshooterSuccess",
"RegValueType": "REG_DWORD"
},
"DriverPartnerRing": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\DriverFlighting\\Partner",
"ValueName": "TargetRing",
"RegValueType": "REG_SZ"
},
"DSS_Enrolled_DF": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows\\\\Windows Update",
"ValueName": "WUfBDF",
"RegValueType": "REG_DWORD"
},
"DSS_Enrolled_State": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WufbDS",
"ValueName": "enrollmenttype",
"RegValueType": "REG_SZ"
},
"DUInternal": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\MoSetup",
"ValueName": "DynamicUpdateInternalTest",
"RegValueType": "REG_DWORD"
},
"EdgeWithChromiumInstallFailureCount": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
"ValueName": "WindowsUpdateAttempts"
},
"EdgeWithChromiumInstallFailureCountWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate",
"ValueName": "WindowsUpdateAttempts"
},
"EdgeWithChromiumInstallVersion": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
"ValueName": "WindowsUpdateVersion"
},
"EdgeWithChromiumInstallVersionWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate",
"ValueName": "WindowsUpdateVersion"
},
"EKB19H2InstallCount": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\2",
"ValueName": "Count"
},
"EKB19H2InstallTimeEpoch": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\2",
"ValueName": "Timestamp"
},
"EKB19H2UnInstallCount": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\0",
"ValueName": "Count"
},
"EKB19H2UnInstallTimeEpoch": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\0",
"ValueName": "Timestamp"
},
"EnableWUfBUpgradeGatesRS5": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\Windows NT\\CurrentVersion\\502505fe-762c-4e80-911e-0c3fa4c63fb0",
"ValueName": "DataRequireGatedScanForFeatureUpdates",
"RegValueType": "REG_DWORD"
},
"ESETInstalledKey": {
"FullPath": "SOFTWARE\\ESET\\ESET Security",
"IfExists": true
},
"ESETInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\ESET\\ESET Security",
"IfExists": true
},
"EsetReg": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\ehdrv\\Parameters",
"ValueName": "WindowsCompatibilityLevel",
"RegValueType": "REG_DWORD"
},
"ESTSecurityInstalledKey": {
"FullPath": "SOFTWARE\\ESTsoft",
"IfExists": true
},
"ESTSecurityInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\ESTsoft",
"IfExists": true
},
"ExpPkgs": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfhost\\Applicability",
"ValueName": "ExpPkgs",
"RegValueType": "REG_SZ"
},
"ExpStates": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\FIDs",
"ValueName": "PreviewConfigs",
"RegValueType": "REG_SZ"
},
"FeatureUpdateDeadline": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Policies\\Microsoft\\Windows\\Windows Update\\",
"ValueName": "ConfigureDeadlineForFeatureUpdates",
"RegValueType": "REG_DWORD"
},
"FlightContent": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability",
"ValueName": "ContentType",
"RegValueType": "REG_SZ"
},
"FlightingOptOutState": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\UI\\Selection",
"ValueName": "OptOutState",
"RegValueType": "REG_DWORD"
},
"FODRetryPending": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing",
"ValueName": "FODRetry",
"RegValueType": "REG_DWORD"
},
"FSecureInstalledKey": {
"FullPath": "SOFTWARE\\F-Secure\\OneClient",
"IfExists": true
},
"FSecureInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\F-Secure\\OneClient",
"IfExists": true
},
"FSRing": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfhost\\Applicability",
"ValueName": "FSRing",
"RegValueType": "REG_SZ"
},
"GamingServicesInstalledKey": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\GamingServices",
"IfExists": true
},
"GridZoneName": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\COAWOS",
"ValueName": "GridZoneName",
"RegValueType": "REG_SZ",
"PersistedSourceId": "COAWOSRoot"
},
"GStatus_CO21H2RegFb": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
"ValueName": "GStatus",
"RegValueType": "REG_SZ"
},
"GStatusBlockIDs_All": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Appraiser\\GWX",
"ValueName": "SdbEntries",
"RegValueType": "REG_SZ"
},
"HidOverGattReg": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemRoot%/System32/drivers/UMDF/Microsoft.Bluetooth.Profiles.HidOverGatt.dll",
"ValueName": "Source",
"RegValueType": "REG_SZ"
},
"HotPatchEKBInstalled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo\\DynamicInstalled\\Hotpatch.amd64",
"IfExists": true
},
"IIS_ASPNET": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\IIS-ASPNET",
"ValueName": "Selection",
"RegValueType": "REG_DWORD"
},
"IIS_NetFxExtensibility": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\IIS-NetFxExtensibility",
"ValueName": "Selection",
"RegValueType": "REG_DWORD"
},
"InstallDate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"ValueName": "InstallDate",
"RegValueType": "REG_DWORD"
},
"IntelPlatformId": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0",
"ValueName": "Platform Specific Field 1",
"RegValueType": "REG_DWORD"
},
"IppPrinterBadDefaultPdc": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print\\Printers\\*\\PrinterDriverData",
"ValueName": "V4_PDC_ChangeID",
"RegValueType": "REG_SZ",
"EncodingType": "Json"
},
"IsAutopilotRegistered": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Provisioning\\AutopilotPolicyCache",
"ValueName": "ProfileAvailable",
"RegValueType": "REG_DWORD"
},
"IsFlightingEnabled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability",
"ValueName": "IsBuildFlightingEnabled",
"RegValueType": "REG_DWORD"
},
"IsCHCapableBuild": {
"HKey": "HKEY_CLASSES_ROOT",
"FullPath": "CLSID\\{2C57C51B-FD43-4E74-B077-551AE6228AD6}",
"IfExists": true
},
"IsCldFltSyncRoots": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager\\*",
"IfExists": true
},
"IsConfigMgrEnabled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\ClientState",
"ValueName": "ConfigMgrEnabled",
"RegValueType": "REG_DWORD"
},
"IsContainerMgrInstalled": {
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Containers\\CmService",
"IfExists": true
},
"IsEdgeWithChromiumInstalled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
"IfExists": true
},
"IsEdgeWithChromiumInstalledWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
"IfExists": true
},
"IsFeedbackHubSelfhost": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack\\Partners\\IsFeedbackHubSelfhost",
"IfExists": true
},
"IsHybridOrXGpu": {
"FullPath": "SOFTWARE\\Microsoft\\DirectX",
"ValueName": "HybridDeviceApplicableForDxDbGpuPreferences"
},
"IsProcessorMode": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack\\RegionalSettings",
"ValueName": "IsProcessorMode",
"RegValueType": "REG_QWORD"
},
"IsSpotlightEnabledInOEMTheme": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes",
"ValueName": "WindowsSpotlight",
"RegValueType": "REG_DWORD"
},
"IsSpotlightThemeEnabledByOEM": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DesktopOptimization",
"ValueName": "WindowsSpotlightTheme",
"RegValueType": "REG_DWORD"
},
"IsVbsEnabled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\ControlSet001\\Control\\DeviceGuard",
"ValueName": "EnableVirtualizationBasedSecurity",
"RegValueType": "REG_DWORD"
},
"IsWDAGEnabled": {
"FullPath": "SYSTEM\\ControlSet001\\Services\\hvsics",
"IfExists": true
},
"IsWDATPEnabled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Advanced Threat Protection\\Status",
"ValueName": "OnboardingState"
},
"K7InstalledKey": {
"FullPath": "SOFTWARE\\K7 Computing",
"IfExists": true
},
"K7InstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\K7 Computing",
"IfExists": true
},
"KasperskyInstalledKey": {
"FullPath": "SOFTWARE\\KasperskyLab",
"IfExists": true
},
"KasperskyInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\KasperskyLab",
"IfExists": true
},
"KasperskyReg": {
"FullPath": "System\\CurrentControlSet\\Services\\klhk\\Parameters",
"ValueName": "UseVtHardware"
},
"KingsoftInstalledKey": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet Security",
"IfExists": true
},
"KingsoftInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet Security",
"IfExists": true
},
"KioskMode": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\AssignedAccessCsp\\AutoLogonAccount",
"ValueName": "ConfigSource",
"RegValueType": "REG_DWORD"
},
"KnownFoldersBackupStatus": {
"HKey": "HKEY_CURRENT_USER",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StorageProviderStatus",
"ValueName": "OneDrive",
"RegValueType": "REG_SZ"
},
"LCUVer": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"ValueName": "LCUVer"
},
"LenovoInstalledKey": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1",
"IfExists": true
},
"LenovoInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1",
"IfExists": true
},
"MalwarebytesInstalledKey": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1",
"IfExists": true
},
"MalwarebytesInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1",
"IfExists": true
},
"McAfeeInstalledKey": {
"FullPath": "SOFTWARE\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams",
"IfExists": true
},
"McAfeeInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams",
"IfExists": true
},
"Migrated_GatedFeature_NI22H2": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\MigratedMarkers\\TargetVersionUpgradeExperienceIndicators\\NI22H2",
"ValueName": "GatedFeatureSingleString",
"RegValueType": "REG_SZ"
},
"Migrated_GatedFeature_NI22H2Setup": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\MigratedMarkers\\TargetVersionUpgradeExperienceIndicators\\NI22H2Setup",
"ValueName": "GatedFeatureSingleString",
"RegValueType": "REG_SZ"
},
"MTPTargetingInfo": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Platform\\MTPTargetingInfo",
"ValueName": "TargetRing"
},
"NonSecurityUpdate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Update",
"ValueName": "NonSecurityRelease",
"RegValueType": "REG_DWORD"
},
"NPUEnabledDevice": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Media Foundation\\FrameServer\\WindowsCameraEffects",
"ValueName": "EffectsCameraAvailable",
"RegValueType": "REG_DWORD"
},
"OEMMode": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Office\\16.0\\Common\\OEM",
"ValueName": "OOBEMode",
"RegValueType": "REG_SZ"
},
"OEMModelBaseBoard": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "HARDWARE\\DESCRIPTION\\System\\BIOS",
"ValueName": "BaseBoardProduct",
"RegValueType": "REG_SZ"
},
"OemPartnerRing": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Platform\\DeviceTargetingInfo",
"ValueName": "TargetRing",
"RegValueType": "REG_SZ"
},
"OEMSubModel": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "HARDWARE\\DESCRIPTION\\System\\BIOS",
"ValueName": "SystemSKU",
"RegValueType": "REG_SZ"
},
"OobeNdupAcceptedTarget": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OOBE\\NDUP\\Updates",
"ValueName": "Target",
"RegValueType": "REG_SZ"
},
"OobeNdupFU22621CommitChoice": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\NDUP\\Updates\\FeatureUpdate_22621",
"ValueName": "CommitChoice",
"RegValueType": "REG_DWORD"
},
"OobeSeeker": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates",
"ValueName": "OOBEUpdateStarted"
},
"OSDataDriverPartnerRing": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "OSData\\SOFTWARE\\Microsoft\\DriverFlighting\\Partner",
"ValueName": "TargetRing",
"RegValueType": "REG_SZ"
},
"OSRollbackBuild": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Windows Update\\OSUpgrade\\Rollback",
"ValueName": "BuildString",
"RegValueType": "REG_SZ"
},
"OSRollbackCount": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Windows Update\\OSUpgrade\\Rollback",
"ValueName": "Count",
"RegValueType": "REG_DWORD"
},
"OSRollbackDate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Windows Update\\OSUpgrade\\Rollback",
"ValueName": "DateStamp",
"RegValueType": "REG_DWORD"
},
"PandaInstalledKey": {
"FullPath": "SOFTWARE\\Panda Software\\Setup",
"IfExists": true
},
"PandaInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Panda Software\\Setup",
"IfExists": true
},
"PausedFeatureStatus": {
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UpdatePolicy\\Settings",
"ValueName": "PausedFeatureStatus"
},
"PausedQualityStatus": {
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UpdatePolicy\\Settings",
"ValueName": "PausedQualityStatus"
},
"PlayFabPartyRelay": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\PlayFabPartyRelay",
"IfExists": true
},
"PonchAllow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
"ValueName": "cadca5fe-87d3-4b96-b7fb-a231484277cc",
"RegValueType": "REG_DWORD"
},
"PonchAllowKey": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc",
"IfExists": true
},
"PonchAllowWow": {
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
"ValueName": "cadca5fe-87d3-4b96-b7fb-a231484277cc"
},
"PonchAllowWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc",
"IfExists": true
},
"PonchBlock": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
"ValueName": "65d75b03-6f4d-46e9-b870-517731e06cf9",
"RegValueType": "REG_DWORD"
},
"PreviewBuildsManagerEnabled": {
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfhost\\Manager",
"ValueName": "ArePreviewBuildsAllowed"
},
"PSAKyoceraMissingDEH": {
"HKey": "HKEY_CLASSES_ROOT",
"FullPath": "Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\A97ECD55.KYOCERAPrintCenter_4.1.11108.0_x64__kqmhh0ktdt7dg",
"IfExists": true
},
"PSATATriumphMissingDEH": {
"HKey": "HKEY_CLASSES_ROOT",
"FullPath": "Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\TATriumph-AdlerGmbH.TAUTAXPrintCenter_4.1.11108.0_x64__h5e8vsnevp54y",
"IfExists": true
},
"PSAXeroxMissingDEH": {
"HKey": "HKEY_CLASSES_ROOT",
"FullPath": "Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\XeroxCorp.PrintExperience_8.29.32.0_x64__f7egpvdyrs2a8",
"IfExists": true
},
"QihooInstalledKey": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\360TotalSecurity",
"IfExists": true
},
"QUDeadline": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Update",
"ValueName": "ConfigureDeadlineForQualityUpdates",
"RegValueType": "REG_DWORD"
},
"QUDeadlineMDM": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update",
"ValueName": "ConfigureDeadlineForQualityUpdates",
"RegValueType": "REG_DWORD"
},
"QuickhealInstalledKey1": {
"FullPath": "SYSTEM\\CurrentControlSet\\Servicescatflt",
"IfExists": true
},
"QuickhealInstalledKey2": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\scanner.exe",
"IfExists": true
},
"RecoveredFromBuild": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom",
"ValueName": "LastBuild",
"RegValueType": "REG_DWORD"
},
"RecoveredOnDate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom",
"ValueName": "DateStamp",
"RegValueType": "REG_DWORD"
},
"ReleaseType": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo",
"ValueName": "ReleaseType",
"RegValueType": "REG_SZ"
},
"SetupDisplayedEulaVersion": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OOBE\\",
"ValueName": "SetupDisplayedEulaVersion",
"RegValueType": "REG_DWORD"
},
"SH_SIPolicyCleanup": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\PPI\\Settings",
"ValueName": "SIPolicyCleanup",
"RegValueType": "REG_DWORD"
},
"SmartActiveHoursState": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UX\\Settings",
"ValueName": "SmartActiveHoursState",
"RegValueType": "REG_DWORD"
},
"SophosInstalledKey1": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\SAVService",
"IfExists": true
},
"SophosInstalledKey2": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\hmpalertsvc",
"IfExists": true
},
"StayOnWindows10Timestamp": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UX\\Settings",
"ValueName": "SvOfferDeclined",
"RegValueType": "REG_QWORD"
},
"Steam": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Classes\\Steam",
"ValueName": "",
"RegValueType": "REG_SZ"
},
"StrictHiveSecurityReg": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\*",
"ValueName": "StrictHiveSecuritySet"
},
"SymantecInstalledKey": {
"FullPath": "SOFTWARE\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}",
"IfExists": true
},
"SymantecInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}",
"IfExists": true
},
"TargetReleaseVersionGP": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Update",
"ValueName": "TargetReleaseVersionInfo",
"RegValueType": "REG_SZ"
},
"TargetReleaseVersionMDM": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update",
"ValueName": "TargetReleaseVersion",
"RegValueType": "REG_SZ"
},
"TenantId": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Control\\CloudDomainJoin\\JoinInfo\\*",
"ValueName": "TenantId"
},
"TencentInstalledKey": {
"FullPath": "SOFTWARE\\Tencent\\QQPCMgr",
"IfExists": true
},
"TencentInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Tencent\\QQPCMgr",
"IfExists": true
},
"TencentReg": {
"FullPath": "SYSTEM\\CurrentControlSet\\services\\TesSafe",
"ValueName": "LoadStartTime"
},
"TencentType": {
"FullPath": "SYSTEM\\CurrentControlSet\\services\\TesSafe",
"ValueName": "Type"
},
"TestRN": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Wosc\\Client\\Persistent\\ClientState\\FCON",
"ValueName": "TestRing"
},
"ThreatTrackInstalledKey": {
"FullPath": "SOFTWARE\\SBAMSvc",
"IfExists": true
},
"ThreatTrackInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\SBAMSvc",
"IfExists": true
},
"TimestampEpochString_CO21H2RegFb": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
"ValueName": "TimestampEpochString",
"RegValueType": "REG_SZ"
},
"TrendInstalledKey": {
"FullPath": "SOFTWARE\\TrendMicro",
"IfExists": true
},
"TrendInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\TrendMicro",
"IfExists": true
},
"UHSEnrolled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"ValueName": "UHSEnrolled",
"RegValueType": "REG_SZ",
"IfExists": true
},
"UninstallActive": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "System\\Setup",
"ValueName": "UninstallActive",
"RegValueType": "REG_DWORD"
},
"UpdateOfferedDays": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WaaSAssessment\\Cache\\",
"ValueName": "UpToDateDays",
"RegValueType": "REG_DWORD"
},
"UpdatePreference": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Update",
"ValueName": "UpdatePreference",
"RegValueType": "REG_DWORD"
},
"UpgEx_CO21H2RegFb": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
"ValueName": "UpgEx",
"RegValueType": "REG_SZ"
},
"UpgradeAccepted": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates\\",
"ValueName": "UpgradeAccepted",
"RegValueType": "REG_DWORD",
"IfExists": true
},
"UpgradeEligible": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion",
"ValueName": "UpgradeEligible",
"RegValueType": "REG_DWORD"
},
"UserInPlaceUpgrade": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\\\Windows\\\\CurrentVersion",
"ValueName": "UserInPlaceUpgrade",
"RegValueType": "REG_DWORD"
},
"UsoScanMitigation": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Windows Update\\Orchestrator\\Mitigation\\",
"ValueName": "UsoScanNotStartingMitigationCompleted",
"RegValueType": "REG_DWORD",
"IfExists": true
},
"UtcDataHandlingPolicies": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack",
"ValueName": "UtcDataHandlingPolicies",
"RegValueType": "REG_QWORD"
},
"UUSVersion": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Windows Update\\Orchestrator",
"ValueName": "LastRunVersion",
"RegValueType": "REG_SZ"
},
"WAS_NetFxEnvironment": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\WAS-NetFxEnvironment",
"ValueName": "Selection",
"RegValueType": "REG_DWORD"
},
"WCFHTTPActivationNotificationState": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Component Based Servicing\\\\Notifications\\\\OptionalFeatures\\\\WCF-HTTP-Activation",
"ValueName": "Selection",
"RegValueType": "REG_DWORD"
},
"WCFNonHTTPActivationNotificationState": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Component Based Servicing\\\\Notifications\\\\OptionalFeatures\\\\WCF-NonHTTP-Activation",
"ValueName": "Selection",
"RegValueType": "REG_DWORD"
},
"WebExperience": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
"IfExists": true
},
"WebExperienceWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
"IfExists": true
},
"WebrootInstalledKey": {
"FullPath": "SOFTWARE\\WRData",
"IfExists": true
},
"WebrootInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\WRData",
"IfExists": true
},
"Win11UpgradeAcceptedTimestamp": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UX\\Settings",
"ValueName": "SvOfferAccepted",
"RegValueType": "REG_QWORD"
},
"Win11UpgradeAcceptedWUSeeker": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UX\\Settings",
"ValueName": "SvOfferAccepted",
"RegValueType": "REG_QWORD",
"IfExists": true
},
"WindowsMixedReality": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\WUDF\\Services\\HoloLensSensors",
"ValueName": "WdfMajorVersion",
"RegValueType": "REG_DWORD"
},
"WSX_Runtime": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
"ValueName": "ExperienceExtensions",
"RegValueType": "REG_SZ"
},
"WSX_Windows_AppSample": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
"ValueName": "Windows.AppSample",
"RegValueType": "REG_SZ"
},
"WSX_Windows_Settings_Account": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
"ValueName": "Windows.Settings.Account",
"RegValueType": "REG_SZ"
},
"WSX_Windows_Shell_Start": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
"ValueName": "Windows.Shell.StartMenu",
"RegValueType": "REG_SZ"
}
},
"FileInfo": {
"AvastVer": {
"Path": "\\system32\\Drivers\\aswVmm.sys",
"FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
},
"AvgVer": {
"Path": "\\system32\\Drivers\\avgVmm.sys",
"FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
},
"BullguardInstalledVer": {
"Path": "\\BullGuard Ltd\\BullGuard\\BullGuard.exe",
"IfExists": true,
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"CortanaAppVer": {
"Path": "\\WindowsApps\\Microsoft.549981C3F5F10_8wekyb3d8bbwe\\CortanaApp.View.exe",
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"CortanaAppVerTest": {
"Path": "\\WindowsApps\\3242f7d9-db60-4380-a379-4205ea768bfc_1.0.0.0_x64__zs4v8rx04ex0m\\UndockingTestApp.exe",
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"CrowdStrikeInstalledVer": {
"Path": "drivers\\CrowdStrike\\CSAgent.sys",
"IfExists": true,
"FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
},
"EsetVer": {
"Path": "\\drivers\\ehdrv.sys",
"FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
},
"FileExistsMscoreeDll": {
"Path": "%windir%\\\\system32\\\\mscoree.dll",
"IfExists": true
},
"GDataInstalledVer": {
"Path": "\\drivers\\MiniIcpt.sys",
"IfExists": true,
"FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
},
"HidparseDriversVer": {
"Path": "%windir%\\system32\\drivers\\hidparse.sys"
},
"HidparseSystem32Ver": {
"Path": "%windir%\\system32"
},
"HidparseSystem32Ver1": {
"Path": "%windir%\\system32\\hidparse.sys"
},
"IsNotepadExePresent": {
"Path": "%windir%\\system32\\notepad.exe",
"IfExists": true
},
"K7InstalledVer": {
"Path": "\\K7 Computing",
"IfExists": true,
"FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
},
"KasperskyVer": {
"Path": "\\system32\\Drivers\\klhk.sys",
"FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
},
"OnnxruntimeVer": {
"Path": "%windir%\\\\system32\\\\onnxruntime.dll"
},
"PandaInstalledVer": {
"Path": "\\Panda Security",
"IfExists": true,
"FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
},
"SkypeRoomSystem": {
"Path": "%systemdrive%\\Recovery\\OEM\\$oem$\\$1\\Rigel\\x64\\Scripts\\Provisioning\\AutoUnattend.xml",
"IfExists": true
},
"SymantecVer": {
"Path": "\\Symantec\\Shared\\EENGINE\\eeCtrl.sys",
"FolderGuid": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
},
"SymantecVer64": {
"Path": "\\Symantec\\Shared\\EENGINE\\eeCtrl64.sys",
"FolderGuid": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
},
"TobiiVer": {
"Path": "\\Tobii\\Tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"TobiiVer1x86": {
"Path": "\\Tobii\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
"FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
},
"TobiiVerx86": {
"Path": "\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
"FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
},
"TrendInstalledVer": {
"Path": "\\Trend Micro\\Titanium\\plugin\\plugVizor.dll",
"IfExists": true,
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"TrendMicroVer": {
"Path": "\\drivers\\TMUMH.sys",
"FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
},
"WuClientVer": {
"Path": "\\system32\\wuaueng.dll",
"FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
},
"XamlCbsActivationStore": {
"Path": "%ProgramData%\\\\Microsoft\\\\Windows\\\\AppRepository\\\\Packages\\\\Microsoft.UI.Xaml.CBS_8.2205.4001.0_x64__8wekyb3d8bbwe\\\\ActivationStore.dat",
"IfExists": true
},
"XamlCbsActivationStoreArm64": {
"Path": "%ProgramData%\\\\Microsoft\\\\Windows\\\\AppRepository\\\\Packages\\\\Microsoft.UI.Xaml.CBS_8.2205.4001.0_arm64__8wekyb3d8bbwe\\\\ActivationStore.dat",
"IfExists": true
}
},
"Licensing": {
"UpdateManagementGroup": {
"Name": "UpdatePolicy-UpdateManagementGroup"
}
},
"UpdatePolicy": {
"AllowOptionalContent": {
"PolicyEnum": 58,
"Enterprise": true
},
"BranchReadinessLevel": {
"PolicyEnum": 5,
"Enterprise": true
},
"BranchReadinessLevelSource": {
"PolicyEnum": 5,
"Enterprise": true,
"UseSource": true
},
"DeferFeatureUpdatePeriodInDays": {
"PolicyEnum": 9,
"Enterprise": true
},
"DeferQualityUpdatePeriodInDays": {
"PolicyEnum": 7,
"Enterprise": true
},
"DisableDualScan": {
"PolicyEnum": 42,
"Enterprise": true
},
"EnableWUfBUpgradeGates": {
"PolicyEnum": 51,
"Enterprise": true
},
"TargetProductVersion": {
"PolicyEnum": 53,
"Enterprise": true
},
"TargetReleaseVersion": {
"PolicyEnum": 50,
"Enterprise": true
},
"UpdateServiceUrl": {
"PolicyEnum": 12
},
"WUfBClientManaged": {
"PolicyEnum": 32,
"Enterprise": true
}
},
"Policy": {
"DesiredOcpVersion": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OcpVersion/"
},
"DesiredOsVersion": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OsVersion"
},
"DesiredSystemManifestVersion": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/SystemManifestVersion"
},
"DucCustomPackageId": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/CustomPackageId"
},
"DucDeviceModelId": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/DeviceModelId"
},
"DucOemPartnerRing": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/OemPartnerRing"
},
"DucPublisherId": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/PublisherId"
},
"SetPolicyDrivenUpdateSourceForFeatureUpdates": {
"LocUri": "./Device/Vendor/MSFT/Policy/Config/Update/SetPolicyDrivenUpdateSourceForFeatureUpdates"
},
"WSUSconfigured_csp": {
"LocUri": "./Device/Vendor/MSFT/Policy/Config/Update/UpdateServiceUrl"
}
},
"WMI": {
"ElanFingerprintDriverVersion": {
"Query": "SELECT DriverVersion, Manufacturer FROM Win32_PnPSignedDriver WHERE Manufacturer = 'ELAN'",
"Name": "DriverVersion",
"Timeout": 2000
},
"FirstStorageSpaceDeviceId": {
"Query": "SELECT DeviceID FROM Win32_DiskDrive WHERE Model = 'Microsoft Storage Space Device'",
"Name": "DeviceID",
"Timeout": 2000
},
"IIS_ASPNET_WMI": {
"Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'IIS-ASPNET'",
"Name": "InstallState",
"Timeout": 2000
},
"IIS_NetFxExtensibility_WMI": {
"Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'IIS-NetFxExtensibility'",
"Name": "InstallState",
"Timeout": 2000
},
"NetFx3State": {
"Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'NetFX3'",
"Name": "InstallState",
"Timeout": 2000
},
"PSAKyoceraInstalledName": {
"Query": "SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'A97ECD55.KYOCERAPrintCenter_4.1.11108.0_x64__kqmhh0ktdt7dg'",
"Name": "Name",
"Timeout": 2000
},
"PSATATriumphInstalledName": {
"Query": "SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'TATriumph-AdlerGmbH.TAUTAXPrintCenter_4.1.11108.0_x64__h5e8vsnevp54y'",
"Name": "Name",
"Timeout": 2000
},
"WAS_NetFxEnvironment_WMI": {
"Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'WAS-NetFxEnvironment'",
"Name": "InstallState",
"Timeout": 2000
},
"WCFHTTPActivationState": {
"Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'WCF-HTTP-Activation'",
"Name": "InstallState",
"Timeout": 2000
},
"WCFNonHTTPActivationState": {
"Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'WCF-NonHTTP-Activation'",
"Name": "InstallState",
"Timeout": 2000
},
"XeroxPsaInstalledName": {
"Query": "SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'XeroxCorp.PrintExperience_8.29.32.0_x64__f7egpvdyrs2a8'",
"Name": "Name",
"Timeout": 2000
}
}
}"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\DownloadCenter\Sub]
"Norton Internet Security(NIS)"="22.9.2.3"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules]
"C:\Program Files\Norton Security\NortonData\22.11.1.5\Definitions\IPSDefs\20200604.061\IPSEng32.dll"="0"
[HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{65bff9cd-1d54-46dc-95a8-6a54ff530f2c}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$symanteccorporation.nortonsafeweb_v68kp9n051hdp]
[HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.com/search?q=norton+security+scan&form=WNSGPH&qs=AS&cvid=174fc6e0bead416983c9561ec79dc302&porque=norton+security&cc=BR&setlang=pt-BR&nclid=E]
[HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions]
"EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp"="0x01000000A8D83372C9B40FF9706C5E5FA844C959BD4AAC66AFE10377F53FAF624277"

====== Fim de Pesquisar ======

Elias Pereira · 22 de agosto de 2023

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está no CODE abaixo:

Start::
CreateRestorePoint:

DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InstallService\State\CategoryCache|87badf37-13d1-7ba7-6b16-211bdec46258BR

DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules|C:\Program Files\Norton Security\NortonData\22.11.1.5\Definitions\IPSDefs\20200604.061\IPSEng64.dll

DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant|ExecutablesToExclude

DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\DownloadCenter\Sub|Norton Internet Security(NIS)

DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules|C:\Program Files\Norton Security\NortonData\22.11.1.5\Definitions\IPSDefs\20200604.061\IPSEng32.dll

[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{65bff9cd-1d54-46dc-95a8-6a54ff530f2c}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$symanteccorporation.nortonsafeweb_v68kp9n051hdp]

[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.com/search?q=norton+security+scan&form=WNSGPH&qs=AS&cvid=174fc6e0bead416983c9561ec79dc302&porque=norton+security&cc=BR&setlang=pt-BR&nclid=E]

DeleteValue: HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions|EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp

DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings|SymantecInstalledWowKey

DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings|SymantecInstalledKey

EmptyTemp:
End::

Salve este arquivo na na sua área de trabalho com o nome fixlist

OBS: É de extrema importância que o arquivo "fixlist" seja salvo na sua Área de Trabalho/Desktop. Verifique também se o FRST.exe encontra-se na Área de Trabalho/Desktop.

** Execute o FRST.EXE como administrador

Clique no botão Corrigir/Fix

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Abra o arquivo Fixlog.txt, copie e cole seu conteudo na sua proxima resposta.

--------------------------------------------------
Se apos a limpeza ainda estiver o Norton como Antivirus ou firewall, faça o seguinte.

1. Faça download do Norton security e instale

2. Baixe o Revo Uninstaller Portable

3. Execute o Revo como administrador

4. Na lista dos programas instalados procure pelo Norton

5. Clique em Uninstall e siga os procedimentos do desinstalador do Norton

6. Após o desinstalador do Norton fechar, marque advanced e clique em SCAN

7. Se encontrar dados do registro, clique em SELECT ALL e depois em DELETE

8. Clique em next e faça o mesmo para pastas, clicando em SELECT ALL e depois em DELETE

9. Após isso clique em FINISH e reinicie seu computador

Verifique novamente pelo antivirus e firewall.

Francisco Narde · 24 de agosto de 2023

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 23-08-2023
Executado por Francisco Narde (23-08-2023 20:59:55) Run:10
Executando a partir de D:\Desktop
Perfis Carregados: Francisco Narde
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
Start::
CreateRestorePoint:

DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InstallService\State\CategoryCache|87badf37-13d1-7ba7-6b16-211bdec46258BR

DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules|C:\Program Files\Norton Security\NortonData\22.11.1.5\Definitions\IPSDefs\20200604.061\IPSEng64.dll

DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant|ExecutablesToExclude

DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\DownloadCenter\Sub|Norton Internet Security(NIS)

DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules|C:\Program Files\Norton Security\NortonData\22.11.1.5\Definitions\IPSDefs\20200604.061\IPSEng32.dll

[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{65bff9cd-1d54-46dc-95a8-6a54ff530f2c}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$symanteccorporation.nortonsafeweb_v68kp9n051hdp]

[-HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.com/search?q=norton+security+scan&form=WNSGPH&qs=AS&cvid=174fc6e0bead416983c9561ec79dc302&porque=norton+security&cc=BR&setlang=pt-BR&nclid=E]

DeleteValue: HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions|EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp

DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings|SymantecInstalledWowKey

DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings|SymantecInstalledKey

EmptyTemp:
End::
*****************

Ponto de Restauração criado com sucesso.
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InstallService\State\CategoryCache\\87badf37-13d1-7ba7-6b16-211bdec46258BR" => removido (a) com sucesso.
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules\\C:\Program Files\Norton Security\NortonData\22.11.1.5\Definitions\IPSDefs\20200604.061\IPSEng64.dll" => removido (a) com sucesso.
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\\ExecutablesToExclude" => removido (a) com sucesso.
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\DownloadCenter\Sub\\Norton Internet Security(NIS)" => removido (a) com sucesso.
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules\\C:\Program Files\Norton Security\NortonData\22.11.1.5\Definitions\IPSDefs\20200604.061\IPSEng32.dll" => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{65bff9cd-1d54-46dc-95a8-6a54ff530f2c}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$symanteccorporation.nortonsafeweb_v68kp9n051hdp => removido (a) com sucesso.
HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.com/search?q=norton+security+scan&form=WNSGPH&qs=AS&cvid=174fc6e0bead416983c9561ec79dc302&porque=norton+security&cc=BR&setlang=pt-BR&nclid=E => não encontrado (a)
"HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions\\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp" => removido (a) com sucesso.
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings\\SymantecInstalledWowKey" => não encontrado (a)
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings\\SymantecInstalledKey" => não encontrado (a)

=========== EmptyTemp: ==========

FlushDNS => completado
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 242616848 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 17989649 B
Edge => 0 B
Chrome => 868037687 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 18696 B
NetworkService => 18696 B
Francisco Narde => 50649542 B

RecycleBin => 0 B
EmptyTemp: => 1.1 GB de dados temporários Removidos.

================================

O sistema precisou ser reiniciado.

==== Fim de Fixlog 21:01:00 ====

Elias Pereira · 24 de agosto de 2023

Execute novamente o FRST.exe

Copie e cole os logs na sua proxima resposta.

Francisco Narde · 25 de agosto de 2023

Boa noite!

Baixei uma versão gratuita do Norton (não encontrei o Norton Security separado para baixar), pois bem, instalei e desinstalei usando o Revo Uninstaller Portable, fazendo todo o processo para deletar todos os arquivos e pastas como recomendou, mas mesmo assim o FRST além de continuar acusando o Norton Security de estar ativado como antes, ele também está acusando o Norton AntiVirus (que instalei e desinstalei pelo Revo Uninstaller Portable) de também estar ativado.

Resultado da análise adicional Farbar Recovery Scan Tool (x64) Versão: 23-08-2023
Executado por Francisco Narde (24-08-2023 23:11:23)
Executando a partir de D:\Desktop
Microsoft Windows 10 Pro Versão 22H2 19045.3324 (X64) (2020-07-19 05:10:25)
Modo da Inicialização: Normal
==========================================================

==================== Contas: =============================

(Se uma entrada for incluída na fixlist, será removida.)

Administrador (S-1-5-21-3907471261-615860086-2012423866-500 - Administrator - Disabled)
Convidado (S-1-5-21-3907471261-615860086-2012423866-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-3907471261-615860086-2012423866-503 - Limited - Disabled)
Francisco Narde (S-1-5-21-3907471261-615860086-2012423866-1001 - Administrator - Enabled) => C:\Users\Francisco Narde
WDAGUtilityAccount (S-1-5-21-3907471261-615860086-2012423866-504 - Limited - Disabled)

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AV: Norton AntiVirus (Enabled - Up to date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
FW: Norton AntiVirus (Enabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}
FW: Norton Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

@BIOS (HKLM-x32\...\{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 4.22.0718.1 - GIGABYTE) Hidden
@BIOS (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 4.22.0718.1 - GIGABYTE)
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 22.001.20117 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.0.327 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.3.0.49 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-001824458876}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 4.06.10.651 - Advanced Micro Devices, Inc.)
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden
AMD PCI Driver (HKLM-x32\...\{80EC3CEE-2940-42A1-A776-B5D810D39F1E}) (Version: 1.0.0.89 - Advanced Micro Devices, Inc.) Hidden
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.19.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 7.0.4.10 - Advanced Micro Devices, Inc.) Hidden
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 23.7.2 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{c63a1907-428b-458b-935e-e61aad4aac6e}) (Version: 4.06.10.651 - Advanced Micro Devices, Inc.) Hidden
APP Center (HKLM-x32\...\{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.21.0426.1 - GIGABYTE) Hidden
APP Center (HKLM-x32\...\InstallShield_{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.21.0426.1 - GIGABYTE)
Área de trabalho remota do Google Chrome (HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\78afdc7becafbc9d1d312da7392eafce) (Version: 1.0 - Google\Chrome)
Atualização do produto Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{717C9095-8AAE-41CB-B046-BD6E8399F4F3}) (Version: - Microsoft)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{5016CB22-B9A7-44FB-AA72-AF28B27B15EA}) (Version: - Microsoft)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}) (Version: - Microsoft)
Atualização do produto Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}) (Version: - Microsoft)
AutoScreenRecorder 5 (HKLM-x32\...\AutoScreenRecorder 5_is1) (Version: 5.0.777 - Wisdom Software Inc.)
AVG Driver Updater (HKLM\...\AVG Driver Updater) (Version: 23.2.3178.10414 - AVG)
AVG TuneUp (HKLM\...\AVG TuneUp) (Version: 23.2.5531.7786 - AVG)
BlueStacks App Player (HKLM\...\BlueStacks_nxt) (Version: 5.12.115.2101 - now.gg, Inc.)
BlueStacks Services (HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\BlueStacksServices) (Version: 3.0.0 - now.gg, Inc.)
BlueStacks X (HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\BlueStacks X) (Version: 10.3.10.1006 - now.gg, Inc.)
Boxoft Free OCR (freeware) (HKLM-x32\...\Boxoft Free OCR (freeware)_is1) (Version: - boxoft Solution)
Branding64 (HKLM\...\{2A677A6A-43E8-4FE3-A273-07B0E27DADAE}) (Version: 1.00.0008 - Advanced Micro Devices, Inc.) Hidden
CamStudio 2.7 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 6.14 - Piriform)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version: - dvd8n)
CDisplayEx 1.10.33 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
Chrome Remote Desktop Host (HKLM-x32\...\{C17C2857-FF33-4EA0-8220-14A17DF82668}) (Version: 116.0.5845.9 - Google LLC)
C-Media High Definition Audio Device (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392008828}) (Version: 3.2 - C-Media Electronics, Inc.)
CPUID CPU-Z 2.03 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.03 - CPUID, Inc.)
CPUID CPU-Z Aorus 1.99 (HKLM\...\CPUID CPU-Z Aorus_is1) (Version: 1.99 - CPUID, Inc.)
CPUID HWMonitor 1.48 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.48 - CPUID, Inc.)
Crack1 version 0.5 (HKLM-x32\...\Crack1_is1) (Version: 0.5 - )
Crack4 version 0.5 (HKLM-x32\...\Crack4_is1) (Version: 0.5 - )
Crucial Storage Executive (HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\Crucial Storage Executive 7.12.122021.04) (Version: 7.12.122021.04 - Crucial)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DeepL (HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\https%3a##appdownload.deepl.com#windows#0install#deepl.xml) (Version: - DeepL SE)
EasyTune (HKLM-x32\...\{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.22.1227 - GIGABYTE) Hidden
EasyTune (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.22.1227 - GIGABYTE)
EasyTuneEngineService (HKLM-x32\...\{964575C3-5820-4642-A89A-754255B5EFE1}) (Version: 1.22.1227 - GIGABYTE) Hidden
EasyTuneEngineService (HKLM-x32\...\InstallShield_{964575C3-5820-4642-A89A-754255B5EFE1}) (Version: 1.22.1227 - GIGABYTE)
Epic Games Launcher (HKLM-x32\...\{4A5076AD-020F-4BCE-B558-47C82911061F}) (Version: 1.3.23.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{A1EB595F-651D-4A04-99B0-A7065538B33C}) (Version: 2.0.38.0 - Epic Games, Inc.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Excel (HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
Free Timer (HKLM-x32\...\{2AE4F065-5A3C-486D-81B4-161D4693303E}_is1) (Version: 4.0.0.0 - Comfort Software Group)
Game Boost (HKLM-x32\...\{644B5310-D2AA-42A8-9F3B-7B92C856C8D7}) (Version: 1.00.0007 - Gigabyte) Hidden
Game Boost (HKLM-x32\...\InstallShield_{644B5310-D2AA-42A8-9F3B-7B92C856C8D7}) (Version: 1.00.0007 - Gigabyte)
Geeks3D FurMark 1.29.0.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: 1.29.0.0 - Geeks3D)
Gigabyte Speed v10.50 (HKLM\...\Gigabyte Speed) (Version: 10.50 - cFos Software GmbH, Bonn)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 116.0.5845.111 - Google LLC)
Google Earth Pro (HKLM\...\{F27DBA46-80E1-4858-9285-19198FFFBF3D}) (Version: 7.3.6.9345 - Google)
GService (HKLM-x32\...\{D9CB4282-7B2A-4840-AD1D-9DA72B973DD9}) (Version: 1.19.0624.1 - GIGABYTE)
HD Tune Pro 5.75 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
HDD Regenerator (HKLM-x32\...\{CC5DA723-D428-40D1-B82B-21EB64B1273C}) (Version: 20.11.0011 - Abstradrome)
HuionTablet (HKLM-x32\...\HuionTablet) (Version: 15.6.3.132 - Shenzhen Huion Animation Technology Co.,LTD)
K-Lite Codec Pack 13.7.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.7.5 - KLCP)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Linksys Wireless Manager (HKLM\...\Linksys Wireless Manager) (Version: 4.9.9232.0 - Cisco Systems, Inc.)
Logi Bolt (HKLM\...\LogiBolt) (Version: 1.2.6024.0 - Logi)
Logi Options+ (HKLM\...\{850cdc16-85df-4052-b06e-4e3e9e83c5c6}) (Version: 1.48.437015 - Logitech)
Logitech Options (HKLM\...\LogiOptions) (Version: 10.10.58 - Logitech)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 116.0.1938.54 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 116.0.1938.54 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0416-1000-0000000FF1CE}_ENTERPRISE_{51530CD1-8244-4E0F-B536-BCCC05325C7F}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{51530CD1-8244-4E0F-B536-BCCC05325C7F}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (Portuguese (Brazil)) 2007 (HKLM-x32\...\{90120000-0015-0416-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 (HKLM-x32\...\{90120000-0016-0416-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 (HKLM-x32\...\{90120000-00BA-0416-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 (HKLM-x32\...\{90120000-0044-0416-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 (HKLM-x32\...\{90120000-00A1-0416-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 (HKLM-x32\...\{90120000-0018-0416-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2007 (HKLM-x32\...\{90120000-001F-0416-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Brazil)) 2007 (HKLM-x32\...\{90120000-002C-0416-0000-0000000FF1CE}) (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version: - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{8A524694-0CA4-476A-9301-B1E9D70FC952}) (Version: - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 (HKLM-x32\...\{90120000-0019-0416-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007 (HKLM\...\{90120000-002A-0416-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 (HKLM-x32\...\{90120000-006E-0416-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Brazil)) 2007 (HKLM-x32\...\{90120000-001B-0416-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.153.0724.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3994d355-238a-4612-af93-26d13deddef1}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31931 (HKLM-x32\...\{d4cecf3b-b68f-4995-8840-52ea0fab646e}) (Version: 14.34.31931.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29334 (HKLM-x32\...\{14C49FC8-3E9B-4F29-8526-26629B5CF30B}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29334 (HKLM-x32\...\{0D01A812-82A1-481F-8546-8E28E976F8DF}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31931 (HKLM\...\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}) (Version: 14.34.31931 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31931 (HKLM\...\{CF4C347D-954E-4543-88D2-EC17F07F466F}) (Version: 14.34.31931 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 pt-BR) (HKLM\...\Mozilla Firefox 116.0.2 (x64 pt-BR)) (Version: 116.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 70.0 - Mozilla)
MPC-HC 2.0.0 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 2.0.0 - MPC-HC Team)
MSI Afterburner 4.6.2 (HKLM-x32\...\Afterburner) (Version: 4.6.2 - MSI Co., LTD)
MSVCRT110 (HKLM-x32\...\{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}) (Version: 16.4.1108.0727 - Microsoft) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.2.4 - OBS Project)
ON_OFF Charge 2 B15.0709.1 (HKLM-x32\...\{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE) Hidden
ON_OFF Charge 2 B15.0709.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Outlook (HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
Pacote de Driver do Windows - Graphics Tablet (WinUsb) USBDevice (04/10/2014 8.33.30.0) (HKLM\...\142118DF51345EA02D2B1583E102C8FB95FD6D52) (Version: 04/10/2014 8.33.30.0 - Graphics Tablet)
Photo Gallery (HKLM-x32\...\{07AAB66E-4718-422D-9218-4AFB3C922A71}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Pomotroid 0.13.0 (HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\94bc756f-791e-5f51-856a-d5ab11c59b82) (Version: 0.13.0 - Christopher Murphy)
PowerPoint (HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 3.0.0.0 - Advanced Micro Devices, Inc.) Hidden
PureRef (HKLM-x32\...\PureRef) (Version: 1.11.1 - Idyllic Pixel)
QWXONormalizer (HKLM-x32\...\CHSINormalizer_is1) (Version: 6.105.17 - Nz Software)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9126.1 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.38.1118.2019 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
REDlauncher (HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version: - GOG.com)
Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)
RivaTuner Statistics Server 7.2.3 (HKLM-x32\...\RTSS) (Version: 7.2.3 - Unwinder)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.23.252 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.7.4 - Rockstar Games)
RyzenMasterSDK (HKLM\...\{324EDD12-32C2-4D2D-9A54-52048B456257}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden
SIV (HKLM-x32\...\{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.22.1227 - GIGABYTE) Hidden
SIV (HKLM-x32\...\InstallShield_{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.22.1227 - GIGABYTE)
Smart Backup (x64) (HKLM-x32\...\{BC1FA5CF-A36F-4C61-9638-09D0B431B006}) (Version: 3.18.0911.1 - GIGABYTE)
Spotify (HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\Spotify) (Version: 1.2.18.999.g9b38fc27 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stellar Photo Recovery (HKLM\...\Stellar Photo Recovery_is1) (Version: 11.1.0.0 - Stellar Information Technology Pvt Ltd.)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.1.1 - Krzysztof Kowalczyk)
SumatraPDF (HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\SumatraPDF) (Version: 3.4.6 - Krzysztof Kowalczyk)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.37.3 - TeamViewer)
TikTok (HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\d59969c1294b09b83df3d853b26b0754) (Version: 1.0 - Google\Chrome)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 137.0.10799 - Ubisoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{C22F49B1-0F67-47DC-A490-E8B4B6558EA9}) (Version: 8.91.0.0 - Microsoft Corporation)
VdhCoApp 1.3.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
Visual Studio 2010 SP1 Runtime x64 (HKLM\...\{F6305232-7952-4CCE-BDCD-9B2E66591C4A}) (Version: 1.0.0 - Microsoft Corporation)
Visual Studio 2010 SP1 Runtime x86 (HKLM-x32\...\{AEA163A5-BA2F-4E63-9529-DE8606AC82A4}) (Version: 1.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)
Windows Live Installer (HKLM-x32\...\{659CB81C-B54E-4DF1-B618-F35777393A54}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (HKLM-x32\...\{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (HKLM-x32\...\{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (HKLM-x32\...\{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Word (HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)
YouTube Music (HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\6c5703dffe21ecf14bfd52d011466875) (Version: 1.0 - Google\Chrome)

Packages:
=========
AMD Link -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDLink_10.23.10015.0_x64__0a9344xs7nr4m [2023-07-08] (Advanced Micro Devices Inc.)
Complemento de Fotos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-14] (Microsoft Corporation)
Complemento do Mecanismo de Mídia de Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-09] (Microsoft Corporation)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-10] (Microsoft Corporation)
EasyCast - Mirror Display -> C:\Program Files\WindowsApps\53887HaoCai.EasyCast-MirrorDisplay_1.6.2.0_x64__qrw73ppzkf79y [2023-06-04] (Hao Cai)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.21.0_neutral__8xx8rvfyw5nnt [2023-08-21] (Instagram)
KDE Connect -> C:\Program Files\WindowsApps\KDEe.V.KDEConnect_23.400.1322.0_x64__7vt06qxq7ptv8 [2023-04-29] (KDE e.V.) [Startup Task]
Movie Maker - Vídeo Editor -> C:\Program Files\WindowsApps\21336V3TApps.MovieMaker-FREE_3.6.34.0_x64__bzg06mxvgh4fa [2023-07-05] (V3TApps)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8040.0_x64__8wekyb3d8bbwe [2023-08-09] (Microsoft Studios) [MS Ad]
TeamViewer: Remote Control -> C:\Program Files\WindowsApps\TeamViewer.31414B719FA93_15.0.100.0_x86__89446h4zmeyyt [2022-12-26] (TeamViewer)
TikTok -> C:\Program Files\WindowsApps\BytedancePte.Ltd.TikTok_1.0.5.0_neutral__6yccndn6064se [2023-06-15] (Bytedance Pte. Ltd.)
Windows Package Manager Source (winget) -> C:\Program Files\WindowsApps\Microsoft.Winget.Source_2023.113.1341.553_neutral__8wekyb3d8bbwe [2023-01-13] (Microsoft Corporation)

==================== Análise Personalizada CLSID (Whitelisted): ==============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-3907471261-615860086-2012423866-1001_Classes\CLSID\{b72e6f5e-f6e0-a9eb-461b-6118363bd15c}\localserver32 -> C:\Users\Francisco Narde\AppData\Local\0install.net\implementations\sha256new_55Y6FHEK7QNKN55ESNMK4VBVZIQYNK4LKTQIF2SCK2UYOCE7A2AQ\DeepL.exe (DeepL SE -> DeepL SE)
CustomCLSID: HKU\S-1-5-21-3907471261-615860086-2012423866-1001_Classes\CLSID\{ca31933b-b116-4444-9c6d-e5103390fb76}\localserver32 -> "C:\Program Files\TechSmith\Camtasia 2020\CamtasiaStudio.exe" -ToastActivated => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-3907471261-615860086-2012423866-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.153.0724.0003\FileSyncShell64.dll [2023-08-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.153.0724.0003\FileSyncShell64.dll [2023-08-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.153.0724.0003\FileSyncShell64.dll [2023-08-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.153.0724.0003\FileSyncShell64.dll [2023-08-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.153.0724.0003\FileSyncShell64.dll [2023-08-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.153.0724.0003\FileSyncShell64.dll [2023-08-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.153.0724.0003\FileSyncShell64.dll [2023-08-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.153.0724.0003\FileSyncShell64.dll [2023-08-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.153.0724.0003\FileSyncShell64.dll [2023-08-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.153.0724.0003\FileSyncShell64.dll [2023-08-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.153.0724.0003\FileSyncShell64.dll [2023-08-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.153.0724.0003\FileSyncShell64.dll [2023-08-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.153.0724.0003\FileSyncShell64.dll [2023-08-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.153.0724.0003\FileSyncShell64.dll [2023-08-10] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => -> Nenhum Arquivo
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.153.0724.0003\FileSyncShell64.dll [2023-08-10] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> Nenhum Arquivo
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.153.0724.0003\FileSyncShell64.dll [2023-08-10] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> Nenhum Arquivo
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.153.0724.0003\FileSyncShell64.dll [2023-08-10] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2023-07-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> Nenhum Arquivo
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Drivers32: [VIDC.RTV1] => C:\WINDOWS\system32\rtvcvfw64.dll [246272 2012-09-28] () [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [105984 2019-08-30] (Beepa P/L) [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.WIS1] => C:\WINDOWS\system32\wiscodecx64.dll [254808 2022-05-11] (Wisdom Software Inc. -> Wisdom Software Inc.)
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2019-08-30] (Beepa P/L) [Arquivo não assinado]
HKLM\...\Drivers32-x32: [VIDC.WIS1] => wiscodecx64.dll

==================== Atalhos & WMI ========================

(As entradas podem ser listadas para serem restauradas ou removidas.)

ShortcutWithArgument: C:\Users\Francisco Narde\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__maonlnecdeecdljpahhnnlmhbmalehlm\Instagram.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=maonlnecdeecdljpahhnnlmhbmalehlm --app-url=hxxps://www.instagram.com/?utm_source=pwa_homescreen --app-launch-source=4
ShortcutWithArgument: C:\Users\Francisco Narde\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__akpamiohjfcnimfljfndmaldlcfphjmp\Instagram.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=akpamiohjfcnimfljfndmaldlcfphjmp --app-url=hxxps://www.instagram.com/?utm_source=pwa_homescreen&__pwa=1 --app-launch-source=4
ShortcutWithArgument: C:\Users\Francisco Narde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\Francisco Narde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb
ShortcutWithArgument: C:\Users\Francisco Narde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf
ShortcutWithArgument: C:\Users\Francisco Narde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi
ShortcutWithArgument: C:\Users\Francisco Narde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apps do Chrome\Pinterest.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=jbdahlimgohfikaoinpdclkpciabakhf
ShortcutWithArgument: C:\Users\Francisco Narde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apps do Chrome\Revolution Ensino de Artes Visuais LTDA.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=gbkmngjoemiefmllohcogahigebcndgd
ShortcutWithArgument: C:\Users\Francisco Narde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apps do Chrome\TikTok.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=nlalbmkafgmoifbeooblidblkmlhhpnc
ShortcutWithArgument: C:\Users\Francisco Narde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apps do Chrome\YouTube Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
ShortcutWithArgument: C:\Users\Francisco Narde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apps do Chrome\Área de trabalho remota do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=efmjfjelnicpmdcmfikempdhlmainjcb
ShortcutWithArgument: C:\Users\Francisco Narde\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Instagram.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=akpamiohjfcnimfljfndmaldlcfphjmp --app-url=hxxps://www.instagram.com/?utm_source=pwa_homescreen&__pwa=1 --app-launch-source=4

==================== Módulos Carregados (Whitelisted) =============

2022-12-29 14:10 - 2022-08-20 22:44 - 001160192 _____ () [Arquivo não assinado] [O arquivo está em uso] C:\Users\Francisco Narde\AppData\Local\0install.net\implementations\sha256new_WNVUT4A7COIHUPNX3HWQQZD5BU3GEPFRMM3BLVJW4ICRXIJEKBJQ\CefSharp.BrowserSubprocess.Core.dll
2023-08-24 23:08 - 2023-08-24 23:08 - 002306048 _____ () [Arquivo não assinado] \\?\C:\Users\Francisco Narde\AppData\Local\Temp\4ccf3407-0501-44ad-8017-a596a77fe1f3.tmp.node
2009-07-13 17:37 - 2009-07-13 17:37 - 000098304 _____ () [Arquivo não assinado] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
2021-05-16 02:12 - 2016-07-21 10:54 - 000137728 _____ () [Arquivo não assinado] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2021-05-16 02:12 - 2017-09-12 10:34 - 001506304 _____ () [Arquivo não assinado] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2021-04-22 15:48 - 2021-04-22 15:48 - 001867264 _____ () [Arquivo não assinado] C:\Program Files (x86)\GIGABYTE\AppCenter\BDR_info.dll
2023-06-23 09:22 - 2023-06-23 09:22 - 000144896 _____ () [Arquivo não assinado] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\libssh2.dll
2023-06-23 09:22 - 2023-06-23 09:22 - 000077824 _____ () [Arquivo não assinado] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\zlib.dll
2022-12-29 14:11 - 2022-08-19 04:38 - 175591424 _____ () [Arquivo não assinado] C:\Users\Francisco Narde\AppData\Local\0install.net\implementations\sha256new_WNVUT4A7COIHUPNX3HWQQZD5BU3GEPFRMM3BLVJW4ICRXIJEKBJQ\libcef.dll
2022-12-29 14:11 - 2022-08-19 03:11 - 000442880 _____ () [Arquivo não assinado] C:\Users\Francisco Narde\AppData\Local\0install.net\implementations\sha256new_WNVUT4A7COIHUPNX3HWQQZD5BU3GEPFRMM3BLVJW4ICRXIJEKBJQ\libEGL.dll
2022-12-29 14:11 - 2022-08-19 03:10 - 006480384 _____ () [Arquivo não assinado] C:\Users\Francisco Narde\AppData\Local\0install.net\implementations\sha256new_WNVUT4A7COIHUPNX3HWQQZD5BU3GEPFRMM3BLVJW4ICRXIJEKBJQ\libGLESv2.dll
2022-12-29 14:11 - 2022-08-19 03:07 - 004077568 _____ () [Arquivo não assinado] C:\Users\Francisco Narde\AppData\Local\0install.net\implementations\sha256new_WNVUT4A7COIHUPNX3HWQQZD5BU3GEPFRMM3BLVJW4ICRXIJEKBJQ\vk_swiftshader.dll
2022-12-29 14:11 - 2022-08-19 03:10 - 000828928 _____ () [Arquivo não assinado] C:\Users\Francisco Narde\AppData\Local\0install.net\implementations\sha256new_WNVUT4A7COIHUPNX3HWQQZD5BU3GEPFRMM3BLVJW4ICRXIJEKBJQ\vulkan-1.dll
2023-08-10 23:29 - 2023-08-17 09:20 - 002862080 _____ () [Arquivo não assinado] C:\Users\Francisco Narde\AppData\Local\Programs\bluestacks-services\ffmpeg.dll
2023-08-10 23:29 - 2023-08-17 09:20 - 000479232 _____ () [Arquivo não assinado] C:\Users\Francisco Narde\AppData\Local\Programs\bluestacks-services\libegl.dll
2023-08-10 23:29 - 2023-08-17 09:20 - 007513600 _____ () [Arquivo não assinado] C:\Users\Francisco Narde\AppData\Local\Programs\bluestacks-services\libglesv2.dll
2023-08-10 23:29 - 2023-08-17 09:20 - 005209088 _____ () [Arquivo não assinado] C:\Users\Francisco Narde\AppData\Local\Programs\bluestacks-services\vk_swiftshader.dll
2020-07-29 21:24 - 2016-05-31 03:37 - 000254464 _____ (C-MEDIA Electronics INC.) [Arquivo não assinado] C:\Program Files\Xear Audio Center\CPL\Driver\x64\vista\osConfLib.dll
2021-03-09 14:00 - 2021-03-09 14:00 - 000205824 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [Arquivo não assinado] C:\Program Files (x86)\GIGABYTE\AppCenter\yccV3.dll
2021-11-05 17:07 - 2021-11-05 17:07 - 000236544 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [Arquivo não assinado] C:\Program Files (x86)\Gigabyte\EasyTuneEngineService\yccV3.dll
2009-07-13 17:37 - 2009-07-13 17:37 - 000152112 _____ (OPSWAT, Inc. -> ) [Arquivo não assinado] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
2022-12-29 14:11 - 2022-08-19 03:16 - 001231872 _____ (The Chromium Authors) [Arquivo não assinado] C:\Users\Francisco Narde\AppData\Local\0install.net\implementations\sha256new_WNVUT4A7COIHUPNX3HWQQZD5BU3GEPFRMM3BLVJW4ICRXIJEKBJQ\chrome_elf.dll
2023-06-23 09:22 - 2023-06-23 09:22 - 000355840 _____ (The cURL library, hxxp://curl.haxx.se/) [Arquivo não assinado] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBCURL.dll
2023-06-23 09:22 - 2023-06-23 09:22 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Arquivo não assinado] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBEAY32.dll
2023-06-23 09:22 - 2023-06-23 09:22 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Arquivo não assinado] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\SSLEAY32.dll
2015-10-14 01:15 - 2015-10-14 01:15 - 002042368 _____ (TODO: <Company name>) [Arquivo não assinado] C:\Program Files (x86)\GIGABYTE\AppCenter\osvi.dll
2021-05-16 02:12 - 2017-09-12 10:36 - 000708608 _____ (Wondershare) [Arquivo não assinado] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll

==================== Alternate Data Streams (Whitelisted) ========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)

AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [314]

==================== Modo de Segurança (Whitelisted) ==================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Associação (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\WINDOWS\system32\mscoree.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Smart Backup - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\WINDOWS\system32\mscoree.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll [2009-07-14] (Cisco-Linksys LLC -> Cisco Systems, Inc.)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll [2009-07-14] (Cisco-Linksys LLC -> Cisco Systems, Inc.)
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Nenhum Arquivo

(Se uma entrada for incluída na fixlist, será removida do Registro.)

IE trusted site: HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\localhost -> localhost

==================== Hosts Conteúdo: =========================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2019-10-30 00:14 - 2023-08-19 05:50 - 000000855 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Outras Áreas ===========================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-3907471261-615860086-2012423866-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 177.92.143.254 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Firewall do Windows está habilitado.

Network Binding:
=============
Ethernet: Pure Networks Device Discovery Driver -> PNARP (enabled)
Ethernet: Pure Networks Wireless Driver -> PURENDIS (enabled)
Ethernet: cFosSpeed for faster Internet connections (NDIS 6) -> cfosspeed (enabled)

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

(Se uma entrada for incluída na fixlist, será removida.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "DriverUpdUI.exe"
HKLM\...\StartupApproved\Run: => "TuneupUI.exe"
HKLM\...\StartupApproved\Run: => "LogiBolt"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\StartupApproved\Run: => "ut"
HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\StartupApproved\Run: => "Spotify"

==================== Regras do Firewall (Whitelisted) ================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [{9820E554-9556-46F9-B598-67CACF3D5DAF}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{9C304BA4-B50F-42F9-A3D6-C21307EA17D5}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{9FB4A524-1418-48EA-9CA1-EEFE2996AAEC}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{CC02A231-1E92-4692-9160-F9FB1BC045DF}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{C4E4D91B-5010-4D75-AC19-DC97FA48A5C8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{A67CFB93-3C0D-4986-B00B-8EBA41331D12}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{520AFDFE-E6E5-46E6-A75B-500D89AAA5BE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{352922EB-B910-4D91-8BF5-F5E7E3EAEADD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{28227C47-8C78-4AB5-A250-A68C2E51F461}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{BC73F1D7-B766-45D2-8E1C-FC65E2D403A1}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{FDFF5C35-93E8-4AFF-A5EF-4D74BB41CC89}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{4902CB23-C124-45F2-8210-9E1018DFEC08}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{85B86BCE-4FB9-49CE-B371-83A2B9C6E464}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5B86F4D0-51D0-48EE-B972-8B63EFE7AEE6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{542D5240-7891-4318-BE94-0BD96DE3C5B1}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{18AE2004-F849-4A0D-8583-C30F4C944981}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{AA24679B-2A0E-48C2-8AFC-5B6E02524A38}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{3DA78CD7-C958-4F16-B6DD-750783634655}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{57DE18FE-73A7-48FD-A730-5EEC3F83BE7A}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{CAC6E061-A134-41F1-88DC-9E63853E40ED}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{E36F36F0-879C-41F9-AAD6-025D3FE7AC65}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{034256CB-65EE-47D1-B7D2-5F6B50ED65DF}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{75D29164-CE22-4094-BDD5-476DFCD09BF3}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{4ACCB619-B18D-4996-AA70-6EFCAC7E7401}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{417C9ECF-82D7-4A0A-8D80-EFE64EF690AA}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{9B8DF069-347D-406A-9AC0-CA543CAA775D}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{75BC230B-ABF8-4A82-A157-A9E3D21BDD88}] => (Allow) C:\Program Files\WindowsApps\KDEe.V.KDEConnect_22.1203.1291.0_x64__7vt06qxq7ptv8\bin\kdeconnectd.exe (98B52D9A-DF7C-493E-BADC-37004A92EFC8 -> )
FirewallRules: [{101F461B-96F9-4E61-B286-ED0ABB0BFCCC}] => (Allow) C:\Program Files\WindowsApps\KDEe.V.KDEConnect_22.1203.1291.0_x64__7vt06qxq7ptv8\bin\kdeconnectd.exe (98B52D9A-DF7C-493E-BADC-37004A92EFC8 -> )
FirewallRules: [{3963202D-2571-401C-9F75-779BDF226983}] => (Allow) C:\Program Files\WindowsApps\KDEe.V.KDEConnect_22.1203.1291.0_x64__7vt06qxq7ptv8\bin\kdeconnectd.exe (98B52D9A-DF7C-493E-BADC-37004A92EFC8 -> )
FirewallRules: [{896D9D5D-5599-4B58-B27F-59C97EA3ABCD}] => (Allow) C:\Program Files\WindowsApps\KDEe.V.KDEConnect_22.1203.1291.0_x64__7vt06qxq7ptv8\bin\kdeconnectd.exe (98B52D9A-DF7C-493E-BADC-37004A92EFC8 -> )
FirewallRules: [{56A9773C-4873-4555-A44D-AF262156CA26}] => (Allow) C:\Program Files\WindowsApps\KDEe.V.KDEConnect_23.400.1322.0_x64__7vt06qxq7ptv8\bin\kdeconnectd.exe (98B52D9A-DF7C-493E-BADC-37004A92EFC8 -> )
FirewallRules: [{C1ED3C26-7440-4FF3-9203-5164E83E79B7}] => (Allow) C:\Program Files\WindowsApps\KDEe.V.KDEConnect_23.400.1322.0_x64__7vt06qxq7ptv8\bin\kdeconnectd.exe (98B52D9A-DF7C-493E-BADC-37004A92EFC8 -> )
FirewallRules: [{F4F6BFE9-4922-4321-962D-EAA95DEB261C}] => (Allow) C:\Program Files\WindowsApps\KDEe.V.KDEConnect_23.400.1322.0_x64__7vt06qxq7ptv8\bin\kdeconnectd.exe (98B52D9A-DF7C-493E-BADC-37004A92EFC8 -> )
FirewallRules: [{68C3751E-0053-48E4-8BE5-460A6EEC492D}] => (Allow) C:\Program Files\WindowsApps\KDEe.V.KDEConnect_23.400.1322.0_x64__7vt06qxq7ptv8\bin\kdeconnectd.exe (98B52D9A-DF7C-493E-BADC-37004A92EFC8 -> )
FirewallRules: [{568FE5A3-CD62-4D71-9553-88F29B9155E3}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{B649955B-0297-412E-A757-E4658BF46667}] => (Allow) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{4110ACCE-35F7-41DB-BBB0-167F0C3C643C}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\116.0.5845.9\remoting_host.exe (Google LLC -> Google LLC)
FirewallRules: [{4EBC6F92-C910-4819-AB53-6058AF1B98E2}] => (Allow) LPort=9009
FirewallRules: [{C287F76A-046F-48FF-95D8-CEA004016E4B}] => (Allow) LPort=9009
FirewallRules: [{9C1C74AD-8851-4598-90BB-9BC34CF8E669}] => (Allow) LPort=9009
FirewallRules: [{31999579-4038-4208-B41E-5B696EB75982}] => (Allow) LPort=9009
FirewallRules: [{9AF74869-61F0-4115-B363-894236202D82}] => (Allow) LPort=9009
FirewallRules: [{1C5A3173-39A7-4167-8988-0FDC66296406}] => (Allow) LPort=9009
FirewallRules: [{06AA49D0-E66B-438A-84D4-EEDF302F196A}] => (Allow) LPort=9009
FirewallRules: [{CA9F8466-0E7F-46DF-A48B-FA20B13F3F87}] => (Allow) D:\BlueStacks X\BlueStacksWeb.exe (Now.gg, INC -> Bluestack Systems, Inc.)
FirewallRules: [{DBE6F400-7804-4C09-BE3E-00E4F1D43886}] => (Allow) D:\BlueStacks X\Cloud Game.exe (Now.gg, INC -> COMPANY NAME)
FirewallRules: [{3CE3E9E6-B8E0-4A64-9A9D-E022293EF5E3}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe (Now.gg, INC -> BlueStack Systems)
FirewallRules: [{2822B512-99C8-4534-835F-B01C13864544}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe (Now.gg, INC -> The Qt Company Ltd.)
FirewallRules: [{C4386C0F-3068-453C-BF4D-74539802CDB4}] => (Allow) LPort=9009
FirewallRules: [{A7521BE5-0DCD-49D5-AA77-4E5CBC143FA5}] => (Allow) LPort=9009
FirewallRules: [{E7B4E475-E4F9-4350-B420-B861C69C9F05}] => (Allow) LPort=9009
FirewallRules: [{C1C4D0DB-971E-437A-978F-48F5C96E5AB7}] => (Allow) LPort=9009
FirewallRules: [{A4BCBED8-26FB-43E2-B62E-61967DF2E15E}] => (Allow) LPort=9009
FirewallRules: [{E23EF5E1-3F9B-43A7-BBE3-E50930E1F65E}] => (Allow) LPort=9009
FirewallRules: [{FDE7A497-5A23-4C6C-B46C-5FA366A601E6}] => (Allow) LPort=9009
FirewallRules: [{714DAB3A-CD23-44C1-93BB-505A8B61B975}] => (Allow) LPort=9009
FirewallRules: [{B41DF905-2EBE-4F04-8FD3-45EB8F76BDE4}] => (Allow) LPort=9009
FirewallRules: [{45234FD5-5071-4C13-82B9-18B3B339069F}] => (Allow) LPort=9009
FirewallRules: [{480C6602-A8F0-4CD4-AA2D-AB8069EA5E9D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Nenhum Arquivo
FirewallRules: [{9E6EFAB9-EFA3-4B1E-B67D-E4ECCBA59176}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Nenhum Arquivo
FirewallRules: [{01DF0815-250E-4BEF-A399-C43432F6D46B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Nenhum Arquivo
FirewallRules: [{C9B70DF6-3CB5-42AC-9DE3-6A0E1C192420}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Nenhum Arquivo
FirewallRules: [{614B31A9-02D5-4867-813A-D30E9AC01298}] => (Allow) LPort=9009
FirewallRules: [TCP Query User{B3F3099E-8173-4E56-9AC3-9D7ADC929019}C:\users\francisco narde\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\francisco narde\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{582EC562-1083-4383-8C95-57205C970906}C:\users\francisco narde\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\francisco narde\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E61A4134-8D0D-4931-8769-B3BDD5454547}] => (Allow) LPort=9009
FirewallRules: [{518A44B7-AB3F-4E67-8936-EFD7692811AD}] => (Allow) LPort=9009
FirewallRules: [{955B1105-7D98-4D6E-903B-C322FB6F2B10}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.54\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D34A3512-81C6-49CD-9CC6-736DEEFA11D6}] => (Allow) LPort=9009
FirewallRules: [{22F3E226-C374-4F8F-852C-3302801AC7D4}] => (Allow) LPort=9009
FirewallRules: [{022141E7-EB3B-49A1-A164-81F04DAD2C3E}] => (Allow) LPort=9009
FirewallRules: [{37E293D7-C044-4672-840B-A094BAD22C5C}] => (Allow) LPort=9009
FirewallRules: [{76BE329A-9C29-4457-93BB-F96EC842E262}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.102.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B17B2214-E029-42B9-A0B5-CA881279D118}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.102.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8706BA79-8A84-473D-87CD-AB4A81D191A2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.102.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E9922303-2BDD-4E1C-8B73-46AC91D9F7AB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.102.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4DDAC470-DBD0-4780-9F8E-F73169AFC7A0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E4FFE8B5-0644-4388-8631-39E7D20CEF4C}] => (Allow) LPort=9009
FirewallRules: [{C483A313-2AB9-4EF6-A333-3C3E0AFEC332}] => (Allow) LPort=9009
FirewallRules: [{B6C4EEF7-95FC-4033-8FD8-7BE16396A17C}] => (Allow) LPort=9009

==================== Pontos de Restauração =========================

24-08-2023 22:41:38 Revo Uninstaller's restore point - qBittorrent
24-08-2023 22:46:48 Revo Uninstaller's restore point - Norton AntiVirus

==================== Dispositivos Apresentando Falhas No Gerenciador ============

==================== Erros no Log de eventos: ========================

Erros em Aplicativos:
==================
Error: (08/24/2023 10:53:57 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informações sobre o Serviço de Cópias de Sombra de Volume: não é possível iniciar o Servidor COM com CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} e nome CEventSystem. [0x8007045b, O sistema está sendo desligado.
]

Error: (08/24/2023 10:41:38 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.

Operação:
Obtendo Dados do Gravador

Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {c6b69abd-9e30-4f88-8da5-199eeb7ca9fc}

Error: (08/24/2023 10:31:42 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.

Operação:
Obtendo Dados do Gravador

Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {44af9e13-d874-4bf8-b0b9-488fc816ec6e}

Error: (08/24/2023 10:08:55 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Falha na geração de contexto de ativação para "D:\Documentos\Instaladores\esetsmartinstaller_enu.exe". Erro no arquivo de manifesto ou de política "", na linha .
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:
Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984.manifest.

Error: (08/23/2023 09:00:09 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina QueryFullProcessImageNameW. hr = 0x80070006, Identificador inválido.
.

Operação:
Executando Operação Assíncrona

Contexto:
Estado Atual: DoSnapshotSet

Error: (08/23/2023 08:59:55 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.

Operação:
Obtendo Dados do Gravador

Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {5856628e-7d36-4bd8-926d-a1a9cfc17e33}

Error: (08/23/2023 08:24:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina CoCreateInstance. hr = 0x8007045b, O sistema está sendo desligado.
.

Error: (08/23/2023 08:24:53 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informações sobre o Serviço de Cópias de Sombra de Volume: não é possível iniciar o Servidor COM com CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} e nome CEventSystem. [0x8007045b, O sistema está sendo desligado.
]

Erros de Sistema:
=============
Error: (08/24/2023 11:11:32 PM) (Source: disk) (EventID: 7) (User: )
Description: O dispositivo, \Device\Harddisk0\DR0, possui um setor defeituoso.

Error: (08/24/2023 11:11:32 PM) (Source: disk) (EventID: 7) (User: )
Description: O dispositivo, \Device\Harddisk0\DR0, possui um setor defeituoso.

Error: (08/24/2023 11:09:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Browser devido ao seguinte erro:
O serviço não respondeu à requisição de início ou controle em tempo hábil.

Error: (08/24/2023 11:09:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Browser.

Error: (08/24/2023 11:09:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Browser devido ao seguinte erro:
O serviço não respondeu à requisição de início ou controle em tempo hábil.

CodeIntegrity:
===============
Date: 2023-08-24 22:58:47
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.23.6.5\symamsi.dll that did not meet the Windows signing level requirements.

Date: 2023-08-24 22:55:48
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.2007.6-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.23.6.5\symamsi.dll that did not meet the Microsoft signing level requirements.

==================== Informações da Memória ===========================

BIOS: American Megatrends Inc. F23 08/08/2018
placa-mãe: Gigabyte Technology Co., Ltd. A320M-S2H-CF
Processador: AMD Ryzen 5 1600 Six-Core Processor
Percentagem de memória em uso: 27%
RAM física total: 16334.19 MB
RAM física disponível: 11889.14 MB
Virtual Total: 22734.19 MB
Virtual disponível: 15395.32 MB

==================== Drives ================================

Drive () (Fixed) (Total:111.2 GB) (Free:8.05 GB) (Model: SanDisk SSD PLUS 120GB) NTFS
Drive d: (DADOS) (Fixed) (Total:465.76 GB) (Free:47.8 GB) (Model: ST3500630NS) NTFS

\\?\Volume{d98abf9f-1a79-4d58-a9b5-398042f89375}\ (Recuperação) (Fixed) (Total:0.49 GB) (Free:0.03 GB) NTFS
\\?\Volume{0990eebf-b0b4-4327-b1ac-08645c296b25}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Tabela de Partições ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 111.8 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 1932D53D)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=42)

==================== Fim de Addition.txt =======================

Resultado do análise da Farbar Recovery Scan Tool (FRST) (x64) Versão: 23-08-2023
Executado por Francisco Narde (administrador) em DESKTOP-0BF3N7R (Gigabyte Technology Co., Ltd. A320M-S2H) (24-08-2023 23:10:43)
Executando a partir de D:\Desktop\FRST64.exe
Perfis Carregados: Francisco Narde
Plataforma: Microsoft Windows 10 Pro Versão 22H2 19045.3324 (X64) Idioma: Português (Brasil)
Navegador padrão: Edge
Modo da Inicialização: Normal

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe ->) (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\HuionTablet\HuionTablet.exe ->) (Shenzhen Huion Animation Technology Co.,LTD -> ) C:\Program Files\HuionTablet\HuionTabletCore.exe
(C:\Program Files\HuionTablet\HuionTablet.exe ->) (Shenzhen Huion Animation Technology Co.,LTD -> TODO: <公司名>) C:\Program Files\HuionTablet\HuionServer.exe
(C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_appbroker.exe
(C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logi_crashpad_handler.exe <2>
(C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(C:\Program Files\WindowsApps\KDEe.V.KDEConnect_23.400.1322.0_x64__7vt06qxq7ptv8\bin\kdeconnect-indicator.exe ->) (98B52D9A-DF7C-493E-BADC-37004A92EFC8 -> ) C:\Program Files\WindowsApps\KDEe.V.KDEConnect_23.400.1322.0_x64__7vt06qxq7ptv8\bin\kdeconnectd.exe
(C:\Program Files\WindowsApps\KDEe.V.KDEConnect_23.400.1322.0_x64__7vt06qxq7ptv8\bin\kdeconnect-indicator.exe ->) (98B52D9A-DF7C-493E-BADC-37004A92EFC8 -> freedesktop.org) C:\Program Files\WindowsApps\KDEe.V.KDEConnect_23.400.1322.0_x64__7vt06qxq7ptv8\bin\dbus-daemon.exe
(C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe
(C:\Users\Francisco Narde\AppData\Local\0install.net\implementations\sha256new_55Y6FHEK7QNKN55ESNMK4VBVZIQYNK4LKTQIF2SCK2UYOCE7A2AQ\DeepL.exe ->) (The CefSharp Authors) [Arquivo não assinado] C:\Users\Francisco Narde\AppData\Local\0install.net\implementations\sha256new_WNVUT4A7COIHUPNX3HWQQZD5BU3GEPFRMM3BLVJW4ICRXIJEKBJQ\CefSharp.BrowserSubprocess.exe <5>
(Cisco-Linksys LLC -> Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Cisco-Linksys LLC -> Cisco Systems, Inc.) C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager64.exe
(DeepL SE -> DeepL SE) C:\Users\Francisco Narde\AppData\Local\0install.net\implementations\sha256new_55Y6FHEK7QNKN55ESNMK4VBVZIQYNK4LKTQIF2SCK2UYOCE7A2AQ\DeepL.exe
(DriverStore\FileRepository\u0394246.inf_amd64_d7748c83520c2dbe\B394106\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0394246.inf_amd64_d7748c83520c2dbe\B394106\atieclxx.exe
(explorer.exe ->) () [Arquivo não assinado] C:\Program Files\Xear Audio Center\CPL\FaceLift_x64.exe
(explorer.exe ->) () [Arquivo não assinado] C:\Windows\SysWOW64\ExMgr.exe
(explorer.exe ->) (98B52D9A-DF7C-493E-BADC-37004A92EFC8 -> ) C:\Program Files\WindowsApps\KDEe.V.KDEConnect_23.400.1322.0_x64__7vt06qxq7ptv8\bin\kdeconnect-indicator.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(explorer.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(explorer.exe ->) (cFos Software GmbH -> cFos Software GmbH) C:\Program Files\cFosSpeed\cfosspeed.exe
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (Now.gg, INC -> now.gg, Inc.) C:\Users\Francisco Narde\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe <4>
(explorer.exe ->) (VS Revo Group Ltd. -> VS Revo Group) C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe
(GIGA-BYTE TECHNOLOGY CO., LTD. -> ) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler64.exe
(services.exe ->) () [Arquivo não assinado] C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
(services.exe ->) (Abstradrome -> ) C:\Program Files (x86)\HDD Regenerator\hrsrv.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPDU.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0394246.inf_amd64_d7748c83520c2dbe\B394106\atiesrxx.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Driver Updater\DriverUpdSvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\TuneUp\TuneupSvc.exe
(services.exe ->) (cFos Software GmbH -> cFos Software GmbH) C:\Program Files\cFosSpeed\spd.exe
(services.exe ->) (Cisco-Linksys LLC -> Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(services.exe ->) (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe
(services.exe ->) (GIGA-BYTE TECHNOLOGY CO., LTD. -> Microsoft) C:\Program Files (x86)\GIGABYTE\GService\GCloud.exe
(services.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome Remote Desktop\116.0.5845.9\remoting_host.exe <2>
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Shenzhen Huion Animation Technology Co.,LTD -> ShenZhen Huion Animation Technology Co.Ltd.) C:\Program Files\HuionTablet\HuionTablet.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2210.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Registro (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Gigabyte Speed] => C:\Program Files\cFosSpeed\cFosSpeed.exe [1724248 2019-03-21] (cFos Software GmbH -> cFos Software GmbH)
HKLM\...\Run: [CM8828EX] => C:\WINDOWS\syswow64\ExMgr.exe [204800 2011-02-25] () [Arquivo não assinado]
HKLM\...\Run: [PEIC8828Sound] => C:\Program Files\Xear Audio Center\CPL\FaceLift_x64.exe [2406400 2017-01-20] () [Arquivo não assinado]
HKLM\...\Run: [Linksys Wireless Manager] => C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe [1374264 2009-08-20] (Cisco-Linksys LLC -> Cisco Systems, Inc.)
HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\AVG\TuneUp\TuneupUI.exe [4561336 2023-07-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [DriverUpdUI.exe] => C:\Program Files\AVG\Driver Updater\DriverUpdUI.exe [5837752 2023-07-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1792256 2023-06-23] (Logitech Inc -> Logitech, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [nmctxth] => C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [647216 2009-07-07] (Cisco-Linksys LLC -> Cisco Systems, Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [HuionTablet] => C:\Program Files\HuionTablet\HuionTablet.exe [5581640 2023-01-10] (Shenzhen Huion Animation Technology Co.,LTD -> ShenZhen Huion Animation Technology Co.Ltd.)
HKLM-x32\...\Run: [HDD Regenerator] => C:\Program Files (x86)\HDD Regenerator\Shell.exe [90336 2013-05-08] (Abstradrome -> )
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.54\Installer\setup.exe [3690040 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\RunOnce: [msedge_cleanup_{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}] => C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.54\Installer\setup.exe [3690040 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\GIGABYTE\AppCenter\PreRun.exe [14632 2016-02-26] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Update: Restrição <==== ATENÇÃO
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\77.0.3.0\GoogleDriveFS.exe --startup_mode (Nenhum Arquivo)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\77.0.3.0\GoogleDriveFS.exe --startup_mode (Nenhum Arquivo)
HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2609072 2023-08-10] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\Run: [Chromium] => "c:\users\francisco narde\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session [4195328 2017-10-06] (The Chromium Authors) [Arquivo não assinado]
HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [41572768 2023-07-12] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32754128 2022-12-13] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [190280 2021-09-30] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\Run: [AMDDVR] => C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe [2406840 2023-07-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4246376 2022-12-15] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\Run: [Spotify] => C:\Users\Francisco Narde\AppData\Roaming\Spotify\Spotify.exe [28551544 2023-08-18] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\Run: [MicrosoftEdgeAutoLaunch_3B3A48A65B5FF19AFF2D9D49488A77B3] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4116520 2023-08-18] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\Run: [electron.app.BlueStacks Services] => C:\Users\Francisco Narde\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe [162219656 2023-08-17] (Now.gg, INC -> now.gg, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\116.0.5845.111\Installer\chrmstp.exe [2023-08-24] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restrição <==== ATENÇÃO

==================== Tarefas Agendadas (Whitelisted) =================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {12C7FA03-1E04-48E1-8A6D-8C83BDDC504A} - \AMDInstallLauncher -> Nenhum Arquivo <==== ATENÇÃO
Task: {D6F5A89B-59FF-4BB2-844B-E3B12D9294E5} - \AMDLinkUpdate -> Nenhum Arquivo <==== ATENÇÃO
Task: {9D39F806-77D9-465F-9BF9-545C28636D6A} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [302968 2023-08-07] (Now.gg, INC -> BlueStack Systems, Inc.)
Task: {AC48DB37-1049-420F-9ED9-67A20901A358} - System32\Tasks\GoogleUpdateTaskMachineCore{D4073836-A52B-4F18-AC15-AEF09DBAC7D1} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-22] (Google LLC -> Google LLC)
Task: {7BBC799B-C9DB-405C-87B8-74FC7D06D773} - System32\Tasks\GoogleUpdateTaskMachineUA{F1BCF33E-4DFD-4ED7-944F-1F50D7BF7621} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-22] (Google LLC -> Google LLC)
Task: {C3024BBB-47C5-4554-86A4-B2D4647DBDEC} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(1): %windir%\system32\compattelrunner.exe -> -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc
Task: {C3024BBB-47C5-4554-86A4-B2D4647DBDEC} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(2): %windir%\system32\compattelrunner.exe -> -m:appraiser.dll -f:DoScheduledTelemetryRun
Task: {C3024BBB-47C5-4554-86A4-B2D4647DBDEC} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(3): %windir%\system32\compattelrunner.exe -> -m:aemarebackup.dll -f:BackupMareData
Task: {0E65F054-1302-431D-89AD-5FBD8C8BC5EC} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [686496 2023-08-11] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {61890F7B-1387-41B3-BC76-5E6057BC430E} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4125608 2023-08-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {D70D60A2-3688-455A-8F41-C5D6A0AA843D} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3907471261-615860086-2012423866-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4125608 2023-08-10] (Microsoft Corporation -> Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Winsock: Catalog9 17 %windir%\system32\vsocklib.dll => Nenhum Arquivo
Winsock: Catalog9 18 %windir%\system32\vsocklib.dll => Nenhum Arquivo
Winsock: Catalog9-x64 17 %windir%\system32\vsocklib.dll => Nenhum Arquivo
Winsock: Catalog9-x64 18 %windir%\system32\vsocklib.dll => Nenhum Arquivo
Tcpip\Parameters: [DhcpNameServer] 177.92.143.254 8.8.8.8
Tcpip\..\Interfaces\{faa4086f-8f47-40da-97b1-9e4d6204ee61}: [DhcpNameServer] 177.92.143.254 8.8.8.8

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Francisco Narde\AppData\Local\Microsoft\Edge\User Data\Default [2023-08-24]
Edge Notifications: Default -> hxxps://www.instagram.com
Edge Extension: (Editor Microsoft: Verificador Ortográfico e Gramatical) - C:\Users\Francisco Narde\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hokifickgkhplphjiodbggjmoafhignh [2023-08-08]
Edge Extension: (Edge relevant text changes) - C:\Users\Francisco Narde\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-08-08]

FireFox:
========
FF DefaultProfile: 4d8cb8zv.default
FF ProfilePath: C:\Users\Francisco Narde\AppData\Roaming\Mozilla\Firefox\Profiles\4d8cb8zv.default [2023-07-27]
FF NewTab: Mozilla\Firefox\Profiles\4d8cb8zv.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__200103
FF ProfilePath: C:\Users\Francisco Narde\AppData\Roaming\Mozilla\Firefox\Profiles\ms2im456.default-release [2023-08-24]
FF NewTab: Mozilla\Firefox\Profiles\ms2im456.default-release -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__200103
FF Notifications: Mozilla\Firefox\Profiles\ms2im456.default-release -> hxxps://www.facebook.com; hxxps://www.instagram.com; hxxps://mail.google.com; hxxps://porneq.com; hxxps://tinder.com
FF Extension: (Vídeo DownloadHelper) - C:\Users\Francisco Narde\AppData\Roaming\Mozilla\Firefox\Profiles\ms2im456.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2023-07-31]
FF Extension: (Adblock Plus - bloqueador de anúncios grátis) - C:\Users\Francisco Narde\AppData\Roaming\Mozilla\Firefox\Profiles\ms2im456.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2023-06-22]
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [Nenhum Arquivo]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Francisco Narde\AppData\Local\Google\Chrome\User Data\Default [2023-08-24]
CHR Notifications: Default -> hxxps://shopee.com.br
CHR HomePage: Default -> hxxp://www.google.com/
CHR Extension: (Adblock Plus - bloqueador de anúncios grátis) - C:\Users\Francisco Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2023-08-24]
CHR Extension: (Adobe Acrobat: ferramentas para editar, converter e assinar PDFs) - C:\Users\Francisco Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-08-24]
CHR Extension: (Hiddengram - view insta stories anonymously) - C:\Users\Francisco Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\gadndffmjdmdkjkmfmioeibmlabhbccb [2022-09-07]
CHR Extension: (Documentos Google off-line) - C:\Users\Francisco Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-23]
CHR Extension: (AdBlock — o melhor bloqueador de anúncios) - C:\Users\Francisco Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2023-08-09]
CHR Extension: (Embedy HD) - C:\Users\Francisco Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\igldobfphppodifdnpealajhijnpaohf [2022-11-18]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Francisco Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2022-12-26]
CHR Extension: (Acesso rápido a apps para o Drive (do Google)) - C:\Users\Francisco Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-08-20]
CHR Extension: (Vídeo DownloadHelper) - C:\Users\Francisco Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2023-08-23]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Francisco Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (AdBlocker Ultimate) - C:\Users\Francisco Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohahllgiabjaoigichmmfljhkcfikeof [2023-05-22]
CHR Profile: C:\Users\Francisco Narde\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-07-27]
CHR Profile: C:\Users\Francisco Narde\AppData\Local\Google\Chrome\User Data\System Profile [2023-07-27]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKU\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]

Opera:
=======
OPR Profile: C:\Users\Francisco Narde\AppData\Roaming\Opera Software\Opera Stable [2023-07-27]

==================== Serviços (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3966432 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 AppleChargerSrv; C:\WINDOWS\System32\AppleChargerSrv.exe [31272 2010-04-06] (Giga-Byte Technology -> )
S3 ATLOISAService; C:\WINDOWS\system\ATLOISAService.exe [512000 2013-10-25] (Cmedia Electronics Inc.) [Arquivo não assinado]
R2 AUEPLauncher; C:\Program Files\AMD\CIM\..\Performance Profile Client\AUEPDU.exe [527800 ] (Advanced Micro Devices Inc. -> AMD)
R2 cFosSpeedS; C:\Program Files\cFosSpeed\spd.exe [595288 2019-03-21] (cFos Software GmbH -> cFos Software GmbH)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\116.0.5845.9\remoting_host.exe [74520 2023-06-26] (Google LLC -> Google LLC)
R2 CleanupPSvc; C:\Program Files\AVG\TuneUp\TuneupSvc.exe [17766328 2023-07-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 DriverUpdSvc; C:\Program Files\AVG\Driver Updater\DriverUpdSvc.exe [9692600 2023-07-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 EasyTuneEngineService; C:\Program Files (x86)\Gigabyte\EasyTuneEngineService\EasyTuneEngineService.exe [147824 2022-06-14] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2022-11-16] (Epic Games Inc. -> Epic Games, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.153.0724.0003\FileSyncHelper.exe [3447728 2023-08-10] (Microsoft Corporation -> Microsoft Corporation)
R2 gadjservice; C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe [18944 2021-04-08] () [Arquivo não assinado]
R2 Gservice; C:\Program Files (x86)\GIGABYTE\GService\GCloud.exe [19888 2016-12-02] (GIGA-BYTE TECHNOLOGY CO., LTD. -> Microsoft)
R2 hddrsrv; C:\Program Files (x86)\HDD Regenerator\hrsrv.exe [82144 2013-05-08] (Abstradrome -> )
S2 OCButtonService; C:\Program Files (x86)\Gigabyte\EasyTuneEngineService\OcButtonService.exe [127360 2021-04-13] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.153.0724.0003\OneDriveUpdaterService.exe [3783592 2023-08-10] (Microsoft Corporation -> Microsoft Corporation)
R2 OptionsPlusUpdaterService; C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe [17874688 2023-08-08] (Logitech Inc -> Logitech, Inc.)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1352832 2020-11-10] (Rockstar Games, Inc. -> Rockstar Games)
S4 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402200 2023-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [16518456 2022-12-12] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S4 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2007.6-0\NisSrv.exe [2169576 2020-07-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2007.6-0\MsMpEng.exe [128376 2020-07-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 AvgWscReporter; "C:\Program Files\AVG\Antivirus\wsc_proxy.exe" /runassvc /rpcserver [X]
S3 Browser; %SystemRoot%\System32\browser.dll [X]

===================== Drivers (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [25584 2023-06-13] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [27256 2022-01-27] (ASMedia Technology Inc. -> Advanced Micro Devices, Inc)
R2 AMDRyzenMasterDriverV19; C:\WINDOWS\system32\AMDRyzenMasterDriver.sys [48328 2023-07-18] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
S2 AMDRyzenMasterDriverV20; C:\WINDOWS\system32\AMDRyzenMasterDriver.sys [48328 2023-07-18] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_54807f69fe156f14\amdsafd.sys [113088 2023-04-13] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0394246.inf_amd64_d7748c83520c2dbe\B394106\amdkmdag.sys [99727792 2023-07-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [61888 2023-05-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R1 AppleCharger; C:\WINDOWS\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [310672 2023-08-07] (Microsoft Windows Hardware Compatibility Publisher -> Bluestack System Inc.)
R1 cFosSpeed; C:\WINDOWS\system32\DRIVERS\cfosspeed6.sys [1595456 2019-03-21] (cFos Software GmbH -> cFos Software GmbH)
R3 CmHdAudAddService; C:\WINDOWS\System32\drivers\CMHDAudioB64.sys [64000 2014-03-26] (C-MEDIA ELECTRONICS INC. -> C-Media Electronics Inc.)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation -> EldoS Corporation)
S3 gdrv; C:\WINDOWS\gdrv.sys [26792 2019-12-21] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R3 gdrv3; C:\WINDOWS\System32\drivers\gdrv3.sys [41480 2023-01-21] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 pnarp; C:\WINDOWS\system32\DRIVERS\pnarp.sys [33328 2009-07-07] (Cisco-Linksys LLC -> Cisco Systems, Inc.)
S3 PTSimBus; C:\WINDOWS\System32\drivers\PTSimBus.sys [32128 2012-12-22] (UC-Logic Technology Corporation -> PenTablet Driver)
S3 PTSimHid; C:\WINDOWS\System32\drivers\PTSimHid.sys [22912 2012-12-22] (UC-Logic Technology Corporation -> UC-Logic Technology Corp.)
R2 purendis; C:\WINDOWS\system32\DRIVERS\purendis.sys [35376 2009-07-07] (Cisco-Linksys LLC -> Cisco Systems, Inc.)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [24000 2019-09-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
S1 UsbCharger; C:\WINDOWS\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
R3 vmulti; C:\WINDOWS\System32\drivers\vmulti.sys [10752 2018-03-16] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S4 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [78232 2020-07-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S4 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [430312 2020-07-19] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\System32\drivers\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
S4 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [98544 2020-07-19] (Microsoft Windows -> Microsoft Corporation)
S3 WUSB54GCv3; C:\WINDOWS\system32\DRIVERS\WUSB54GCv3.sys [797184 2009-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Ralink Technology Corp.)
S3 XSplit_Dummy; C:\WINDOWS\system32\drivers\xspltspk.sys [37816 2021-06-30] (SplitmediaLabs Limited -> SplitmediaLabs Limited)
S3 XSpltAud; C:\WINDOWS\System32\drivers\XSpltAud.sys [82440 2021-08-25] (Microsoft Windows Hardware Compatibility Publisher -> SplitmediaLabs Limited)
U1 avgbdisk; não ImagePath
S3 nsvst_NGC; \SystemRoot\System32\drivers\NGCx64\1617060.005\nsvst.sys [X]
S3 SymEvnt; \??\C:\Program Files\Norton Security\NortonData\22.23.6.5\SymPlatform\SymEvnt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

==================== Um mês (criados) (Whitelisted) =========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2023-08-24 23:08 - 2023-08-24 23:08 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\DeepL_SE
2023-08-24 22:33 - 2023-08-24 22:34 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\Notepad
2023-08-24 22:23 - 2023-08-24 22:23 - 000000000 ____D C:\ProgramData\NortonInstaller
2023-08-24 22:22 - 2023-08-24 23:07 - 000000000 ____D C:\ProgramData\Norton
2023-08-19 05:37 - 2023-08-19 05:37 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-DESKTOP-0BF3N7R-Windows-10-Pro-(64-bit).dat
2023-08-19 05:37 - 2023-08-19 05:37 - 000000000 ____D C:\RegBackup
2023-08-19 05:31 - 2023-08-19 05:38 - 000227998 _____ C:\WINDOWS\ntbtlog.txt
2023-08-19 05:31 - 2023-08-19 05:31 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2023-08-11 03:17 - 2023-08-12 15:08 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-08-10 23:38 - 2023-08-10 23:38 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\HD-Player
2023-08-10 23:34 - 2023-08-24 21:38 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\BlueStacks X
2023-08-10 23:34 - 2023-08-10 23:34 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\BSXCache
2023-08-10 23:30 - 2023-08-10 23:30 - 000006865 _____ C:\Users\Francisco Narde\-1.14-windows.xml
2023-08-10 23:30 - 2023-08-10 23:30 - 000003958 _____ C:\WINDOWS\system32\Tasks\BlueStacksHelper_nxt
2023-08-10 23:29 - 2023-08-24 23:08 - 000000000 ____D C:\Users\Francisco Narde\AppData\Roaming\bluestacks-services
2023-08-10 23:29 - 2023-08-18 19:08 - 000002488 _____ C:\Users\Francisco Narde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlueStacks Services.lnk
2023-08-10 23:29 - 2023-08-18 19:08 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\bluestacks-services-updater
2023-08-10 23:29 - 2023-08-10 23:29 - 000000000 ____D C:\Program Files\BlueStacks_nxt
2023-08-10 23:28 - 2023-08-10 23:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks X
2023-08-10 23:26 - 2023-08-10 23:29 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\Bluestacks
2023-08-10 23:26 - 2023-08-10 23:26 - 000000000 ____D C:\Users\Public\BlueStacks
2023-08-09 05:13 - 2023-08-09 05:13 - 000000000 ___HD C:\$WinREAgent
2023-08-08 18:16 - 2023-08-08 18:16 - 000000000 ____D C:\Program Files\LogiOptionsPlus
2023-08-03 05:34 - 2023-08-03 05:34 - 000003960 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{F1BCF33E-4DFD-4ED7-944F-1F50D7BF7621}
2023-08-03 05:34 - 2023-08-03 05:34 - 000003836 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{D4073836-A52B-4F18-AC15-AEF09DBAC7D1}
2023-08-01 07:51 - 2023-08-10 02:21 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-07-31 04:30 - 2023-08-04 08:06 - 000000000 ____D C:\Users\Francisco Narde\AppData\LocalLow\IGDump
2023-07-31 04:28 - 2023-07-31 04:28 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\mbam
2023-07-27 04:18 - 2023-08-10 02:21 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3907471261-615860086-2012423866-1001
2023-07-26 08:49 - 2023-07-26 09:19 - 000000000 ____D C:\Users\Francisco Narde\AppData\Roaming\ZHP
2023-07-26 08:49 - 2023-07-26 08:49 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\ZHP
2023-07-26 03:16 - 2023-07-26 03:16 - 000000000 ____D C:\Users\Francisco Narde\AppData\LocalLow\AMD
2023-07-26 03:08 - 2023-07-26 03:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Software꞉ Adrenalin Edition
2023-07-26 03:08 - 2023-07-26 03:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Bug Report Tool
2023-07-26 02:42 - 2023-07-25 14:25 - 001592712 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2023-07-26 02:42 - 2023-07-25 14:25 - 000949680 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2023-07-26 02:42 - 2023-07-25 14:25 - 000832904 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2023-07-26 02:42 - 2023-07-25 14:25 - 000832904 _____ C:\WINDOWS\system32\vulkaninfo.exe
2023-07-26 02:42 - 2023-07-25 14:25 - 000721288 _____ C:\WINDOWS\system32\hiprt0200064.dll
2023-07-26 02:42 - 2023-07-25 14:25 - 000715144 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2023-07-26 02:42 - 2023-07-25 14:25 - 000715144 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2023-07-26 02:42 - 2023-07-25 14:25 - 000668544 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2023-07-26 02:42 - 2023-07-25 14:25 - 000668544 _____ C:\WINDOWS\system32\vulkan-1.dll
2023-07-26 02:42 - 2023-07-25 14:25 - 000653088 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2023-07-26 02:42 - 2023-07-25 14:25 - 000653088 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2023-07-26 02:42 - 2023-07-25 14:25 - 000596360 _____ C:\WINDOWS\system32\GameManager64.dll
2023-07-26 02:42 - 2023-07-25 14:25 - 000539016 _____ C:\WINDOWS\system32\libsmi_guest.dll
2023-07-26 02:42 - 2023-07-25 14:25 - 000531848 _____ C:\WINDOWS\system32\libsmi_host.dll
2023-07-26 02:42 - 2023-07-25 14:25 - 000525744 _____ C:\WINDOWS\system32\atieah64.exe
2023-07-26 02:42 - 2023-07-25 14:25 - 000492424 _____ C:\WINDOWS\system32\EEURestart.exe
2023-07-26 02:42 - 2023-07-25 14:25 - 000463240 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2023-07-26 02:42 - 2023-07-25 14:25 - 000449928 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2023-07-26 02:42 - 2023-07-25 14:25 - 000394672 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2023-07-26 02:42 - 2023-07-25 14:25 - 000256432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2023-07-26 02:42 - 2023-07-25 14:25 - 000217008 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2023-07-26 02:42 - 2023-07-25 14:25 - 000200376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2023-07-26 02:42 - 2023-07-25 14:25 - 000197000 _____ C:\WINDOWS\system32\mantle64.dll
2023-07-26 02:42 - 2023-07-25 14:25 - 000186288 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2023-07-26 02:42 - 2023-07-25 14:25 - 000176008 _____ C:\WINDOWS\system32\mantleaxl64.dll
2023-07-26 02:42 - 2023-07-25 14:25 - 000174000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2023-07-26 02:42 - 2023-07-25 14:25 - 000163272 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2023-07-26 02:42 - 2023-07-25 14:25 - 000153480 _____ C:\WINDOWS\SysWOW64\mantle32.dll
2023-07-26 02:42 - 2023-07-25 14:25 - 000137608 _____ C:\WINDOWS\SysWOW64\mantleaxl32.dll
2023-07-26 02:42 - 2023-07-25 14:25 - 000137136 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2023-07-26 02:42 - 2023-07-25 14:25 - 000132528 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
2023-07-26 02:42 - 2023-07-25 14:25 - 000108424 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2023-07-26 02:42 - 2023-07-25 14:25 - 000064944 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
2023-07-26 02:42 - 2023-07-25 14:24 - 089144752 _____ C:\WINDOWS\SysWOW64\amd_comgr32.dll
2023-07-26 02:42 - 2023-07-25 14:24 - 011746704 _____ C:\WINDOWS\system32\amdsmi.exe
2023-07-26 02:42 - 2023-07-25 14:24 - 004375472 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdadlx64.dll
2023-07-26 02:42 - 2023-07-25 14:24 - 004179888 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdadlx32.dll
2023-07-26 02:42 - 2023-07-25 14:24 - 002175920 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdsasrv64.dll
2023-07-26 02:42 - 2023-07-25 14:24 - 001701048 _____ (AMD) C:\WINDOWS\system32\amf-mft-mjpeg-decoder64.dll
2023-07-26 02:42 - 2023-07-25 14:24 - 001305008 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdsacli64.dll
2023-07-26 02:42 - 2023-07-25 14:24 - 001029552 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdsacli32.dll
2023-07-26 02:42 - 2023-07-25 14:24 - 000933808 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2023-07-26 02:42 - 2023-07-25 14:24 - 000791432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Rapidfire64.dll
2023-07-26 02:42 - 2023-07-25 14:24 - 000761264 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2023-07-26 02:42 - 2023-07-25 14:24 - 000668552 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\Rapidfire.dll
2023-07-26 02:42 - 2023-07-25 14:24 - 000558512 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2023-07-26 02:42 - 2023-07-25 14:24 - 000532360 _____ C:\WINDOWS\system32\dgtrayicon.exe
2023-07-26 02:42 - 2023-07-25 14:24 - 000514440 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2023-07-26 02:42 - 2023-07-25 14:24 - 000461232 _____ C:\WINDOWS\system32\amdlogum.exe
2023-07-26 02:42 - 2023-07-25 14:24 - 000422320 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2023-07-26 02:42 - 2023-07-25 14:24 - 000379824 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2023-07-26 02:42 - 2023-07-25 14:24 - 000351152 _____ C:\WINDOWS\system32\clinfo.exe
2023-07-26 02:42 - 2023-07-25 14:24 - 000155944 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2023-07-26 02:42 - 2023-07-25 14:24 - 000145520 _____ C:\WINDOWS\system32\atidxx64.dll
2023-07-26 02:42 - 2023-07-25 14:24 - 000128392 _____ C:\WINDOWS\system32\amdxc64.dll
2023-07-26 02:42 - 2023-07-25 14:24 - 000125744 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2023-07-26 02:42 - 2023-07-25 14:24 - 000118968 _____ C:\WINDOWS\SysWOW64\atidxx32.dll
2023-07-26 02:42 - 2023-07-25 14:24 - 000103856 _____ C:\WINDOWS\SysWOW64\amdxc32.dll
2023-07-26 02:42 - 2023-07-25 14:24 - 000041392 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\RapidFireServer64.dll
2023-07-26 02:42 - 2023-07-25 14:24 - 000038280 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\RapidFireServer.dll
2023-07-26 02:42 - 2023-07-25 14:23 - 105774472 _____ C:\WINDOWS\system32\amd_comgr.dll
2023-07-26 02:42 - 2023-07-25 14:23 - 016633736 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdhip64.dll
2023-07-26 02:42 - 2023-07-25 14:23 - 001378312 _____ (AMD) C:\WINDOWS\SysWOW64\amf-mft-mjpeg-decoder32.dll
2023-07-26 02:42 - 2023-07-25 14:23 - 000553256 _____ C:\WINDOWS\system32\amdmiracast.dll
2023-07-26 02:42 - 2023-07-25 14:23 - 000166792 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
2023-07-26 02:42 - 2023-07-25 14:23 - 000155936 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2023-07-26 02:42 - 2023-07-25 14:23 - 000135560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl.dll
2023-07-26 02:42 - 2023-07-25 14:23 - 000125704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2023-07-26 02:42 - 2023-07-25 14:22 - 000165832 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2023-07-26 02:42 - 2023-07-25 14:22 - 000140264 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2023-07-26 02:42 - 2023-07-25 12:32 - 103840760 _____ C:\WINDOWS\system32\amdxc64.so
2023-07-26 02:42 - 2023-07-25 12:32 - 031938072 _____ C:\WINDOWS\system32\hiprt02000_amd.hipfb
2023-07-26 02:42 - 2023-07-25 12:32 - 023302232 _____ C:\WINDOWS\system32\hiprt02000_nv.fatbin
2023-07-26 02:42 - 2023-07-25 12:32 - 002433848 _____ C:\WINDOWS\system32\oro_compiled_kernels.hipfb
2023-07-26 02:42 - 2023-07-25 12:32 - 002000584 _____ C:\WINDOWS\system32\oro_compiled_kernels.fatbin

==================== Um mês (modificados) ==================

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2023-08-24 23:10 - 2023-07-24 06:50 - 000000000 ____D C:\FRST
2023-08-24 23:09 - 2021-12-17 07:00 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-08-24 23:09 - 2019-10-30 00:58 - 000000000 ____D C:\Program Files (x86)\Google
2023-08-24 23:08 - 2023-06-27 04:29 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\LogiOptionsPlus
2023-08-24 23:08 - 2019-03-20 00:29 - 000000000 ___RD C:\Users\Francisco Narde\OneDrive
2023-08-24 23:07 - 2022-12-26 12:00 - 000000000 ____D C:\Program Files\TeamViewer
2023-08-24 23:07 - 2021-10-06 17:59 - 000000000 ____D C:\ProgramData\AVG
2023-08-24 23:07 - 2020-07-30 22:14 - 000008192 ___SH C:\DumpStack.log.tmp
2023-08-24 23:07 - 2020-07-19 02:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-08-24 23:07 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-08-24 23:07 - 2019-12-07 06:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-08-24 23:07 - 2019-10-30 00:25 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2023-08-24 22:44 - 2019-12-07 06:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-08-24 22:44 - 2019-12-07 06:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2023-08-24 22:33 - 2022-04-24 22:11 - 000000000 ____D C:\Users\Francisco Narde\AppData\Roaming\qBittorrent
2023-08-24 22:30 - 2019-10-29 22:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2023-08-24 21:41 - 2020-11-09 16:28 - 000004202 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{8E6CDB7D-C0DB-4FD4-9899-F020CAC9E76F}
2023-08-24 21:38 - 2019-10-30 00:59 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-08-24 21:37 - 2020-07-19 02:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-08-24 09:07 - 2022-09-03 03:51 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\Spotify
2023-08-24 09:05 - 2022-09-03 03:50 - 000000000 ____D C:\Users\Francisco Narde\AppData\Roaming\Spotify
2023-08-24 02:54 - 2020-02-21 19:40 - 000000000 ____D C:\ProgramData\boost_interprocess
2023-08-23 23:13 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-08-23 23:13 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-08-23 20:29 - 2019-12-21 23:21 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\ElevatedDiagnostics
2023-08-23 20:29 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2023-08-23 06:09 - 2020-10-22 22:38 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-08-22 21:04 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-08-22 06:12 - 2020-08-08 22:07 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\CrashDumps
2023-08-19 05:52 - 2022-07-04 22:32 - 000583536 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-08-19 05:52 - 2019-10-30 00:14 - 000000000 ____D C:\WINDOWS\CSC
2023-08-16 04:01 - 2019-10-30 00:41 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\D3DSCache
2023-08-15 00:47 - 2021-12-31 14:00 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\AMD_Common
2023-08-14 19:56 - 2019-10-30 00:41 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\Packages
2023-08-14 12:19 - 2020-07-19 01:31 - 000000000 ____D C:\Users\Francisco Narde
2023-08-13 17:06 - 2020-06-04 01:14 - 000000000 ____D C:\Program Files\Common Files\AV
2023-08-12 16:13 - 2021-10-06 18:01 - 000000000 ____D C:\Users\Francisco Narde\AppData\Roaming\AVG
2023-08-12 16:13 - 2021-10-06 18:00 - 000000000 ____D C:\Program Files\Common Files\AVG
2023-08-12 16:13 - 2021-10-06 17:59 - 000000000 ____D C:\Program Files\AVG
2023-08-12 15:39 - 2020-07-22 21:27 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\AVAST Software
2023-08-12 15:08 - 2023-07-08 19:31 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-08-12 15:08 - 2019-10-30 14:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-08-12 02:16 - 2023-06-27 04:29 - 000000000 ____D C:\Users\Francisco Narde\AppData\Roaming\logioptionsplus
2023-08-11 03:29 - 2019-10-30 14:13 - 000000965 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-08-10 02:21 - 2023-07-08 19:32 - 000002098 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-08-09 19:39 - 2020-07-19 02:09 - 001741824 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-08-09 19:39 - 2019-12-07 11:53 - 000752436 _____ C:\WINDOWS\system32\prfh0416.dat
2023-08-09 19:39 - 2019-12-07 11:53 - 000148550 _____ C:\WINDOWS\system32\prfc0416.dat
2023-08-09 19:39 - 2019-12-07 06:13 - 000000000 ____D C:\WINDOWS\INF
2023-08-09 13:20 - 2019-12-07 11:56 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-08-09 13:20 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-08-09 13:20 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-08-09 13:20 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-08-09 13:20 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-08-09 13:20 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-08-09 13:20 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-08-09 13:20 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-08-09 13:20 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\appcompat
2023-08-09 11:45 - 2019-12-07 06:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-08-09 05:29 - 2020-07-19 02:09 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-08-09 03:54 - 2019-10-30 04:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-08-09 03:50 - 2019-10-30 04:43 - 175983240 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-08-08 18:16 - 2021-11-11 22:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2023-08-01 06:02 - 2023-03-05 04:10 - 000000000 ____D C:\Users\Francisco Narde\AppData\Roaming\DeepL_SE
2023-07-31 05:47 - 2021-12-13 06:33 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2023-07-28 06:25 - 2022-02-14 03:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2023-07-28 06:25 - 2020-10-22 22:38 - 000003602 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-07-28 06:25 - 2020-10-22 22:38 - 000003378 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-07-27 04:15 - 2019-06-14 07:06 - 000000000 ____D C:\Users\Francisco Narde\AppData\LocalLow\Temp
2023-07-26 03:11 - 2019-10-30 00:41 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\AMD
2023-07-26 03:11 - 2019-10-30 00:25 - 000000000 ____D C:\Program Files\AMD
2023-07-26 03:10 - 2020-02-21 03:42 - 000000000 ____D C:\Program Files\CCleaner
2023-07-26 03:10 - 2019-03-20 00:31 - 000000000 ____D C:\AMD
2023-07-25 14:25 - 2022-05-06 02:34 - 001592712 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2023-07-25 14:25 - 2021-12-31 14:05 - 002073480 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2023-07-25 14:24 - 2023-04-24 13:35 - 000105384 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdkmpfd.sys
2023-07-25 14:24 - 2022-12-02 15:55 - 000177744 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdihk32.dll
2023-07-25 14:24 - 2021-12-31 14:05 - 000222064 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdihk64.dll

==================== Arquivos na raiz de alguns diretórios ========

2021-05-16 02:31 - 2021-05-16 03:49 - 000000095 _____ () C:\Users\Francisco Narde\AppData\Roaming\Camdata.ini
2021-05-16 02:31 - 2021-05-16 03:49 - 000000408 _____ () C:\Users\Francisco Narde\AppData\Roaming\CamLayout.ini
2021-05-16 02:31 - 2021-05-16 03:49 - 000000408 _____ () C:\Users\Francisco Narde\AppData\Roaming\CamShapes.ini
2021-05-16 02:07 - 2021-05-16 03:49 - 000004522 _____ () C:\Users\Francisco Narde\AppData\Roaming\CamStudio.cfg
2023-06-29 16:58 - 2023-06-29 16:58 - 000000546 _____ () C:\Users\Francisco Narde\AppData\Roaming\PureRef.ini
2019-11-01 18:15 - 2022-11-17 02:20 - 000000205 _____ () C:\Users\Francisco Narde\AppData\Local\oobelibMkey.log
2021-11-20 13:06 - 2021-11-20 13:06 - 000138680 _____ (Microsoft Corporation) C:\Users\Francisco Narde\AppData\Local\WebView2Loader.dll

==================== SigCheck ============================

(Não há correção automática para arquivos que não passaram na verificação.)

==================== Fim de FRST.txt ========================

Elias Pereira · 25 de agosto de 2023

ETAPA 1

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está no CODE abaixo:

CreateRestorePoint:  
CloseProcesses:
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AV: Norton AntiVirus (Enabled - Up to date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
FW: Norton AntiVirus (Enabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}
FW: Norton Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
cmd: ipconfig /flushdns  
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
Powershell: Set-MpPreference -DisableRealtimeMonitoring $false
Powershell: Get-MpComputerStatus
EmptyTemp:  
CreateRestorePoint:

Salve este arquivo na na sua área de trabalho com o nome fixlist

OBS: É de extrema importância que o arquivo "fixlist" seja salvo na sua Área de Trabalho/Desktop. Verifique também se o FRST.exe encontra-se na Área de Trabalho/Desktop.

** Clique com o direito sobre o arquivo FRST.EXE, e execute como Administrador

Clique no botão FIX/CORRIGIR

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Abra o arquivo Fixlog.txt, copie e cole seu conteudo na sua proxima resposta.

ETAPA 2

Execute novamente o FRST.exe como administrador

Na caixa de busca copie e cole o conteudo abaixo:
```
SearchAll: Norton
```
Clique no botão Search Files
Um log chamado Search.txt será salvo na Área de Trabalho
Abra o log, copie e cole o seu conteudo na sua proxima resposta

Francisco Narde · 28 de agosto de 2023

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 27-08-2023 01
Executado por Francisco Narde (28-08-2023 04:38:02) Run:11
Executando a partir de D:\Desktop
Perfis Carregados: Francisco Narde
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
CloseProcesses:
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AV: Norton AntiVirus (Enabled - Up to date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
FW: Norton AntiVirus (Enabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}
FW: Norton Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
cmd: ipconfig /flushdns
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
Powershell: Set-MpPreference -DisableRealtimeMonitoring $false
Powershell: Get-MpComputerStatus
EmptyTemp:
CreateRestorePoint:
*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
"AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}" => removido (a) com sucesso.
"AV: Norton Security (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}" => removido (a) com sucesso.
"AV: Norton AntiVirus (Enabled - Up to date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}" => removido (a) com sucesso.
"FW: Norton AntiVirus (Enabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}" => removido (a) com sucesso.
"FW: Norton Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}" => removido (a) com sucesso.

========= ipconfig /flushdns =========

Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

========= Fim de CMD: =========

========= netsh winsock reset catalog =========

Cat logo Winsock redefinido com ˆxito.
Reinicie o computador para concluir a redefini‡Æo.

========= Fim de CMD: =========

========= netsh int ip reset resetlog.txt =========

Redefinindo Encaminhamento de Compartimento, OK!
Redefinindo Compartimento, OK!
Redefinindo Protocolo de Controle, OK!
Redefinindo Solicita‡Æo de Sequˆncia de Eco, OK!
Redefinindo Global, OK!
Redefinindo Interface, OK!
Redefinindo Endere‡o Anycast, OK!
Redefinindo Endere‡o multicast, OK!
Redefinindo Endere‡o Unicast, OK!
Redefinindo Vizinho, OK!
Redefinindo Caminho, OK!
Redefinindo Potencial, OK!
Redefinindo Pol¡tica de Prefixo, OK!
Redefinindo Vizinho de Proxy, OK!
Redefinindo Rota, OK!
Redefinindo Prefixo do Site, OK!
Redefinindo Subinterface, OK!
Redefinindo PadrÆo de Ativa‡Æo, OK!
Redefinindo Resolver Vizinho, OK!
Redefinindo , OK!
Redefinindo , OK!
Redefinindo , OK!
Redefinindo , OK!
Falha ao redefinir .
Acesso negado.

Redefinindo , OK!
Redefinindo , OK!
Redefinindo , OK!
Redefinindo , OK!
Redefinindo , OK!
Redefinindo , OK!
Redefinindo , OK!
Redefinindo , OK!
Reinicie o computador para concluir esta a‡Æo.

========= Fim de CMD: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

0 out of 0 jobs canceled.

========= Fim de CMD: =========

========= ipconfig /flushdns =========

Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

========= Fim de CMD: =========

========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removido (a) com sucesso.
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => removido (a) com sucesso.
HKU\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => removido (a) com sucesso.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.
"HKU\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso.
"HKU\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.

========= Fim de RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => movido com sucesso
Hosts restaurado com sucesso.

========= sfc /scannow =========

Iniciando verificação de arquivos. O processo levará alguns minutos para ser concluído.

Iniciando fase de verificação de verificação do sistema.
Verificação 0% concluída. Verificação 1% concluída. Verificação 1% concluída. Verificação 2% concluída. Verificação 2% concluída. Verificação 3% concluída. Verificação 4% concluída. Verificação 4% concluída. Verificação 5% concluída. Verificação 5% concluída. Verificação 6% concluída. Verificação 6% concluída. Verificação 7% concluída. Verificação 8% concluída. Verificação 8% concluída. Verificação 9% concluída. Verificação 9% concluída. Verificação 10% concluída. Verificação 10% concluída. Verificação 11% concluída. Verificação 12% concluída. Verificação 12% concluída. Verificação 13% concluída. Verificação 13% concluída. Verificação 14% concluída. Verificação 14% concluída. Verificação 15% concluída. Verificação 16% concluída. Verificação 16% concluída. Verificação 17% concluída. Verificação 17% concluída. Verificação 18% concluída. Verificação 18% concluída. Verificação 19% concluída. Verificação 20% concluída. Verificação 20% concluída. Verificação 21% concluída. Verificação 21% concluída. Verificação 22% concluída. Verificação 22% concluída. Verificação 23% concluída. Verificação 24% concluída. Verificação 24% concluída. Verificação 25% concluída. Verificação 25% concluída. Verificação 26% concluída. Verificação 26% concluída. Verificação 27% concluída. Verificação 28% concluída. Verificação 28% concluída. Verificação 29% concluída. Verificação 29% concluída. Verificação 30% concluída. Verificação 30% concluída. Verificação 31% concluída. Verificação 32% concluída. Verificação 32% concluída. Verificação 33% concluída. Verificação 33% concluída. Verificação 34% concluída. Verificação 34% concluída. Verificação 35% concluída. Verificação 36% concluída. Verificação 36% concluída. Verificação 37% concluída. Verificação 37% concluída. Verificação 38% concluída. Verificação 38% concluída. Verificação 39% concluída. Verificação 40% concluída. Verificação 40% concluída. Verificação 41% concluída. Verificação 41% concluída. Verificação 42% concluída. Verificação 42% concluída. Verificação 43% concluída. Verificação 44% concluída. Verificação 44% concluída. Verificação 45% concluída. Verificação 45% concluída. Verificação 46% concluída. Verificação 46% concluída. Verificação 47% concluída. Verificação 48% concluída. Verificação 48% concluída. Verificação 49% concluída. Verificação 49% concluída. Verificação 50% concluída. Verificação 50% concluída. Verificação 51% concluída. Verificação 52% concluída. Verificação 52% concluída. Verificação 53% concluída. Verificação 53% concluída. Verificação 54% concluída. Verificação 54% concluída. Verificação 55% concluída. Verificação 56% concluída. Verificação 56% concluída. Verificação 57% concluída. Verificação 57% concluída. Verificação 58% concluída. Verificação 58% concluída. Verificação 59% concluída. Verificação 60% concluída. Verificação 60% concluída. Verificação 61% concluída. Verificação 61% concluída. Verificação 62% concluída. Verificação 62% concluída. Verificação 63% concluída. Verificação 64% concluída. Verificação 64% concluída. Verificação 65% concluída. Verificação 65% concluída. Verificação 66% concluída. Verificação 66% concluída. Verificação 67% concluída. Verificação 68% concluída. Verificação 68% concluída. Verificação 69% concluída. Verificação 69% concluída. Verificação 70% concluída. Verificação 70% concluída. Verificação 71% concluída. Verificação 72% concluída. Verificação 72% concluída. Verificação 73% concluída. Verificação 73% concluída. Verificação 74% concluída. Verificação 74% concluída. Verificação 75% concluída. Verificação 76% concluída. Verificação 76% concluída. Verificação 77% concluída. Verificação 77% concluída. Verificação 78% concluída. Verificação 78% concluída. Verificação 79% concluída. Verificação 80% concluída. Verificação 80% concluída. Verificação 81% concluída. Verificação 81% concluída. Verificação 82% concluída. Verificação 82% concluída. Verificação 83% concluída. Verificação 84% concluída. Verificação 84% concluída. Verificação 85% concluída. Verificação 85% concluída. Verificação 86% concluída. Verificação 86% concluída. Verificação 87% concluída. Verificação 88% concluída. Verificação 88% concluída. Verificação 89% concluída. Verificação 89% concluída. Verificação 90% concluída. Verificação 90% concluída. Verificação 91% concluída. Verificação 92% concluída. Verificação 92% concluída. Verificação 93% concluída. Verificação 93% concluída. Verificação 94% concluída. Verificação 94% concluída. Verificação 95% concluída. Verificação 96% concluída. Verificação 96% concluída. Verificação 97% concluída. Verificação 97% concluída. Verificação 98% concluída. Verificação 98% concluída. Verificação 99% concluída. Verificação 100% concluída.

A Proteção de Recursos do Windows encontrou arquivos corrompidos e os reparou com êxito.
Para reparos online, os detalhes são incluídos no arquivo de log CBS localizado em
windir\Logs\CBS\CBS.log. Por exemplo, C:\Windows\Logs\CBS\CBS.log. Para reparos
offline, os detalhes são incluídos no arquivo de log fornecido pelo sinalizador /OFFLOGFILE.

========= Fim de CMD: =========

========= DISM /Online /Cleanup-Image /CheckHealth =========

Ferramenta de Gerenciamento e Manuten‡Æo de Imagens de Implanta‡Æo
VersÆo: 10.0.19041.844

VersÆo da Imagem: 10.0.19045.3324

Nenhuma corrup‡Æo de reposit¢rio de componentes detectada.
A opera‡Æo foi conclu¡da com ˆxito.

========= Fim de CMD: =========

========= Set-MpPreference -DisableRealtimeMonitoring $false =========

Set-MpPreference : Ocorreu um erro geral não coberto por um código de erro mais específico.
No C:\FRST\tmp.ps1:1 caractere:1
+ Set-MpPreference -DisableRealtimeMonitoring $false
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference],
CimException
+ FullyQualifiedErrorId : HRESULT 0x800106ba,Set-MpPreference

========= Fim de Powershell: =========

========= Get-MpComputerStatus =========

Get-MpComputerStatus : Ocorreu um erro geral não coberto por um código de erro mais específico.
No C:\FRST\tmp.ps1:1 caractere:1
+ Get-MpComputerStatus
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT_MpComputerStatus:ROOT\Microsoft\...pComputerStatus) [Get-MpComputerS
tatus], CimException
+ FullyQualifiedErrorId : HRESULT 0x800106ba,Get-MpComputerStatus

========= Fim de Powershell: =========

Ponto de Restauração criado com sucesso.

=========== EmptyTemp: ==========

FlushDNS => completado
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 56263950 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 692180 B
Edge => 0 B
Chrome => 533894169 B
Firefox => 54960540 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 48928 B
NetworkService => 48928 B
Francisco Narde => 117445438 B

RecycleBin => 90465 B
EmptyTemp: => 729.3 MB de dados temporários Removidos.

================================

O sistema precisou ser reiniciado.

==== Fim de Fixlog 04:42:17 ====

Farbar Recovery Scan Tool (x64) Versão: 27-08-2023 01
Executado por Francisco Narde (28-08-2023 04:46:16)
Executando a partir de D:\Desktop
Modo da Inicialização: Normal

================== Pesquisar Arquivos: "SearchAll: Norton" =============

Arquivo:
========
C:\Users\Francisco Narde\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\NortonLifeLock_Norton Security
[2023-08-24 22:24][2023-08-24 22:24] 000037014 _____ () E050D858D3EC4EBEB31ADAD4BBDFE84F [Arquivo não assinado]

C:\ProgramData\NortonInstaller\Logs\2023-08-24-22h47m07s\NortonInstall-2023-08-24-22h47m07s.log
[2023-08-24 22:47][2023-08-24 22:47] 000041460 _____ () 01506956F99E7CCE6510E94E7F510ED8 [Arquivo não assinado]

C:\ProgramData\NortonInstaller\Logs\2023-08-24-22h43m41s\NortonInstall-2023-08-24-22h43m41s.log
[2023-08-24 22:43][2023-08-24 22:46] 002057078 _____ () 9E737D937648E1721900D7DA46719CBB [Arquivo não assinado]

C:\ProgramData\NortonInstaller\Logs\2023-08-24-22h31m59s\NortonInstall-2023-08-24-22h31m59s.log
[2023-08-24 22:31][2023-08-24 22:33] 012368686 _____ () C7134F2B697B9F1484FFEC1D1514F1B0 [Arquivo não assinado]

pasta:
========
2023-08-24 22:22 - 2023-08-24 23:07 _____ C:\ProgramData\Norton
2023-08-24 22:23 - 2023-08-24 22:23 _____ C:\ProgramData\NortonInstaller
2020-07-15 07:39 - 2020-07-15 07:39 _____ C:\FRST\Quarantine\C\Users\Francisco Narde\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!003\MicrosoftEdge\ExtensionsByteCodeCache\Extensions\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp
2020-07-15 07:45 - 2020-07-15 07:45 _____ C:\FRST\Quarantine\C\Users\Francisco Narde\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\ExtensionsByteCodeCache\Extensions\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp
2020-06-03 22:51 - 2020-07-15 03:35 _____ C:\FRST\Quarantine\C\ProgramData\Norton
2020-06-03 22:51 - 2020-07-15 02:59 _____ C:\FRST\Quarantine\C\ProgramData\NortonInstaller
2020-06-24 07:18 - 2020-07-15 02:22 _____ C:\FRST\Quarantine\C\Program Files\Common Files\AV\Norton Security

Registro:
========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96237786-C89D-4504-837A-A3BA2C29524D}\InProcServer32]
""="C:\Program Files\Norton Security\Engine\22.23.6.5\symamsi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NortonLifeLock.Norton.Antivirus.IEContextMenu]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NortonLifeLock.Norton.Antivirus.IEContextMenu\CurVer]
""="NortonLifeLock.Norton.Antivirus.IEContextMenu.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NortonLifeLock.Norton.Antivirus.IEContextMenu.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{96237786-C89D-4504-837A-A3BA2C29524D}\InProcServer32]
""="C:\Program Files\Norton Security\Engine32\22.23.6.5\symamsi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}]
"DISPLAYNAME"="Norton AntiVirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}]
"PRODUCTEXE"="C:\Program Files\Norton Security\Engine\22.23.6.5\WSCStub.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}]
"REPORTINGEXE"="C:\Program Files\Norton Security\Engine\22.23.6.5\nsWscSvc.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{96F5A003-BE88-6851-3AAD-B25C2F288CAB}]
"DISPLAYNAME"="Norton AntiVirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{96F5A003-BE88-6851-3AAD-B25C2F288CAB}]
"PRODUCTEXE"="C:\Program Files\Norton Security\Engine\22.23.6.5\WSCStub.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{96F5A003-BE88-6851-3AAD-B25C2F288CAB}]
"REPORTINGEXE"="C:\Program Files\Norton Security\Engine\22.23.6.5\WSCStub.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NortonSecurity_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NortonSecurity_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\Arestore.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\asOELnch.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\BHCA.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\buIH.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\buVss.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\ccSEUPDT.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\chrome.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\CLTLMH.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\cltRT.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\coExport.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\coInst.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\coNatHst.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\CpySnt.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\cscript.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\dcStub.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\dllhost.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\dll_register_server.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\DNLP0808.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\EFAInst.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\ehmsas.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\Elaminst.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\excel.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\explorer.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\firefox.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\GEARDIFx.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\ieuser.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\iexplore.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\InstCA.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\InstStub.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\IPSDgnHC.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\MCUI32.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\msaccess.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\msimn.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\navw32.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\Ncolow.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\Norton Secure VPN.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\Norton Secure VPN.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\nsWscSvc.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\nuPerfScan.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\outlook.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\powerpnt.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\powershell.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\Ruleup.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\Sevinst.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\Sevntx64.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\srtsp_ca.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\sshelper.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\syknlu.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\SymDgnHC.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\SymErr.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\SymHTMLHost.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\SymIMI64.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\symimins.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\tuIH.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\uistub.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\visio.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\VPNService.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\wfpunins.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\winproj.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\winword.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\wscript.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\WSCStub.exe]
"DumpFolder"="C:\ProgramData\Norton\LocalDumps"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules]
"C:\Program Files\Norton Security\NortonData\22.23.6.5\Definitions\IPSDefs\20220922.063\IPSEng64.dll"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant]
"ExecutablesToExclude"="C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NGC\562C4DD5\22.23.6.5\InstStub.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings]
"TargetingAttributes"="{
"Version": 245,
"SchemaVersion": 1,
"PartA": [
"App",
"AppVer",
"AttrDataVer"
],
"Default": [
"DeviceFamily",
"f:FlightRing",
"t:OSVersionFull"
],
"PartB": {
"ACSOVERRIDE": [
"OSArchitecture",
"c:IsAlwaysOnAlwaysConnectedCapable"
],
"APPTARGETEDFEATUREDB": [
"c:FlightingBranchName",
"f:FlightRing",
"t:OSVersionFull",
"DeviceFamily"
],
"CASSCLIENT": [
"OSVersion",
"c:OSEdition",
"f:FlightRing",
"c:OSUILocale",
"f:FlightingBranchName",
"r:OEMMode"
],
"CDM": [
"ChassisTypeId",
"r:CurrentBranch",
"DeviceFamily",
"f:FlightingBranchName",
"f:FlightRing",
"c:InstallLanguage",
"c:IsDomainJoined",
"t:IsTestLab",
"OEMModel",
"OSArchitecture",
"OSVersion",
"t:OSSkuId",
"c:ProcessorIdentifier",
"c:TelemetryLevel",
"t:IsMsftOwned",
"t:WCOSProductId",
"c:OSUILocale",
"c:CommercialId",
"s:MinShellVersion",
"s:MaxShellVersion",
"c:ActivationChannel",
"c:SCCMClientId",
"c:IsCloudDomainJoined",
"r:WebExperience",
"FX_FlightIds",
"AccountFirstChar",
"r:WSX_Windows_Settings_Account",
"r:InstallDate",
"r:WSX_Runtime",
"r:DefaultUserRegion",
"a:GatedFeature_NI22H2",
"r:WSX_Windows_Shell_Start",
"a:GatedFeature_CU23H2",
"r:ExpStates",
"MX_FlightIds",
"n:MXVersion",
"r:CIOptin",
"c:ProcessorCores",
"c:TotalPhysicalRAM",
"r:TestRN",
"u:UpdateServiceUrl",
"u:WUfBClientManaged",
"r:UUSVersion",
"DL_OSVersion",
"r:ExpPkgs",
"u:AllowOptionalContent",
"n:IsMicrosoftAAD"
],
"COMPATLOGGER": [
"osVer",
"ring",
"deviceId"
],
"CONTENT_DELIVERY_MANAGER": [
"c:OSEdition",
"t:OSSkuId",
"c:OSUILocale",
"a:UpgEx_CO21H2",
"a:GStatus_CO21H2",
"a:DataExpDateEpoch_CO21H2",
"a:TimestampEpochString_CO21H2",
"r:AndroidUserOptinValue",
"f:FlightingBranchName",
"f:FlightRing",
"r:CurrentBranch",
"c:ProcessorModel",
"r:NPUEnabledDevice",
"MX_FlightIds",
"r:KnownFoldersBackupStatus",
"c:IsDomainJoined"
],
"CORTANA_GATEKEEPER": [
"r:CurrentBranch",
"f:FlightRing",
"f:IsRetailOS"
],
"CORTANAUWP": [
"c:OSUILocale",
"t:OSVersionFull",
"v:CortanaAppVer"
],
"CORTANAUWPTEST": [
"+CORTANAUWP",
"v:CortanaAppVerTest"
],
"CTAC": [
"+FSS"
],
"DDC": [
"+WU_STORE",
"+_WU_PTI"
],
"DXDB": [
"DeviceFamily",
"f:FlightRing",
"r:IsHybridOrXGpu",
"t:OSVersionFull",
"OSVersion"
],
"EDGE_SERVICEUI": [
"t:LocalDeviceID",
"t:LocalUserID"
],
"FCON": [
"+CDM"
],
"FSS": [
"r:PreviewBuildsManagerEnabled",
"f:BranchReadinessLevelRaw",
"u:BranchReadinessLevelSource",
"r:BuildFID",
"t:DeviceFamily",
"DeviceId",
"c:EnablePreviewBuilds",
"f:FlightingPolicyValue",
"f:IsRetailOS",
"f:ManagePreviewBuilds",
"OSVersionFull",
"t:WCOSProductId",
"r:SmartActiveHoursState",
"r:ActiveHoursStart",
"r:ActiveHoursEnd",
"r:IsCHCapableBuild",
"r:FSRing",
"s:MaxShellVersion",
"s:MinShellVersion",
"c:TPMVersion",
"c:SecureBootCapable",
"c:ProcessorClockSpeed",
"c:ProcessorCores",
"c:TotalPhysicalRAM",
"t:SMode",
"c:SystemVolumeTotalCapacity",
"c:OEMManufacturerName",
"c:OEMModelNumber",
"a:ISVM",
"r:AllowUpgradesWithUnsupportedTPMOrCPU",
"r:IntelPlatformId",
"r:IsConfigMgrEnabled",
"f:IsFlightingEnabled",
"r:DeviceInfoGatherSuccessful"
],
"FXIRISCLIENT": [
"+IRISCLIENT"
],
"GS": [
"t:OSSkuId",
"t:OSVersionFull",
"r:CurrentBranch",
"r:DefaultUserRegion",
"DeviceFamily",
"c:FlightIds",
"f:FlightingBranchName",
"f:FlightRing",
"c:IsCloudDomainJoined",
"t:IsMsftOwned",
"f:IsRetailOS",
"c:OSUILocale",
"c:IsDomainJoined"
],
"IRISCLIENT": [
"+IRISCLIENTBASE",
"c:FlightIds"
],
"IRISCLIENTBASE": [
"DeviceFamily",
"OSVersion",
"t:OSSkuId",
"OSArchitecture",
"c:TelemetryLevel",
"f:FlightRing",
"f:FlightingBranchName",
"c:InternalPrimaryDisplayResolutionHorizontal",
"c:InternalPrimaryDisplayResolutionVetical",
"t:IsMsftOwned",
"c:ChassisType",
"OEMModel",
"c:OSUILocale",
"c:OSEdition",
"r:CurrentBranch",
"t:WCOSProductId",
"c:InstallationType",
"r:InstallDate",
"c:IsCloudDomainJoined",
"c:IsDeviceRetailDemo",
"f:IsRetailOS",
"c:ProcessorClockSpeed",
"c:ProcessorCores",
"c:ProcessorManufacturer",
"c:TotalPhysicalRAM",
"c:D3DMaxFeatureLevel",
"c:IsAlwaysOnAlwaysConnectedCapable",
"t:SMode",
"t:LocalUserID",
"r:AndroidUserOptinValue",
"c:ProcessorModel",
"MX_FlightIds",
"a:UpgEx_CO21H2",
"r:KnownFoldersBackupStatus",
"c:OEMModelSystemFamily",
"OEMName_Uncleaned",
"r:IsSpotlightEnabledInOEMTheme",
"r:IsSpotlightThemeEnabledByOEM",
"r:WindowsAccountSyncConsentApplicable",
"r:WindowsAccountSyncConsentState"
],
"IRISCLIENTV2": [
"+IRISCLIENTBASE",
"IX_FlightIds"
],
"MICROSOFT.WINDOWSFEEDBACKHUB_8WEKYB3D8BBWE": [
"t:OSVersionFull",
"t:IsTestLab",
"f:FlightRing"
],
"MITIGATION": [
"t:DeviceFamily",
"f:FlightRing",
"c:FlightIds",
"c:IsDomainJoined",
"t:IsMsftOwned",
"f:IsRetailOS",
"t:IsTestLab",
"IsVM",
"OEMModel",
"c:OSEdition",
"t:OSSkuId",
"t:OSVersionFull",
"c:OSUILocale",
"t:SMode",
"f:IsFlightingEnabled",
"c:FirmwareVersion",
"c:TelemetryLevel",
"f:FlightingBranchName",
"r:CurrentBranch",
"OSVersion",
"w:FirstStorageSpaceDeviceId",
"r:IsCldFltSyncRoots",
"c:OSInstallType",
"v:IsNotepadExePresent",
"r:StrictHiveSecurityReg",
"a:GatedBlockId_21H1",
"r:UpdateOfferedDays",
"r:UsoScanMitigation",
"r:GamingServicesInstalledKey",
"v:FileExistsMscoreeDll",
"w:NetFx3State",
"r:WCFHTTPActivationNotificationState",
"w:WCFHTTPActivationState",
"r:WCFNonHTTPActivationNotificationState",
"w:WCFNonHTTPActivationState",
"r:DotNetMissingComponentsTroubleshooterSuccess",
"r:IIS_ASPNET",
"w:IIS_ASPNET_WMI",
"r:IIS_NetFxExtensibility",
"w:IIS_NetFxExtensibility_WMI",
"r:WAS_NetFxEnvironment",
"w:WAS_NetFxEnvironment_WMI",
"v:XamlCbsActivationStore",
"v:XamlCbsActivationStoreArm64",
"v:OnnxruntimeVer",
"w:ElanFingerprintDriverVersion",
"r:AADBrokerPluginNotRegistered",
"r:TenantId",
"r:IppPrinterBadDefaultPdc",
"r:FlightingOptOutState",
"r:CloudFilesFilter",
"r:PSAKyoceraMissingDEH",
"r:PSATATriumphMissingDEH",
"r:PSAXeroxMissingDEH",
"w:PSAKyoceraInstalledName",
"w:PSATATriumphInstalledName",
"w:XeroxPsaInstalledName"
],
"MLMOD": [
"ChassisTypeId",
"t:DeviceFamily",
"f:FlightingBranchName",
"f:FlightRing",
"f:IsRetailOS",
"t:OSSkuId",
"t:OSVersionFull",
"c:OSUILocale",
"OSVersion",
"c:TelemetryLevel",
"r:CurrentBranch",
"t:IsTestLab",
"c:PrimaryDiskType",
"FX_FlightIds"
],
"MTP": [
"+_WU_OS_CORE"
],
"MUSE": [
"+_WU_FB",
"ChassisTypeId",
"deviceClass",
"deviceId",
"c:FlightIds",
"locale",
"ms",
"os",
"osVer",
"ring",
"sampleId",
"sku",
"r:DaysSince19H1FUOffer",
"u:DisableDualScan",
"u:UpdateServiceUrl",
"c:CommercialId",
"f:FlightingBranchName",
"c:SystemVolumeTotalCapacity",
"c:IsAlwaysOnAlwaysConnectedCapable",
"c:ProcessorCores",
"c:PrimaryDiskType",
"c:TotalPhysicalRAM",
"c:ProcessorClockSpeed",
"c:ProcessorIdentifier",
"c:ProcessorModel",
"c:ActivationChannel",
"c:IsCloudDomainJoined",
"c:isCommercial",
"c:IsDomainJoined",
"c:IsMDMEnrolled",
"c:SCCMClientID",
"r:OEMSubModel",
"c:OEMModelNumber",
"c:OEMManufacturerName",
"r:OobeSeeker",
"r:DefaultUserRegion"
],
"NARRATORNNV": [
"+WU_STORE"
],
"NOISYHAMMER": [
"+WU_OS"
],
"PHS": [
"r:GridZoneName",
"OEMModel",
"c:OEMManufacturerName",
"c:OSUILocale",
"r:OEMSubModel",
"DeviceFamily"
],
"RULESENGINE": [
"c:OSEdition",
"t:OSSkuId",
"c:OSUILocale",
"a:UpgEx_CO21H2",
"a:GStatus_CO21H2",
"a:DataExpDateEpoch_CO21H2",
"a:TimestampEpochString_CO21H2",
"r:AndroidUserOptinValue",
"f:FlightingBranchName",
"f:FlightRing",
"r:CurrentBranch",
"c:ProcessorModel",
"r:NPUEnabledDevice",
"MX_FlightIds",
"r:KnownFoldersBackupStatus",
"c:IsDomainJoined",
"r:WindowsAccountSyncConsentApplicable",
"r:WindowsAccountSyncConsentState"
],
"RUXIM": [
"c:ActivationChannel",
"f:FlightRing",
"r:InstallDate",
"f:IsFlightingEnabled",
"a:ISVM",
"c:OEMModelNumber",
"OSArchitecture",
"t:OSSkuId",
"c:SCCMClientID",
"r:SetupDisplayedEulaVersion",
"r:KioskMode",
"r:OobeSeeker",
"r:UninstallActive"
],
"SEDIMENTPACK": [
"+WU_OS"
],
"SERVICEEXPERIENCES": [
"f:FlightingBranchName",
"f:FlightRing",
"s:MaxShellVersion",
"s:MinShellVersion",
"t:IsTestLab",
"c:TelemetryLevel",
"t:OSSkuId",
"r:CurrentBranch",
"OSVersion",
"DeviceFamily",
"r:WSX_Windows_Settings_Account",
"c:FlightIds",
"r:WSX_Runtime",
"r:WSX_Windows_Shell_Start",
"r:WSX_Windows_AppSample"
],
"SERVICING_CBS": [
"+WU",
"osVer"
],
"SETUP360": [
"t:OSSkuId",
"f:FlightRing"
],
"SMARTOPTOUT": [
"+CDM"
],
"STORAGEGROVELER": [
"a:Free",
"c:TelemetryLevel",
"f:FlightRing",
"f:IsFlightingEnabled",
"IsVM",
"t:OSVersionFull"
],
"UTC": [
"+UTC_STATIC",
"osVer",
"locale",
"ring",
"f:PilotRing",
"f:IsRetailOS",
"ms",
"expId",
"t:SMode",
"f:FlightingBranchName",
"c:CommercialId",
"r:IsFeedbackHubSelfhost",
"c:AzureVMType",
"t:IsTestLab",
"c:TelemetryLevel",
"c:IsVirtualDevice",
"r:IsProcessorMode",
"r:UtcDataHandlingPolicies"
],
"UTC_STATIC": [
"os",
"deviceId",
"sampleId",
"deviceClass",
"sku",
"OEMModel",
"OEMName_Uncleaned",
"c:PrimaryDiskType",
"c:ProcessorModel",
"c:TotalPhysicalRAM"
],
"UUS": [
"OSVersion",
"f:FlightRing",
"t:IsTestLab",
"t:OSVersionFull",
"f:FlightingBranchName",
"r:CurrentBranch",
"f:IsFlightingEnabled"
],
"WAASASSESSMENT": [
"+WU_OS"
],
"WAASMEDIC": [
"os",
"osVer",
"ring",
"deviceClass",
"deviceId",
"locale",
"sku",
"c:ActivationChannel",
"c:CommercialId",
"r:CurrentBranch",
"f:FlightingBranchName",
"c:IsCloudDomainJoined",
"c:IsDomainJoined",
"t:IsTestLab",
"OSVersion",
"c:SCCMClientID",
"c:TelemetryLevel",
"r:FlightingOptOutState"
],
"WOSC": [
"t:DeviceFamily",
"f:FlightRing",
"f:IsFlightingEnabled",
"t:IsMsftOwned",
"t:LocalDeviceID",
"t:OSSkuId",
"c:OSUILocale",
"t:OSVersionFull",
"c:TelemetryLevel",
"r:IsHybridOrXGpu",
"r:PlayFabPartyRelay",
"OSVersion"
],
"WPSHIFT": [
"+MTP"
],
"WU": [
"+WU_OS",
"r:DUInternal"
],
"_WU_AV": [
"r:AvastReg",
"r:AvastBlackScreen",
"v:AvastVer",
"r:AvgReg",
"v:AvgVer",
"r:EsetReg",
"v:EsetVer",
"r:KasperskyReg",
"v:KasperskyVer",
"v:SymantecVer",
"r:TencentReg",
"r:TencentType",
"r:AhnlabInstalledKey",
"r:AvastInstalledKey",
"r:AVGInstalledKey",
"r:AviraInstalledKey",
"r:BullguardInstalledKey",
"r:ESETInstalledKey",
"r:ESTSecurityInstalledKey",
"r:FSecureInstalledKey",
"v:GDataInstalledVer",
"r:K7InstalledKey",
"r:KasperskyInstalledKey",
"r:KingsoftInstalledKey",
"r:LenovoInstalledKey",
"r:MalwarebytesInstalledKey",
"r:McAfeeInstalledKey",
"r:PandaInstalledKey",
"r:QuickhealInstalledKey1",
"r:SophosInstalledKey1",
"r:SymantecInstalledKey",
"r:TencentInstalledKey",
"r:ThreatTrackInstalledKey",
"r:TrendInstalledKey",
"r:WebrootInstalledKey",
"v:K7InstalledVer"
],
"_WU_COMMON": [
"r:CurrentBranch",
"r:DefaultUserRegion",
"DeviceFamily",
"r:DriverPartnerRing",
"r:FlightContent",
"f:FlightingBranchName",
"f:FlightRing",
"HoloLens",
"c:InstallationType",
"c:InstallLanguage",
"f:IsFlightingEnabled",
"r:IsFlightingEnabled",
"c:MobileOperatorCommercialized",
"OEMModel",
"OEMName_Uncleaned",
"r:OemPartnerRing",
"OSArchitecture",
"OSVersion",
"t:OSSkuId",
"c:OSUILocale",
"c:ProcessorManufacturer",
"r:ReleaseType",
"v:SkypeRoomSystem",
"t:SMode",
"c:TelemetryLevel",
"r:WindowsMixedReality",
"v:WuClientVer",
"p:DucPublisherId",
"p:DucDeviceModelId",
"p:DucOemPartnerRing",
"p:DucCustomPackageId",
"p:DesiredOsVersion",
"p:DesiredSystemManifestVersion",
"r:TenantId"
],
"_WU_FB": [
"u:BranchReadinessLevel",
"u:DeferQualityUpdatePeriodInDays",
"u:DeferFeatureUpdatePeriodInDays",
"r:PausedFeatureStatus",
"r:PausedQualityStatus",
"u:TargetReleaseVersion",
"r:QUDeadline",
"r:UpdatePreference",
"r:UpdateOfferedDays",
"u:TargetProductVersion",
"DSS_Enrolled",
"r:NonSecurityUpdate"
],
"WU_OS": [
"+_WU_OS_CORE",
"+_WU_FB"
],
"_WU_OS_CORE": [
"+_WU_COMMON",
"+_WU_AV",
"r:AhnLabKeyboard",
"a:BIOS",
"r:BlockFeatureUpdates",
"c:CommercialId",
"a:DataVer_RS5",
"r:DisconnectedStandby",
"r:DchuNvidiaGrfxExists",
"r:DchuNvidiaGrfxVen",
"r:DchuIntelGrfxExists",
"r:DchuIntelGrfxVen",
"r:DchuAmdGrfxExists",
"r:DchuAmdGrfxVen",
"c:FirmwareVersion",
"a:Free",
"a:GStatus_RS3",
"a:GStatus_RS4",
"a:GStatus_RS5",
"r:HidOverGattReg",
"r:InstallDate",
"c:IsDeviceRetailDemo",
"c:IsPortableOperatingSystem",
"IsVM",
"c:OEMModelBaseBoard",
"r:OobeSeeker",
"r:OSRollbackBuild",
"r:OSRollbackCount",
"r:OSRollbackDate",
"PhoneTargetingName",
"r:PonchAllow",
"r:PonchBlock",
"c:ProcessorIdentifier",
"r:RecoveredFromBuild",
"r:RecoveredOnDate",
"r:Steam",
"v:TobiiVer",
"v:TrendMicroVer",
"r:UninstallActive",
"l:UpdateManagementGroup",
"a:UpgEx_RS3",
"a:UpgEx_RS4",
"a:UpgEx_RS5",
"a:Version_RS5",
"r:DisableWUfBOfferBlock",
"a:UpgEx_19H1",
"a:SdbVer_19H1",
"a:GStatus_19H1",
"a:GStatus_19H1Setup",
"a:TimestampEpochString_19H1Setup",
"a:GenTelRunTimestamp_19H1",
"a:DataExpDateEpoch_19H1",
"u:EnableWUfBUpgradeGates",
"r:GStatusBlockIDs_All",
"TimestampDelta_19H1Subtract19H1Setup",
"DataExpDateDelta_19H1Subtract19H1Setup",
"a:DataExpDateEpoch_19H1Setup",
"a:TimestampEpochString_19H1",
"r:IsContainerMgrInstalled",
"r:IsWDAGEnabled",
"r:MTPTargetingInfo",
"r:EKB19H2InstallCount",
"r:EKB19H2UnInstallCount",
"r:EKB19H2InstallTimeEpoch",
"r:EKB19H2UnInstallTimeEpoch",
"r:BlockEdgeWithChromiumUpdate",
"r:IsWDATPEnabled",
"r:IsAutopilotRegistered",
"r:EdgeWithChromiumInstallVersion",
"r:EdgeWithChromiumInstallFailureCount",
"r:IsEdgeWithChromiumInstalled",
"r:KioskMode",
"c:IsCloudDomainJoined",
"c:IsDomainJoined",
"a:DataExpDateEpoch_20H1",
"a:DataExpDateEpoch_20H1Setup",
"a:GStatus_20H1",
"a:GStatus_20H1Setup",
"a:SdbVer_20H1",
"a:TimestampEpochString_20H1",
"a:TimestampEpochString_20H1Setup",
"DataExpDateDelta_20H1Subtract20H1Setup",
"TimestampDelta_20H1Subtract20H1Setup",
"a:UpgEx_20H1",
"r:AutopilotUpdateInProgress",
"r:UHSEnrolled",
"r:HotPatchEKBInstalled",
"r:LCUVer",
"c:isCommercial",
"c:ActivationChannel",
"c:IsMDMEnrolled",
"c:SCCMClientID",
"r:ChinaTypeApproval_CTA",
"p:DesiredOcpVersion",
"r:UpgradeEligible",
"r:AllowInPlaceUpgrade",
"r:SH_SIPolicyCleanup",
"r:FeatureUpdateDeadline",
"a:DataExpDateEpoch_21H1",
"a:UpgEx_CO21H2",
"a:GStatus_21H1",
"DataExpDateDelta_21H1Subtract20H1Setup",
"TimestampDelta_21H1Subtract20H1Setup",
"a:TimestampEpochString_21H1",
"r:OEMSubModel",
"c:ProcessorModel",
"c:TPMVersion",
"r:StayOnWindows10Timestamp",
"a:GStatus_CO21H2Setup",
"TimestampDelta_CO21H2SubtractCO21H2Setup",
"DataExpDateDelta_CO21H2SubtractCO21H2Setup",
"a:TimestampEpochString_CO21H2Setup",
"a:DataExpDateEpoch_CO21H2Setup",
"a:TimestampEpochString_CO21H2",
"a:DataExpDateEpoch_CO21H2",
"a:GStatus_CO21H2",
"p:SetPolicyDrivenUpdateSourceForFeatureUpdates",
"r:DchuNvidiaGrfxVenTest",
"a:DataExpDateDelta_21H2Subtract20H1Setup",
"a:TimestampEpochString_21H2",
"a:TimestampDelta_21H2Subtract20H1Setup",
"a:GStatus_21H2",
"a:DataExpDateEpoch_21H2",
"r:DSS_Enrolled_DF",
"r:UpgradeAccepted",
"r:SetupDisplayedEulaVersion",
"c:ProcessorCores",
"c:ProcessorClockSpeed",
"c:TotalPhysicalRAM",
"c:SecureBootCapable",
"c:PrimaryDiskTotalCapacity",
"r:BitDefenderInstalledKey",
"r:BroadcomInstalledKey",
"v:CrowdStrikeInstalledVer",
"r:QihooInstalledKey",
"r:Win11UpgradeAcceptedTimestamp",
"a:UpgEx_NI22H2",
"r:OobeNdupAcceptedTarget",
"r:OobeNdupFU22621CommitChoice",
"a:DataExpDateEpoch_NI22H2",
"a:GStatus_NI22H2",
"a:GStatus_NI22H2Setup",
"a:TimestampEpochString_NI22H2Setup",
"TimestampDelta_NI22H2SubtractNI22H2Setup",
"DataExpDateDelta_NI22H2SubtractNI22H2Setup",
"a:DataExpDateEpoch_NI22H2Setup",
"a:TimestampEpochString_NI22H2",
"r:IsVbsEnabled",
"r:FODRetryPending",
"r:UserInPlaceUpgrade",
"v:HidparseDriversVer",
"v:HidparseSystem32Ver",
"v:HidparseSystem32Ver1",
"r:CIOptin",
"r:FlightingOptOutState",
"p:WSUSconfigured_csp",
"a:UpgEx_NI22H2Setup",
"a:UpgEx_CO21H2Setup",
"u:WUfBClientManaged",
"u:UpdateServiceUrl",
"u:AllowOptionalContent",
"FX_FlightIds",
"DL_OSVersion",
"r:ExpPkgs",
"r:UUSVersion"
],
"_WU_PTI": [
"c:FrontFacingCameraResolution",
"c:RearFacingCameraResolution",
"c:TotalPhysicalRAM",
"c:NFCProximity",
"c:Magnetometer",
"c:Gyroscope",
"c:D3DMaxFeatureLevel",
"c:InternalPrimaryDisplayResolutionHorizontal",
"c:InternalPrimaryDisplayResolutionVetical"
],
"WU_STORE": [
"+_WU_COMMON",
"r:AppChannels",
"r:AppRMIDs",
"u:BranchReadinessLevel"
]
},
"Required": [
"App",
"AppVer",
"AttrDataVer"
],
"Aliases": {
"AccountFirstChar": "c:MSA_Accounts",
"ChassisTypeId": "c:ChassisType",
"DataExpDateDelta_19H1Subtract19H1Setup": "a:DataExpDateEpoch_19H1_Subtract_DataExpDateEpoch_19H1Setup",
"DataExpDateDelta_20H1Subtract20H1Setup": "a:DataExpDateEpoch_20H1_Subtract_DataExpDateEpoch_20H1Setup",
"DataExpDateDelta_21H1Subtract20H1Setup": "a:DataExpDateEpoch_21H1_Subtract_DataExpDateEpoch_20H1Setup",
"DataExpDateDelta_CO21H2SubtractCO21H2Setup": "a:DataExpDateEpoch_CO21H2_Subtract_DataExpDateEpoch_CO21H2Setup",
"DataExpDateDelta_NI22H2SubtractNI22H2Setup": "a:DataExpDateEpoch_NI22H2_Subtract_DataExpDateEpoch_NI22H2Setup",
"deviceClass": "DeviceFamily",
"deviceId": "t:LocalDeviceID",
"DeviceId": "t:LocalDeviceID",
"DL_OSVersion2": "DL_OSVersion",
"DSS_Enrolled": "r:DSS_Enrolled_State",
"expId": "c:FlightIds",
"FlightRing": "f:FlightRing",
"FX_FlightIds": "c:FlightIds",
"IsVM": "a:ISVM",
"IX_FlightIds": "c:FlightIds",
"locale": "c:OSUILocale",
"ms": "t:IsMsftOwned",
"MX_FlightIds": "c:FlightIds",
"OEMModel": "c:OEMModelNumber",
"OEMName_Uncleaned": "c:OEMManufacturerName",
"osVer": "t:OSVersionFull",
"OSVersionFull": "t:OSVersionFull",
"PhoneTargetingName": "c:OEMModelName",
"ring": "f:FlightRing",
"sampleId": "t:PopVal",
"sku": "t:OSSkuId",
"TimestampDelta_19H1Subtract19H1Setup": "a:TimestampEpochString_19H1_Subtract_TimestampEpochString_19H1Setup",
"TimestampDelta_20H1Subtract20H1Setup": "a:TimestampEpochString_20H1_Subtract_TimestampEpochString_20H1Setup",
"TimestampDelta_21H1Subtract20H1Setup": "a:TimestampEpochString_21H1_Subtract_TimestampEpochString_20H1Setup",
"TimestampDelta_CO21H2SubtractCO21H2Setup": "a:TimestampEpochString_CO21H2_Subtract_TimestampEpochString_CO21H2Setup",
"TimestampDelta_NI22H2SubtractNI22H2Setup": "a:TimestampEpochString_NI22H2_Subtract_TimestampEpochString_NI22H2Setup"
},
"Fallback": {
"r:AhnlabInstalledKey": "r:AhnlabInstalledWowKey",
"r:AvastBlackScreen": "r:AvgBlackScreen",
"r:AvastInstalledKey": "r:AvastInstalledWowKey",
"r:AVGInstalledKey": "r:AVGInstalledWowKey",
"r:AviraInstalledKey": "r:AviraInstalledWowKey",
"a:BIOS": "a:Bios_RS3",
"a:Bios_RS3": "a:Bios_RS4",
"a:Bios_RS4": "a:Bios_RS5",
"r:BlockFeatureUpdates": "r:BlockWUUpgrades",
"r:BlockWUUpgrades": "r:BlockWUUpgradesWow",
"r:BuildFID": "r:BuildFID_WCOS",
"r:BuildFID_WCOS": "r:BuildFID_WCOS2",
"r:BullguardInstalledKey": "v:BullguardInstalledVer",
"a:DataExpDateEpoch_CO21H2": "r:DataExpDateEpoch_CO21H2RegFb",
"r:DchuAmdGrfxVen": "r:DchuAmdGrfxVen2",
"r:DchuAmdGrfxVen2": "r:DchuAmdGrfxDeletePending",
"r:DchuIntelGrfxDeletePending": "r:DchuIntelGrfxNExists",
"r:DchuIntelGrfxVen": "r:DchuIntelGrfxVen2",
"r:DchuIntelGrfxVen2": "r:DchuIntelGrfxDeletePending",
"r:DchuNvidiaGrfxVen": "r:DchuNvidiaGrfxVen2",
"r:DchuNvidiaGrfxVen2": "r:DchuNvidiaGrfxDeletePending",
"DL_OSVersion": "OSVersion",
"r:DriverPartnerRing": "r:OSDataDriverPartnerRing",
"r:EdgeWithChromiumInstallFailureCount": "r:EdgeWithChromiumInstallFailureCountWow",
"r:EdgeWithChromiumInstallVersion": "r:EdgeWithChromiumInstallVersionWow",
"u:EnableWUfBUpgradeGates": "r:EnableWUfBUpgradeGatesRS5",
"r:ESETInstalledKey": "r:ESETInstalledWowKey",
"r:ESTSecurityInstalledKey": "r:ESTSecurityInstalledWowKey",
"f:FlightingBranchName": "c:FlightingBranchName",
"a:Free": "a:Free_RS3",
"a:Free_RS3": "a:Free_RS4",
"a:Free_RS4": "a:Free_RS5",
"r:FSecureInstalledKey": "r:FSecureInstalledWowKey",
"a:GatedFeature_NI22H2": "r:Migrated_GatedFeature_NI22H2Setup",
"a:GStatus_CO21H2": "r:GStatus_CO21H2RegFb",
"HoloLens": "r:WindowsMixedReality",
"r:IsEdgeWithChromiumInstalled": "r:IsEdgeWithChromiumInstalledWow",
"a:ISVM": "a:ISVM_RS3",
"a:ISVM_RS3": "a:ISVM_RS4",
"a:ISVM_RS4": "a:ISVM_RS5",
"r:K7InstalledKey": "r:K7InstalledWowKey",
"r:KasperskyInstalledKey": "r:KasperskyInstalledWowKey",
"r:KingsoftInstalledKey": "r:KingsoftInstalledWowKey",
"r:LenovoInstalledKey": "r:LenovoInstalledWowKey",
"r:MalwarebytesInstalledKey": "r:MalwarebytesInstalledWowKey",
"r:McAfeeInstalledKey": "r:McAfeeInstalledWowKey",
"r:Migrated_GatedFeature_NI22H2Setup": "r:Migrated_GatedFeature_NI22H2",
"c:OEMModelBaseBoard": "r:OEMModelBaseBoard",
"r:PandaInstalledKey": "r:PandaInstalledWowKey",
"r:PandaInstalledWowKey": "v:PandaInstalledVer",
"r:PonchAllow": "r:PonchAllowKey",
"r:PonchAllowKey": "r:PonchAllowWow",
"r:PonchAllowWow": "r:PonchAllowWowKey",
"r:QUDeadline": "r:QUDeadlineMDM",
"r:QuickhealInstalledKey1": "r:QuickhealInstalledKey2",
"r:SophosInstalledKey1": "r:SophosInstalledKey2",
"r:SymantecInstalledKey": "r:SymantecInstalledWowKey",
"v:SymantecVer": "v:SymantecVer64",
"u:TargetReleaseVersion": "r:TargetReleaseVersionGP",
"r:TargetReleaseVersionGP": "r:TargetReleaseVersionMDM",
"r:TencentInstalledKey": "r:TencentInstalledWowKey",
"r:ThreatTrackInstalledKey": "r:ThreatTrackInstalledWowKey",
"a:TimestampEpochString_CO21H2": "r:TimestampEpochString_CO21H2RegFb",
"v:TobiiVer": "v:TobiiVerx86",
"v:TobiiVerx86": "v:TobiiVer1x86",
"r:TrendInstalledKey": "r:TrendInstalledWowKey",
"r:TrendInstalledWowKey": "v:TrendInstalledVer",
"a:UpgEx_CO21H2": "r:UpgEx_CO21H2RegFb",
"r:UpgradeAccepted": "r:Win11UpgradeAcceptedWUSeeker",
"r:WebExperience": "r:WebExperienceWow",
"r:WebrootInstalledKey": "r:WebrootInstalledWowKey"
},
"Transform": {
"AccountFirstChar": {
"SubLength": 1
},
"DeviceInfoGatherSuccessful": {
"Ignore": [
"0"
]
},
"FlightingOptOutState": {
"Ignore": [
"0"
]
},
"FX_FlightIds": {
"Regex": "FX:[^,]*",
"RegexDelimiter": ","
},
"IppPrinterBadDefaultPdc": {
"Contains": "V4_No_ChangeID_Present"
},
"IsDomainJoined": {
"Ignore": [
"0"
]
},
"IsHybridOrXGpu": {
"Ignore": [
"0"
]
},
"IsMsftOwned": {
"Ignore": [
"0"
]
},
"IsPortableOperatingSystem": {
"Ignore": [
"0"
]
},
"IsTestLab": {
"Ignore": [
"0"
]
},
"IsVM": {
"Ignore": [
"0"
]
},
"IX_FlightIds": {
"Regex": "IX:[^,]*",
"RegexDelimiter": ","
},
"MX_FlightIds": {
"Regex": "ME:[^,]*|MD:[^,]*",
"RegexDelimiter": ","
},
"OEMModel": {
"SubLength": 100
},
"OEMName_Uncleaned": {
"SubLength": 100
},
"PausedFeatureStatus": {
"Ignore": [
"0"
]
},
"PausedQualityStatus": {
"Ignore": [
"0"
]
},
"PSAKyoceraInstalledName": {
"Contains": "A97ECD55.KYOCERAPrintCenter"
},
"PSATATriumphInstalledName": {
"Contains": "TATriumph-AdlerGmbH.TAUTAXPrintCenter"
},
"SMode": {
"Ignore": [
"0"
]
},
"StayOnWindows10Timestamp": {
"SubLength": -3,
"Ignore": [
""
]
},
"XeroxPsaInstalledName": {
"Contains": "XeroxCorp.PrintExperience"
}
},
"Registry": {
"AADBrokerPluginNotRegistered": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsMitigationData\\AADBrokerPluginNotRegistered",
"IfExists": true
},
"ActiveHoursEnd": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UX\\Settings",
"ValueName": "ActiveHoursEnd",
"RegValueType": "REG_DWORD"
},
"ActiveHoursStart": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UX\\Settings",
"ValueName": "ActiveHoursStart",
"RegValueType": "REG_DWORD"
},
"AhnlabInstalledKey": {
"FullPath": "SOFTWARE\\Ahnlab",
"IfExists": true
},
"AhnlabInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Ahnlab",
"IfExists": true
},
"AhnLabKeyboard": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\Mkd2kfNt",
"ValueName": "NbTpMsExist"
},
"AllowInPlaceUpgrade": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\\\Windows\\\\CurrentVersion",
"ValueName": "AllowInPlaceUpgrade",
"RegValueType": "REG_DWORD"
},
"AllowUpgradesWithUnsupportedTPMOrCPU": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\MoSetup",
"ValueName": "AllowUpgradesWithUnsupportedTPMOrCPU",
"RegValueType": "REG_DWORD"
},
"AndroidUserOptinValue": {
"HKey": "HKEY_CURRENT_USER",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Mobility\\",
"ValueName": "OptedIn",
"RegValueType": "REG_DWORD"
},
"AppChannels": {
"FullPath": "SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*",
"ValueName": "ChannelId",
"EncodingType": "Json"
},
"AppRMIDs": {
"FullPath": "SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*",
"ValueName": "ReleaseManagementId",
"EncodingType": "Json"
},
"AutopilotUpdateInProgress": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Provisioning\\AutopilotSettings\\VolatileAutopilotUpdate",
"ValueName": "AutopilotUpdateInProgress",
"RegValueType": "REG_DWORD"
},
"AvastBlackScreen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters",
"ValueName": "Win10-1803"
},
"AvastInstalledKey": {
"FullPath": "SOFTWARE\\Avast Software\\Avast",
"IfExists": true
},
"AvastInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Avast Software\\Avast",
"IfExists": true
},
"AvastReg": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters",
"ValueName": "QualityCompat"
},
"AvgBlackScreen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters",
"ValueName": "Win10-1803"
},
"AVGInstalledKey": {
"FullPath": "SOFTWARE\\AVG\\Antivirus",
"IfExists": true
},
"AVGInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\AVG\\Antivirus",
"IfExists": true
},
"AvgReg": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters",
"ValueName": "QualityCompat"
},
"AviraInstalledKey": {
"FullPath": "SOFTWARE\\X-AVCSD\\Workstation\\Antivirus",
"IfExists": true
},
"AviraInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\X-AVCSD\\Workstation\\Antivirus",
"IfExists": true
},
"BitDefenderInstalledKey": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}",
"IfExists": true
},
"BlockEdgeWithChromiumUpdate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
"ValueName": "DoNotUpdateToEdgeWithChromium",
"RegValueType": "REG_DWORD"
},
"BlockFeatureUpdates": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Windows Update\\OSUpgrade",
"ValueName": "BlockFeatureUpdates",
"RegValueType": "REG_DWORD"
},
"BlockWUUpgrades": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows10Upgrader\\Volatile",
"ValueName": "BlockWUUpgrades",
"RegValueType": "REG_DWORD"
},
"BlockWUUpgradesWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows10Upgrader\\Volatile",
"ValueName": "BlockWUUpgrades",
"RegValueType": "REG_DWORD"
},
"BroadcomInstalledKey": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Symantec\\Symantec Endpoint Protection",
"IfExists": true
},
"BuildFID": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
"ValueName": "EsdFlightData",
"RegValueType": "REG_SZ"
},
"BuildFID_WCOS": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "OSDATA\\Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
"ValueName": "EsdFlightData",
"RegValueType": "REG_SZ"
},
"BuildFID_WCOS2": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "OSDATA\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
"ValueName": "EsdFlightData",
"RegValueType": "REG_SZ"
},
"BullguardInstalledKey": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\BullGuard",
"IfExists": true
},
"ChinaTypeApproval_CTA": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeviceAccess",
"ValueName": "ActivePolicyCode",
"RegValueType": "REG_SZ"
},
"CIOptin": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UX\\Settings",
"ValueName": "IsContinuousInnovationOptedIn",
"RegValueType": "REG_DWORD"
},
"CloudFilesFilter": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\CldFlt\\Instances\\",
"ValueName": "DefaultInstance",
"RegValueType": "REG_SZ"
},
"CurrentBranch": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"ValueName": "BuildBranch",
"RegValueType": "REG_SZ"
},
"DataExpDateEpoch_CO21H2RegFb": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
"ValueName": "DataExpDateEpoch",
"RegValueType": "REG_SZ"
},
"DaysSince19H1FUOffer": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\rempl\\irplugin",
"ValueName": "DaysSinceLastOffer",
"RegValueType": "REG_QWORD"
},
"DchuAmdGrfxDeletePending": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
"ValueName": "DriverDelete"
},
"DchuAmdGrfxExists": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
"IfExists": true
},
"DchuAmdGrfxVen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
"ValueName": "DCHUVen"
},
"DchuAmdGrfxVen2": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag\\Parameters",
"ValueName": "DCHUVen"
},
"DchuIntelGrfxDeletePending": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
"ValueName": "DriverDelete"
},
"DchuIntelGrfxExists": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
"IfExists": true
},
"DchuIntelGrfxNExists": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfxn",
"IfExists": true
},
"DchuIntelGrfxVen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
"ValueName": "DCHUVen"
},
"DchuIntelGrfxVen2": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx\\Parameters",
"ValueName": "DCHUVen"
},
"DchuNvidiaGrfxDeletePending": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
"ValueName": "DriverDelete"
},
"DchuNvidiaGrfxExists": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
"IfExists": true
},
"DchuNvidiaGrfxVen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
"ValueName": "DCHUVen"
},
"DchuNvidiaGrfxVen2": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm\\Parameters",
"ValueName": "DCHUVen"
},
"DchuNvidiaGrfxVenTest": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
"ValueName": "DCHUVenTest",
"RegValueType": "REG_DWORD"
},
"DefaultUserRegion": {
"HKey": "HKEY_USERS",
"FullPath": ".DEFAULT\\Control Panel\\International\\Geo",
"ValueName": "Nation",
"RegValueType": "REG_SZ"
},
"DeviceInfoGatherSuccessful": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing",
"ValueName": "DeviceInfoGatherSuccessful",
"RegValueType": "REG_DWORD"
},
"DisableWUfBOfferBlock": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UpdatePolicy\\Settings",
"ValueName": "DisableWUfBOfferBlock",
"RegValueType": "REG_DWORD"
},
"DisconnectedStandby": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Control\\Power",
"ValueName": "EnforceDisconnectedStandby",
"RegValueType": "REG_DWORD"
},
"DotNetMissingComponentsTroubleshooterSuccess": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\.NETFramework",
"ValueName": "DotNetMissingComponentsTroubleshooterSuccess",
"RegValueType": "REG_DWORD"
},
"DriverPartnerRing": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\DriverFlighting\\Partner",
"ValueName": "TargetRing",
"RegValueType": "REG_SZ"
},
"DSS_Enrolled_DF": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows\\\\Windows Update",
"ValueName": "WUfBDF",
"RegValueType": "REG_DWORD"
},
"DSS_Enrolled_State": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WufbDS",
"ValueName": "enrollmenttype",
"RegValueType": "REG_SZ"
},
"DUInternal": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\MoSetup",
"ValueName": "DynamicUpdateInternalTest",
"RegValueType": "REG_DWORD"
},
"EdgeWithChromiumInstallFailureCount": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
"ValueName": "WindowsUpdateAttempts"
},
"EdgeWithChromiumInstallFailureCountWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate",
"ValueName": "WindowsUpdateAttempts"
},
"EdgeWithChromiumInstallVersion": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
"ValueName": "WindowsUpdateVersion"
},
"EdgeWithChromiumInstallVersionWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate",
"ValueName": "WindowsUpdateVersion"
},
"EKB19H2InstallCount": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\2",
"ValueName": "Count"
},
"EKB19H2InstallTimeEpoch": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\2",
"ValueName": "Timestamp"
},
"EKB19H2UnInstallCount": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\0",
"ValueName": "Count"
},
"EKB19H2UnInstallTimeEpoch": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\0",
"ValueName": "Timestamp"
},
"EnableWUfBUpgradeGatesRS5": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\Windows NT\\CurrentVersion\\502505fe-762c-4e80-911e-0c3fa4c63fb0",
"ValueName": "DataRequireGatedScanForFeatureUpdates",
"RegValueType": "REG_DWORD"
},
"ESETInstalledKey": {
"FullPath": "SOFTWARE\\ESET\\ESET Security",
"IfExists": true
},
"ESETInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\ESET\\ESET Security",
"IfExists": true
},
"EsetReg": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\ehdrv\\Parameters",
"ValueName": "WindowsCompatibilityLevel",
"RegValueType": "REG_DWORD"
},
"ESTSecurityInstalledKey": {
"FullPath": "SOFTWARE\\ESTsoft",
"IfExists": true
},
"ESTSecurityInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\ESTsoft",
"IfExists": true
},
"ExpPkgs": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfhost\\Applicability",
"ValueName": "ExpPkgs",
"RegValueType": "REG_SZ"
},
"ExpStates": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\FIDs",
"ValueName": "PreviewConfigs",
"RegValueType": "REG_SZ"
},
"FeatureUpdateDeadline": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Policies\\Microsoft\\Windows\\Windows Update\\",
"ValueName": "ConfigureDeadlineForFeatureUpdates",
"RegValueType": "REG_DWORD"
},
"FlightContent": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability",
"ValueName": "ContentType",
"RegValueType": "REG_SZ"
},
"FlightingOptOutState": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\UI\\Selection",
"ValueName": "OptOutState",
"RegValueType": "REG_DWORD"
},
"FODRetryPending": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing",
"ValueName": "FODRetry",
"RegValueType": "REG_DWORD"
},
"FSecureInstalledKey": {
"FullPath": "SOFTWARE\\F-Secure\\OneClient",
"IfExists": true
},
"FSecureInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\F-Secure\\OneClient",
"IfExists": true
},
"FSRing": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfhost\\Applicability",
"ValueName": "FSRing",
"RegValueType": "REG_SZ"
},
"GamingServicesInstalledKey": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\GamingServices",
"IfExists": true
},
"GridZoneName": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\COAWOS",
"ValueName": "GridZoneName",
"RegValueType": "REG_SZ",
"PersistedSourceId": "COAWOSRoot"
},
"GStatus_CO21H2RegFb": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
"ValueName": "GStatus",
"RegValueType": "REG_SZ"
},
"GStatusBlockIDs_All": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Appraiser\\GWX",
"ValueName": "SdbEntries",
"RegValueType": "REG_SZ"
},
"HidOverGattReg": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemRoot%/System32/drivers/UMDF/Microsoft.Bluetooth.Profiles.HidOverGatt.dll",
"ValueName": "Source",
"RegValueType": "REG_SZ"
},
"HotPatchEKBInstalled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo\\DynamicInstalled\\Hotpatch.amd64",
"IfExists": true
},
"IIS_ASPNET": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\IIS-ASPNET",
"ValueName": "Selection",
"RegValueType": "REG_DWORD"
},
"IIS_NetFxExtensibility": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\IIS-NetFxExtensibility",
"ValueName": "Selection",
"RegValueType": "REG_DWORD"
},
"InstallDate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"ValueName": "InstallDate",
"RegValueType": "REG_DWORD"
},
"IntelPlatformId": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0",
"ValueName": "Platform Specific Field 1",
"RegValueType": "REG_DWORD"
},
"IppPrinterBadDefaultPdc": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print\\Printers\\*\\PrinterDriverData",
"ValueName": "V4_PDC_ChangeID",
"RegValueType": "REG_SZ",
"EncodingType": "Json"
},
"IsAutopilotRegistered": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Provisioning\\AutopilotPolicyCache",
"ValueName": "ProfileAvailable",
"RegValueType": "REG_DWORD"
},
"IsFlightingEnabled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability",
"ValueName": "IsBuildFlightingEnabled",
"RegValueType": "REG_DWORD"
},
"IsCHCapableBuild": {
"HKey": "HKEY_CLASSES_ROOT",
"FullPath": "CLSID\\{2C57C51B-FD43-4E74-B077-551AE6228AD6}",
"IfExists": true
},
"IsCldFltSyncRoots": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager\\*",
"IfExists": true
},
"IsConfigMgrEnabled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\ClientState",
"ValueName": "ConfigMgrEnabled",
"RegValueType": "REG_DWORD"
},
"IsContainerMgrInstalled": {
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Containers\\CmService",
"IfExists": true
},
"IsEdgeWithChromiumInstalled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
"IfExists": true
},
"IsEdgeWithChromiumInstalledWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
"IfExists": true
},
"IsFeedbackHubSelfhost": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack\\Partners\\IsFeedbackHubSelfhost",
"IfExists": true
},
"IsHybridOrXGpu": {
"FullPath": "SOFTWARE\\Microsoft\\DirectX",
"ValueName": "HybridDeviceApplicableForDxDbGpuPreferences"
},
"IsProcessorMode": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack\\RegionalSettings",
"ValueName": "IsProcessorMode",
"RegValueType": "REG_QWORD"
},
"IsSpotlightEnabledInOEMTheme": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes",
"ValueName": "WindowsSpotlight",
"RegValueType": "REG_DWORD"
},
"IsSpotlightThemeEnabledByOEM": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DesktopOptimization",
"ValueName": "WindowsSpotlightTheme",
"RegValueType": "REG_DWORD"
},
"IsVbsEnabled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\ControlSet001\\Control\\DeviceGuard",
"ValueName": "EnableVirtualizationBasedSecurity",
"RegValueType": "REG_DWORD"
},
"IsWDAGEnabled": {
"FullPath": "SYSTEM\\ControlSet001\\Services\\hvsics",
"IfExists": true
},
"IsWDATPEnabled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Advanced Threat Protection\\Status",
"ValueName": "OnboardingState"
},
"K7InstalledKey": {
"FullPath": "SOFTWARE\\K7 Computing",
"IfExists": true
},
"K7InstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\K7 Computing",
"IfExists": true
},
"KasperskyInstalledKey": {
"FullPath": "SOFTWARE\\KasperskyLab",
"IfExists": true
},
"KasperskyInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\KasperskyLab",
"IfExists": true
},
"KasperskyReg": {
"FullPath": "System\\CurrentControlSet\\Services\\klhk\\Parameters",
"ValueName": "UseVtHardware"
},
"KingsoftInstalledKey": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet Security",
"IfExists": true
},
"KingsoftInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet Security",
"IfExists": true
},
"KioskMode": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\AssignedAccessCsp\\AutoLogonAccount",
"ValueName": "ConfigSource",
"RegValueType": "REG_DWORD"
},
"KnownFoldersBackupStatus": {
"HKey": "HKEY_CURRENT_USER",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StorageProviderStatus",
"ValueName": "OneDrive",
"RegValueType": "REG_SZ"
},
"LCUVer": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"ValueName": "LCUVer"
},
"LenovoInstalledKey": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1",
"IfExists": true
},
"LenovoInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1",
"IfExists": true
},
"MalwarebytesInstalledKey": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1",
"IfExists": true
},
"MalwarebytesInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1",
"IfExists": true
},
"McAfeeInstalledKey": {
"FullPath": "SOFTWARE\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams",
"IfExists": true
},
"McAfeeInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams",
"IfExists": true
},
"Migrated_GatedFeature_NI22H2": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\MigratedMarkers\\TargetVersionUpgradeExperienceIndicators\\NI22H2",
"ValueName": "GatedFeatureSingleString",
"RegValueType": "REG_SZ"
},
"Migrated_GatedFeature_NI22H2Setup": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\MigratedMarkers\\TargetVersionUpgradeExperienceIndicators\\NI22H2Setup",
"ValueName": "GatedFeatureSingleString",
"RegValueType": "REG_SZ"
},
"MTPTargetingInfo": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Platform\\MTPTargetingInfo",
"ValueName": "TargetRing"
},
"NonSecurityUpdate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Update",
"ValueName": "NonSecurityRelease",
"RegValueType": "REG_DWORD"
},
"NPUEnabledDevice": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Media Foundation\\FrameServer\\WindowsCameraEffects",
"ValueName": "EffectsCameraAvailable",
"RegValueType": "REG_DWORD"
},
"OEMMode": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Office\\16.0\\Common\\OEM",
"ValueName": "OOBEMode",
"RegValueType": "REG_SZ"
},
"OEMModelBaseBoard": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "HARDWARE\\DESCRIPTION\\System\\BIOS",
"ValueName": "BaseBoardProduct",
"RegValueType": "REG_SZ"
},
"OemPartnerRing": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Platform\\DeviceTargetingInfo",
"ValueName": "TargetRing",
"RegValueType": "REG_SZ"
},
"OEMSubModel": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "HARDWARE\\DESCRIPTION\\System\\BIOS",
"ValueName": "SystemSKU",
"RegValueType": "REG_SZ"
},
"OobeNdupAcceptedTarget": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OOBE\\NDUP\\Updates",
"ValueName": "Target",
"RegValueType": "REG_SZ"
},
"OobeNdupFU22621CommitChoice": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\NDUP\\Updates\\FeatureUpdate_22621",
"ValueName": "CommitChoice",
"RegValueType": "REG_DWORD"
},
"OobeSeeker": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates",
"ValueName": "OOBEUpdateStarted"
},
"OSDataDriverPartnerRing": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "OSData\\SOFTWARE\\Microsoft\\DriverFlighting\\Partner",
"ValueName": "TargetRing",
"RegValueType": "REG_SZ"
},
"OSRollbackBuild": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Windows Update\\OSUpgrade\\Rollback",
"ValueName": "BuildString",
"RegValueType": "REG_SZ"
},
"OSRollbackCount": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Windows Update\\OSUpgrade\\Rollback",
"ValueName": "Count",
"RegValueType": "REG_DWORD"
},
"OSRollbackDate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Windows Update\\OSUpgrade\\Rollback",
"ValueName": "DateStamp",
"RegValueType": "REG_DWORD"
},
"PandaInstalledKey": {
"FullPath": "SOFTWARE\\Panda Software\\Setup",
"IfExists": true
},
"PandaInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Panda Software\\Setup",
"IfExists": true
},
"PausedFeatureStatus": {
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UpdatePolicy\\Settings",
"ValueName": "PausedFeatureStatus"
},
"PausedQualityStatus": {
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UpdatePolicy\\Settings",
"ValueName": "PausedQualityStatus"
},
"PlayFabPartyRelay": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\PlayFabPartyRelay",
"IfExists": true
},
"PonchAllow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
"ValueName": "cadca5fe-87d3-4b96-b7fb-a231484277cc",
"RegValueType": "REG_DWORD"
},
"PonchAllowKey": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc",
"IfExists": true
},
"PonchAllowWow": {
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
"ValueName": "cadca5fe-87d3-4b96-b7fb-a231484277cc"
},
"PonchAllowWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc",
"IfExists": true
},
"PonchBlock": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
"ValueName": "65d75b03-6f4d-46e9-b870-517731e06cf9",
"RegValueType": "REG_DWORD"
},
"PreviewBuildsManagerEnabled": {
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfhost\\Manager",
"ValueName": "ArePreviewBuildsAllowed"
},
"PSAKyoceraMissingDEH": {
"HKey": "HKEY_CLASSES_ROOT",
"FullPath": "Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\A97ECD55.KYOCERAPrintCenter_4.1.11108.0_x64__kqmhh0ktdt7dg",
"IfExists": true
},
"PSATATriumphMissingDEH": {
"HKey": "HKEY_CLASSES_ROOT",
"FullPath": "Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\TATriumph-AdlerGmbH.TAUTAXPrintCenter_4.1.11108.0_x64__h5e8vsnevp54y",
"IfExists": true
},
"PSAXeroxMissingDEH": {
"HKey": "HKEY_CLASSES_ROOT",
"FullPath": "Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\XeroxCorp.PrintExperience_8.29.32.0_x64__f7egpvdyrs2a8",
"IfExists": true
},
"QihooInstalledKey": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\360TotalSecurity",
"IfExists": true
},
"QUDeadline": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Update",
"ValueName": "ConfigureDeadlineForQualityUpdates",
"RegValueType": "REG_DWORD"
},
"QUDeadlineMDM": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update",
"ValueName": "ConfigureDeadlineForQualityUpdates",
"RegValueType": "REG_DWORD"
},
"QuickhealInstalledKey1": {
"FullPath": "SYSTEM\\CurrentControlSet\\Servicescatflt",
"IfExists": true
},
"QuickhealInstalledKey2": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\scanner.exe",
"IfExists": true
},
"RecoveredFromBuild": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom",
"ValueName": "LastBuild",
"RegValueType": "REG_DWORD"
},
"RecoveredOnDate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom",
"ValueName": "DateStamp",
"RegValueType": "REG_DWORD"
},
"ReleaseType": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo",
"ValueName": "ReleaseType",
"RegValueType": "REG_SZ"
},
"SetupDisplayedEulaVersion": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OOBE\\",
"ValueName": "SetupDisplayedEulaVersion",
"RegValueType": "REG_DWORD"
},
"SH_SIPolicyCleanup": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\PPI\\Settings",
"ValueName": "SIPolicyCleanup",
"RegValueType": "REG_DWORD"
},
"SmartActiveHoursState": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UX\\Settings",
"ValueName": "SmartActiveHoursState",
"RegValueType": "REG_DWORD"
},
"SophosInstalledKey1": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\SAVService",
"IfExists": true
},
"SophosInstalledKey2": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\hmpalertsvc",
"IfExists": true
},
"StayOnWindows10Timestamp": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UX\\Settings",
"ValueName": "SvOfferDeclined",
"RegValueType": "REG_QWORD"
},
"Steam": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Classes\\Steam",
"ValueName": "",
"RegValueType": "REG_SZ"
},
"StrictHiveSecurityReg": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\*",
"ValueName": "StrictHiveSecuritySet"
},
"SymantecInstalledKey": {
"FullPath": "SOFTWARE\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}",
"IfExists": true
},
"SymantecInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}",
"IfExists": true
},
"TargetReleaseVersionGP": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Update",
"ValueName": "TargetReleaseVersionInfo",
"RegValueType": "REG_SZ"
},
"TargetReleaseVersionMDM": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update",
"ValueName": "TargetReleaseVersion",
"RegValueType": "REG_SZ"
},
"TenantId": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Control\\CloudDomainJoin\\JoinInfo\\*",
"ValueName": "TenantId"
},
"TencentInstalledKey": {
"FullPath": "SOFTWARE\\Tencent\\QQPCMgr",
"IfExists": true
},
"TencentInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Tencent\\QQPCMgr",
"IfExists": true
},
"TencentReg": {
"FullPath": "SYSTEM\\CurrentControlSet\\services\\TesSafe",
"ValueName": "LoadStartTime"
},
"TencentType": {
"FullPath": "SYSTEM\\CurrentControlSet\\services\\TesSafe",
"ValueName": "Type"
},
"TestRN": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Wosc\\Client\\Persistent\\ClientState\\FCON",
"ValueName": "TestRing"
},
"ThreatTrackInstalledKey": {
"FullPath": "SOFTWARE\\SBAMSvc",
"IfExists": true
},
"ThreatTrackInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\SBAMSvc",
"IfExists": true
},
"TimestampEpochString_CO21H2RegFb": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
"ValueName": "TimestampEpochString",
"RegValueType": "REG_SZ"
},
"TrendInstalledKey": {
"FullPath": "SOFTWARE\\TrendMicro",
"IfExists": true
},
"TrendInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\TrendMicro",
"IfExists": true
},
"UHSEnrolled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"ValueName": "UHSEnrolled",
"RegValueType": "REG_SZ",
"IfExists": true
},
"UninstallActive": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "System\\Setup",
"ValueName": "UninstallActive",
"RegValueType": "REG_DWORD"
},
"UpdateOfferedDays": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WaaSAssessment\\Cache\\",
"ValueName": "UpToDateDays",
"RegValueType": "REG_DWORD"
},
"UpdatePreference": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Update",
"ValueName": "UpdatePreference",
"RegValueType": "REG_DWORD"
},
"UpgEx_CO21H2RegFb": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
"ValueName": "UpgEx",
"RegValueType": "REG_SZ"
},
"UpgradeAccepted": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates\\",
"ValueName": "UpgradeAccepted",
"RegValueType": "REG_DWORD",
"IfExists": true
},
"UpgradeEligible": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion",
"ValueName": "UpgradeEligible",
"RegValueType": "REG_DWORD"
},
"UserInPlaceUpgrade": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\\\Windows\\\\CurrentVersion",
"ValueName": "UserInPlaceUpgrade",
"RegValueType": "REG_DWORD"
},
"UsoScanMitigation": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Windows Update\\Orchestrator\\Mitigation\\",
"ValueName": "UsoScanNotStartingMitigationCompleted",
"RegValueType": "REG_DWORD",
"IfExists": true
},
"UtcDataHandlingPolicies": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack",
"ValueName": "UtcDataHandlingPolicies",
"RegValueType": "REG_QWORD"
},
"UUSVersion": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Windows Update\\Orchestrator",
"ValueName": "LastRunVersion",
"RegValueType": "REG_SZ"
},
"WAS_NetFxEnvironment": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\WAS-NetFxEnvironment",
"ValueName": "Selection",
"RegValueType": "REG_DWORD"
},
"WCFHTTPActivationNotificationState": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Component Based Servicing\\\\Notifications\\\\OptionalFeatures\\\\WCF-HTTP-Activation",
"ValueName": "Selection",
"RegValueType": "REG_DWORD"
},
"WCFNonHTTPActivationNotificationState": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Component Based Servicing\\\\Notifications\\\\OptionalFeatures\\\\WCF-NonHTTP-Activation",
"ValueName": "Selection",
"RegValueType": "REG_DWORD"
},
"WebExperience": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
"IfExists": true
},
"WebExperienceWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
"IfExists": true
},
"WebrootInstalledKey": {
"FullPath": "SOFTWARE\\WRData",
"IfExists": true
},
"WebrootInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\WRData",
"IfExists": true
},
"Win11UpgradeAcceptedTimestamp": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UX\\Settings",
"ValueName": "SvOfferAccepted",
"RegValueType": "REG_QWORD"
},
"Win11UpgradeAcceptedWUSeeker": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UX\\Settings",
"ValueName": "SvOfferAccepted",
"RegValueType": "REG_QWORD",
"IfExists": true
},
"WindowsAccountSyncConsentApplicable": {
"HKey": "HKEY_CURRENT_USER",
"FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT",
"ValueName": "isApplicable",
"RegValueType": "REG_DWORD"
},
"WindowsAccountSyncConsentState": {
"HKey": "HKEY_CURRENT_USER",
"FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT\\DATASHARING",
"ValueName": "isConsentAccepted",
"RegValueType": "REG_DWORD"
},
"WindowsMixedReality": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\WUDF\\Services\\HoloLensSensors",
"ValueName": "WdfMajorVersion",
"RegValueType": "REG_DWORD"
},
"WSX_Runtime": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
"ValueName": "ExperienceExtensions",
"RegValueType": "REG_SZ"
},
"WSX_Windows_AppSample": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
"ValueName": "Windows.AppSample",
"RegValueType": "REG_SZ"
},
"WSX_Windows_Settings_Account": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
"ValueName": "Windows.Settings.Account",
"RegValueType": "REG_SZ"
},
"WSX_Windows_Shell_Start": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
"ValueName": "Windows.Shell.StartMenu",
"RegValueType": "REG_SZ"
}
},
"FileInfo": {
"AvastVer": {
"Path": "\\system32\\Drivers\\aswVmm.sys",
"FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
},
"AvgVer": {
"Path": "\\system32\\Drivers\\avgVmm.sys",
"FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
},
"BullguardInstalledVer": {
"Path": "\\BullGuard Ltd\\BullGuard\\BullGuard.exe",
"IfExists": true,
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"CortanaAppVer": {
"Path": "\\WindowsApps\\Microsoft.549981C3F5F10_8wekyb3d8bbwe\\CortanaApp.View.exe",
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"CortanaAppVerTest": {
"Path": "\\WindowsApps\\3242f7d9-db60-4380-a379-4205ea768bfc_1.0.0.0_x64__zs4v8rx04ex0m\\UndockingTestApp.exe",
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"CrowdStrikeInstalledVer": {
"Path": "drivers\\CrowdStrike\\CSAgent.sys",
"IfExists": true,
"FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
},
"EsetVer": {
"Path": "\\drivers\\ehdrv.sys",
"FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
},
"FileExistsMscoreeDll": {
"Path": "%windir%\\\\system32\\\\mscoree.dll",
"IfExists": true
},
"GDataInstalledVer": {
"Path": "\\drivers\\MiniIcpt.sys",
"IfExists": true,
"FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
},
"HidparseDriversVer": {
"Path": "%windir%\\system32\\drivers\\hidparse.sys"
},
"HidparseSystem32Ver": {
"Path": "%windir%\\system32"
},
"HidparseSystem32Ver1": {
"Path": "%windir%\\system32\\hidparse.sys"
},
"IsNotepadExePresent": {
"Path": "%windir%\\system32\\notepad.exe",
"IfExists": true
},
"K7InstalledVer": {
"Path": "\\K7 Computing",
"IfExists": true,
"FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
},
"KasperskyVer": {
"Path": "\\system32\\Drivers\\klhk.sys",
"FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
},
"OnnxruntimeVer": {
"Path": "%windir%\\\\system32\\\\onnxruntime.dll"
},
"PandaInstalledVer": {
"Path": "\\Panda Security",
"IfExists": true,
"FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
},
"SkypeRoomSystem": {
"Path": "%systemdrive%\\Recovery\\OEM\\$oem$\\$1\\Rigel\\x64\\Scripts\\Provisioning\\AutoUnattend.xml",
"IfExists": true
},
"SymantecVer": {
"Path": "\\Symantec\\Shared\\EENGINE\\eeCtrl.sys",
"FolderGuid": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
},
"SymantecVer64": {
"Path": "\\Symantec\\Shared\\EENGINE\\eeCtrl64.sys",
"FolderGuid": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
},
"TobiiVer": {
"Path": "\\Tobii\\Tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"TobiiVer1x86": {
"Path": "\\Tobii\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
"FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
},
"TobiiVerx86": {
"Path": "\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
"FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
},
"TrendInstalledVer": {
"Path": "\\Trend Micro\\Titanium\\plugin\\plugVizor.dll",
"IfExists": true,
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"TrendMicroVer": {
"Path": "\\drivers\\TMUMH.sys",
"FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
},
"WuClientVer": {
"Path": "\\system32\\wuaueng.dll",
"FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
},
"XamlCbsActivationStore": {
"Path": "%ProgramData%\\\\Microsoft\\\\Windows\\\\AppRepository\\\\Packages\\\\Microsoft.UI.Xaml.CBS_8.2205.4001.0_x64__8wekyb3d8bbwe\\\\ActivationStore.dat",
"IfExists": true
},
"XamlCbsActivationStoreArm64": {
"Path": "%ProgramData%\\\\Microsoft\\\\Windows\\\\AppRepository\\\\Packages\\\\Microsoft.UI.Xaml.CBS_8.2205.4001.0_arm64__8wekyb3d8bbwe\\\\ActivationStore.dat",
"IfExists": true
}
},
"Licensing": {
"UpdateManagementGroup": {
"Name": "UpdatePolicy-UpdateManagementGroup"
}
},
"UpdatePolicy": {
"AllowOptionalContent": {
"PolicyEnum": 58,
"Enterprise": true
},
"BranchReadinessLevel": {
"PolicyEnum": 5,
"Enterprise": true
},
"BranchReadinessLevelSource": {
"PolicyEnum": 5,
"Enterprise": true,
"UseSource": true
},
"DeferFeatureUpdatePeriodInDays": {
"PolicyEnum": 9,
"Enterprise": true
},
"DeferQualityUpdatePeriodInDays": {
"PolicyEnum": 7,
"Enterprise": true
},
"DisableDualScan": {
"PolicyEnum": 42,
"Enterprise": true
},
"EnableWUfBUpgradeGates": {
"PolicyEnum": 51,
"Enterprise": true
},
"TargetProductVersion": {
"PolicyEnum": 53,
"Enterprise": true
},
"TargetReleaseVersion": {
"PolicyEnum": 50,
"Enterprise": true
},
"UpdateServiceUrl": {
"PolicyEnum": 12
},
"WUfBClientManaged": {
"PolicyEnum": 32,
"Enterprise": true
}
},
"Policy": {
"DesiredOcpVersion": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OcpVersion/"
},
"DesiredOsVersion": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OsVersion"
},
"DesiredSystemManifestVersion": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/SystemManifestVersion"
},
"DucCustomPackageId": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/CustomPackageId"
},
"DucDeviceModelId": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/DeviceModelId"
},
"DucOemPartnerRing": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/OemPartnerRing"
},
"DucPublisherId": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/PublisherId"
},
"SetPolicyDrivenUpdateSourceForFeatureUpdates": {
"LocUri": "./Device/Vendor/MSFT/Policy/Config/Update/SetPolicyDrivenUpdateSourceForFeatureUpdates"
},
"WSUSconfigured_csp": {
"LocUri": "./Device/Vendor/MSFT/Policy/Config/Update/UpdateServiceUrl"
}
},
"WMI": {
"ElanFingerprintDriverVersion": {
"Query": "SELECT DriverVersion, Manufacturer FROM Win32_PnPSignedDriver WHERE Manufacturer = 'ELAN'",
"Name": "DriverVersion",
"Timeout": 2000
},
"FirstStorageSpaceDeviceId": {
"Query": "SELECT DeviceID FROM Win32_DiskDrive WHERE Model = 'Microsoft Storage Space Device'",
"Name": "DeviceID",
"Timeout": 2000
},
"IIS_ASPNET_WMI": {
"Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'IIS-ASPNET'",
"Name": "InstallState",
"Timeout": 2000
},
"IIS_NetFxExtensibility_WMI": {
"Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'IIS-NetFxExtensibility'",
"Name": "InstallState",
"Timeout": 2000
},
"NetFx3State": {
"Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'NetFX3'",
"Name": "InstallState",
"Timeout": 2000
},
"PSAKyoceraInstalledName": {
"Query": "SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'A97ECD55.KYOCERAPrintCenter_4.1.11108.0_x64__kqmhh0ktdt7dg'",
"Name": "Name",
"Timeout": 2000
},
"PSATATriumphInstalledName": {
"Query": "SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'TATriumph-AdlerGmbH.TAUTAXPrintCenter_4.1.11108.0_x64__h5e8vsnevp54y'",
"Name": "Name",
"Timeout": 2000
},
"WAS_NetFxEnvironment_WMI": {
"Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'WAS-NetFxEnvironment'",
"Name": "InstallState",
"Timeout": 2000
},
"WCFHTTPActivationState": {
"Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'WCF-HTTP-Activation'",
"Name": "InstallState",
"Timeout": 2000
},
"WCFNonHTTPActivationState": {
"Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'WCF-NonHTTP-Activation'",
"Name": "InstallState",
"Timeout": 2000
},
"XeroxPsaInstalledName": {
"Query": "SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'XeroxCorp.PrintExperience_8.29.32.0_x64__f7egpvdyrs2a8'",
"Name": "Name",
"Timeout": 2000
}
}
}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings]
"TargetingAttributesVerified"="{
"Version": 245,
"SchemaVersion": 1,
"PartA": [
"App",
"AppVer",
"AttrDataVer"
],
"Default": [
"DeviceFamily",
"f:FlightRing",
"t:OSVersionFull"
],
"PartB": {
"ACSOVERRIDE": [
"OSArchitecture",
"c:IsAlwaysOnAlwaysConnectedCapable"
],
"APPTARGETEDFEATUREDB": [
"c:FlightingBranchName",
"f:FlightRing",
"t:OSVersionFull",
"DeviceFamily"
],
"CASSCLIENT": [
"OSVersion",
"c:OSEdition",
"f:FlightRing",
"c:OSUILocale",
"f:FlightingBranchName",
"r:OEMMode"
],
"CDM": [
"ChassisTypeId",
"r:CurrentBranch",
"DeviceFamily",
"f:FlightingBranchName",
"f:FlightRing",
"c:InstallLanguage",
"c:IsDomainJoined",
"t:IsTestLab",
"OEMModel",
"OSArchitecture",
"OSVersion",
"t:OSSkuId",
"c:ProcessorIdentifier",
"c:TelemetryLevel",
"t:IsMsftOwned",
"t:WCOSProductId",
"c:OSUILocale",
"c:CommercialId",
"s:MinShellVersion",
"s:MaxShellVersion",
"c:ActivationChannel",
"c:SCCMClientId",
"c:IsCloudDomainJoined",
"r:WebExperience",
"FX_FlightIds",
"AccountFirstChar",
"r:WSX_Windows_Settings_Account",
"r:InstallDate",
"r:WSX_Runtime",
"r:DefaultUserRegion",
"a:GatedFeature_NI22H2",
"r:WSX_Windows_Shell_Start",
"a:GatedFeature_CU23H2",
"r:ExpStates",
"MX_FlightIds",
"n:MXVersion",
"r:CIOptin",
"c:ProcessorCores",
"c:TotalPhysicalRAM",
"r:TestRN",
"u:UpdateServiceUrl",
"u:WUfBClientManaged",
"r:UUSVersion",
"DL_OSVersion",
"r:ExpPkgs",
"u:AllowOptionalContent",
"n:IsMicrosoftAAD"
],
"COMPATLOGGER": [
"osVer",
"ring",
"deviceId"
],
"CONTENT_DELIVERY_MANAGER": [
"c:OSEdition",
"t:OSSkuId",
"c:OSUILocale",
"a:UpgEx_CO21H2",
"a:GStatus_CO21H2",
"a:DataExpDateEpoch_CO21H2",
"a:TimestampEpochString_CO21H2",
"r:AndroidUserOptinValue",
"f:FlightingBranchName",
"f:FlightRing",
"r:CurrentBranch",
"c:ProcessorModel",
"r:NPUEnabledDevice",
"MX_FlightIds",
"r:KnownFoldersBackupStatus",
"c:IsDomainJoined"
],
"CORTANA_GATEKEEPER": [
"r:CurrentBranch",
"f:FlightRing",
"f:IsRetailOS"
],
"CORTANAUWP": [
"c:OSUILocale",
"t:OSVersionFull",
"v:CortanaAppVer"
],
"CORTANAUWPTEST": [
"+CORTANAUWP",
"v:CortanaAppVerTest"
],
"CTAC": [
"+FSS"
],
"DDC": [
"+WU_STORE",
"+_WU_PTI"
],
"DXDB": [
"DeviceFamily",
"f:FlightRing",
"r:IsHybridOrXGpu",
"t:OSVersionFull",
"OSVersion"
],
"EDGE_SERVICEUI": [
"t:LocalDeviceID",
"t:LocalUserID"
],
"FCON": [
"+CDM"
],
"FSS": [
"r:PreviewBuildsManagerEnabled",
"f:BranchReadinessLevelRaw",
"u:BranchReadinessLevelSource",
"r:BuildFID",
"t:DeviceFamily",
"DeviceId",
"c:EnablePreviewBuilds",
"f:FlightingPolicyValue",
"f:IsRetailOS",
"f:ManagePreviewBuilds",
"OSVersionFull",
"t:WCOSProductId",
"r:SmartActiveHoursState",
"r:ActiveHoursStart",
"r:ActiveHoursEnd",
"r:IsCHCapableBuild",
"r:FSRing",
"s:MaxShellVersion",
"s:MinShellVersion",
"c:TPMVersion",
"c:SecureBootCapable",
"c:ProcessorClockSpeed",
"c:ProcessorCores",
"c:TotalPhysicalRAM",
"t:SMode",
"c:SystemVolumeTotalCapacity",
"c:OEMManufacturerName",
"c:OEMModelNumber",
"a:ISVM",
"r:AllowUpgradesWithUnsupportedTPMOrCPU",
"r:IntelPlatformId",
"r:IsConfigMgrEnabled",
"f:IsFlightingEnabled",
"r:DeviceInfoGatherSuccessful"
],
"FXIRISCLIENT": [
"+IRISCLIENT"
],
"GS": [
"t:OSSkuId",
"t:OSVersionFull",
"r:CurrentBranch",
"r:DefaultUserRegion",
"DeviceFamily",
"c:FlightIds",
"f:FlightingBranchName",
"f:FlightRing",
"c:IsCloudDomainJoined",
"t:IsMsftOwned",
"f:IsRetailOS",
"c:OSUILocale",
"c:IsDomainJoined"
],
"IRISCLIENT": [
"+IRISCLIENTBASE",
"c:FlightIds"
],
"IRISCLIENTBASE": [
"DeviceFamily",
"OSVersion",
"t:OSSkuId",
"OSArchitecture",
"c:TelemetryLevel",
"f:FlightRing",
"f:FlightingBranchName",
"c:InternalPrimaryDisplayResolutionHorizontal",
"c:InternalPrimaryDisplayResolutionVetical",
"t:IsMsftOwned",
"c:ChassisType",
"OEMModel",
"c:OSUILocale",
"c:OSEdition",
"r:CurrentBranch",
"t:WCOSProductId",
"c:InstallationType",
"r:InstallDate",
"c:IsCloudDomainJoined",
"c:IsDeviceRetailDemo",
"f:IsRetailOS",
"c:ProcessorClockSpeed",
"c:ProcessorCores",
"c:ProcessorManufacturer",
"c:TotalPhysicalRAM",
"c:D3DMaxFeatureLevel",
"c:IsAlwaysOnAlwaysConnectedCapable",
"t:SMode",
"t:LocalUserID",
"r:AndroidUserOptinValue",
"c:ProcessorModel",
"MX_FlightIds",
"a:UpgEx_CO21H2",
"r:KnownFoldersBackupStatus",
"c:OEMModelSystemFamily",
"OEMName_Uncleaned",
"r:IsSpotlightEnabledInOEMTheme",
"r:IsSpotlightThemeEnabledByOEM",
"r:WindowsAccountSyncConsentApplicable",
"r:WindowsAccountSyncConsentState"
],
"IRISCLIENTV2": [
"+IRISCLIENTBASE",
"IX_FlightIds"
],
"MICROSOFT.WINDOWSFEEDBACKHUB_8WEKYB3D8BBWE": [
"t:OSVersionFull",
"t:IsTestLab",
"f:FlightRing"
],
"MITIGATION": [
"t:DeviceFamily",
"f:FlightRing",
"c:FlightIds",
"c:IsDomainJoined",
"t:IsMsftOwned",
"f:IsRetailOS",
"t:IsTestLab",
"IsVM",
"OEMModel",
"c:OSEdition",
"t:OSSkuId",
"t:OSVersionFull",
"c:OSUILocale",
"t:SMode",
"f:IsFlightingEnabled",
"c:FirmwareVersion",
"c:TelemetryLevel",
"f:FlightingBranchName",
"r:CurrentBranch",
"OSVersion",
"w:FirstStorageSpaceDeviceId",
"r:IsCldFltSyncRoots",
"c:OSInstallType",
"v:IsNotepadExePresent",
"r:StrictHiveSecurityReg",
"a:GatedBlockId_21H1",
"r:UpdateOfferedDays",
"r:UsoScanMitigation",
"r:GamingServicesInstalledKey",
"v:FileExistsMscoreeDll",
"w:NetFx3State",
"r:WCFHTTPActivationNotificationState",
"w:WCFHTTPActivationState",
"r:WCFNonHTTPActivationNotificationState",
"w:WCFNonHTTPActivationState",
"r:DotNetMissingComponentsTroubleshooterSuccess",
"r:IIS_ASPNET",
"w:IIS_ASPNET_WMI",
"r:IIS_NetFxExtensibility",
"w:IIS_NetFxExtensibility_WMI",
"r:WAS_NetFxEnvironment",
"w:WAS_NetFxEnvironment_WMI",
"v:XamlCbsActivationStore",
"v:XamlCbsActivationStoreArm64",
"v:OnnxruntimeVer",
"w:ElanFingerprintDriverVersion",
"r:AADBrokerPluginNotRegistered",
"r:TenantId",
"r:IppPrinterBadDefaultPdc",
"r:FlightingOptOutState",
"r:CloudFilesFilter",
"r:PSAKyoceraMissingDEH",
"r:PSATATriumphMissingDEH",
"r:PSAXeroxMissingDEH",
"w:PSAKyoceraInstalledName",
"w:PSATATriumphInstalledName",
"w:XeroxPsaInstalledName"
],
"MLMOD": [
"ChassisTypeId",
"t:DeviceFamily",
"f:FlightingBranchName",
"f:FlightRing",
"f:IsRetailOS",
"t:OSSkuId",
"t:OSVersionFull",
"c:OSUILocale",
"OSVersion",
"c:TelemetryLevel",
"r:CurrentBranch",
"t:IsTestLab",
"c:PrimaryDiskType",
"FX_FlightIds"
],
"MTP": [
"+_WU_OS_CORE"
],
"MUSE": [
"+_WU_FB",
"ChassisTypeId",
"deviceClass",
"deviceId",
"c:FlightIds",
"locale",
"ms",
"os",
"osVer",
"ring",
"sampleId",
"sku",
"r:DaysSince19H1FUOffer",
"u:DisableDualScan",
"u:UpdateServiceUrl",
"c:CommercialId",
"f:FlightingBranchName",
"c:SystemVolumeTotalCapacity",
"c:IsAlwaysOnAlwaysConnectedCapable",
"c:ProcessorCores",
"c:PrimaryDiskType",
"c:TotalPhysicalRAM",
"c:ProcessorClockSpeed",
"c:ProcessorIdentifier",
"c:ProcessorModel",
"c:ActivationChannel",
"c:IsCloudDomainJoined",
"c:isCommercial",
"c:IsDomainJoined",
"c:IsMDMEnrolled",
"c:SCCMClientID",
"r:OEMSubModel",
"c:OEMModelNumber",
"c:OEMManufacturerName",
"r:OobeSeeker",
"r:DefaultUserRegion"
],
"NARRATORNNV": [
"+WU_STORE"
],
"NOISYHAMMER": [
"+WU_OS"
],
"PHS": [
"r:GridZoneName",
"OEMModel",
"c:OEMManufacturerName",
"c:OSUILocale",
"r:OEMSubModel",
"DeviceFamily"
],
"RULESENGINE": [
"c:OSEdition",
"t:OSSkuId",
"c:OSUILocale",
"a:UpgEx_CO21H2",
"a:GStatus_CO21H2",
"a:DataExpDateEpoch_CO21H2",
"a:TimestampEpochString_CO21H2",
"r:AndroidUserOptinValue",
"f:FlightingBranchName",
"f:FlightRing",
"r:CurrentBranch",
"c:ProcessorModel",
"r:NPUEnabledDevice",
"MX_FlightIds",
"r:KnownFoldersBackupStatus",
"c:IsDomainJoined",
"r:WindowsAccountSyncConsentApplicable",
"r:WindowsAccountSyncConsentState"
],
"RUXIM": [
"c:ActivationChannel",
"f:FlightRing",
"r:InstallDate",
"f:IsFlightingEnabled",
"a:ISVM",
"c:OEMModelNumber",
"OSArchitecture",
"t:OSSkuId",
"c:SCCMClientID",
"r:SetupDisplayedEulaVersion",
"r:KioskMode",
"r:OobeSeeker",
"r:UninstallActive"
],
"SEDIMENTPACK": [
"+WU_OS"
],
"SERVICEEXPERIENCES": [
"f:FlightingBranchName",
"f:FlightRing",
"s:MaxShellVersion",
"s:MinShellVersion",
"t:IsTestLab",
"c:TelemetryLevel",
"t:OSSkuId",
"r:CurrentBranch",
"OSVersion",
"DeviceFamily",
"r:WSX_Windows_Settings_Account",
"c:FlightIds",
"r:WSX_Runtime",
"r:WSX_Windows_Shell_Start",
"r:WSX_Windows_AppSample"
],
"SERVICING_CBS": [
"+WU",
"osVer"
],
"SETUP360": [
"t:OSSkuId",
"f:FlightRing"
],
"SMARTOPTOUT": [
"+CDM"
],
"STORAGEGROVELER": [
"a:Free",
"c:TelemetryLevel",
"f:FlightRing",
"f:IsFlightingEnabled",
"IsVM",
"t:OSVersionFull"
],
"UTC": [
"+UTC_STATIC",
"osVer",
"locale",
"ring",
"f:PilotRing",
"f:IsRetailOS",
"ms",
"expId",
"t:SMode",
"f:FlightingBranchName",
"c:CommercialId",
"r:IsFeedbackHubSelfhost",
"c:AzureVMType",
"t:IsTestLab",
"c:TelemetryLevel",
"c:IsVirtualDevice",
"r:IsProcessorMode",
"r:UtcDataHandlingPolicies"
],
"UTC_STATIC": [
"os",
"deviceId",
"sampleId",
"deviceClass",
"sku",
"OEMModel",
"OEMName_Uncleaned",
"c:PrimaryDiskType",
"c:ProcessorModel",
"c:TotalPhysicalRAM"
],
"UUS": [
"OSVersion",
"f:FlightRing",
"t:IsTestLab",
"t:OSVersionFull",
"f:FlightingBranchName",
"r:CurrentBranch",
"f:IsFlightingEnabled"
],
"WAASASSESSMENT": [
"+WU_OS"
],
"WAASMEDIC": [
"os",
"osVer",
"ring",
"deviceClass",
"deviceId",
"locale",
"sku",
"c:ActivationChannel",
"c:CommercialId",
"r:CurrentBranch",
"f:FlightingBranchName",
"c:IsCloudDomainJoined",
"c:IsDomainJoined",
"t:IsTestLab",
"OSVersion",
"c:SCCMClientID",
"c:TelemetryLevel",
"r:FlightingOptOutState"
],
"WOSC": [
"t:DeviceFamily",
"f:FlightRing",
"f:IsFlightingEnabled",
"t:IsMsftOwned",
"t:LocalDeviceID",
"t:OSSkuId",
"c:OSUILocale",
"t:OSVersionFull",
"c:TelemetryLevel",
"r:IsHybridOrXGpu",
"r:PlayFabPartyRelay",
"OSVersion"
],
"WPSHIFT": [
"+MTP"
],
"WU": [
"+WU_OS",
"r:DUInternal"
],
"_WU_AV": [
"r:AvastReg",
"r:AvastBlackScreen",
"v:AvastVer",
"r:AvgReg",
"v:AvgVer",
"r:EsetReg",
"v:EsetVer",
"r:KasperskyReg",
"v:KasperskyVer",
"v:SymantecVer",
"r:TencentReg",
"r:TencentType",
"r:AhnlabInstalledKey",
"r:AvastInstalledKey",
"r:AVGInstalledKey",
"r:AviraInstalledKey",
"r:BullguardInstalledKey",
"r:ESETInstalledKey",
"r:ESTSecurityInstalledKey",
"r:FSecureInstalledKey",
"v:GDataInstalledVer",
"r:K7InstalledKey",
"r:KasperskyInstalledKey",
"r:KingsoftInstalledKey",
"r:LenovoInstalledKey",
"r:MalwarebytesInstalledKey",
"r:McAfeeInstalledKey",
"r:PandaInstalledKey",
"r:QuickhealInstalledKey1",
"r:SophosInstalledKey1",
"r:SymantecInstalledKey",
"r:TencentInstalledKey",
"r:ThreatTrackInstalledKey",
"r:TrendInstalledKey",
"r:WebrootInstalledKey",
"v:K7InstalledVer"
],
"_WU_COMMON": [
"r:CurrentBranch",
"r:DefaultUserRegion",
"DeviceFamily",
"r:DriverPartnerRing",
"r:FlightContent",
"f:FlightingBranchName",
"f:FlightRing",
"HoloLens",
"c:InstallationType",
"c:InstallLanguage",
"f:IsFlightingEnabled",
"r:IsFlightingEnabled",
"c:MobileOperatorCommercialized",
"OEMModel",
"OEMName_Uncleaned",
"r:OemPartnerRing",
"OSArchitecture",
"OSVersion",
"t:OSSkuId",
"c:OSUILocale",
"c:ProcessorManufacturer",
"r:ReleaseType",
"v:SkypeRoomSystem",
"t:SMode",
"c:TelemetryLevel",
"r:WindowsMixedReality",
"v:WuClientVer",
"p:DucPublisherId",
"p:DucDeviceModelId",
"p:DucOemPartnerRing",
"p:DucCustomPackageId",
"p:DesiredOsVersion",
"p:DesiredSystemManifestVersion",
"r:TenantId"
],
"_WU_FB": [
"u:BranchReadinessLevel",
"u:DeferQualityUpdatePeriodInDays",
"u:DeferFeatureUpdatePeriodInDays",
"r:PausedFeatureStatus",
"r:PausedQualityStatus",
"u:TargetReleaseVersion",
"r:QUDeadline",
"r:UpdatePreference",
"r:UpdateOfferedDays",
"u:TargetProductVersion",
"DSS_Enrolled",
"r:NonSecurityUpdate"
],
"WU_OS": [
"+_WU_OS_CORE",
"+_WU_FB"
],
"_WU_OS_CORE": [
"+_WU_COMMON",
"+_WU_AV",
"r:AhnLabKeyboard",
"a:BIOS",
"r:BlockFeatureUpdates",
"c:CommercialId",
"a:DataVer_RS5",
"r:DisconnectedStandby",
"r:DchuNvidiaGrfxExists",
"r:DchuNvidiaGrfxVen",
"r:DchuIntelGrfxExists",
"r:DchuIntelGrfxVen",
"r:DchuAmdGrfxExists",
"r:DchuAmdGrfxVen",
"c:FirmwareVersion",
"a:Free",
"a:GStatus_RS3",
"a:GStatus_RS4",
"a:GStatus_RS5",
"r:HidOverGattReg",
"r:InstallDate",
"c:IsDeviceRetailDemo",
"c:IsPortableOperatingSystem",
"IsVM",
"c:OEMModelBaseBoard",
"r:OobeSeeker",
"r:OSRollbackBuild",
"r:OSRollbackCount",
"r:OSRollbackDate",
"PhoneTargetingName",
"r:PonchAllow",
"r:PonchBlock",
"c:ProcessorIdentifier",
"r:RecoveredFromBuild",
"r:RecoveredOnDate",
"r:Steam",
"v:TobiiVer",
"v:TrendMicroVer",
"r:UninstallActive",
"l:UpdateManagementGroup",
"a:UpgEx_RS3",
"a:UpgEx_RS4",
"a:UpgEx_RS5",
"a:Version_RS5",
"r:DisableWUfBOfferBlock",
"a:UpgEx_19H1",
"a:SdbVer_19H1",
"a:GStatus_19H1",
"a:GStatus_19H1Setup",
"a:TimestampEpochString_19H1Setup",
"a:GenTelRunTimestamp_19H1",
"a:DataExpDateEpoch_19H1",
"u:EnableWUfBUpgradeGates",
"r:GStatusBlockIDs_All",
"TimestampDelta_19H1Subtract19H1Setup",
"DataExpDateDelta_19H1Subtract19H1Setup",
"a:DataExpDateEpoch_19H1Setup",
"a:TimestampEpochString_19H1",
"r:IsContainerMgrInstalled",
"r:IsWDAGEnabled",
"r:MTPTargetingInfo",
"r:EKB19H2InstallCount",
"r:EKB19H2UnInstallCount",
"r:EKB19H2InstallTimeEpoch",
"r:EKB19H2UnInstallTimeEpoch",
"r:BlockEdgeWithChromiumUpdate",
"r:IsWDATPEnabled",
"r:IsAutopilotRegistered",
"r:EdgeWithChromiumInstallVersion",
"r:EdgeWithChromiumInstallFailureCount",
"r:IsEdgeWithChromiumInstalled",
"r:KioskMode",
"c:IsCloudDomainJoined",
"c:IsDomainJoined",
"a:DataExpDateEpoch_20H1",
"a:DataExpDateEpoch_20H1Setup",
"a:GStatus_20H1",
"a:GStatus_20H1Setup",
"a:SdbVer_20H1",
"a:TimestampEpochString_20H1",
"a:TimestampEpochString_20H1Setup",
"DataExpDateDelta_20H1Subtract20H1Setup",
"TimestampDelta_20H1Subtract20H1Setup",
"a:UpgEx_20H1",
"r:AutopilotUpdateInProgress",
"r:UHSEnrolled",
"r:HotPatchEKBInstalled",
"r:LCUVer",
"c:isCommercial",
"c:ActivationChannel",
"c:IsMDMEnrolled",
"c:SCCMClientID",
"r:ChinaTypeApproval_CTA",
"p:DesiredOcpVersion",
"r:UpgradeEligible",
"r:AllowInPlaceUpgrade",
"r:SH_SIPolicyCleanup",
"r:FeatureUpdateDeadline",
"a:DataExpDateEpoch_21H1",
"a:UpgEx_CO21H2",
"a:GStatus_21H1",
"DataExpDateDelta_21H1Subtract20H1Setup",
"TimestampDelta_21H1Subtract20H1Setup",
"a:TimestampEpochString_21H1",
"r:OEMSubModel",
"c:ProcessorModel",
"c:TPMVersion",
"r:StayOnWindows10Timestamp",
"a:GStatus_CO21H2Setup",
"TimestampDelta_CO21H2SubtractCO21H2Setup",
"DataExpDateDelta_CO21H2SubtractCO21H2Setup",
"a:TimestampEpochString_CO21H2Setup",
"a:DataExpDateEpoch_CO21H2Setup",
"a:TimestampEpochString_CO21H2",
"a:DataExpDateEpoch_CO21H2",
"a:GStatus_CO21H2",
"p:SetPolicyDrivenUpdateSourceForFeatureUpdates",
"r:DchuNvidiaGrfxVenTest",
"a:DataExpDateDelta_21H2Subtract20H1Setup",
"a:TimestampEpochString_21H2",
"a:TimestampDelta_21H2Subtract20H1Setup",
"a:GStatus_21H2",
"a:DataExpDateEpoch_21H2",
"r:DSS_Enrolled_DF",
"r:UpgradeAccepted",
"r:SetupDisplayedEulaVersion",
"c:ProcessorCores",
"c:ProcessorClockSpeed",
"c:TotalPhysicalRAM",
"c:SecureBootCapable",
"c:PrimaryDiskTotalCapacity",
"r:BitDefenderInstalledKey",
"r:BroadcomInstalledKey",
"v:CrowdStrikeInstalledVer",
"r:QihooInstalledKey",
"r:Win11UpgradeAcceptedTimestamp",
"a:UpgEx_NI22H2",
"r:OobeNdupAcceptedTarget",
"r:OobeNdupFU22621CommitChoice",
"a:DataExpDateEpoch_NI22H2",
"a:GStatus_NI22H2",
"a:GStatus_NI22H2Setup",
"a:TimestampEpochString_NI22H2Setup",
"TimestampDelta_NI22H2SubtractNI22H2Setup",
"DataExpDateDelta_NI22H2SubtractNI22H2Setup",
"a:DataExpDateEpoch_NI22H2Setup",
"a:TimestampEpochString_NI22H2",
"r:IsVbsEnabled",
"r:FODRetryPending",
"r:UserInPlaceUpgrade",
"v:HidparseDriversVer",
"v:HidparseSystem32Ver",
"v:HidparseSystem32Ver1",
"r:CIOptin",
"r:FlightingOptOutState",
"p:WSUSconfigured_csp",
"a:UpgEx_NI22H2Setup",
"a:UpgEx_CO21H2Setup",
"u:WUfBClientManaged",
"u:UpdateServiceUrl",
"u:AllowOptionalContent",
"FX_FlightIds",
"DL_OSVersion",
"r:ExpPkgs",
"r:UUSVersion"
],
"_WU_PTI": [
"c:FrontFacingCameraResolution",
"c:RearFacingCameraResolution",
"c:TotalPhysicalRAM",
"c:NFCProximity",
"c:Magnetometer",
"c:Gyroscope",
"c:D3DMaxFeatureLevel",
"c:InternalPrimaryDisplayResolutionHorizontal",
"c:InternalPrimaryDisplayResolutionVetical"
],
"WU_STORE": [
"+_WU_COMMON",
"r:AppChannels",
"r:AppRMIDs",
"u:BranchReadinessLevel"
]
},
"Required": [
"App",
"AppVer",
"AttrDataVer"
],
"Aliases": {
"AccountFirstChar": "c:MSA_Accounts",
"ChassisTypeId": "c:ChassisType",
"DataExpDateDelta_19H1Subtract19H1Setup": "a:DataExpDateEpoch_19H1_Subtract_DataExpDateEpoch_19H1Setup",
"DataExpDateDelta_20H1Subtract20H1Setup": "a:DataExpDateEpoch_20H1_Subtract_DataExpDateEpoch_20H1Setup",
"DataExpDateDelta_21H1Subtract20H1Setup": "a:DataExpDateEpoch_21H1_Subtract_DataExpDateEpoch_20H1Setup",
"DataExpDateDelta_CO21H2SubtractCO21H2Setup": "a:DataExpDateEpoch_CO21H2_Subtract_DataExpDateEpoch_CO21H2Setup",
"DataExpDateDelta_NI22H2SubtractNI22H2Setup": "a:DataExpDateEpoch_NI22H2_Subtract_DataExpDateEpoch_NI22H2Setup",
"deviceClass": "DeviceFamily",
"deviceId": "t:LocalDeviceID",
"DeviceId": "t:LocalDeviceID",
"DL_OSVersion2": "DL_OSVersion",
"DSS_Enrolled": "r:DSS_Enrolled_State",
"expId": "c:FlightIds",
"FlightRing": "f:FlightRing",
"FX_FlightIds": "c:FlightIds",
"IsVM": "a:ISVM",
"IX_FlightIds": "c:FlightIds",
"locale": "c:OSUILocale",
"ms": "t:IsMsftOwned",
"MX_FlightIds": "c:FlightIds",
"OEMModel": "c:OEMModelNumber",
"OEMName_Uncleaned": "c:OEMManufacturerName",
"osVer": "t:OSVersionFull",
"OSVersionFull": "t:OSVersionFull",
"PhoneTargetingName": "c:OEMModelName",
"ring": "f:FlightRing",
"sampleId": "t:PopVal",
"sku": "t:OSSkuId",
"TimestampDelta_19H1Subtract19H1Setup": "a:TimestampEpochString_19H1_Subtract_TimestampEpochString_19H1Setup",
"TimestampDelta_20H1Subtract20H1Setup": "a:TimestampEpochString_20H1_Subtract_TimestampEpochString_20H1Setup",
"TimestampDelta_21H1Subtract20H1Setup": "a:TimestampEpochString_21H1_Subtract_TimestampEpochString_20H1Setup",
"TimestampDelta_CO21H2SubtractCO21H2Setup": "a:TimestampEpochString_CO21H2_Subtract_TimestampEpochString_CO21H2Setup",
"TimestampDelta_NI22H2SubtractNI22H2Setup": "a:TimestampEpochString_NI22H2_Subtract_TimestampEpochString_NI22H2Setup"
},
"Fallback": {
"r:AhnlabInstalledKey": "r:AhnlabInstalledWowKey",
"r:AvastBlackScreen": "r:AvgBlackScreen",
"r:AvastInstalledKey": "r:AvastInstalledWowKey",
"r:AVGInstalledKey": "r:AVGInstalledWowKey",
"r:AviraInstalledKey": "r:AviraInstalledWowKey",
"a:BIOS": "a:Bios_RS3",
"a:Bios_RS3": "a:Bios_RS4",
"a:Bios_RS4": "a:Bios_RS5",
"r:BlockFeatureUpdates": "r:BlockWUUpgrades",
"r:BlockWUUpgrades": "r:BlockWUUpgradesWow",
"r:BuildFID": "r:BuildFID_WCOS",
"r:BuildFID_WCOS": "r:BuildFID_WCOS2",
"r:BullguardInstalledKey": "v:BullguardInstalledVer",
"a:DataExpDateEpoch_CO21H2": "r:DataExpDateEpoch_CO21H2RegFb",
"r:DchuAmdGrfxVen": "r:DchuAmdGrfxVen2",
"r:DchuAmdGrfxVen2": "r:DchuAmdGrfxDeletePending",
"r:DchuIntelGrfxDeletePending": "r:DchuIntelGrfxNExists",
"r:DchuIntelGrfxVen": "r:DchuIntelGrfxVen2",
"r:DchuIntelGrfxVen2": "r:DchuIntelGrfxDeletePending",
"r:DchuNvidiaGrfxVen": "r:DchuNvidiaGrfxVen2",
"r:DchuNvidiaGrfxVen2": "r:DchuNvidiaGrfxDeletePending",
"DL_OSVersion": "OSVersion",
"r:DriverPartnerRing": "r:OSDataDriverPartnerRing",
"r:EdgeWithChromiumInstallFailureCount": "r:EdgeWithChromiumInstallFailureCountWow",
"r:EdgeWithChromiumInstallVersion": "r:EdgeWithChromiumInstallVersionWow",
"u:EnableWUfBUpgradeGates": "r:EnableWUfBUpgradeGatesRS5",
"r:ESETInstalledKey": "r:ESETInstalledWowKey",
"r:ESTSecurityInstalledKey": "r:ESTSecurityInstalledWowKey",
"f:FlightingBranchName": "c:FlightingBranchName",
"a:Free": "a:Free_RS3",
"a:Free_RS3": "a:Free_RS4",
"a:Free_RS4": "a:Free_RS5",
"r:FSecureInstalledKey": "r:FSecureInstalledWowKey",
"a:GatedFeature_NI22H2": "r:Migrated_GatedFeature_NI22H2Setup",
"a:GStatus_CO21H2": "r:GStatus_CO21H2RegFb",
"HoloLens": "r:WindowsMixedReality",
"r:IsEdgeWithChromiumInstalled": "r:IsEdgeWithChromiumInstalledWow",
"a:ISVM": "a:ISVM_RS3",
"a:ISVM_RS3": "a:ISVM_RS4",
"a:ISVM_RS4": "a:ISVM_RS5",
"r:K7InstalledKey": "r:K7InstalledWowKey",
"r:KasperskyInstalledKey": "r:KasperskyInstalledWowKey",
"r:KingsoftInstalledKey": "r:KingsoftInstalledWowKey",
"r:LenovoInstalledKey": "r:LenovoInstalledWowKey",
"r:MalwarebytesInstalledKey": "r:MalwarebytesInstalledWowKey",
"r:McAfeeInstalledKey": "r:McAfeeInstalledWowKey",
"r:Migrated_GatedFeature_NI22H2Setup": "r:Migrated_GatedFeature_NI22H2",
"c:OEMModelBaseBoard": "r:OEMModelBaseBoard",
"r:PandaInstalledKey": "r:PandaInstalledWowKey",
"r:PandaInstalledWowKey": "v:PandaInstalledVer",
"r:PonchAllow": "r:PonchAllowKey",
"r:PonchAllowKey": "r:PonchAllowWow",
"r:PonchAllowWow": "r:PonchAllowWowKey",
"r:QUDeadline": "r:QUDeadlineMDM",
"r:QuickhealInstalledKey1": "r:QuickhealInstalledKey2",
"r:SophosInstalledKey1": "r:SophosInstalledKey2",
"r:SymantecInstalledKey": "r:SymantecInstalledWowKey",
"v:SymantecVer": "v:SymantecVer64",
"u:TargetReleaseVersion": "r:TargetReleaseVersionGP",
"r:TargetReleaseVersionGP": "r:TargetReleaseVersionMDM",
"r:TencentInstalledKey": "r:TencentInstalledWowKey",
"r:ThreatTrackInstalledKey": "r:ThreatTrackInstalledWowKey",
"a:TimestampEpochString_CO21H2": "r:TimestampEpochString_CO21H2RegFb",
"v:TobiiVer": "v:TobiiVerx86",
"v:TobiiVerx86": "v:TobiiVer1x86",
"r:TrendInstalledKey": "r:TrendInstalledWowKey",
"r:TrendInstalledWowKey": "v:TrendInstalledVer",
"a:UpgEx_CO21H2": "r:UpgEx_CO21H2RegFb",
"r:UpgradeAccepted": "r:Win11UpgradeAcceptedWUSeeker",
"r:WebExperience": "r:WebExperienceWow",
"r:WebrootInstalledKey": "r:WebrootInstalledWowKey"
},
"Transform": {
"AccountFirstChar": {
"SubLength": 1
},
"DeviceInfoGatherSuccessful": {
"Ignore": [
"0"
]
},
"FlightingOptOutState": {
"Ignore": [
"0"
]
},
"FX_FlightIds": {
"Regex": "FX:[^,]*",
"RegexDelimiter": ","
},
"IppPrinterBadDefaultPdc": {
"Contains": "V4_No_ChangeID_Present"
},
"IsDomainJoined": {
"Ignore": [
"0"
]
},
"IsHybridOrXGpu": {
"Ignore": [
"0"
]
},
"IsMsftOwned": {
"Ignore": [
"0"
]
},
"IsPortableOperatingSystem": {
"Ignore": [
"0"
]
},
"IsTestLab": {
"Ignore": [
"0"
]
},
"IsVM": {
"Ignore": [
"0"
]
},
"IX_FlightIds": {
"Regex": "IX:[^,]*",
"RegexDelimiter": ","
},
"MX_FlightIds": {
"Regex": "ME:[^,]*|MD:[^,]*",
"RegexDelimiter": ","
},
"OEMModel": {
"SubLength": 100
},
"OEMName_Uncleaned": {
"SubLength": 100
},
"PausedFeatureStatus": {
"Ignore": [
"0"
]
},
"PausedQualityStatus": {
"Ignore": [
"0"
]
},
"PSAKyoceraInstalledName": {
"Contains": "A97ECD55.KYOCERAPrintCenter"
},
"PSATATriumphInstalledName": {
"Contains": "TATriumph-AdlerGmbH.TAUTAXPrintCenter"
},
"SMode": {
"Ignore": [
"0"
]
},
"StayOnWindows10Timestamp": {
"SubLength": -3,
"Ignore": [
""
]
},
"XeroxPsaInstalledName": {
"Contains": "XeroxCorp.PrintExperience"
}
},
"Registry": {
"AADBrokerPluginNotRegistered": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsMitigationData\\AADBrokerPluginNotRegistered",
"IfExists": true
},
"ActiveHoursEnd": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UX\\Settings",
"ValueName": "ActiveHoursEnd",
"RegValueType": "REG_DWORD"
},
"ActiveHoursStart": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UX\\Settings",
"ValueName": "ActiveHoursStart",
"RegValueType": "REG_DWORD"
},
"AhnlabInstalledKey": {
"FullPath": "SOFTWARE\\Ahnlab",
"IfExists": true
},
"AhnlabInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Ahnlab",
"IfExists": true
},
"AhnLabKeyboard": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\Mkd2kfNt",
"ValueName": "NbTpMsExist"
},
"AllowInPlaceUpgrade": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\\\Windows\\\\CurrentVersion",
"ValueName": "AllowInPlaceUpgrade",
"RegValueType": "REG_DWORD"
},
"AllowUpgradesWithUnsupportedTPMOrCPU": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\MoSetup",
"ValueName": "AllowUpgradesWithUnsupportedTPMOrCPU",
"RegValueType": "REG_DWORD"
},
"AndroidUserOptinValue": {
"HKey": "HKEY_CURRENT_USER",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Mobility\\",
"ValueName": "OptedIn",
"RegValueType": "REG_DWORD"
},
"AppChannels": {
"FullPath": "SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*",
"ValueName": "ChannelId",
"EncodingType": "Json"
},
"AppRMIDs": {
"FullPath": "SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*",
"ValueName": "ReleaseManagementId",
"EncodingType": "Json"
},
"AutopilotUpdateInProgress": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Provisioning\\AutopilotSettings\\VolatileAutopilotUpdate",
"ValueName": "AutopilotUpdateInProgress",
"RegValueType": "REG_DWORD"
},
"AvastBlackScreen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters",
"ValueName": "Win10-1803"
},
"AvastInstalledKey": {
"FullPath": "SOFTWARE\\Avast Software\\Avast",
"IfExists": true
},
"AvastInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Avast Software\\Avast",
"IfExists": true
},
"AvastReg": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters",
"ValueName": "QualityCompat"
},
"AvgBlackScreen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters",
"ValueName": "Win10-1803"
},
"AVGInstalledKey": {
"FullPath": "SOFTWARE\\AVG\\Antivirus",
"IfExists": true
},
"AVGInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\AVG\\Antivirus",
"IfExists": true
},
"AvgReg": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters",
"ValueName": "QualityCompat"
},
"AviraInstalledKey": {
"FullPath": "SOFTWARE\\X-AVCSD\\Workstation\\Antivirus",
"IfExists": true
},
"AviraInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\X-AVCSD\\Workstation\\Antivirus",
"IfExists": true
},
"BitDefenderInstalledKey": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}",
"IfExists": true
},
"BlockEdgeWithChromiumUpdate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
"ValueName": "DoNotUpdateToEdgeWithChromium",
"RegValueType": "REG_DWORD"
},
"BlockFeatureUpdates": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Windows Update\\OSUpgrade",
"ValueName": "BlockFeatureUpdates",
"RegValueType": "REG_DWORD"
},
"BlockWUUpgrades": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows10Upgrader\\Volatile",
"ValueName": "BlockWUUpgrades",
"RegValueType": "REG_DWORD"
},
"BlockWUUpgradesWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows10Upgrader\\Volatile",
"ValueName": "BlockWUUpgrades",
"RegValueType": "REG_DWORD"
},
"BroadcomInstalledKey": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Symantec\\Symantec Endpoint Protection",
"IfExists": true
},
"BuildFID": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
"ValueName": "EsdFlightData",
"RegValueType": "REG_SZ"
},
"BuildFID_WCOS": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "OSDATA\\Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
"ValueName": "EsdFlightData",
"RegValueType": "REG_SZ"
},
"BuildFID_WCOS2": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "OSDATA\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
"ValueName": "EsdFlightData",
"RegValueType": "REG_SZ"
},
"BullguardInstalledKey": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\BullGuard",
"IfExists": true
},
"ChinaTypeApproval_CTA": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeviceAccess",
"ValueName": "ActivePolicyCode",
"RegValueType": "REG_SZ"
},
"CIOptin": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UX\\Settings",
"ValueName": "IsContinuousInnovationOptedIn",
"RegValueType": "REG_DWORD"
},
"CloudFilesFilter": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\CldFlt\\Instances\\",
"ValueName": "DefaultInstance",
"RegValueType": "REG_SZ"
},
"CurrentBranch": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"ValueName": "BuildBranch",
"RegValueType": "REG_SZ"
},
"DataExpDateEpoch_CO21H2RegFb": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
"ValueName": "DataExpDateEpoch",
"RegValueType": "REG_SZ"
},
"DaysSince19H1FUOffer": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\rempl\\irplugin",
"ValueName": "DaysSinceLastOffer",
"RegValueType": "REG_QWORD"
},
"DchuAmdGrfxDeletePending": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
"ValueName": "DriverDelete"
},
"DchuAmdGrfxExists": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
"IfExists": true
},
"DchuAmdGrfxVen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
"ValueName": "DCHUVen"
},
"DchuAmdGrfxVen2": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag\\Parameters",
"ValueName": "DCHUVen"
},
"DchuIntelGrfxDeletePending": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
"ValueName": "DriverDelete"
},
"DchuIntelGrfxExists": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
"IfExists": true
},
"DchuIntelGrfxNExists": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfxn",
"IfExists": true
},
"DchuIntelGrfxVen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
"ValueName": "DCHUVen"
},
"DchuIntelGrfxVen2": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx\\Parameters",
"ValueName": "DCHUVen"
},
"DchuNvidiaGrfxDeletePending": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
"ValueName": "DriverDelete"
},
"DchuNvidiaGrfxExists": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
"IfExists": true
},
"DchuNvidiaGrfxVen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
"ValueName": "DCHUVen"
},
"DchuNvidiaGrfxVen2": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm\\Parameters",
"ValueName": "DCHUVen"
},
"DchuNvidiaGrfxVenTest": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
"ValueName": "DCHUVenTest",
"RegValueType": "REG_DWORD"
},
"DefaultUserRegion": {
"HKey": "HKEY_USERS",
"FullPath": ".DEFAULT\\Control Panel\\International\\Geo",
"ValueName": "Nation",
"RegValueType": "REG_SZ"
},
"DeviceInfoGatherSuccessful": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing",
"ValueName": "DeviceInfoGatherSuccessful",
"RegValueType": "REG_DWORD"
},
"DisableWUfBOfferBlock": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UpdatePolicy\\Settings",
"ValueName": "DisableWUfBOfferBlock",
"RegValueType": "REG_DWORD"
},
"DisconnectedStandby": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Control\\Power",
"ValueName": "EnforceDisconnectedStandby",
"RegValueType": "REG_DWORD"
},
"DotNetMissingComponentsTroubleshooterSuccess": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\.NETFramework",
"ValueName": "DotNetMissingComponentsTroubleshooterSuccess",
"RegValueType": "REG_DWORD"
},
"DriverPartnerRing": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\DriverFlighting\\Partner",
"ValueName": "TargetRing",
"RegValueType": "REG_SZ"
},
"DSS_Enrolled_DF": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows\\\\Windows Update",
"ValueName": "WUfBDF",
"RegValueType": "REG_DWORD"
},
"DSS_Enrolled_State": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WufbDS",
"ValueName": "enrollmenttype",
"RegValueType": "REG_SZ"
},
"DUInternal": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\MoSetup",
"ValueName": "DynamicUpdateInternalTest",
"RegValueType": "REG_DWORD"
},
"EdgeWithChromiumInstallFailureCount": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
"ValueName": "WindowsUpdateAttempts"
},
"EdgeWithChromiumInstallFailureCountWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate",
"ValueName": "WindowsUpdateAttempts"
},
"EdgeWithChromiumInstallVersion": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
"ValueName": "WindowsUpdateVersion"
},
"EdgeWithChromiumInstallVersionWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate",
"ValueName": "WindowsUpdateVersion"
},
"EKB19H2InstallCount": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\2",
"ValueName": "Count"
},
"EKB19H2InstallTimeEpoch": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\2",
"ValueName": "Timestamp"
},
"EKB19H2UnInstallCount": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\0",
"ValueName": "Count"
},
"EKB19H2UnInstallTimeEpoch": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\0",
"ValueName": "Timestamp"
},
"EnableWUfBUpgradeGatesRS5": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\Windows NT\\CurrentVersion\\502505fe-762c-4e80-911e-0c3fa4c63fb0",
"ValueName": "DataRequireGatedScanForFeatureUpdates",
"RegValueType": "REG_DWORD"
},
"ESETInstalledKey": {
"FullPath": "SOFTWARE\\ESET\\ESET Security",
"IfExists": true
},
"ESETInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\ESET\\ESET Security",
"IfExists": true
},
"EsetReg": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\ehdrv\\Parameters",
"ValueName": "WindowsCompatibilityLevel",
"RegValueType": "REG_DWORD"
},
"ESTSecurityInstalledKey": {
"FullPath": "SOFTWARE\\ESTsoft",
"IfExists": true
},
"ESTSecurityInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\ESTsoft",
"IfExists": true
},
"ExpPkgs": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfhost\\Applicability",
"ValueName": "ExpPkgs",
"RegValueType": "REG_SZ"
},
"ExpStates": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\FIDs",
"ValueName": "PreviewConfigs",
"RegValueType": "REG_SZ"
},
"FeatureUpdateDeadline": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Policies\\Microsoft\\Windows\\Windows Update\\",
"ValueName": "ConfigureDeadlineForFeatureUpdates",
"RegValueType": "REG_DWORD"
},
"FlightContent": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability",
"ValueName": "ContentType",
"RegValueType": "REG_SZ"
},
"FlightingOptOutState": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\UI\\Selection",
"ValueName": "OptOutState",
"RegValueType": "REG_DWORD"
},
"FODRetryPending": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing",
"ValueName": "FODRetry",
"RegValueType": "REG_DWORD"
},
"FSecureInstalledKey": {
"FullPath": "SOFTWARE\\F-Secure\\OneClient",
"IfExists": true
},
"FSecureInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\F-Secure\\OneClient",
"IfExists": true
},
"FSRing": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfhost\\Applicability",
"ValueName": "FSRing",
"RegValueType": "REG_SZ"
},
"GamingServicesInstalledKey": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\GamingServices",
"IfExists": true
},
"GridZoneName": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\COAWOS",
"ValueName": "GridZoneName",
"RegValueType": "REG_SZ",
"PersistedSourceId": "COAWOSRoot"
},
"GStatus_CO21H2RegFb": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
"ValueName": "GStatus",
"RegValueType": "REG_SZ"
},
"GStatusBlockIDs_All": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Appraiser\\GWX",
"ValueName": "SdbEntries",
"RegValueType": "REG_SZ"
},
"HidOverGattReg": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemRoot%/System32/drivers/UMDF/Microsoft.Bluetooth.Profiles.HidOverGatt.dll",
"ValueName": "Source",
"RegValueType": "REG_SZ"
},
"HotPatchEKBInstalled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo\\DynamicInstalled\\Hotpatch.amd64",
"IfExists": true
},
"IIS_ASPNET": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\IIS-ASPNET",
"ValueName": "Selection",
"RegValueType": "REG_DWORD"
},
"IIS_NetFxExtensibility": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\IIS-NetFxExtensibility",
"ValueName": "Selection",
"RegValueType": "REG_DWORD"
},
"InstallDate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"ValueName": "InstallDate",
"RegValueType": "REG_DWORD"
},
"IntelPlatformId": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0",
"ValueName": "Platform Specific Field 1",
"RegValueType": "REG_DWORD"
},
"IppPrinterBadDefaultPdc": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print\\Printers\\*\\PrinterDriverData",
"ValueName": "V4_PDC_ChangeID",
"RegValueType": "REG_SZ",
"EncodingType": "Json"
},
"IsAutopilotRegistered": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Provisioning\\AutopilotPolicyCache",
"ValueName": "ProfileAvailable",
"RegValueType": "REG_DWORD"
},
"IsFlightingEnabled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability",
"ValueName": "IsBuildFlightingEnabled",
"RegValueType": "REG_DWORD"
},
"IsCHCapableBuild": {
"HKey": "HKEY_CLASSES_ROOT",
"FullPath": "CLSID\\{2C57C51B-FD43-4E74-B077-551AE6228AD6}",
"IfExists": true
},
"IsCldFltSyncRoots": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager\\*",
"IfExists": true
},
"IsConfigMgrEnabled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\ClientState",
"ValueName": "ConfigMgrEnabled",
"RegValueType": "REG_DWORD"
},
"IsContainerMgrInstalled": {
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Containers\\CmService",
"IfExists": true
},
"IsEdgeWithChromiumInstalled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
"IfExists": true
},
"IsEdgeWithChromiumInstalledWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
"IfExists": true
},
"IsFeedbackHubSelfhost": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack\\Partners\\IsFeedbackHubSelfhost",
"IfExists": true
},
"IsHybridOrXGpu": {
"FullPath": "SOFTWARE\\Microsoft\\DirectX",
"ValueName": "HybridDeviceApplicableForDxDbGpuPreferences"
},
"IsProcessorMode": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack\\RegionalSettings",
"ValueName": "IsProcessorMode",
"RegValueType": "REG_QWORD"
},
"IsSpotlightEnabledInOEMTheme": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes",
"ValueName": "WindowsSpotlight",
"RegValueType": "REG_DWORD"
},
"IsSpotlightThemeEnabledByOEM": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DesktopOptimization",
"ValueName": "WindowsSpotlightTheme",
"RegValueType": "REG_DWORD"
},
"IsVbsEnabled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\ControlSet001\\Control\\DeviceGuard",
"ValueName": "EnableVirtualizationBasedSecurity",
"RegValueType": "REG_DWORD"
},
"IsWDAGEnabled": {
"FullPath": "SYSTEM\\ControlSet001\\Services\\hvsics",
"IfExists": true
},
"IsWDATPEnabled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Advanced Threat Protection\\Status",
"ValueName": "OnboardingState"
},
"K7InstalledKey": {
"FullPath": "SOFTWARE\\K7 Computing",
"IfExists": true
},
"K7InstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\K7 Computing",
"IfExists": true
},
"KasperskyInstalledKey": {
"FullPath": "SOFTWARE\\KasperskyLab",
"IfExists": true
},
"KasperskyInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\KasperskyLab",
"IfExists": true
},
"KasperskyReg": {
"FullPath": "System\\CurrentControlSet\\Services\\klhk\\Parameters",
"ValueName": "UseVtHardware"
},
"KingsoftInstalledKey": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet Security",
"IfExists": true
},
"KingsoftInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet Security",
"IfExists": true
},
"KioskMode": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\AssignedAccessCsp\\AutoLogonAccount",
"ValueName": "ConfigSource",
"RegValueType": "REG_DWORD"
},
"KnownFoldersBackupStatus": {
"HKey": "HKEY_CURRENT_USER",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StorageProviderStatus",
"ValueName": "OneDrive",
"RegValueType": "REG_SZ"
},
"LCUVer": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"ValueName": "LCUVer"
},
"LenovoInstalledKey": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1",
"IfExists": true
},
"LenovoInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1",
"IfExists": true
},
"MalwarebytesInstalledKey": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1",
"IfExists": true
},
"MalwarebytesInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1",
"IfExists": true
},
"McAfeeInstalledKey": {
"FullPath": "SOFTWARE\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams",
"IfExists": true
},
"McAfeeInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams",
"IfExists": true
},
"Migrated_GatedFeature_NI22H2": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\MigratedMarkers\\TargetVersionUpgradeExperienceIndicators\\NI22H2",
"ValueName": "GatedFeatureSingleString",
"RegValueType": "REG_SZ"
},
"Migrated_GatedFeature_NI22H2Setup": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\MigratedMarkers\\TargetVersionUpgradeExperienceIndicators\\NI22H2Setup",
"ValueName": "GatedFeatureSingleString",
"RegValueType": "REG_SZ"
},
"MTPTargetingInfo": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Platform\\MTPTargetingInfo",
"ValueName": "TargetRing"
},
"NonSecurityUpdate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Update",
"ValueName": "NonSecurityRelease",
"RegValueType": "REG_DWORD"
},
"NPUEnabledDevice": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Media Foundation\\FrameServer\\WindowsCameraEffects",
"ValueName": "EffectsCameraAvailable",
"RegValueType": "REG_DWORD"
},
"OEMMode": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Office\\16.0\\Common\\OEM",
"ValueName": "OOBEMode",
"RegValueType": "REG_SZ"
},
"OEMModelBaseBoard": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "HARDWARE\\DESCRIPTION\\System\\BIOS",
"ValueName": "BaseBoardProduct",
"RegValueType": "REG_SZ"
},
"OemPartnerRing": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Platform\\DeviceTargetingInfo",
"ValueName": "TargetRing",
"RegValueType": "REG_SZ"
},
"OEMSubModel": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "HARDWARE\\DESCRIPTION\\System\\BIOS",
"ValueName": "SystemSKU",
"RegValueType": "REG_SZ"
},
"OobeNdupAcceptedTarget": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OOBE\\NDUP\\Updates",
"ValueName": "Target",
"RegValueType": "REG_SZ"
},
"OobeNdupFU22621CommitChoice": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\NDUP\\Updates\\FeatureUpdate_22621",
"ValueName": "CommitChoice",
"RegValueType": "REG_DWORD"
},
"OobeSeeker": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates",
"ValueName": "OOBEUpdateStarted"
},
"OSDataDriverPartnerRing": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "OSData\\SOFTWARE\\Microsoft\\DriverFlighting\\Partner",
"ValueName": "TargetRing",
"RegValueType": "REG_SZ"
},
"OSRollbackBuild": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Windows Update\\OSUpgrade\\Rollback",
"ValueName": "BuildString",
"RegValueType": "REG_SZ"
},
"OSRollbackCount": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Windows Update\\OSUpgrade\\Rollback",
"ValueName": "Count",
"RegValueType": "REG_DWORD"
},
"OSRollbackDate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Windows Update\\OSUpgrade\\Rollback",
"ValueName": "DateStamp",
"RegValueType": "REG_DWORD"
},
"PandaInstalledKey": {
"FullPath": "SOFTWARE\\Panda Software\\Setup",
"IfExists": true
},
"PandaInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Panda Software\\Setup",
"IfExists": true
},
"PausedFeatureStatus": {
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UpdatePolicy\\Settings",
"ValueName": "PausedFeatureStatus"
},
"PausedQualityStatus": {
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UpdatePolicy\\Settings",
"ValueName": "PausedQualityStatus"
},
"PlayFabPartyRelay": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\PlayFabPartyRelay",
"IfExists": true
},
"PonchAllow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
"ValueName": "cadca5fe-87d3-4b96-b7fb-a231484277cc",
"RegValueType": "REG_DWORD"
},
"PonchAllowKey": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc",
"IfExists": true
},
"PonchAllowWow": {
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
"ValueName": "cadca5fe-87d3-4b96-b7fb-a231484277cc"
},
"PonchAllowWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc",
"IfExists": true
},
"PonchBlock": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
"ValueName": "65d75b03-6f4d-46e9-b870-517731e06cf9",
"RegValueType": "REG_DWORD"
},
"PreviewBuildsManagerEnabled": {
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfhost\\Manager",
"ValueName": "ArePreviewBuildsAllowed"
},
"PSAKyoceraMissingDEH": {
"HKey": "HKEY_CLASSES_ROOT",
"FullPath": "Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\A97ECD55.KYOCERAPrintCenter_4.1.11108.0_x64__kqmhh0ktdt7dg",
"IfExists": true
},
"PSATATriumphMissingDEH": {
"HKey": "HKEY_CLASSES_ROOT",
"FullPath": "Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\TATriumph-AdlerGmbH.TAUTAXPrintCenter_4.1.11108.0_x64__h5e8vsnevp54y",
"IfExists": true
},
"PSAXeroxMissingDEH": {
"HKey": "HKEY_CLASSES_ROOT",
"FullPath": "Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\XeroxCorp.PrintExperience_8.29.32.0_x64__f7egpvdyrs2a8",
"IfExists": true
},
"QihooInstalledKey": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\360TotalSecurity",
"IfExists": true
},
"QUDeadline": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Update",
"ValueName": "ConfigureDeadlineForQualityUpdates",
"RegValueType": "REG_DWORD"
},
"QUDeadlineMDM": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update",
"ValueName": "ConfigureDeadlineForQualityUpdates",
"RegValueType": "REG_DWORD"
},
"QuickhealInstalledKey1": {
"FullPath": "SYSTEM\\CurrentControlSet\\Servicescatflt",
"IfExists": true
},
"QuickhealInstalledKey2": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\scanner.exe",
"IfExists": true
},
"RecoveredFromBuild": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom",
"ValueName": "LastBuild",
"RegValueType": "REG_DWORD"
},
"RecoveredOnDate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom",
"ValueName": "DateStamp",
"RegValueType": "REG_DWORD"
},
"ReleaseType": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo",
"ValueName": "ReleaseType",
"RegValueType": "REG_SZ"
},
"SetupDisplayedEulaVersion": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OOBE\\",
"ValueName": "SetupDisplayedEulaVersion",
"RegValueType": "REG_DWORD"
},
"SH_SIPolicyCleanup": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\PPI\\Settings",
"ValueName": "SIPolicyCleanup",
"RegValueType": "REG_DWORD"
},
"SmartActiveHoursState": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UX\\Settings",
"ValueName": "SmartActiveHoursState",
"RegValueType": "REG_DWORD"
},
"SophosInstalledKey1": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\SAVService",
"IfExists": true
},
"SophosInstalledKey2": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\hmpalertsvc",
"IfExists": true
},
"StayOnWindows10Timestamp": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UX\\Settings",
"ValueName": "SvOfferDeclined",
"RegValueType": "REG_QWORD"
},
"Steam": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Classes\\Steam",
"ValueName": "",
"RegValueType": "REG_SZ"
},
"StrictHiveSecurityReg": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\*",
"ValueName": "StrictHiveSecuritySet"
},
"SymantecInstalledKey": {
"FullPath": "SOFTWARE\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}",
"IfExists": true
},
"SymantecInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}",
"IfExists": true
},
"TargetReleaseVersionGP": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Update",
"ValueName": "TargetReleaseVersionInfo",
"RegValueType": "REG_SZ"
},
"TargetReleaseVersionMDM": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update",
"ValueName": "TargetReleaseVersion",
"RegValueType": "REG_SZ"
},
"TenantId": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Control\\CloudDomainJoin\\JoinInfo\\*",
"ValueName": "TenantId"
},
"TencentInstalledKey": {
"FullPath": "SOFTWARE\\Tencent\\QQPCMgr",
"IfExists": true
},
"TencentInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Tencent\\QQPCMgr",
"IfExists": true
},
"TencentReg": {
"FullPath": "SYSTEM\\CurrentControlSet\\services\\TesSafe",
"ValueName": "LoadStartTime"
},
"TencentType": {
"FullPath": "SYSTEM\\CurrentControlSet\\services\\TesSafe",
"ValueName": "Type"
},
"TestRN": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Wosc\\Client\\Persistent\\ClientState\\FCON",
"ValueName": "TestRing"
},
"ThreatTrackInstalledKey": {
"FullPath": "SOFTWARE\\SBAMSvc",
"IfExists": true
},
"ThreatTrackInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\SBAMSvc",
"IfExists": true
},
"TimestampEpochString_CO21H2RegFb": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
"ValueName": "TimestampEpochString",
"RegValueType": "REG_SZ"
},
"TrendInstalledKey": {
"FullPath": "SOFTWARE\\TrendMicro",
"IfExists": true
},
"TrendInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\TrendMicro",
"IfExists": true
},
"UHSEnrolled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"ValueName": "UHSEnrolled",
"RegValueType": "REG_SZ",
"IfExists": true
},
"UninstallActive": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "System\\Setup",
"ValueName": "UninstallActive",
"RegValueType": "REG_DWORD"
},
"UpdateOfferedDays": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WaaSAssessment\\Cache\\",
"ValueName": "UpToDateDays",
"RegValueType": "REG_DWORD"
},
"UpdatePreference": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Update",
"ValueName": "UpdatePreference",
"RegValueType": "REG_DWORD"
},
"UpgEx_CO21H2RegFb": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
"ValueName": "UpgEx",
"RegValueType": "REG_SZ"
},
"UpgradeAccepted": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates\\",
"ValueName": "UpgradeAccepted",
"RegValueType": "REG_DWORD",
"IfExists": true
},
"UpgradeEligible": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion",
"ValueName": "UpgradeEligible",
"RegValueType": "REG_DWORD"
},
"UserInPlaceUpgrade": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\\\Windows\\\\CurrentVersion",
"ValueName": "UserInPlaceUpgrade",
"RegValueType": "REG_DWORD"
},
"UsoScanMitigation": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Windows Update\\Orchestrator\\Mitigation\\",
"ValueName": "UsoScanNotStartingMitigationCompleted",
"RegValueType": "REG_DWORD",
"IfExists": true
},
"UtcDataHandlingPolicies": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack",
"ValueName": "UtcDataHandlingPolicies",
"RegValueType": "REG_QWORD"
},
"UUSVersion": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Windows Update\\Orchestrator",
"ValueName": "LastRunVersion",
"RegValueType": "REG_SZ"
},
"WAS_NetFxEnvironment": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\WAS-NetFxEnvironment",
"ValueName": "Selection",
"RegValueType": "REG_DWORD"
},
"WCFHTTPActivationNotificationState": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Component Based Servicing\\\\Notifications\\\\OptionalFeatures\\\\WCF-HTTP-Activation",
"ValueName": "Selection",
"RegValueType": "REG_DWORD"
},
"WCFNonHTTPActivationNotificationState": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Component Based Servicing\\\\Notifications\\\\OptionalFeatures\\\\WCF-NonHTTP-Activation",
"ValueName": "Selection",
"RegValueType": "REG_DWORD"
},
"WebExperience": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
"IfExists": true
},
"WebExperienceWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
"IfExists": true
},
"WebrootInstalledKey": {
"FullPath": "SOFTWARE\\WRData",
"IfExists": true
},
"WebrootInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\WRData",
"IfExists": true
},
"Win11UpgradeAcceptedTimestamp": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UX\\Settings",
"ValueName": "SvOfferAccepted",
"RegValueType": "REG_QWORD"
},
"Win11UpgradeAcceptedWUSeeker": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Update\\UX\\Settings",
"ValueName": "SvOfferAccepted",
"RegValueType": "REG_QWORD",
"IfExists": true
},
"WindowsAccountSyncConsentApplicable": {
"HKey": "HKEY_CURRENT_USER",
"FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT",
"ValueName": "isApplicable",
"RegValueType": "REG_DWORD"
},
"WindowsAccountSyncConsentState": {
"HKey": "HKEY_CURRENT_USER",
"FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT\\DATASHARING",
"ValueName": "isConsentAccepted",
"RegValueType": "REG_DWORD"
},
"WindowsMixedReality": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\WUDF\\Services\\HoloLensSensors",
"ValueName": "WdfMajorVersion",
"RegValueType": "REG_DWORD"
},
"WSX_Runtime": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
"ValueName": "ExperienceExtensions",
"RegValueType": "REG_SZ"
},
"WSX_Windows_AppSample": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
"ValueName": "Windows.AppSample",
"RegValueType": "REG_SZ"
},
"WSX_Windows_Settings_Account": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
"ValueName": "Windows.Settings.Account",
"RegValueType": "REG_SZ"
},
"WSX_Windows_Shell_Start": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
"ValueName": "Windows.Shell.StartMenu",
"RegValueType": "REG_SZ"
}
},
"FileInfo": {
"AvastVer": {
"Path": "\\system32\\Drivers\\aswVmm.sys",
"FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
},
"AvgVer": {
"Path": "\\system32\\Drivers\\avgVmm.sys",
"FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
},
"BullguardInstalledVer": {
"Path": "\\BullGuard Ltd\\BullGuard\\BullGuard.exe",
"IfExists": true,
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"CortanaAppVer": {
"Path": "\\WindowsApps\\Microsoft.549981C3F5F10_8wekyb3d8bbwe\\CortanaApp.View.exe",
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"CortanaAppVerTest": {
"Path": "\\WindowsApps\\3242f7d9-db60-4380-a379-4205ea768bfc_1.0.0.0_x64__zs4v8rx04ex0m\\UndockingTestApp.exe",
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"CrowdStrikeInstalledVer": {
"Path": "drivers\\CrowdStrike\\CSAgent.sys",
"IfExists": true,
"FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
},
"EsetVer": {
"Path": "\\drivers\\ehdrv.sys",
"FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
},
"FileExistsMscoreeDll": {
"Path": "%windir%\\\\system32\\\\mscoree.dll",
"IfExists": true
},
"GDataInstalledVer": {
"Path": "\\drivers\\MiniIcpt.sys",
"IfExists": true,
"FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
},
"HidparseDriversVer": {
"Path": "%windir%\\system32\\drivers\\hidparse.sys"
},
"HidparseSystem32Ver": {
"Path": "%windir%\\system32"
},
"HidparseSystem32Ver1": {
"Path": "%windir%\\system32\\hidparse.sys"
},
"IsNotepadExePresent": {
"Path": "%windir%\\system32\\notepad.exe",
"IfExists": true
},
"K7InstalledVer": {
"Path": "\\K7 Computing",
"IfExists": true,
"FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
},
"KasperskyVer": {
"Path": "\\system32\\Drivers\\klhk.sys",
"FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
},
"OnnxruntimeVer": {
"Path": "%windir%\\\\system32\\\\onnxruntime.dll"
},
"PandaInstalledVer": {
"Path": "\\Panda Security",
"IfExists": true,
"FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
},
"SkypeRoomSystem": {
"Path": "%systemdrive%\\Recovery\\OEM\\$oem$\\$1\\Rigel\\x64\\Scripts\\Provisioning\\AutoUnattend.xml",
"IfExists": true
},
"SymantecVer": {
"Path": "\\Symantec\\Shared\\EENGINE\\eeCtrl.sys",
"FolderGuid": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
},
"SymantecVer64": {
"Path": "\\Symantec\\Shared\\EENGINE\\eeCtrl64.sys",
"FolderGuid": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
},
"TobiiVer": {
"Path": "\\Tobii\\Tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"TobiiVer1x86": {
"Path": "\\Tobii\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
"FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
},
"TobiiVerx86": {
"Path": "\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
"FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
},
"TrendInstalledVer": {
"Path": "\\Trend Micro\\Titanium\\plugin\\plugVizor.dll",
"IfExists": true,
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"TrendMicroVer": {
"Path": "\\drivers\\TMUMH.sys",
"FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
},
"WuClientVer": {
"Path": "\\system32\\wuaueng.dll",
"FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
},
"XamlCbsActivationStore": {
"Path": "%ProgramData%\\\\Microsoft\\\\Windows\\\\AppRepository\\\\Packages\\\\Microsoft.UI.Xaml.CBS_8.2205.4001.0_x64__8wekyb3d8bbwe\\\\ActivationStore.dat",
"IfExists": true
},
"XamlCbsActivationStoreArm64": {
"Path": "%ProgramData%\\\\Microsoft\\\\Windows\\\\AppRepository\\\\Packages\\\\Microsoft.UI.Xaml.CBS_8.2205.4001.0_arm64__8wekyb3d8bbwe\\\\ActivationStore.dat",
"IfExists": true
}
},
"Licensing": {
"UpdateManagementGroup": {
"Name": "UpdatePolicy-UpdateManagementGroup"
}
},
"UpdatePolicy": {
"AllowOptionalContent": {
"PolicyEnum": 58,
"Enterprise": true
},
"BranchReadinessLevel": {
"PolicyEnum": 5,
"Enterprise": true
},
"BranchReadinessLevelSource": {
"PolicyEnum": 5,
"Enterprise": true,
"UseSource": true
},
"DeferFeatureUpdatePeriodInDays": {
"PolicyEnum": 9,
"Enterprise": true
},
"DeferQualityUpdatePeriodInDays": {
"PolicyEnum": 7,
"Enterprise": true
},
"DisableDualScan": {
"PolicyEnum": 42,
"Enterprise": true
},
"EnableWUfBUpgradeGates": {
"PolicyEnum": 51,
"Enterprise": true
},
"TargetProductVersion": {
"PolicyEnum": 53,
"Enterprise": true
},
"TargetReleaseVersion": {
"PolicyEnum": 50,
"Enterprise": true
},
"UpdateServiceUrl": {
"PolicyEnum": 12
},
"WUfBClientManaged": {
"PolicyEnum": 32,
"Enterprise": true
}
},
"Policy": {
"DesiredOcpVersion": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OcpVersion/"
},
"DesiredOsVersion": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OsVersion"
},
"DesiredSystemManifestVersion": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/SystemManifestVersion"
},
"DucCustomPackageId": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/CustomPackageId"
},
"DucDeviceModelId": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/DeviceModelId"
},
"DucOemPartnerRing": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/OemPartnerRing"
},
"DucPublisherId": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/PublisherId"
},
"SetPolicyDrivenUpdateSourceForFeatureUpdates": {
"LocUri": "./Device/Vendor/MSFT/Policy/Config/Update/SetPolicyDrivenUpdateSourceForFeatureUpdates"
},
"WSUSconfigured_csp": {
"LocUri": "./Device/Vendor/MSFT/Policy/Config/Update/UpdateServiceUrl"
}
},
"WMI": {
"ElanFingerprintDriverVersion": {
"Query": "SELECT DriverVersion, Manufacturer FROM Win32_PnPSignedDriver WHERE Manufacturer = 'ELAN'",
"Name": "DriverVersion",
"Timeout": 2000
},
"FirstStorageSpaceDeviceId": {
"Query": "SELECT DeviceID FROM Win32_DiskDrive WHERE Model = 'Microsoft Storage Space Device'",
"Name": "DeviceID",
"Timeout": 2000
},
"IIS_ASPNET_WMI": {
"Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'IIS-ASPNET'",
"Name": "InstallState",
"Timeout": 2000
},
"IIS_NetFxExtensibility_WMI": {
"Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'IIS-NetFxExtensibility'",
"Name": "InstallState",
"Timeout": 2000
},
"NetFx3State": {
"Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'NetFX3'",
"Name": "InstallState",
"Timeout": 2000
},
"PSAKyoceraInstalledName": {
"Query": "SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'A97ECD55.KYOCERAPrintCenter_4.1.11108.0_x64__kqmhh0ktdt7dg'",
"Name": "Name",
"Timeout": 2000
},
"PSATATriumphInstalledName": {
"Query": "SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'TATriumph-AdlerGmbH.TAUTAXPrintCenter_4.1.11108.0_x64__h5e8vsnevp54y'",
"Name": "Name",
"Timeout": 2000
},
"WAS_NetFxEnvironment_WMI": {
"Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'WAS-NetFxEnvironment'",
"Name": "InstallState",
"Timeout": 2000
},
"WCFHTTPActivationState": {
"Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'WCF-HTTP-Activation'",
"Name": "InstallState",
"Timeout": 2000
},
"WCFNonHTTPActivationState": {
"Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'WCF-NonHTTP-Activation'",
"Name": "InstallState",
"Timeout": 2000
},
"XeroxPsaInstalledName": {
"Query": "SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'XeroxCorp.PrintExperience_8.29.32.0_x64__f7egpvdyrs2a8'",
"Name": "Name",
"Timeout": 2000
}
}
}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Norton]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules]
"C:\Program Files\Norton Security\NortonData\22.23.6.5\Definitions\IPSDefs\20220922.063\IPSEng32.dll"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Norton]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nsvst_NGC]
"DisplayName"="NortonLifeLock Split Tunneling WFP Callout driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SymEvnt]
"ImagePath"="\??\C:\Program Files\Norton Security\NortonData\22.23.6.5\SymPlatform\SymEvnt.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SymEvnt\Parameters]
"DefsDir"="C:\Program Files\Norton Security\NortonData\22.23.6.5\Definitions\SymPlatformDefs\20220711.069"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\f\96383CDB]
"@C:\Program Files\Norton Security\Branding\muis.dll,-601"="Norton AntiVirus"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\f\96383CDB]
"@C:\PROGRA~1\NORTON~1\Branding\muis.dll,-601"="Norton AntiVirus"
[HKEY_USERS\.DEFAULT\Software\Norton]
[HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\AppDataLow\Software\Norton]
[HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\DirectInput\NORTONSECURITY.EXE61F2CD8E00054338]
[HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\DirectInput\NORTONSECURITY.EXE61F2CD8E00054338]
"Name"="NORTONSECURITY.EXE"
[HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Office\Outlook\Addins\MsouPlug.OutlookPlug]
"FriendlyName"="Norton AntiSpam Outlook Plugin"
[HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Office\Outlook\Addins\MsouPlug.OutlookPlug]
"Description"="Norton AntiSpam Outlook Plugin"
[HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated]
"NortonLifeLock.Norton Security"="37"
[HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched]
"NortonLifeLock.Norton Security"="1"
[HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.com/search?q=norton+security+scan&form=WNSGPH&qs=AS&cvid=174fc6e0bead416983c9561ec79dc302&porque=norton+security&cc=BR&setlang=pt-BR&nclid=E]
[HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\Public\Downloads\Norton\{DSP-NAVP-22230605-SHPD-FSD5340005}\NAVPlusDownloader.exe"="0x534143500100000000000000070000002800000018CE4200A5E0420001000000000000000000000A0021000050BB64EDDDACD5010000000000000000"
[HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Norton]
[HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\VS Revo Group\Revo Uninstaller\Junk Files\Exclude]
"*/norton antivirus/quarantine/"="1"
[HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\MuiCache\f\96383CDB]
"@C:\PROGRA~1\NORTON~1\Branding\muis.dll,-601"="Norton AntiVirus"
[HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\Local Settings\MuiCache\f\96383CDB]
"@C:\Program Files\Norton Security\Branding\muis.dll,-601"="Norton AntiVirus"
[HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\NortonSecurity]
[HKEY_USERS\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Classes\NortonSecurity\shell\open\command]
""="C:\Program Files\Norton Security\Engine\22.23.6.5\uistub.exe"

====== Fim de Pesquisar ======

Elias Pereira · 28 de agosto de 2023

Execute novamente o FRST.exe

Copie e cole o log em sua proxima resposta.

Francisco Narde · 31 de agosto de 2023

Resultado do análise da Farbar Recovery Scan Tool (FRST) (x64) Versão: 28-08-2023
Executado por Francisco Narde (administrador) em DESKTOP-0BF3N7R (Gigabyte Technology Co., Ltd. A320M-S2H) (31-08-2023 03:05:17)
Executando a partir de D:\Desktop\FRST64.exe
Perfis Carregados: Francisco Narde
Plataforma: Microsoft Windows 10 Pro Versão 22H2 19045.3324 (X64) Idioma: Português (Brasil)
Navegador padrão: Edge
Modo da Inicialização: Normal

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe ->) (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
(C:\Program Files\HuionTablet\HuionTablet.exe ->) (Shenzhen Huion Animation Technology Co.,LTD -> ) C:\Program Files\HuionTablet\HuionTabletCore.exe
(C:\Program Files\HuionTablet\HuionTablet.exe ->) (Shenzhen Huion Animation Technology Co.,LTD -> TODO: <公司名>) C:\Program Files\HuionTablet\HuionServer.exe
(C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_appbroker.exe
(C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logi_crashpad_handler.exe <2>
(C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(C:\Program Files\WindowsApps\KDEe.V.KDEConnect_23.400.1322.0_x64__7vt06qxq7ptv8\bin\kdeconnect-indicator.exe ->) (98B52D9A-DF7C-493E-BADC-37004A92EFC8 -> ) C:\Program Files\WindowsApps\KDEe.V.KDEConnect_23.400.1322.0_x64__7vt06qxq7ptv8\bin\kdeconnectd.exe
(C:\Program Files\WindowsApps\KDEe.V.KDEConnect_23.400.1322.0_x64__7vt06qxq7ptv8\bin\kdeconnect-indicator.exe ->) (98B52D9A-DF7C-493E-BADC-37004A92EFC8 -> freedesktop.org) C:\Program Files\WindowsApps\KDEe.V.KDEConnect_23.400.1322.0_x64__7vt06qxq7ptv8\bin\dbus-daemon.exe
(C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe
(C:\Users\Francisco Narde\AppData\Local\0install.net\implementations\sha256new_IA5ZAWY5757G2CCVTIIUZMVSBYDGFXZAP22TDTFSS74QEP3GNCDA\DeepL.exe ->) (The CefSharp Authors) [Arquivo não assinado] C:\Users\Francisco Narde\AppData\Local\0install.net\implementations\sha256new_WNVUT4A7COIHUPNX3HWQQZD5BU3GEPFRMM3BLVJW4ICRXIJEKBJQ\CefSharp.BrowserSubprocess.exe <5>
(Cisco-Linksys LLC -> Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Cisco-Linksys LLC -> Cisco Systems, Inc.) C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager64.exe
(DeepL SE -> DeepL SE) C:\Users\Francisco Narde\AppData\Local\0install.net\implementations\sha256new_IA5ZAWY5757G2CCVTIIUZMVSBYDGFXZAP22TDTFSS74QEP3GNCDA\DeepL.exe
(DriverStore\FileRepository\u0394246.inf_amd64_d7748c83520c2dbe\B394106\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0394246.inf_amd64_d7748c83520c2dbe\B394106\atieclxx.exe
(explorer.exe ->) () [Arquivo não assinado] C:\Program Files\Xear Audio Center\CPL\FaceLift_x64.exe
(explorer.exe ->) () [Arquivo não assinado] C:\Windows\SysWOW64\ExMgr.exe
(explorer.exe ->) (98B52D9A-DF7C-493E-BADC-37004A92EFC8 -> ) C:\Program Files\WindowsApps\KDEe.V.KDEConnect_23.400.1322.0_x64__7vt06qxq7ptv8\bin\kdeconnect-indicator.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(explorer.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(explorer.exe ->) (cFos Software GmbH -> cFos Software GmbH) C:\Program Files\cFosSpeed\cfosspeed.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <19>
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (Now.gg, INC -> now.gg, Inc.) C:\Users\Francisco Narde\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe <4>
(GIGA-BYTE TECHNOLOGY CO., LTD. -> ) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(services.exe ->) () [Arquivo não assinado] C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
(services.exe ->) (Abstradrome -> ) C:\Program Files (x86)\HDD Regenerator\hrsrv.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPDU.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0394246.inf_amd64_d7748c83520c2dbe\B394106\atiesrxx.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Driver Updater\DriverUpdSvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\TuneUp\TuneupSvc.exe
(services.exe ->) (cFos Software GmbH -> cFos Software GmbH) C:\Program Files\cFosSpeed\spd.exe
(services.exe ->) (Cisco-Linksys LLC -> Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(services.exe ->) (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe
(services.exe ->) (GIGA-BYTE TECHNOLOGY CO., LTD. -> Microsoft) C:\Program Files (x86)\GIGABYTE\GService\GCloud.exe
(services.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome Remote Desktop\116.0.5845.9\remoting_host.exe <2>
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Shenzhen Huion Animation Technology Co.,LTD -> ShenZhen Huion Animation Technology Co.Ltd.) C:\Program Files\HuionTablet\HuionTablet.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2307.4.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Registro (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Gigabyte Speed] => C:\Program Files\cFosSpeed\cFosSpeed.exe [1724248 2019-03-21] (cFos Software GmbH -> cFos Software GmbH)
HKLM\...\Run: [CM8828EX] => C:\WINDOWS\syswow64\ExMgr.exe [204800 2011-02-25] () [Arquivo não assinado]
HKLM\...\Run: [PEIC8828Sound] => C:\Program Files\Xear Audio Center\CPL\FaceLift_x64.exe [2406400 2017-01-20] () [Arquivo não assinado]
HKLM\...\Run: [Linksys Wireless Manager] => C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe [1374264 2009-08-20] (Cisco-Linksys LLC -> Cisco Systems, Inc.)
HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\AVG\TuneUp\TuneupUI.exe [4561336 2023-07-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [DriverUpdUI.exe] => C:\Program Files\AVG\Driver Updater\DriverUpdUI.exe [5837752 2023-07-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1792256 2023-06-23] (Logitech Inc -> Logitech, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [nmctxth] => C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [647216 2009-07-07] (Cisco-Linksys LLC -> Cisco Systems, Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [HuionTablet] => C:\Program Files\HuionTablet\HuionTablet.exe [5581640 2023-01-10] (Shenzhen Huion Animation Technology Co.,LTD -> ShenZhen Huion Animation Technology Co.Ltd.)
HKLM-x32\...\Run: [HDD Regenerator] => C:\Program Files (x86)\HDD Regenerator\Shell.exe [90336 2013-05-08] (Abstradrome -> )
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM\...\RunOnce: [msedge_cleanup_{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}] => C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.62\Installer\setup.exe [3688384 2023-08-27] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\GIGABYTE\AppCenter\PreRun.exe [14632 2016-02-26] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Update: Restrição <==== ATENÇÃO
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\77.0.3.0\GoogleDriveFS.exe --startup_mode (Nenhum Arquivo)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\77.0.3.0\GoogleDriveFS.exe --startup_mode (Nenhum Arquivo)
HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2607536 2023-08-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\Run: [Chromium] => "c:\users\francisco narde\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session [4195328 2017-10-06] (The Chromium Authors) [Arquivo não assinado]
HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [41572768 2023-07-12] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32754128 2022-12-13] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [190280 2021-09-30] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\Run: [AMDDVR] => C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe [2406840 2023-07-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4246376 2022-12-15] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\Run: [Spotify] => C:\Users\Francisco Narde\AppData\Roaming\Spotify\Spotify.exe [28551544 2023-08-18] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\Run: [MicrosoftEdgeAutoLaunch_3B3A48A65B5FF19AFF2D9D49488A77B3] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4107728 2023-08-25] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\Run: [electron.app.BlueStacks Services] => C:\Users\Francisco Narde\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe [162219656 2023-08-17] (Now.gg, INC -> now.gg, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\116.0.5845.112\Installer\chrmstp.exe [2023-08-31] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
Startup: C:\Users\Francisco Narde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeepL auto-start.lnk [2022-12-29]
ShortcutTarget: DeepL auto-start.lnk -> C:\Users\Francisco Narde\AppData\Roaming\0install.net\desktop-integration\stubs\1eae01f3cdb5ff0ecf683b15a60a1489573c1188cb34abc205fcf7a924b4e54d\auto-start.exe () [Arquivo não assinado]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restrição <==== ATENÇÃO

==================== Tarefas Agendadas (Whitelisted) =================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {12C7FA03-1E04-48E1-8A6D-8C83BDDC504A} - \AMDInstallLauncher -> Nenhum Arquivo <==== ATENÇÃO
Task: {D6F5A89B-59FF-4BB2-844B-E3B12D9294E5} - \AMDLinkUpdate -> Nenhum Arquivo <==== ATENÇÃO
Task: {9D39F806-77D9-465F-9BF9-545C28636D6A} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [302968 2023-08-07] (Now.gg, INC -> BlueStack Systems, Inc.)
Task: {AC48DB37-1049-420F-9ED9-67A20901A358} - System32\Tasks\GoogleUpdateTaskMachineCore{D4073836-A52B-4F18-AC15-AEF09DBAC7D1} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-22] (Google LLC -> Google LLC)
Task: {7BBC799B-C9DB-405C-87B8-74FC7D06D773} - System32\Tasks\GoogleUpdateTaskMachineUA{F1BCF33E-4DFD-4ED7-944F-1F50D7BF7621} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-22] (Google LLC -> Google LLC)
Task: {0E65F054-1302-431D-89AD-5FBD8C8BC5EC} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [687008 2023-08-26] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {1336F170-9561-4EC2-8A8C-6926F09D392B} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130208 2023-08-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {D70D60A2-3688-455A-8F41-C5D6A0AA843D} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3907471261-615860086-2012423866-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130208 2023-08-29] (Microsoft Corporation -> Microsoft Corporation)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 177.92.143.254 8.8.8.8
Tcpip\..\Interfaces\{faa4086f-8f47-40da-97b1-9e4d6204ee61}: [DhcpNameServer] 177.92.143.254 8.8.8.8

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Francisco Narde\AppData\Local\Microsoft\Edge\User Data\Default [2023-08-31]
Edge Notifications: Default -> hxxps://www.instagram.com
Edge Extension: (Documentos Google off-line) - C:\Users\Francisco Narde\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-29]
Edge Extension: (Editor Microsoft: Verificador Ortográfico e Gramatical) - C:\Users\Francisco Narde\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hokifickgkhplphjiodbggjmoafhignh [2023-08-08]
Edge Extension: (Edge relevant text changes) - C:\Users\Francisco Narde\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-08-08]

FireFox:
========
FF DefaultProfile: 4d8cb8zv.default
FF ProfilePath: C:\Users\Francisco Narde\AppData\Roaming\Mozilla\Firefox\Profiles\4d8cb8zv.default [2023-07-27]
FF NewTab: Mozilla\Firefox\Profiles\4d8cb8zv.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__200103
FF ProfilePath: C:\Users\Francisco Narde\AppData\Roaming\Mozilla\Firefox\Profiles\ms2im456.default-release [2023-08-28]
FF NewTab: Mozilla\Firefox\Profiles\ms2im456.default-release -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__200103
FF Notifications: Mozilla\Firefox\Profiles\ms2im456.default-release -> hxxps://www.facebook.com; hxxps://www.instagram.com; hxxps://mail.google.com; hxxps://porneq.com; hxxps://tinder.com
FF Extension: (Vídeo DownloadHelper) - C:\Users\Francisco Narde\AppData\Roaming\Mozilla\Firefox\Profiles\ms2im456.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2023-08-26]
FF Extension: (Adblock Plus - bloqueador de anúncios grátis) - C:\Users\Francisco Narde\AppData\Roaming\Mozilla\Firefox\Profiles\ms2im456.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2023-06-22]
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [Nenhum Arquivo]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Francisco Narde\AppData\Local\Google\Chrome\User Data\Default [2023-08-31]
CHR Notifications: Default -> hxxps://shopee.com.br
CHR HomePage: Default -> hxxp://www.google.com/
CHR Extension: (Adblock Plus - bloqueador de anúncios grátis) - C:\Users\Francisco Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2023-08-24]
CHR Extension: (Adobe Acrobat: ferramentas para editar, converter e assinar PDFs) - C:\Users\Francisco Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-08-24]
CHR Extension: (Hiddengram - view insta stories anonymously) - C:\Users\Francisco Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\gadndffmjdmdkjkmfmioeibmlabhbccb [2022-09-07]
CHR Extension: (Documentos Google off-line) - C:\Users\Francisco Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-23]
CHR Extension: (AdBlock — o melhor bloqueador de anúncios) - C:\Users\Francisco Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2023-08-09]
CHR Extension: (Embedy HD) - C:\Users\Francisco Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\igldobfphppodifdnpealajhijnpaohf [2022-11-18]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Francisco Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2022-12-26]
CHR Extension: (Acesso rápido a apps para o Drive (do Google)) - C:\Users\Francisco Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-08-20]
CHR Extension: (Vídeo DownloadHelper) - C:\Users\Francisco Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2023-08-29]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Francisco Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (AdBlocker Ultimate) - C:\Users\Francisco Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohahllgiabjaoigichmmfljhkcfikeof [2023-05-22]
CHR Profile: C:\Users\Francisco Narde\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-07-27]
CHR Profile: C:\Users\Francisco Narde\AppData\Local\Google\Chrome\User Data\System Profile [2023-07-27]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKU\S-1-5-21-3907471261-615860086-2012423866-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]

Opera:
=======
OPR Profile: C:\Users\Francisco Narde\AppData\Roaming\Opera Software\Opera Stable [2023-07-27]

==================== Serviços (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3966432 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 AppleChargerSrv; C:\WINDOWS\System32\AppleChargerSrv.exe [31272 2010-04-06] (Giga-Byte Technology -> )
S3 ATLOISAService; C:\WINDOWS\system\ATLOISAService.exe [512000 2013-10-25] (Cmedia Electronics Inc.) [Arquivo não assinado]
R2 AUEPLauncher; C:\Program Files\AMD\CIM\..\Performance Profile Client\AUEPDU.exe [527800 ] (Advanced Micro Devices Inc. -> AMD)
R2 cFosSpeedS; C:\Program Files\cFosSpeed\spd.exe [595288 2019-03-21] (cFos Software GmbH -> cFos Software GmbH)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\116.0.5845.9\remoting_host.exe [74520 2023-06-26] (Google LLC -> Google LLC)
R2 CleanupPSvc; C:\Program Files\AVG\TuneUp\TuneupSvc.exe [17766328 2023-07-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 DriverUpdSvc; C:\Program Files\AVG\Driver Updater\DriverUpdSvc.exe [9692600 2023-07-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 EasyTuneEngineService; C:\Program Files (x86)\Gigabyte\EasyTuneEngineService\EasyTuneEngineService.exe [147824 2022-06-14] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2022-11-16] (Epic Games Inc. -> Epic Games, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncHelper.exe [3516832 2023-08-29] (Microsoft Corporation -> Microsoft Corporation)
R2 gadjservice; C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe [18944 2021-04-08] () [Arquivo não assinado]
R2 Gservice; C:\Program Files (x86)\GIGABYTE\GService\GCloud.exe [19888 2016-12-02] (GIGA-BYTE TECHNOLOGY CO., LTD. -> Microsoft)
R2 hddrsrv; C:\Program Files (x86)\HDD Regenerator\hrsrv.exe [82144 2013-05-08] (Abstradrome -> )
S2 OCButtonService; C:\Program Files (x86)\Gigabyte\EasyTuneEngineService\OcButtonService.exe [127360 2021-04-13] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.169.0813.0001\OneDriveUpdaterService.exe [3853840 2023-08-29] (Microsoft Corporation -> Microsoft Corporation)
R2 OptionsPlusUpdaterService; C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe [17837824 2023-08-30] (Logitech Inc -> Logitech, Inc.)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1352832 2020-11-10] (Rockstar Games, Inc. -> Rockstar Games)
S4 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402200 2023-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [16518456 2022-12-12] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S4 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2007.6-0\NisSrv.exe [2169576 2020-07-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2007.6-0\MsMpEng.exe [128376 2020-07-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 AvgWscReporter; "C:\Program Files\AVG\Antivirus\wsc_proxy.exe" /runassvc /rpcserver [X]
S3 Browser; %SystemRoot%\System32\browser.dll [X]

===================== Drivers (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [25584 2023-06-13] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [27256 2022-01-27] (ASMedia Technology Inc. -> Advanced Micro Devices, Inc)
R2 AMDRyzenMasterDriverV19; C:\WINDOWS\system32\AMDRyzenMasterDriver.sys [48328 2023-07-18] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
S2 AMDRyzenMasterDriverV20; C:\WINDOWS\system32\AMDRyzenMasterDriver.sys [48328 2023-07-18] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_54807f69fe156f14\amdsafd.sys [113088 2023-04-13] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0394246.inf_amd64_d7748c83520c2dbe\B394106\amdkmdag.sys [99727792 2023-07-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [61888 2023-05-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R1 AppleCharger; C:\WINDOWS\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [310672 2023-08-07] (Microsoft Windows Hardware Compatibility Publisher -> Bluestack System Inc.)
R1 cFosSpeed; C:\WINDOWS\system32\DRIVERS\cfosspeed6.sys [1595456 2019-03-21] (cFos Software GmbH -> cFos Software GmbH)
R3 CmHdAudAddService; C:\WINDOWS\System32\drivers\CMHDAudioB64.sys [64000 2014-03-26] (C-MEDIA ELECTRONICS INC. -> C-Media Electronics Inc.)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation -> EldoS Corporation)
S3 gdrv; C:\WINDOWS\gdrv.sys [26792 2019-12-21] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R3 gdrv3; C:\WINDOWS\System32\drivers\gdrv3.sys [41480 2023-01-21] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 pnarp; C:\WINDOWS\system32\DRIVERS\pnarp.sys [33328 2009-07-07] (Cisco-Linksys LLC -> Cisco Systems, Inc.)
S3 PTSimBus; C:\WINDOWS\System32\drivers\PTSimBus.sys [32128 2012-12-22] (UC-Logic Technology Corporation -> PenTablet Driver)
S3 PTSimHid; C:\WINDOWS\System32\drivers\PTSimHid.sys [22912 2012-12-22] (UC-Logic Technology Corporation -> UC-Logic Technology Corp.)
R2 purendis; C:\WINDOWS\system32\DRIVERS\purendis.sys [35376 2009-07-07] (Cisco-Linksys LLC -> Cisco Systems, Inc.)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [24000 2019-09-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
S1 UsbCharger; C:\WINDOWS\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
R3 vmulti; C:\WINDOWS\System32\drivers\vmulti.sys [10752 2018-03-16] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S4 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [78232 2020-07-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S4 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [430312 2020-07-19] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\System32\drivers\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
S4 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [98544 2020-07-19] (Microsoft Windows -> Microsoft Corporation)
S3 WUSB54GCv3; C:\WINDOWS\system32\DRIVERS\WUSB54GCv3.sys [797184 2009-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Ralink Technology Corp.)
S3 XSplit_Dummy; C:\WINDOWS\system32\drivers\xspltspk.sys [37816 2021-06-30] (SplitmediaLabs Limited -> SplitmediaLabs Limited)
S3 XSpltAud; C:\WINDOWS\System32\drivers\XSpltAud.sys [82440 2021-08-25] (Microsoft Windows Hardware Compatibility Publisher -> SplitmediaLabs Limited)
U1 avgbdisk; não ImagePath
S3 nsvst_NGC; \SystemRoot\System32\drivers\NGCx64\1617060.005\nsvst.sys [X]
S3 SymEvnt; \??\C:\Program Files\Norton Security\NortonData\22.23.6.5\SymPlatform\SymEvnt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

==================== Um mês (criados) (Whitelisted) =========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2023-08-30 10:09 - 2023-08-30 10:10 - 000000000 ____D C:\Program Files\LogiOptionsPlus
2023-08-26 07:21 - 2023-08-26 08:07 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-08-24 23:18 - 2023-08-24 23:18 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\DeepL_SE
2023-08-24 22:33 - 2023-08-24 22:34 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\Notepad
2023-08-24 22:23 - 2023-08-24 22:23 - 000000000 ____D C:\ProgramData\NortonInstaller
2023-08-24 22:22 - 2023-08-24 23:07 - 000000000 ____D C:\ProgramData\Norton
2023-08-19 05:37 - 2023-08-19 05:37 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-DESKTOP-0BF3N7R-Windows-10-Pro-(64-bit).dat
2023-08-19 05:37 - 2023-08-19 05:37 - 000000000 ____D C:\RegBackup
2023-08-19 05:31 - 2023-08-19 05:38 - 000227998 _____ C:\WINDOWS\ntbtlog.txt
2023-08-19 05:31 - 2023-08-19 05:31 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2023-08-10 23:38 - 2023-08-10 23:38 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\HD-Player
2023-08-10 23:34 - 2023-08-29 04:10 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\BlueStacks X
2023-08-10 23:34 - 2023-08-10 23:34 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\BSXCache
2023-08-10 23:30 - 2023-08-10 23:30 - 000006865 _____ C:\Users\Francisco Narde\-1.14-windows.xml
2023-08-10 23:30 - 2023-08-10 23:30 - 000003958 _____ C:\WINDOWS\system32\Tasks\BlueStacksHelper_nxt
2023-08-10 23:29 - 2023-08-30 10:10 - 000000000 ____D C:\Users\Francisco Narde\AppData\Roaming\bluestacks-services
2023-08-10 23:29 - 2023-08-18 19:08 - 000002488 _____ C:\Users\Francisco Narde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlueStacks Services.lnk
2023-08-10 23:29 - 2023-08-18 19:08 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\bluestacks-services-updater
2023-08-10 23:29 - 2023-08-10 23:29 - 000000000 ____D C:\Program Files\BlueStacks_nxt
2023-08-10 23:28 - 2023-08-10 23:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks X
2023-08-10 23:26 - 2023-08-10 23:29 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\Bluestacks
2023-08-10 23:26 - 2023-08-10 23:26 - 000000000 ____D C:\Users\Public\BlueStacks
2023-08-09 05:13 - 2023-08-09 05:13 - 000000000 ___HD C:\$WinREAgent
2023-08-03 05:34 - 2023-08-03 05:34 - 000003960 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{F1BCF33E-4DFD-4ED7-944F-1F50D7BF7621}
2023-08-03 05:34 - 2023-08-03 05:34 - 000003836 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{D4073836-A52B-4F18-AC15-AEF09DBAC7D1}
2023-08-01 07:51 - 2023-08-29 09:17 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task

==================== Um mês (modificados) ==================

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2023-08-31 03:05 - 2023-07-24 06:50 - 000000000 ____D C:\FRST
2023-08-31 03:05 - 2023-06-27 04:29 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\LogiOptionsPlus
2023-08-31 03:01 - 2020-11-09 16:28 - 000004202 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{8E6CDB7D-C0DB-4FD4-9899-F020CAC9E76F}
2023-08-31 03:00 - 2021-12-17 07:00 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-08-31 03:00 - 2019-10-30 00:59 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-08-31 03:00 - 2019-10-30 00:58 - 000000000 ____D C:\Program Files (x86)\Google
2023-08-30 14:19 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-08-30 13:49 - 2022-09-03 03:51 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\Spotify
2023-08-30 13:12 - 2019-10-30 00:41 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\D3DSCache
2023-08-30 13:10 - 2022-09-03 03:50 - 000000000 ____D C:\Users\Francisco Narde\AppData\Roaming\Spotify
2023-08-30 10:57 - 2021-02-20 21:02 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-08-30 10:57 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-08-30 10:57 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-08-30 10:10 - 2019-03-20 00:29 - 000000000 ___RD C:\Users\Francisco Narde\OneDrive
2023-08-30 10:09 - 2021-11-11 22:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2023-08-29 10:20 - 2020-07-19 02:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-08-29 09:17 - 2023-07-27 04:18 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3907471261-615860086-2012423866-1001
2023-08-29 09:17 - 2023-07-08 19:32 - 000002098 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-08-29 09:17 - 2023-07-08 19:31 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-08-29 03:53 - 2020-02-21 19:40 - 000000000 ____D C:\ProgramData\boost_interprocess
2023-08-28 04:43 - 2022-12-26 12:00 - 000000000 ____D C:\Program Files\TeamViewer
2023-08-28 04:43 - 2021-10-06 17:59 - 000000000 ____D C:\ProgramData\AVG
2023-08-28 04:43 - 2020-07-30 22:14 - 000008192 ___SH C:\DumpStack.log.tmp
2023-08-28 04:43 - 2020-07-19 02:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-08-28 04:42 - 2019-12-07 06:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-08-28 04:42 - 2019-10-30 00:25 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2023-08-27 09:54 - 2020-10-22 22:38 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-08-26 08:07 - 2019-10-30 14:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-08-26 07:24 - 2019-10-30 14:13 - 000000965 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-08-24 22:44 - 2019-12-07 06:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-08-24 22:44 - 2019-12-07 06:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2023-08-24 22:33 - 2022-04-24 22:11 - 000000000 ____D C:\Users\Francisco Narde\AppData\Roaming\qBittorrent
2023-08-24 22:30 - 2019-10-29 22:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2023-08-23 20:29 - 2019-12-21 23:21 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\ElevatedDiagnostics
2023-08-23 20:29 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2023-08-22 21:04 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-08-22 06:12 - 2020-08-08 22:07 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\CrashDumps
2023-08-19 05:52 - 2022-07-04 22:32 - 000583536 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-08-19 05:52 - 2019-10-30 00:14 - 000000000 ____D C:\WINDOWS\CSC
2023-08-15 00:47 - 2021-12-31 14:00 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\AMD_Common
2023-08-14 19:56 - 2019-10-30 00:41 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\Packages
2023-08-14 12:19 - 2020-07-19 01:31 - 000000000 ____D C:\Users\Francisco Narde
2023-08-13 17:06 - 2020-06-04 01:14 - 000000000 ____D C:\Program Files\Common Files\AV
2023-08-12 16:13 - 2021-10-06 18:01 - 000000000 ____D C:\Users\Francisco Narde\AppData\Roaming\AVG
2023-08-12 16:13 - 2021-10-06 18:00 - 000000000 ____D C:\Program Files\Common Files\AVG
2023-08-12 16:13 - 2021-10-06 17:59 - 000000000 ____D C:\Program Files\AVG
2023-08-12 15:39 - 2020-07-22 21:27 - 000000000 ____D C:\Users\Francisco Narde\AppData\Local\AVAST Software
2023-08-12 02:16 - 2023-06-27 04:29 - 000000000 ____D C:\Users\Francisco Narde\AppData\Roaming\logioptionsplus
2023-08-09 19:39 - 2020-07-19 02:09 - 001741824 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-08-09 19:39 - 2019-12-07 11:53 - 000752436 _____ C:\WINDOWS\system32\prfh0416.dat
2023-08-09 19:39 - 2019-12-07 11:53 - 000148550 _____ C:\WINDOWS\system32\prfc0416.dat
2023-08-09 19:39 - 2019-12-07 06:13 - 000000000 ____D C:\WINDOWS\INF
2023-08-09 13:20 - 2019-12-07 11:56 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-08-09 13:20 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-08-09 13:20 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-08-09 13:20 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-08-09 13:20 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-08-09 13:20 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-08-09 13:20 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-08-09 13:20 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-08-09 13:20 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\appcompat
2023-08-09 11:45 - 2019-12-07 06:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-08-09 05:29 - 2020-07-19 02:09 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-08-09 03:54 - 2019-10-30 04:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-08-09 03:50 - 2019-10-30 04:43 - 175983240 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-08-04 08:06 - 2023-07-31 04:30 - 000000000 ____D C:\Users\Francisco Narde\AppData\LocalLow\IGDump
2023-08-01 06:02 - 2023-03-05 04:10 - 000000000 ____D C:\Users\Francisco Narde\AppData\Roaming\DeepL_SE

==================== Arquivos na raiz de alguns diretórios ========

2021-05-16 02:31 - 2021-05-16 03:49 - 000000095 _____ () C:\Users\Francisco Narde\AppData\Roaming\Camdata.ini
2021-05-16 02:31 - 2021-05-16 03:49 - 000000408 _____ () C:\Users\Francisco Narde\AppData\Roaming\CamLayout.ini
2021-05-16 02:31 - 2021-05-16 03:49 - 000000408 _____ () C:\Users\Francisco Narde\AppData\Roaming\CamShapes.ini
2021-05-16 02:07 - 2021-05-16 03:49 - 000004522 _____ () C:\Users\Francisco Narde\AppData\Roaming\CamStudio.cfg
2023-06-29 16:58 - 2023-06-29 16:58 - 000000546 _____ () C:\Users\Francisco Narde\AppData\Roaming\PureRef.ini
2019-11-01 18:15 - 2022-11-17 02:20 - 000000205 _____ () C:\Users\Francisco Narde\AppData\Local\oobelibMkey.log
2021-11-20 13:06 - 2021-11-20 13:06 - 000138680 _____ (Microsoft Corporation) C:\Users\Francisco Narde\AppData\Local\WebView2Loader.dll

==================== SigCheck ============================

(Não há correção automática para arquivos que não passaram na verificação.)

==================== Fim de FRST.txt ========================

Resultado da análise adicional Farbar Recovery Scan Tool (x64) Versão: 28-08-2023
Executado por Francisco Narde (31-08-2023 03:06:18)
Executando a partir de D:\Desktop
Microsoft Windows 10 Pro Versão 22H2 19045.3324 (X64) (2020-07-19 05:10:25)
Modo da Inicialização: Normal
==========================================================

==================== Contas: =============================

(Se uma entrada for incluída na fixlist, será removida.)

Administrador (S-1-5-21-3907471261-615860086-2012423866-500 - Administrator - Disabled)
Convidado (S-1-5-21-3907471261-615860086-2012423866-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-3907471261-615860086-2012423866-503 - Limited - Disabled)
Francisco Narde (S-1-5-21-3907471261-615860086-2012423866-1001 - Administrator - Enabled) => C:\Users\Francisco Narde
WDAGUtilityAccount (S-1-5-21-3907471261-615860086-2012423866-504 - Limited - Disabled)

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

@BIOS (HKLM-x32\...\{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 4.22.0718.1 - GIGABYTE) Hidden
@BIOS (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 4.22.0718.1 - GIGABYTE)
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 22.001.20117 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.0.327 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.3.0.49 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-001824458876}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 4.06.10.651 - Advanced Micro Devices, Inc.)
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden
AMD PCI Driver (HKLM-x32\...\{80EC3CEE-2940-42A1-A776-B5D810D39F1E}) (Version: 1.0.0.89 - Advanced Micro Devices, Inc.) Hidden
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.19.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 7.0.4.10 - Advanced Micro Devices, Inc.) Hidden
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 23.7.2 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{c63a1907-428b-458b-935e-e61aad4aac6e}) (Version: 4.06.10.651 - Advanced Micro Devices, Inc.) Hidden
APP Center (HKLM-x32\...\{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.21.0426.1 - GIGABYTE) Hidden
APP Center (HKLM-x32\...\InstallShield_{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.21.0426.1 - GIGABYTE)
Área de trabalho remota do Google Chrome (HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\78afdc7becafbc9d1d312da7392eafce) (Version: 1.0 - Google\Chrome)
Atualização do produto Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{717C9095-8AAE-41CB-B046-BD6E8399F4F3}) (Version: - Microsoft)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{5016CB22-B9A7-44FB-AA72-AF28B27B15EA}) (Version: - Microsoft)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}) (Version: - Microsoft)
Atualização do produto Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}) (Version: - Microsoft)
AutoScreenRecorder 5 (HKLM-x32\...\AutoScreenRecorder 5_is1) (Version: 5.0.777 - Wisdom Software Inc.)
AVG Driver Updater (HKLM\...\AVG Driver Updater) (Version: 23.2.3178.10414 - AVG)
AVG TuneUp (HKLM\...\AVG TuneUp) (Version: 23.2.5531.7786 - AVG)
BlueStacks App Player (HKLM\...\BlueStacks_nxt) (Version: 5.12.115.2101 - now.gg, Inc.)
BlueStacks Services (HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\BlueStacksServices) (Version: 3.0.0 - now.gg, Inc.)
BlueStacks X (HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\BlueStacks X) (Version: 10.3.10.1006 - now.gg, Inc.)
Boxoft Free OCR (freeware) (HKLM-x32\...\Boxoft Free OCR (freeware)_is1) (Version: - boxoft Solution)
Branding64 (HKLM\...\{2A677A6A-43E8-4FE3-A273-07B0E27DADAE}) (Version: 1.00.0008 - Advanced Micro Devices, Inc.) Hidden
CamStudio 2.7 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 6.14 - Piriform)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version: - dvd8n)
CDisplayEx 1.10.33 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
Chrome Remote Desktop Host (HKLM-x32\...\{C17C2857-FF33-4EA0-8220-14A17DF82668}) (Version: 116.0.5845.9 - Google LLC)
C-Media High Definition Audio Device (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392008828}) (Version: 3.2 - C-Media Electronics, Inc.)
CPUID CPU-Z 2.03 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.03 - CPUID, Inc.)
CPUID CPU-Z Aorus 1.99 (HKLM\...\CPUID CPU-Z Aorus_is1) (Version: 1.99 - CPUID, Inc.)
CPUID HWMonitor 1.48 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.48 - CPUID, Inc.)
Crack1 version 0.5 (HKLM-x32\...\Crack1_is1) (Version: 0.5 - )
Crack4 version 0.5 (HKLM-x32\...\Crack4_is1) (Version: 0.5 - )
Crucial Storage Executive (HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\Crucial Storage Executive 7.12.122021.04) (Version: 7.12.122021.04 - Crucial)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DeepL (HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\https%3a##appdownload.deepl.com#windows#0install#deepl.xml) (Version: - DeepL SE)
EasyTune (HKLM-x32\...\{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.22.1227 - GIGABYTE) Hidden
EasyTune (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.22.1227 - GIGABYTE)
EasyTuneEngineService (HKLM-x32\...\{964575C3-5820-4642-A89A-754255B5EFE1}) (Version: 1.22.1227 - GIGABYTE) Hidden
EasyTuneEngineService (HKLM-x32\...\InstallShield_{964575C3-5820-4642-A89A-754255B5EFE1}) (Version: 1.22.1227 - GIGABYTE)
Epic Games Launcher (HKLM-x32\...\{4A5076AD-020F-4BCE-B558-47C82911061F}) (Version: 1.3.23.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{A1EB595F-651D-4A04-99B0-A7065538B33C}) (Version: 2.0.38.0 - Epic Games, Inc.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Excel (HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
Free Timer (HKLM-x32\...\{2AE4F065-5A3C-486D-81B4-161D4693303E}_is1) (Version: 4.0.0.0 - Comfort Software Group)
Game Boost (HKLM-x32\...\{644B5310-D2AA-42A8-9F3B-7B92C856C8D7}) (Version: 1.00.0007 - Gigabyte) Hidden
Game Boost (HKLM-x32\...\InstallShield_{644B5310-D2AA-42A8-9F3B-7B92C856C8D7}) (Version: 1.00.0007 - Gigabyte)
Geeks3D FurMark 1.29.0.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: 1.29.0.0 - Geeks3D)
Gigabyte Speed v10.50 (HKLM\...\Gigabyte Speed) (Version: 10.50 - cFos Software GmbH, Bonn)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 116.0.5845.112 - Google LLC)
Google Earth Pro (HKLM\...\{F27DBA46-80E1-4858-9285-19198FFFBF3D}) (Version: 7.3.6.9345 - Google)
GService (HKLM-x32\...\{D9CB4282-7B2A-4840-AD1D-9DA72B973DD9}) (Version: 1.19.0624.1 - GIGABYTE)
HD Tune Pro 5.75 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
HDD Regenerator (HKLM-x32\...\{CC5DA723-D428-40D1-B82B-21EB64B1273C}) (Version: 20.11.0011 - Abstradrome)
HuionTablet (HKLM-x32\...\HuionTablet) (Version: 15.6.3.132 - Shenzhen Huion Animation Technology Co.,LTD)
K-Lite Codec Pack 13.7.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.7.5 - KLCP)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Linksys Wireless Manager (HKLM\...\Linksys Wireless Manager) (Version: 4.9.9232.0 - Cisco Systems, Inc.)
Logi Bolt (HKLM\...\LogiBolt) (Version: 1.2.6024.0 - Logi)
Logi Options+ (HKLM\...\{850cdc16-85df-4052-b06e-4e3e9e83c5c6}) (Version: 1.50.447400 - Logitech)
Logitech Options (HKLM\...\LogiOptions) (Version: 10.10.58 - Logitech)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 116.0.1938.62 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 116.0.1938.62 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0416-1000-0000000FF1CE}_ENTERPRISE_{51530CD1-8244-4E0F-B536-BCCC05325C7F}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{51530CD1-8244-4E0F-B536-BCCC05325C7F}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (Portuguese (Brazil)) 2007 (HKLM-x32\...\{90120000-0015-0416-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 (HKLM-x32\...\{90120000-0016-0416-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 (HKLM-x32\...\{90120000-00BA-0416-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 (HKLM-x32\...\{90120000-0044-0416-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 (HKLM-x32\...\{90120000-00A1-0416-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 (HKLM-x32\...\{90120000-0018-0416-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2007 (HKLM-x32\...\{90120000-001F-0416-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Brazil)) 2007 (HKLM-x32\...\{90120000-002C-0416-0000-0000000FF1CE}) (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version: - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{8A524694-0CA4-476A-9301-B1E9D70FC952}) (Version: - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 (HKLM-x32\...\{90120000-0019-0416-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007 (HKLM\...\{90120000-002A-0416-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 (HKLM-x32\...\{90120000-006E-0416-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Brazil)) 2007 (HKLM-x32\...\{90120000-001B-0416-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.169.0813.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{2953E19B-9F91-4A49-A23B-7E25970A1951}) (Version: 3.73.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3994d355-238a-4612-af93-26d13deddef1}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31931 (HKLM-x32\...\{d4cecf3b-b68f-4995-8840-52ea0fab646e}) (Version: 14.34.31931.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29334 (HKLM-x32\...\{14C49FC8-3E9B-4F29-8526-26629B5CF30B}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29334 (HKLM-x32\...\{0D01A812-82A1-481F-8546-8E28E976F8DF}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31931 (HKLM\...\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}) (Version: 14.34.31931 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31931 (HKLM\...\{CF4C347D-954E-4543-88D2-EC17F07F466F}) (Version: 14.34.31931 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 pt-BR) (HKLM\...\Mozilla Firefox 116.0.3 (x64 pt-BR)) (Version: 116.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 70.0 - Mozilla)
MPC-HC 2.0.0 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 2.0.0 - MPC-HC Team)
MSI Afterburner 4.6.2 (HKLM-x32\...\Afterburner) (Version: 4.6.2 - MSI Co., LTD)
MSVCRT110 (HKLM-x32\...\{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}) (Version: 16.4.1108.0727 - Microsoft) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.2.4 - OBS Project)
ON_OFF Charge 2 B15.0709.1 (HKLM-x32\...\{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE) Hidden
ON_OFF Charge 2 B15.0709.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Outlook (HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
Pacote de Driver do Windows - Graphics Tablet (WinUsb) USBDevice (04/10/2014 8.33.30.0) (HKLM\...\142118DF51345EA02D2B1583E102C8FB95FD6D52) (Version: 04/10/2014 8.33.30.0 - Graphics Tablet)
Photo Gallery (HKLM-x32\...\{07AAB66E-4718-422D-9218-4AFB3C922A71}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Pomotroid 0.13.0 (HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\94bc756f-791e-5f51-856a-d5ab11c59b82) (Version: 0.13.0 - Christopher Murphy)
PowerPoint (HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 3.0.0.0 - Advanced Micro Devices, Inc.) Hidden
PureRef (HKLM-x32\...\PureRef) (Version: 1.11.1 - Idyllic Pixel)
QWXONormalizer (HKLM-x32\...\CHSINormalizer_is1) (Version: 6.105.17 - Nz Software)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9126.1 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.38.1118.2019 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
REDlauncher (HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version: - GOG.com)
Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)
RivaTuner Statistics Server 7.2.3 (HKLM-x32\...\RTSS) (Version: 7.2.3 - Unwinder)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.23.252 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.7.4 - Rockstar Games)
RyzenMasterSDK (HKLM\...\{324EDD12-32C2-4D2D-9A54-52048B456257}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden
SIV (HKLM-x32\...\{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.22.1227 - GIGABYTE) Hidden
SIV (HKLM-x32\...\InstallShield_{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.22.1227 - GIGABYTE)
Smart Backup (x64) (HKLM-x32\...\{BC1FA5CF-A36F-4C61-9638-09D0B431B006}) (Version: 3.18.0911.1 - GIGABYTE)
Spotify (HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\Spotify) (Version: 1.2.18.999.g9b38fc27 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stellar Photo Recovery (HKLM\...\Stellar Photo Recovery_is1) (Version: 11.1.0.0 - Stellar Information Technology Pvt Ltd.)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.1.1 - Krzysztof Kowalczyk)
SumatraPDF (HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\SumatraPDF) (Version: 3.4.6 - Krzysztof Kowalczyk)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.37.3 - TeamViewer)
TikTok (HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\d59969c1294b09b83df3d853b26b0754) (Version: 1.0 - Google\Chrome)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 137.0.10799 - Ubisoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{C22F49B1-0F67-47DC-A490-E8B4B6558EA9}) (Version: 8.91.0.0 - Microsoft Corporation)
VdhCoApp 1.3.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
Visual Studio 2010 SP1 Runtime x64 (HKLM\...\{F6305232-7952-4CCE-BDCD-9B2E66591C4A}) (Version: 1.0.0 - Microsoft Corporation)
Visual Studio 2010 SP1 Runtime x86 (HKLM-x32\...\{AEA163A5-BA2F-4E63-9529-DE8606AC82A4}) (Version: 1.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)
Windows Live Installer (HKLM-x32\...\{659CB81C-B54E-4DF1-B618-F35777393A54}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (HKLM-x32\...\{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (HKLM-x32\...\{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (HKLM-x32\...\{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Word (HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)
YouTube Music (HKU\S-1-5-21-3907471261-615860086-2012423866-1001\...\6c5703dffe21ecf14bfd52d011466875) (Version: 1.0 - Google\Chrome)

Packages:
=========
AMD Link -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDLink_10.23.10015.0_x64__0a9344xs7nr4m [2023-07-08] (Advanced Micro Devices Inc.)
Complemento de Fotos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-14] (Microsoft Corporation)
Complemento do Mecanismo de Mídia de Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-09] (Microsoft Corporation)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-10] (Microsoft Corporation)
EasyCast - Mirror Display -> C:\Program Files\WindowsApps\53887HaoCai.EasyCast-MirrorDisplay_1.6.2.0_x64__qrw73ppzkf79y [2023-06-04] (Hao Cai)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.21.0_neutral__8xx8rvfyw5nnt [2023-08-26] (Instagram)
KDE Connect -> C:\Program Files\WindowsApps\KDEe.V.KDEConnect_23.400.1322.0_x64__7vt06qxq7ptv8 [2023-04-29] (KDE e.V.) [Startup Task]
Movie Maker - Vídeo Editor -> C:\Program Files\WindowsApps\21336V3TApps.MovieMaker-FREE_3.6.34.0_x64__bzg06mxvgh4fa [2023-07-05] (V3TApps)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8180.0_x64__8wekyb3d8bbwe [2023-08-24] (Microsoft Studios) [MS Ad]
TeamViewer: Remote Control -> C:\Program Files\WindowsApps\TeamViewer.31414B719FA93_15.0.100.0_x86__89446h4zmeyyt [2022-12-26] (TeamViewer)
TikTok -> C:\Program Files\WindowsApps\BytedancePte.Ltd.TikTok_1.0.5.0_neutral__6yccndn6064se [2023-06-15] (Bytedance Pte. Ltd.)
Windows Package Manager Source (winget) -> C:\Program Files\WindowsApps\Microsoft.Winget.Source_2023.113.1341.553_neutral__8wekyb3d8bbwe [2023-01-13] (Microsoft Corporation)

==================== Análise Personalizada CLSID (Whitelisted): ==============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-3907471261-615860086-2012423866-1001_Classes\CLSID\{b72e6f5e-f6e0-a9eb-461b-6118363bd15c}\localserver32 -> C:\Users\Francisco Narde\AppData\Local\0install.net\implementations\sha256new_IA5ZAWY5757G2CCVTIIUZMVSBYDGFXZAP22TDTFSS74QEP3GNCDA\DeepL.exe (DeepL SE -> DeepL SE)
CustomCLSID: HKU\S-1-5-21-3907471261-615860086-2012423866-1001_Classes\CLSID\{ca31933b-b116-4444-9c6d-e5103390fb76}\localserver32 -> "C:\Program Files\TechSmith\Camtasia 2020\CamtasiaStudio.exe" -ToastActivated => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-3907471261-615860086-2012423866-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-29] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => -> Nenhum Arquivo
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> Nenhum Arquivo
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> Nenhum Arquivo
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2023-07-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> Nenhum Arquivo
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Drivers32: [VIDC.RTV1] => C:\WINDOWS\system32\rtvcvfw64.dll [246272 2012-09-28] () [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [105984 2019-08-30] (Beepa P/L) [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.WIS1] => C:\WINDOWS\system32\wiscodecx64.dll [254808 2022-05-11] (Wisdom Software Inc. -> Wisdom Software Inc.)
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2019-08-30] (Beepa P/L) [Arquivo não assinado]
HKLM\...\Drivers32-x32: [VIDC.WIS1] => wiscodecx64.dll

==================== Atalhos & WMI ========================

(As entradas podem ser listadas para serem restauradas ou removidas.)

ShortcutWithArgument: C:\Users\Francisco Narde\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__maonlnecdeecdljpahhnnlmhbmalehlm\Instagram.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=maonlnecdeecdljpahhnnlmhbmalehlm --app-url=hxxps://www.instagram.com/?utm_source=pwa_homescreen --app-launch-source=4
ShortcutWithArgument: C:\Users\Francisco Narde\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__akpamiohjfcnimfljfndmaldlcfphjmp\Instagram.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=akpamiohjfcnimfljfndmaldlcfphjmp --app-url=hxxps://www.instagram.com/?utm_source=pwa_homescreen&__pwa=1 --app-launch-source=4
ShortcutWithArgument: C:\Users\Francisco Narde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\Francisco Narde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb
ShortcutWithArgument: C:\Users\Francisco Narde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf
ShortcutWithArgument: C:\Users\Francisco Narde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi
ShortcutWithArgument: C:\Users\Francisco Narde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apps do Chrome\Pinterest.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=jbdahlimgohfikaoinpdclkpciabakhf
ShortcutWithArgument: C:\Users\Francisco Narde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apps do Chrome\Revolution Ensino de Artes Visuais LTDA.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=gbkmngjoemiefmllohcogahigebcndgd
ShortcutWithArgument: C:\Users\Francisco Narde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apps do Chrome\TikTok.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=nlalbmkafgmoifbeooblidblkmlhhpnc
ShortcutWithArgument: C:\Users\Francisco Narde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apps do Chrome\YouTube Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
ShortcutWithArgument: C:\Users\Francisco Narde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apps do Chrome\Área de trabalho remota do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=efmjfjelnicpmdcmfikempdhlmainjcb
ShortcutWithArgument: C:\Users\Francisco Narde\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Instagram.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=akpamiohjfcnimfljfndmaldlcfphjmp --app-url=hxxps://www.instagram.com/?utm_source=pwa_homescreen&__pwa=1 --app-launch-source=4

==================== Módulos Carregados (Whitelisted) =============

2022-12-29 14:10 - 2022-08-20 22:44 - 001160192 _____ () [Arquivo não assinado] [O arquivo está em uso] C:\Users\Francisco Narde\AppData\Local\0install.net\implementations\sha256new_WNVUT4A7COIHUPNX3HWQQZD5BU3GEPFRMM3BLVJW4ICRXIJEKBJQ\CefSharp.BrowserSubprocess.Core.dll
2023-08-30 10:10 - 2023-08-30 10:10 - 002306048 _____ () [Arquivo não assinado] \\?\C:\Users\Francisco Narde\AppData\Local\Temp\9f56cc54-4207-411e-804a-c83503b58326.tmp.node
2009-07-13 17:37 - 2009-07-13 17:37 - 000098304 _____ () [Arquivo não assinado] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
2021-05-16 02:12 - 2016-07-21 10:54 - 000137728 _____ () [Arquivo não assinado] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2021-05-16 02:12 - 2017-09-12 10:34 - 001506304 _____ () [Arquivo não assinado] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2021-04-22 15:48 - 2021-04-22 15:48 - 001867264 _____ () [Arquivo não assinado] C:\Program Files (x86)\GIGABYTE\AppCenter\BDR_info.dll
2023-06-23 09:22 - 2023-06-23 09:22 - 000144896 _____ () [Arquivo não assinado] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\libssh2.dll
2023-06-23 09:22 - 2023-06-23 09:22 - 000077824 _____ () [Arquivo não assinado] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\zlib.dll
2022-12-29 14:11 - 2022-08-19 04:38 - 175591424 _____ () [Arquivo não assinado] C:\Users\Francisco Narde\AppData\Local\0install.net\implementations\sha256new_WNVUT4A7COIHUPNX3HWQQZD5BU3GEPFRMM3BLVJW4ICRXIJEKBJQ\libcef.dll
2022-12-29 14:11 - 2022-08-19 03:11 - 000442880 _____ () [Arquivo não assinado] C:\Users\Francisco Narde\AppData\Local\0install.net\implementations\sha256new_WNVUT4A7COIHUPNX3HWQQZD5BU3GEPFRMM3BLVJW4ICRXIJEKBJQ\libEGL.dll
2022-12-29 14:11 - 2022-08-19 03:10 - 006480384 _____ () [Arquivo não assinado] C:\Users\Francisco Narde\AppData\Local\0install.net\implementations\sha256new_WNVUT4A7COIHUPNX3HWQQZD5BU3GEPFRMM3BLVJW4ICRXIJEKBJQ\libGLESv2.dll
2022-12-29 14:11 - 2022-08-19 03:07 - 004077568 _____ () [Arquivo não assinado] C:\Users\Francisco Narde\AppData\Local\0install.net\implementations\sha256new_WNVUT4A7COIHUPNX3HWQQZD5BU3GEPFRMM3BLVJW4ICRXIJEKBJQ\vk_swiftshader.dll
2022-12-29 14:11 - 2022-08-19 03:10 - 000828928 _____ () [Arquivo não assinado] C:\Users\Francisco Narde\AppData\Local\0install.net\implementations\sha256new_WNVUT4A7COIHUPNX3HWQQZD5BU3GEPFRMM3BLVJW4ICRXIJEKBJQ\vulkan-1.dll
2023-08-10 23:29 - 2023-08-17 09:20 - 002862080 _____ () [Arquivo não assinado] C:\Users\Francisco Narde\AppData\Local\Programs\bluestacks-services\ffmpeg.dll
2023-08-10 23:29 - 2023-08-17 09:20 - 000479232 _____ () [Arquivo não assinado] C:\Users\Francisco Narde\AppData\Local\Programs\bluestacks-services\libegl.dll
2023-08-10 23:29 - 2023-08-17 09:20 - 007513600 _____ () [Arquivo não assinado] C:\Users\Francisco Narde\AppData\Local\Programs\bluestacks-services\libglesv2.dll
2023-08-10 23:29 - 2023-08-17 09:20 - 005209088 _____ () [Arquivo não assinado] C:\Users\Francisco Narde\AppData\Local\Programs\bluestacks-services\vk_swiftshader.dll
2020-07-29 21:24 - 2016-05-31 03:37 - 000254464 _____ (C-MEDIA Electronics INC.) [Arquivo não assinado] C:\Program Files\Xear Audio Center\CPL\Driver\x64\vista\osConfLib.dll
2021-03-09 14:00 - 2021-03-09 14:00 - 000205824 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [Arquivo não assinado] C:\Program Files (x86)\GIGABYTE\AppCenter\yccV3.dll
2021-11-05 17:07 - 2021-11-05 17:07 - 000236544 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [Arquivo não assinado] C:\Program Files (x86)\Gigabyte\EasyTuneEngineService\yccV3.dll
2009-07-13 17:37 - 2009-07-13 17:37 - 000152112 _____ (OPSWAT, Inc. -> ) [Arquivo não assinado] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
2022-12-29 14:11 - 2022-08-19 03:16 - 001231872 _____ (The Chromium Authors) [Arquivo não assinado] C:\Users\Francisco Narde\AppData\Local\0install.net\implementations\sha256new_WNVUT4A7COIHUPNX3HWQQZD5BU3GEPFRMM3BLVJW4ICRXIJEKBJQ\chrome_elf.dll
2023-06-23 09:22 - 2023-06-23 09:22 - 000355840 _____ (The cURL library, hxxp://curl.haxx.se/) [Arquivo não assinado] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBCURL.dll
2023-06-23 09:22 - 2023-06-23 09:22 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Arquivo não assinado] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBEAY32.dll
2023-06-23 09:22 - 2023-06-23 09:22 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Arquivo não assinado] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\SSLEAY32.dll
2015-10-14 01:15 - 2015-10-14 01:15 - 002042368 _____ (TODO: <Company name>) [Arquivo não assinado] C:\Program Files (x86)\GIGABYTE\AppCenter\osvi.dll
2021-05-16 02:12 - 2017-09-12 10:36 - 000708608 _____ (Wondershare) [Arquivo não assinado] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll