Peço que por favor, analisem esses logs, os sintomas são:
- Lentidão do PC, sobretudo quando estou conectado na internet.
- Mensagens do tipo pop-up nos browsers dizendo que estou infectado.
- Mensagens do tipo pop-up nos browsers dizendo "confirm you are not a robot".
- Sempre quando tento copiar algum video do pendrive para o HD, o video sempre se corrompe e diz que nao é possivel renderizar. (isso só começou a ocorrer depois da infecção).
Resultado do análise da Farbar Recovery Scan Tool (FRST) (x64) Versão: 28.07.2024
Executado por Neo (administrador) em MATRIX2025 (30-07-2024 17:31:07)
Executando a partir de C:\Users\Net\Desktop\FRST64.exe
Perfis Carregados: Neo & Net
Plataforma: Microsoft Windows 11 Pro Versão 23H2 22631.3880 (X64) Idioma: Português (Brasil)
Navegador padrão: FF
Modo da Inicialização: Normal
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.16300.20.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe -> (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe <6>
(DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atiesrxx.exe -> (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atieclxx.exe
(services.exe -> (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atiesrxx.exe
(services.exe -> (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpDefenderCoreService.exe
(services.exe -> (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MsMpEng.exe
(services.exe -> (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\NisSrv.exe
(svchost.exe -> (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2429.10.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe -> (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.16300.20.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe -> (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe -> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe -> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe -> (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe -> (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe
Falha ao acessar processo -> vmmemCmZygote
==================== Registro (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restrição <==== ATENÇÃO
HKU\S-1-5-21-1875411646-3612572813-2532316385-1001\...\Run: [OneDrive] => "C:\Users\Neo\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background (Nenhum Arquivo)
HKU\S-1-5-21-1875411646-3612572813-2532316385-1001\...\Run: [MicrosoftEdgeAutoLaunch_6431A1DCEFAE3C8A629DDE1D8F63B1E2] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3814848 2024-07-25] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\HP E111 Status Monitor: C:\Windows\system32\hpinkstsE111LM.dll [393352 2017-04-14] (Hewlett Packard -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\127.0.6533.73\Installer\chrmstp.exe [2024-07-29] (Google LLC -> Google LLC)
GroupPolicy: Restrição ? <==== ATENÇÃO
Policies: C:\ProgramData\NTUSER.pol: Restrição <==== ATENÇÃO
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restrição <==== ATENÇÃO
==================== Tarefas Agendadas (Whitelisted) =================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
Task: {F1A88049-AE1D-4DC1-A683-540657FA470F} - System32\Tasks\ASC_PerformanceMonitor => "C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe" -> C:\Program Files (x86)\IObit\Advanced SystemCare\\/Task
Task: {C393285C-D2AE-4914-9652-01DC8B442724} - System32\Tasks\ASC_SkipUac_Neo => "C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe" -> C:\Program Files (x86)\IObit\Advanced SystemCare\\/SkipUac
Task: {F554253E-A124-42D1-A064-FA7C73119D0B} - System32\Tasks\EaseUS_RecExperts_Web => "C:\Program Files (x86)\EaseUS\RecExperts\bin\TaskSchedulerWeb.exe" /skipuac (Nenhum Arquivo)
Task: {678C5E45-CD15-48E5-9B09-94B43DD9B02B} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem128.0.6597.0{9C4070BE-2EC9-4547-821F-3E3C2885777C} => C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe [4889704 2024-07-15] (Google LLC -> Google LLC)
Task: {ED1858B7-DC2B-4E8D-86A9-3609DCE465D3} - System32\Tasks\infatica_p2b => "C:\Program Files (x86)\Infatica P2B\infatica_agent.exe" (Nenhum Arquivo)
Task: {D8BF4758-CB2C-4C07-8B61-1399A4C1B5E8} - System32\Tasks\iTop easter Task (One-Time) => "C:\Program Files (x86)\iTop VPN\Pub\itopeasterp24.exe" -> C:\Program Files (x86)\iTop VPN\Pub\\/easter
Task: {C1710EA8-762B-4791-B028-CE5BFA49E5DC} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2113024 2024-03-11] () [Arquivo não assinado]
Task: {8C385297-326F-485E-A82E-7F80BC14AE62} - System32\Tasks\Microsoft\Windows\Maintenance\SystemMonitor => C:\Users\Neo\AppData\Roaming\systemmonitor\sysmon.exe [223232 2024-04-23] () [Arquivo não assinado] <==== ATENÇÃO
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Nenhum Arquivo)
Task: {08B0F983-378F-4794-A296-D852B191E91A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-07-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {66D8EC9A-A05A-4D83-9E06-7001EF19CBA0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-07-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D100AA1E-6F94-47E7-B683-F4B9EAE0744E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-07-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B73A793D-ACC3-4C20-B893-7F90DDCDFC55} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe [1678960 2024-07-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {812D95D5-C701-4F96-B156-192CBD8C56B5} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-1875411646-3612572813-2532316385-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [677448 2024-07-27] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (a entrada de dados tem 6 mais caracteres).
Task: {9010676D-AEE6-446D-AE0C-6BB34225EA9E} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-1875411646-3612572813-2532316385-1002 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [677448 2024-07-27] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (a entrada de dados tem 6 mais caracteres).
Task: {975FAB1A-61A5-4B7A-B598-ED9FD7A8E815} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34376 2024-07-27] (Mozilla Corporation -> Mozilla Foundation)
Task: {82B60921-8209-418F-BE55-A5B6DE98656F} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1875411646-3612572813-2532316385-1001 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (Nenhum Arquivo)
Task: {25EBAD64-9BE8-410A-8565-2BB0F986AB56} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1875411646-3612572813-2532316385-1002 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (Nenhum Arquivo)
Task: {678A82B4-8A27-4E7B-8D9C-3D265EEC416A} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1875411646-3612572813-2532316385-1001 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (Nenhum Arquivo)
Task: {CF6D53BE-815C-4884-ADAC-883A65A8812D} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1875411646-3612572813-2532316385-1002 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (Nenhum Arquivo)
Task: {C3B2C5AC-5259-4AD7-B8CD-5735873B5BA3} - System32\Tasks\Uninstaller_SkipUac_Net => "C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe" -> C:\Program Files (x86)\IObit\IObit Uninstaller\\/UninstallExplorer
Task: {D19385A9-8BFD-4DD5-B5BC-FD54E999FCF5} - System32\Tasks\WpsExternal_Net_20240708112545 => C:\Users\Net\AppData\Local\Kingsoft\WPS Office\12.2.0.17153\office6\wpscloudsvr.exe [1036176 2024-07-08] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) -> /wpscloudlaunch /run_plugin /plugin_name=ktaskschdtool /plugin_entry=ktaskschdtool.dll /task=wpsexternal /launchtask /ver=1.0 /start_from=task_external
Task: {1709E13D-1B3E-4BED-A700-A177BFCAFA9D} - System32\Tasks\WpsUpdateTask_Net => C:\Users\Net\AppData\Local\Kingsoft\WPS Office\12.2.0.17153\office6\wpsupdate.exe [1550224 2024-07-08] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 181.213.132.6 181.213.132.7
Tcpip\..\Interfaces\{175c997e-22b0-4037-83bc-f2621c323028}: [DhcpNameServer] 181.213.132.6 181.213.132.7
Edge:
=======
Edge Profile: C:\Users\Neo\AppData\Local\Microsoft\Edge\User Data\Default [2024-07-30]
Edge Extension: (Documentos Google off-line) - C:\Users\Neo\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-05]
Edge Extension: (Edge relevant text changes) - C:\Users\Neo\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-03-05]
FireFox:
========
FF DefaultProfile: 6ur4hfrv.default
FF ProfilePath: C:\Users\Neo\AppData\Roaming\Mozilla\Firefox\Profiles\6ur4hfrv.default [2024-03-05]
FF ProfilePath: C:\Users\Neo\AppData\Roaming\Mozilla\Firefox\Profiles\bckhy9yn.default-release [2024-07-30]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PDF READER\plugins\npFoxitPDFReaderPlugin.dll [2024-05-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PDF READER\plugins\npFoxitPDFReaderPlugin.dll [2024-05-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PDF READER\plugins\npFoxitPDFReaderPlugin.dll [2024-05-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PDF READER\plugins\npFoxitPDFReaderPlugin.dll [2024-05-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PDF READER\plugins\npFoxitPDFReaderPlugin.dll [2024-05-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
Chrome:
=======
CHR Profile: C:\Users\Neo\AppData\Local\Google\Chrome\User Data\Default [2024-07-30]
CHR Extension: (Documentos Google off-line) - C:\Users\Neo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-07-03]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Neo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-03-16]
==================== Serviços (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpDefenderCoreService.exe [1377416 2024-07-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522184 2024-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [794544 2024-05-02] (Oracle America, Inc. -> Oracle and/or its affiliates)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\NisSrv.exe [3236728 2024-07-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MsMpEng.exe [133688 2024-07-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe [965520 2024-03-06] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
S3 Browser; %SystemRoot%\System32\browser.dll [X]
S2 ListaryServiceV2; "C:\Program Files\Listary\Listary.Service.exe" [X]
S2 ONLYOFFICE Update Service; "C:\Program Files\ONLYOFFICE\DesktopEditors\updatesvc.exe" [X]
S2 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X]
===================== Drivers (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [544768 2023-12-04] (Microsoft Corporation) [Arquivo não assinado]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [188416 2023-12-04] (Microsoft Corporation) [Arquivo não assinado]
R0 fse; C:\Windows\System32\drivers\fse.sys [218608 2024-07-15] (Microsoft Windows -> Microsoft Corporation)
R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [254352 2024-05-02] (Oracle Corporation -> Oracle and/or its affiliates)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [265224 2024-05-02] (Oracle Corporation -> Oracle and/or its affiliates)
R1 VBoxSup; C:\Windows\system32\DRIVERS\VBoxSup.sys [1063752 2024-05-02] (Oracle Corporation -> Oracle and/or its affiliates)
S3 vmbusproxy; C:\Windows\system32\drivers\vmbusproxy.sys [94208 2024-07-15] (Microsoft Windows -> )
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [21968 2024-07-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [602520 2024-07-15] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2024-07-15] (Microsoft Windows -> Microsoft Corporation)
S3 cpuz154; \??\C:\Windows\temp\cpuz154\cpuz154_x64.sys [X] <==== ATENÇÃO
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um mês (criados) (Whitelisted) =========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2024-07-30 17:31 - 2024-07-30 17:32 - 000016690 _____ C:\Users\Net\Desktop\FRST.txt
2024-07-30 17:30 - 2024-07-30 17:31 - 000000000 ____D C:\FRST
2024-07-30 17:29 - 2024-07-30 17:29 - 002397184 _____ (Farbar) C:\Users\Net\Desktop\FRST64.exe
2024-07-30 17:11 - 2024-07-30 17:11 - 000726848 _____ C:\Windows\system32\prfh0416.dat
2024-07-30 17:11 - 2024-07-30 17:11 - 000141922 _____ C:\Windows\system32\prfc0416.dat
2024-07-30 16:57 - 2024-07-30 16:57 - 000000428 __RSH C:\ProgramData\ntuser.pol
2024-07-30 16:47 - 2024-07-30 16:47 - 000003320 _____ C:\Users\Net\Desktop\ZHP CLEAN.txt
2024-07-30 16:32 - 2024-07-30 16:33 - 000003125 _____ C:\Users\Net\Desktop\Novo(a) Documento de Texto (5).txt
2024-07-30 12:35 - 2024-07-30 12:35 - 003365064 _____ (Nicolas Coolman) C:\Users\Net\Desktop\ZHPCleaner.exe
2024-07-30 10:46 - 2024-07-30 10:50 - 1729709205 _____ C:\Users\Net\Downloads\latest.zip
2024-07-29 23:35 - 2024-07-29 23:35 - 000000000 ____D C:\Users\Net\AppData\Local\Eraser 6
2024-07-29 21:36 - 2024-07-29 21:36 - 000000000 ____D C:\Users\Neo\AppData\Local\Eraser 6
2024-07-29 21:29 - 2024-07-29 21:31 - 008843096 _____ (The Eraser Project) C:\Users\Net\Downloads\Eraser 6.2.0.2994.exe
2024-07-29 17:45 - 2024-07-29 17:45 - 000000000 ____D C:\Users\Net\Downloads\nome da rosa
2024-07-28 13:24 - 2024-07-28 13:25 - 000000000 ____D C:\Users\Net\AppData\Local\SumatraPDF
2024-07-27 22:20 - 2024-07-27 22:24 - 000000000 ____D C:\Users\Net\AppData\Roaming\SwifDooPDFData
2024-07-27 22:01 - 2024-07-28 03:14 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-07-25 22:53 - 2024-07-25 22:53 - 009892032 _____ (Cybertron Software Co., Ltd. ) C:\Users\Neo\Downloads\privacy-eraser-setup (2).exe
2024-07-25 22:53 - 2024-07-25 22:53 - 009892032 _____ (Cybertron Software Co., Ltd. ) C:\Users\Neo\Downloads\privacy-eraser-setup (1).exe
2024-07-25 17:57 - 2024-07-25 17:57 - 020220144 _____ (pendrivelinux.com) C:\Users\Neo\Downloads\YUMI-exFAT-1.0.2.7.exe
2024-07-25 16:16 - 2024-07-25 16:17 - 003365064 _____ (Nicolas Coolman) C:\Users\Neo\Downloads\ZHPCleaner.exe
2024-07-25 16:16 - 2024-07-25 16:17 - 003365064 _____ (Nicolas Coolman) C:\Users\Neo\Desktop\ZHPCleaner.exe
2024-07-24 17:27 - 2024-07-24 17:27 - 000240544 _____ C:\Users\Net\Downloads\trisquel_11.0.1_amd64.iso.torrent
2024-07-24 17:26 - 2024-07-24 17:26 - 000123787 _____ C:\Users\Net\Downloads\trisquel-mini_11.0.1_amd64.iso.torrent
2024-07-24 17:23 - 2024-07-24 17:23 - 000011541 _____ C:\Users\Net\Documents\Distros PC Fraco.xlsx
2024-07-23 20:53 - 2024-07-24 19:56 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2024-07-19 21:00 - 2024-07-19 21:00 - 036426934 _____ (Easy2Boot ) C:\Users\Net\Downloads\Easy2Boot_v2.20.exe
2024-07-18 22:55 - 2024-07-28 13:40 - 000000000 ____D C:\Users\Net\AppData\Roaming\Kodi
2024-07-18 22:48 - 2024-07-18 22:48 - 076923883 _____ (XBMC Foundation) C:\Users\Net\Downloads\kodi-21.0-Omega-x64.exe
2024-07-17 14:14 - 2024-07-17 14:14 - 000000000 ____D C:\Users\Net\Downloads\winUSB
2024-07-15 21:03 - 2024-07-17 18:28 - 000000617 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2024-07-15 17:52 - 2024-07-15 17:52 - 000000000 ___SD C:\Windows\system32\Containers
2024-07-15 17:52 - 2024-07-15 17:52 - 000000000 ____D C:\Windows\system32\HvsiSettingsProviders
2024-07-15 15:44 - 2024-07-15 16:22 - 000000000 ____D C:\Users\Net\VirtualBox VMs
2024-07-15 15:43 - 2024-07-15 16:22 - 000000000 ____D C:\Users\Net\.VirtualBox
2024-07-15 12:14 - 2024-07-15 15:41 - 000000000 ____D C:\Users\Neo\VirtualBox VMs
2024-07-15 12:13 - 2024-07-15 15:40 - 000000000 ____D C:\Users\Neo\.VirtualBox
2024-07-15 12:12 - 2024-07-15 12:12 - 000001149 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2024-07-15 12:12 - 2024-07-15 12:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2024-07-15 12:12 - 2024-07-15 12:12 - 000000000 ____D C:\Program Files\Oracle
2024-07-15 12:12 - 2024-05-02 03:10 - 001063752 _____ (Oracle and/or its affiliates) C:\Windows\system32\Drivers\VBoxSup.sys
2024-07-15 12:12 - 2024-05-02 03:10 - 000203912 _____ (Oracle and/or its affiliates) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2024-07-15 12:11 - 2024-07-15 12:11 - 109700144 _____ (Oracle and/or its affiliates) C:\Users\Net\Downloads\VirtualBox-7.0.18-162988-Win.exe
2024-07-13 13:55 - 2024-07-13 13:55 - 000305248 _____ C:\Windows\system32\FNTCACHE.DAT
2024-07-11 18:53 - 2024-07-11 18:53 - 000000000 ____D C:\Users\Net\Documents\Zoom
2024-07-11 03:26 - 2024-07-11 03:26 - 000248241 _____ C:\Users\Net\Documents\favoritos_11_07_2024.html
2024-07-10 20:20 - 2024-07-10 20:20 - 000000000 ____D C:\Users\Net\AppData\Local\Sentry
2024-07-10 19:59 - 2024-07-10 19:59 - 000000000 ____D C:\Users\Net\AppData\Local\Opera Software
2024-07-10 19:58 - 2024-07-10 19:58 - 000000000 ____D C:\Users\Net\AppData\Roaming\Opera Software
2024-07-10 17:08 - 2024-07-10 17:08 - 000025684 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-07-10 17:07 - 2024-07-10 17:07 - 000025684 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2024-07-10 16:55 - 2024-07-10 17:01 - 000000000 ___HD C:\$WinREAgent
2024-07-10 15:53 - 2024-07-10 15:54 - 000000000 ____D C:\Users\Net\Downloads\TORRENTS
2024-07-08 11:25 - 2024-07-08 11:25 - 000004050 _____ C:\Windows\system32\Tasks\WpsExternal_Net_20240708112545
2024-07-08 11:25 - 2024-07-08 11:25 - 000003620 _____ C:\Windows\system32\Tasks\WpsUpdateTask_Net
2024-07-06 10:52 - 2024-07-06 10:52 - 001366256 _____ C:\Users\Net\Documents\060724-Bookmarks.html
2024-07-05 22:30 - 2024-07-05 22:30 - 001401742 _____ C:\Users\Net\Documents\050724-bookmarks.html
2024-07-05 21:35 - 2024-07-05 21:35 - 000247504 _____ C:\Users\Net\Documents\favoritos_05_07_2024.html
2024-07-03 11:06 - 2024-07-30 16:46 - 000010043 _____ C:\Users\Neo\Desktop\ZHPCleaner (R).html
2024-07-03 11:06 - 2024-07-30 16:46 - 000003284 _____ C:\Users\Neo\Desktop\ZHPCleaner (R).txt
2024-07-03 11:03 - 2024-07-30 16:25 - 000009764 _____ C:\Users\Neo\Desktop\ZHPCleaner (S).html
2024-07-03 11:03 - 2024-07-30 16:25 - 000003114 _____ C:\Users\Neo\Desktop\ZHPCleaner (S).txt
2024-07-03 10:48 - 2024-07-25 16:17 - 000000873 _____ C:\Users\Neo\Desktop\ZHPCleaner.lnk
2024-07-01 05:54 - 2023-01-08 16:59 - 008777005 _____ C:\Users\Net\Documents\Glass Clean Tool.mp4
==================== Um mês (modificados) ==================
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2024-07-30 20:07 - 2024-03-05 19:56 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-07-30 20:06 - 2024-03-14 14:49 - 000001134 _____ C:\Windows\system32\config\VSMIDK
2024-07-30 20:06 - 2024-03-05 19:56 - 000012288 ___SH C:\DumpStack.log.tmp
2024-07-30 20:06 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\ServiceState
2024-07-30 17:20 - 2024-03-05 20:09 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-07-30 17:20 - 2022-05-07 02:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-07-30 17:18 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\SystemTemp
2024-07-30 17:11 - 2024-03-05 17:09 - 001679878 _____ C:\Windows\system32\PerfStringBackup.INI
2024-07-30 17:11 - 2022-05-07 02:22 - 000000000 ____D C:\Windows\INF
2024-07-30 16:57 - 2024-03-05 17:07 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2024-07-30 16:57 - 2022-05-07 02:17 - 000524288 _____ C:\Windows\system32\config\BBI
2024-07-30 16:49 - 2024-03-05 19:56 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-07-30 16:46 - 2024-03-06 21:04 - 000000000 ____D C:\Users\Neo\AppData\Roaming\ZHP
2024-07-30 14:58 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\AppReadiness
2024-07-30 12:47 - 2024-03-06 16:31 - 000000000 ____D C:\Users\Net\AppData\Roaming\qBittorrent
2024-07-30 10:43 - 2024-03-10 19:17 - 000000000 ____D C:\Users\Net\AppData\Roaming\Telegram Desktop
2024-07-29 20:30 - 2024-03-13 22:11 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-07-29 20:07 - 2024-03-05 20:19 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1875411646-3612572813-2532316385-1002
2024-07-29 20:07 - 2024-03-05 20:19 - 000003366 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1875411646-3612572813-2532316385-1002
2024-07-29 20:07 - 2024-03-05 20:19 - 000002383 _____ C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-07-29 19:46 - 2024-03-06 16:41 - 000000000 ____D C:\Users\Net\AppData\Roaming\HandBrake
2024-07-29 09:15 - 2024-03-05 19:56 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-07-29 09:15 - 2024-03-05 19:56 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-07-28 21:13 - 2024-03-05 20:18 - 000000000 ____D C:\Users\Net
2024-07-28 21:01 - 2024-03-05 17:10 - 000000000 ____D C:\Users\Neo
2024-07-28 19:33 - 2024-03-12 15:42 - 000000000 ____D C:\Users\Net\AppData\Local\CrashDumps
2024-07-28 19:28 - 2024-06-29 19:39 - 000000000 ____D C:\Users\Net\AppData\Roaming\Grammarly
2024-07-28 19:22 - 2024-03-13 17:19 - 000000000 ____D C:\Users\Neo\AppData\Roaming\MPC-HC
2024-07-28 19:03 - 2024-03-28 08:54 - 000000000 ___HD C:\Users\Net\WPS Cloud Files
2024-07-28 13:42 - 2024-03-22 16:18 - 000001590 _____ C:\Users\Net\Desktop\E-book SELLPAGE.txt
2024-07-28 03:14 - 2024-03-05 20:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-07-27 23:46 - 2024-03-06 04:49 - 000000000 ____D C:\Users\Net\AppData\Local\D3DSCache
2024-07-27 22:21 - 2024-03-05 20:09 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2024-07-27 22:20 - 2024-03-05 20:08 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-07-27 15:29 - 2024-05-18 16:48 - 000000000 ____D C:\Users\Net\AppData\Roaming\obs-studio
2024-07-27 15:20 - 2024-05-18 16:48 - 000000000 ____D C:\ProgramData\obs-studio
2024-07-27 13:28 - 2022-05-07 02:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-07-25 22:52 - 2024-03-13 14:25 - 000000000 ____D C:\Users\Neo\AppData\Local\CrashDumps
2024-07-25 11:51 - 2024-04-26 16:27 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\MMC
2024-07-23 21:28 - 2024-03-29 20:44 - 000000000 ____D C:\Users\Net\Downloads\Telegram Desktop
2024-07-23 21:03 - 2024-03-07 14:38 - 000001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2024-07-22 16:02 - 2024-03-09 18:24 - 000000000 ____D C:\Users\Public\Foxit Software
2024-07-21 19:10 - 2024-03-06 16:41 - 000000000 ____D C:\ProgramData\Package Cache
2024-07-19 08:12 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\LiveKernelReports
2024-07-18 02:20 - 2024-03-05 17:14 - 000000000 ____D C:\Users\Neo\AppData\Local\D3DSCache
2024-07-17 18:29 - 2024-03-05 20:18 - 000000000 ____D C:\Users\Net\AppData\Local\Packages
2024-07-15 18:08 - 2022-05-07 02:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-07-15 18:04 - 2024-03-05 19:56 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-07-15 16:42 - 2022-05-07 02:17 - 000000000 ____D C:\Windows\CbsTemp
2024-07-15 16:41 - 2024-06-12 12:35 - 001090928 _____ (Microsoft Corporation) C:\Windows\system32\WindowsSandbox.exe
2024-07-15 16:41 - 2024-06-12 12:35 - 000774144 _____ (Microsoft Corporation) C:\Windows\system32\gns.dll
2024-07-15 16:41 - 2024-06-12 12:35 - 000706016 _____ (Microsoft Corporation) C:\Windows\system32\vmusrv.dll
2024-07-15 16:41 - 2024-06-12 12:35 - 000628208 _____ (Microsoft Corporation) C:\Windows\system32\vmuidevices.dll
2024-07-15 16:41 - 2024-06-12 12:35 - 000628192 _____ (Microsoft Corporation) C:\Windows\system32\vmserial.dll
2024-07-15 16:41 - 2024-06-12 12:35 - 000554464 _____ (Microsoft Corporation) C:\Windows\system32\vmpmem.dll
2024-07-15 16:41 - 2024-06-12 12:35 - 000517488 _____ (Microsoft Corporation) C:\Windows\system32\NetMgmtIF.dll
2024-07-15 16:41 - 2024-06-12 12:35 - 000509408 _____ (Microsoft Corporation) C:\Windows\system32\vmsynthstor.dll
2024-07-15 16:41 - 2024-06-12 12:35 - 000458752 _____ (Microsoft Corporation) C:\Windows\system32\vmvpci.dll
2024-07-15 16:41 - 2024-06-12 12:35 - 000439792 _____ (Microsoft Corporation) C:\Windows\system32\vmprox.dll
2024-07-15 16:41 - 2024-06-12 12:35 - 000439792 _____ (Microsoft Corporation) C:\Windows\system32\nvspinfo.exe
2024-07-15 16:41 - 2024-06-12 12:35 - 000435680 _____ (Microsoft Corporation) C:\Windows\system32\vmsmb.dll
2024-07-15 16:41 - 2024-06-12 12:35 - 000407024 _____ (Microsoft Corporation) C:\Windows\system32\vmdynmem.dll
2024-07-15 16:41 - 2024-06-12 12:35 - 000406912 _____ (Microsoft Corporation) C:\Windows\system32\nmscrub.exe
2024-07-15 16:41 - 2024-06-12 12:35 - 000398832 _____ (Microsoft Corporation) C:\Windows\system32\VmSynthNic.dll
2024-07-15 16:41 - 2024-06-12 12:35 - 000378336 _____ (Microsoft Corporation) C:\Windows\system32\vmflexio.dll
2024-07-15 16:41 - 2024-06-12 12:35 - 000366048 _____ (Microsoft Corporation) C:\Windows\system32\vmiccore.dll
2024-07-15 16:41 - 2024-06-12 12:35 - 000366048 _____ (Microsoft Corporation) C:\Windows\system32\hcsdiag.exe
2024-07-15 16:41 - 2024-06-12 12:35 - 000361952 _____ (Microsoft Corporation) C:\Windows\system32\gpupvdev.dll
2024-07-15 16:41 - 2024-06-12 12:35 - 000341472 _____ (Microsoft Corporation) C:\Windows\system32\WindowsSandboxClient.exe
2024-07-15 16:41 - 2024-06-12 12:35 - 000329184 _____ (Microsoft Corporation) C:\Windows\system32\vp9fs.dll
2024-07-15 16:41 - 2024-06-12 12:35 - 000316800 _____ (Microsoft Corporation) C:\Windows\system32\VmCrashDump.dll
2024-07-15 16:41 - 2024-06-12 12:35 - 000275936 _____ (Microsoft Corporation) C:\Windows\system32\CExecSvc.exe
2024-07-15 16:41 - 2024-06-12 12:35 - 000271840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsp.sys
2024-07-15 16:41 - 2024-06-12 12:35 - 000258048 _____ (Microsoft Corporation) C:\Windows\system32\hnsdiag.exe
2024-07-15 16:41 - 2024-06-12 12:35 - 000255472 _____ (Microsoft Corporation) C:\Windows\system32\vmbusvdev.dll
2024-07-15 16:41 - 2024-06-12 12:35 - 000243056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcivsp.sys
2024-07-15 16:41 - 2024-06-12 12:35 - 000226672 _____ C:\Windows\system32\IsolatedWindowsEnvironmentUtils.dll
2024-07-15 16:41 - 2024-06-12 12:35 - 000222704 _____ (Microsoft Corporation) C:\Windows\system32\vmickrnl.dll
2024-07-15 16:41 - 2024-06-12 12:35 - 000218608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fse.sys
2024-07-15 16:41 - 2024-06-12 12:35 - 000185712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbkmclr.sys
2024-07-15 16:41 - 2024-06-12 12:35 - 000169344 _____ (Microsoft Corporation) C:\Windows\system32\vmvirtio.dll
2024-07-15 16:41 - 2024-06-12 12:35 - 000131072 _____ C:\Windows\system32\hvsiproxyapp.exe
2024-07-15 16:41 - 2024-06-12 12:35 - 000128384 _____ (Microsoft Corporation) C:\Windows\system32\nmbind.exe
2024-07-15 16:41 - 2024-06-12 12:35 - 000120176 _____ (Microsoft Corporation) C:\Windows\system32\vmwpctrl.dll
2024-07-15 16:41 - 2024-06-12 12:35 - 000087520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdparser.sys
2024-07-15 16:41 - 2024-05-15 17:06 - 000140672 _____ (Microsoft Corporation) C:\Windows\system32\madrid.dll
2024-07-15 16:41 - 2024-05-15 17:06 - 000139264 _____ (Microsoft Corporation) C:\Windows\system32\CCG.exe
2024-07-15 16:41 - 2024-05-15 17:06 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\vmhbmgmt.dll
2024-07-15 16:41 - 2024-05-15 17:06 - 000124384 _____ (Microsoft Corporation) C:\Windows\system32\CmAgent.dll
2024-07-15 16:41 - 2024-05-15 17:06 - 000116080 _____ (Microsoft Corporation) C:\Windows\system32\wcsetupagent.exe
2024-07-15 16:41 - 2024-05-15 17:06 - 000081920 _____ (Microsoft Corporation) C:\Windows\system32\CCGLaunchPad.dll
2024-07-15 16:41 - 2024-05-15 17:06 - 000075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VmsProxyHNic.sys
2024-07-15 16:41 - 2024-05-15 17:06 - 000071136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VmsProxy.sys
2024-07-15 16:41 - 2024-05-15 17:06 - 000066944 _____ (Microsoft Corporation) C:\Windows\system32\NvAgent.dll
2024-07-15 16:41 - 2023-12-04 03:23 - 000094208 _____ C:\Windows\system32\Drivers\vmbusproxy.sys
2024-07-15 16:41 - 2023-12-04 03:23 - 000087520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\l2bridge.sys
2024-07-15 16:41 - 2023-12-04 03:23 - 000079344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vkrnlintvsc.sys
2024-07-15 16:41 - 2023-12-04 03:23 - 000079328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vkrnlintvsp.sys
2024-07-15 16:41 - 2023-12-04 03:23 - 000066928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvsocketcontrol.sys
2024-07-15 16:41 - 2023-12-04 03:23 - 000050656 _____ (Microsoft Corporation) C:\Windows\system32\VrdUmed.dll
2024-07-15 16:41 - 2023-12-04 03:23 - 000046552 _____ (Microsoft Corporation) C:\Windows\system32\vmsifproxystub.dll
2024-07-15 16:41 - 2022-05-07 02:20 - 000144736 _____ (Microsoft Corporation) C:\Windows\system32\rdp4vs.dll
2024-07-15 16:41 - 2022-05-07 02:20 - 000132456 _____ C:\Windows\system32\secfw_AuthenticAMD.dll
2024-07-15 16:41 - 2022-05-07 02:20 - 000124240 _____ (Microsoft Corporation) C:\Windows\system32\vmwpevents.dll
2024-07-15 16:41 - 2022-05-07 02:20 - 000095584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pvhdparser.sys
2024-07-15 16:41 - 2022-05-07 02:20 - 000075104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\passthruparser.sys
2024-07-15 16:41 - 2022-05-07 02:20 - 000058704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hnswfpdriver.sys
2024-07-15 16:41 - 2022-05-07 02:20 - 000054608 _____ (Microsoft Corporation) C:\Windows\system32\UtilityVmSysprep.dll
2024-07-15 16:41 - 2022-05-07 02:20 - 000042344 _____ (Microsoft Corporation) C:\Windows\system32\vmcomputeeventlog.dll
2024-07-15 16:41 - 2022-05-07 02:20 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\VmComputeProxy.dll
2024-07-15 16:41 - 2022-05-07 02:20 - 000025960 _____ (Microsoft Corporation) C:\Windows\system32\f989b52d-f928-44a3-9bf1-bf0c1da6a0d6_HyperV-DeviceVirtualization.dll
2024-07-15 16:41 - 2022-05-07 02:20 - 000025960 _____ (Microsoft Corporation) C:\Windows\system32\07409496-a423-4a3e-b620-2cfb01a9318d_HyperV-ComputeNetwork.dll
2024-07-15 16:41 - 2022-05-07 02:20 - 000025952 _____ (Microsoft Corporation) C:\Windows\system32\f1db7d81-95be-4911-935a-8ab71629112a_HyperV-IsolatedVM.dll
2024-07-15 16:41 - 2022-05-07 02:20 - 000025952 _____ (Microsoft Corporation) C:\Windows\system32\d4d78066-e6db-44b7-b5cd-2eb82dce620c_HyperV-ComputeLegacy.dll
2024-07-15 16:41 - 2022-05-07 02:20 - 000025952 _____ (Microsoft Corporation) C:\Windows\system32\c4d66f00-b6f0-4439-ac9b-c5ea13fe54d7_HyperV-ComputeCore.dll
2024-07-15 16:41 - 2022-05-07 02:20 - 000025952 _____ (Microsoft Corporation) C:\Windows\system32\c28c7a4e-a619-4463-82b7-0fc9cc7187f5_HyperV-ComputeStorage.dll
2024-07-15 16:41 - 2022-05-07 02:20 - 000006658 _____ C:\Windows\system32\VmFirmwareHcl Third-Party Notices.txt
2024-07-15 16:41 - 2022-05-07 02:20 - 000006658 _____ C:\Windows\system32\VmFirmware Third-Party Notices.txt
2024-07-14 15:40 - 2024-03-23 19:09 - 000000000 ____D C:\Users\Net\AppData\Roaming\Zoom
2024-07-13 13:17 - 2024-03-06 21:38 - 000003629 _____ C:\Users\Net\Desktop\Novo(a) Documento de Texto.txt
2024-07-13 11:16 - 2024-03-24 18:53 - 000000000 ____D C:\Users\Net\AppData\Local\Learnpulse
2024-07-13 11:16 - 2024-03-24 18:52 - 000000000 ____D C:\Users\Net\AppData\Roaming\Learnpulse
2024-07-10 20:55 - 2024-03-05 17:00 - 000000000 ____D C:\ProgramData\Packages
2024-07-10 18:00 - 2023-12-04 03:29 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2024-07-10 18:00 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\UUS
2024-07-10 18:00 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2024-07-10 18:00 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\SystemResources
2024-07-10 18:00 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\WinMetadata
2024-07-10 18:00 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\Sgrm
2024-07-10 18:00 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2024-07-10 18:00 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\oobe
2024-07-10 17:59 - 2022-05-07 07:41 - 000000000 ____D C:\Windows\InboxApps
2024-07-10 17:59 - 2022-05-07 02:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-07-10 17:59 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\ShellExperiences
2024-07-10 17:59 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\ShellComponents
2024-07-10 17:59 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\Provisioning
2024-07-10 17:59 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\PolicyDefinitions
2024-07-10 17:59 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\bcastdvr
2024-07-10 17:19 - 2024-04-10 22:14 - 000000000 ____D C:\Windows\system32\MRT
2024-07-10 17:16 - 2024-04-10 22:14 - 194135240 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2024-07-10 17:08 - 2024-03-05 19:58 - 003212800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-07-09 10:18 - 2024-03-09 14:18 - 000004321 _____ C:\Users\Net\Desktop\Novo(a) Documento de Texto (2).txt
2024-07-08 18:27 - 2024-03-06 04:47 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WPS Office
2024-07-06 03:07 - 2024-06-15 16:16 - 000001104 _____ C:\Users\Public\Desktop\TubeDigger.lnk
2024-07-06 03:07 - 2024-06-15 16:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TubeDigger
2024-07-06 03:07 - 2024-06-15 16:16 - 000000000 ____D C:\Program Files (x86)\TubeDigger
2024-07-03 11:06 - 2024-06-15 15:28 - 000000000 ____D C:\ProgramData\IObit
2024-07-02 18:28 - 2024-05-15 20:58 - 000000000 ____D C:\Users\Net\AppData\Roaming\LosslessCut
==================== Arquivos na raiz de alguns diretórios ========
2024-06-01 06:03 - 2024-06-01 06:03 - 003364512 _____ (Nicolas Coolman) C:\Users\Neo\ZHPCleaner.exe
2024-04-29 16:53 - 2024-04-29 16:53 - 000000171 _____ () C:\Users\Neo\AppData\Roaming\822f02e4-9e9a-4077-a765-71edfca16ad0
2024-04-26 17:54 - 2024-05-13 19:50 - 000007859 _____ () C:\Users\Neo\AppData\Roaming\pcouffin.cat
2024-04-26 17:54 - 2024-05-13 19:50 - 000001167 _____ () C:\Users\Neo\AppData\Roaming\pcouffin.inf
2024-04-26 17:54 - 2024-05-13 19:50 - 000000034 _____ () C:\Users\Neo\AppData\Roaming\pcouffin.log
2024-05-13 19:50 - 2024-05-13 19:50 - 000082816 _____ (VSO Software) C:\Users\Neo\AppData\Roaming\pcouffin.sys
==================== SigCheck ============================
(Não há correção automática para arquivos que não passaram na verificação.)
==================== Fim de FRST.txt ========================
Resultado da análise adicional Farbar Recovery Scan Tool (x64) Versão: 28.07.2024
Executado por Neo (30-07-2024 17:35:17)
Executando a partir de C:\Users\Net\Desktop
Microsoft Windows 11 Pro Versão 23H2 22631.3880 (X64) (2024-03-05 20:00:10)
Modo da Inicialização: Normal
==========================================================
==================== Contas: =============================
(Se uma entrada for incluída na fixlist, será removida.)
Administrador (S-1-5-21-1875411646-3612572813-2532316385-500 - Administrator - Disabled)
Convidado (S-1-5-21-1875411646-3612572813-2532316385-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-1875411646-3612572813-2532316385-503 - Limited - Disabled)
Neo (S-1-5-21-1875411646-3612572813-2532316385-1001 - Administrator - Enabled) => C:\Users\Neo
Net (S-1-5-21-1875411646-3612572813-2532316385-1002 - Limited - Enabled) => C:\Users\Net
WDAGUtilityAccount (S-1-5-21-1875411646-3612572813-2532316385-504 - Limited - Disabled)
==================== Central de Segurança ========================
(Se uma entrada for incluída na fixlist, será removida.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Programas Instalados ======================
(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)
7-Zip 24.01 (x64) (HKLM\...\7-Zip) (Version: 24.01 - Igor Pavlov)
Boilsoft Video Splitter 8.3.3 (HKU\S-1-5-21-1875411646-3612572813-2532316385-1002\...\cfc26c2a-150b-5ef7-9bdf-a41433ec180c) (Version: 8.3.3 - )
CapCut (HKU\S-1-5-21-1875411646-3612572813-2532316385-1001\...\CapCut) (Version: 3.8.0.1431 - Bytedance Pte. Ltd.)
CrystalDiskInfo 9.2.3 (HKLM\...\CrystalDiskInfo_is1) (Version: 9.2.3 - Crystal Dew World)
Doomsday 2.3.1.3685 (HKLM\...\{9D9190C1-135F-4107-A36F-09AE5EA318BE}) (Version: 2.3.1.3685 - dengine.net)
FastStone Image Viewer 7.8 (HKLM-x32\...\FastStone Image Viewer) (Version: 7.8 - FastStone Corporation)
FormatFactory 5.17.0.0 (HKLM-x32\...\FormatFactory) (Version: 5.17.0.0 - Free Time)
Foxit PDF Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 2024.2.2.25170 - Foxit Software Inc.)
FreeCAD 0.21.2 (Instalado para o Usuário Atual) (HKU\S-1-5-21-1875411646-3612572813-2532316385-1002\...\FreeCAD0212) (Version: 0.21.2 - FreeCAD Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 127.0.6533.73 - Google LLC)
HandBrake 1.8.1 (HKLM-x32\...\HandBrake) (Version: 1.8.1 - )
HP DeskJet 2130 series Software básico do dispositivo (HKLM\...\{30135B68-7334-4D1B-8AB4-A79EF84ECDE1}) (Version: 40.15.1230.21319 - HP Inc.)
HP Dropbox Plugin (HKLM-x32\...\{8533E879-3794-426D-96B1-B010B56B03F5}) (Version: 40.13.54.81239 - HP)
HP Google Drive Plugin (HKLM-x32\...\{57E78C1A-6BCB-42E9-B3A5-54A05CA85E1C}) (Version: 40.13.54.81239 - HP)
K-Lite Mega Codec Pack 18.2.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 18.2.0 - KLCP)
Microsoft .NET Host - 6.0.27 (x64) (HKLM\...\{3A96B93E-763F-41E7-85C7-1F3CCC37EF27}) (Version: 48.108.8828 - Microsoft Corporation) Hidden
Microsoft .NET Host - 8.0.5 (x64) (HKLM\...\{8FB40332-CD49-4E77-A40D-E2D09368632D}) (Version: 64.20.13583 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.27 (x64) (HKLM\...\{7447A794-FA2E-42BE-BA9A-5FCBD54C5DF3}) (Version: 48.108.8828 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 8.0.5 (x64) (HKLM\...\{25F6351D-21A3-4E92-964E-01E864A21AB1}) (Version: 64.20.13583 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.27 (x64) (HKLM\...\{79043ED0-7ED1-4227-A5E5-04C5594D21F7}) (Version: 48.108.8828 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 8.0.5 (x64) (HKLM\...\{26037618-FB6D-47BC-9F99-4C4323C4CEC6}) (Version: 64.20.13583 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 127.0.2651.74 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 126.0.2592.113 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1875411646-3612572813-2532316385-1002\...\OneDriveSetup.exe) (Version: 24.132.0701.0002 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 (HKLM-x32\...\{5af95fd8-a22e-458f-acee-c61bd787178e}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33810 (HKLM\...\{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33810 (HKLM\...\{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.27 (x64) (HKLM\...\{E634F316-BEB6-4FB3-A612-F7102F576165}) (Version: 48.108.8836 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.27 (x64) (HKLM-x32\...\{d87ae0f4-64a6-4b94-859a-530b9c313c27}) (Version: 6.0.27.33320 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 8.0.5 (x64) (HKLM\...\{CE4D0B17-4E11-41F9-8C3B-73F61DFE0797}) (Version: 64.20.13589 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.5 (x64) (HKLM-x32\...\{f1becfe0-3a94-4d8f-ba39-c5853803edda}) (Version: 8.0.5.33617 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox (x64 pt-BR) (HKLM\...\Mozilla Firefox 128.0.3 (x64 pt-BR)) (Version: 128.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 115.8.1 - Mozilla)
Mozilla Thunderbird (x64 pt-BR) (HKLM\...\Mozilla Thunderbird 115.13.0 (x64 pt-BR)) (Version: 115.13.0 - Mozilla)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 30.2.2 - OBS Project)
Oracle VM VirtualBox 7.0.18 (HKLM\...\{7431991E-0534-4E1E-89C8-2AF6968C017C}) (Version: 7.0.18 - Oracle and/or its affiliates)
PaperScan 3 Free Edition (HKLM-x32\...\{87B0142A-373A-4A08-90E8-A75C2027808E}) (Version: 3.0.130 - ORPALIS)
qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.6.5 - The qBittorrent project)
Telegram Desktop (HKU\S-1-5-21-1875411646-3612572813-2532316385-1002\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 5.2.3 - Telegram FZ-LLC)
TubeDigger 7.7.3 (HKLM-x32\...\{1E3745C1-674D-4B2E-B8F7-3F4088950ED7}_is1) (Version: 7.7.3 - TubeDigger)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.14.0 - Tweaking.com)
WonderFox DVD Ripper Pro 23.0 (HKLM-x32\...\WonderFox DVD Ripper Pro) (Version: 23.0 - WonderFox Soft, Inc.)
WPS Office (12.2.0.17153) (HKU\S-1-5-21-1875411646-3612572813-2532316385-1002\...\Kingsoft Office) (Version: 12.2.0.17153 - Kingsoft Corp.)
Zoom (HKU\S-1-5-21-1875411646-3612572813-2532316385-1002\...\ZoomUMX) (Version: 5.17.11 (34827) - Zoom Video Communications, Inc.)
Packages:
=========
Fotos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11070.19012.0_x64__8wekyb3d8bbwe [2024-07-25] (Microsoft Corporation) [Startup Task]
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.LKG_cw5n1h2txyewy [2024-07-10] (Microsoft Windows)
==================== Análise Personalizada CLSID (Whitelisted): ==============
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1001_Classes\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\localserver32 -> "C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileCoAuth.exe" => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1001_Classes\CLSID\{07CA83F0-DF06-4E67-89DD-E80924A49512}\localserver32 -> "C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileCoAuth.exe" => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1001_Classes\CLSID\{0827D883-485C-4D62-BA2C-A332DBF3D4B0}\localserver32 -> "C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileCoAuth.exe" => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1001_Classes\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6}\InprocServer32 -> C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1001_Classes\CLSID\{2e7c0a19-0438-41e9-81e3-3ad3d64f55ba}\localserver32 -> "C:\Users\Neo\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /cci /client=Personal => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1001_Classes\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\localserver32 -> "C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileCoAuth.exe" => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1001_Classes\CLSID\{3A308EFE-656D-46BB-9963-0A41C0D6BCA2}\localserver32 -> "C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileCoAuth.exe" => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1001_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> "C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\Microsoft.SharePoint.exe" => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1001_Classes\CLSID\{5999E1EE-711E-48D2-9884-851A709F543D}\localserver32 -> "C:\Users\Neo\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /autoplay => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1001_Classes\CLSID\{6bb93b4e-44d8-40e2-bd97-42dbcf18a40f}\localserver32 -> "C:\Users\Neo\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /cci => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> "C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileCoAuth.exe" => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1001_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> "C:\Users\Neo\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /cci /client=Personal => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1001_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> "C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\Microsoft.SharePoint.exe" => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1001_Classes\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\localserver32 -> "C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileCoAuth.exe" => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> "C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileCoAuth.exe" => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1001_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32 -> C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1001_Classes\CLSID\{A3CA1CF4-5F3E-4AC0-91B9-0D3716E1EAC3}\localserver32 -> "C:\Users\Neo\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /cci /client=Personal => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1001_Classes\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\localserver32 -> "C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileCoAuth.exe" => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1001_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> "C:\Users\Neo\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /cci /client=Personal => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1001_Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32 -> C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1001_Classes\CLSID\{F37369D9-1C22-40A0-A997-0B4D5F7B6637}\localserver32 -> "C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileCoAuth.exe" => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1002_Classes\CLSID\{1a46400f-4c81-802a-c2c1-1e9a687a9340}\localserver32 -> C:\Program Files\HandBrake\HandBrake.exe (HandBrake Team) [Arquivo não assinado]
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1002_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\Net\AppData\Local\Kingsoft\WPS Office\12.2.0.17153\office6\kwpsmenushellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1002_Classes\CLSID\{38cf1c8d-6ef4-5049-e979-72309843229c}\localserver32 -> "C:\Users\Net\AppData\Local\Grammarly\DesktopIntegrations\Grammarly.Desktop.exe" -ToastActivated => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1875411646-3612572813-2532316385-1002_Classes\CLSID\{48ce1c96-b3fb-4ec5-9c32-55cb22a77544}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll => Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll -> Nenhum Arquivo
ContextMenuHandlers1: [1XdShellExt] -> {B4E15CD0-F916-4C8E-830A-15E3E9D01A1B} => C:\Users\Neo\AppData\Roaming\SwifDooPDFData\PDFShell64.dll -> Nenhum Arquivo
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-01-31] (Igor Pavlov) [Arquivo não assinado]
ContextMenuHandlers1: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FormatFactory\ShellEx_108.dll [2024-01-04] (Free Time) [Arquivo não assinado]
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll -> Nenhum Arquivo
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-01-31] (Igor Pavlov) [Arquivo não assinado]
ContextMenuHandlers4: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FormatFactory\ShellEx_108.dll [2024-01-04] (Free Time) [Arquivo não assinado]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll -> Nenhum Arquivo
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-01-31] (Igor Pavlov) [Arquivo não assinado]
ContextMenuHandlers1_S-1-5-21-1875411646-3612572813-2532316385-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll -> Nenhum Arquivo
ContextMenuHandlers4_S-1-5-21-1875411646-3612572813-2532316385-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll -> Nenhum Arquivo
ContextMenuHandlers5_S-1-5-21-1875411646-3612572813-2532316385-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll -> Nenhum Arquivo
ContextMenuHandlers1_S-1-5-21-1875411646-3612572813-2532316385-1002: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => -> Nenhum Arquivo
ContextMenuHandlers1_S-1-5-21-1875411646-3612572813-2532316385-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll -> Nenhum Arquivo
ContextMenuHandlers2_S-1-5-21-1875411646-3612572813-2532316385-1002: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => -> Nenhum Arquivo
ContextMenuHandlers4_S-1-5-21-1875411646-3612572813-2532316385-1002: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => -> Nenhum Arquivo
ContextMenuHandlers4_S-1-5-21-1875411646-3612572813-2532316385-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll -> Nenhum Arquivo
ContextMenuHandlers4_S-1-5-21-1875411646-3612572813-2532316385-1002: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => -> Nenhum Arquivo
ContextMenuHandlers5_S-1-5-21-1875411646-3612572813-2532316385-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Neo\AppData\Local\Microsoft\OneDrive\24.025.0204.0003\FileSyncShell64.dll -> Nenhum Arquivo
ContextMenuHandlers5_S-1-5-21-1875411646-3612572813-2532316385-1002: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => -> Nenhum Arquivo
ContextMenuHandlers6_S-1-5-21-1875411646-3612572813-2532316385-1002: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => -> Nenhum Arquivo
==================== Codecs (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] () [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [310784 2019-12-28] () [Arquivo não assinado]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284160 2019-12-28] () [Arquivo não assinado]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [Arquivo não assinado]
==================== Atalhos & WMI ========================
==================== Módulos Carregados (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
==================== Modo de Segurança (Whitelisted) ==================
(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Associação (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Sem Nome -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> Nenhum Arquivo
==================== Hosts Conteúdo: =========================
(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)
2022-05-07 02:24 - 2024-03-22 09:51 - 000000855 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
2024-07-15 21:03 - 2024-07-17 18:28 - 000000617 _____ C:\Windows\system32\drivers\etc\hosts.ics
172.29.157.217 22922b9a-4629-4236-b491-5ac7cafb2365.mshome.net # 2024 7 3 24 21 28 39 457
172.29.92.225 4e65c691-6d8c-4623-991c-1b7fb7b055ba.mshome.net # 2024 7 2 23 0 25 57 481
172.29.144.1 Matrix2025.mshome.net # 2029 7 1 16 21 28 39 457
==================== Outras Áreas ===========================
(Atualmente não há nenhuma correção automática para esta seção.)
HKU\S-1-5-21-1875411646-3612572813-2532316385-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1875411646-3612572813-2532316385-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img19.jpg
DNS Servers: 181.213.132.6 - 181.213.132.7
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Firewall do Windows está habilitado.
Network Binding:
=============
vms_vsf: Filtro de Extensão de Comutador Virtual Hyper-V
oracle_VBoxNetLwf: VirtualBox NDIS6 Bridged Networking Driver
ms_winvfp: Microsoft Azure VFP Switch Filter Extension
vms_vsp: Hyper-V Virtual Switch Extension Protocol
==================== MSCONFIG/TASK MANAGER ítens desabilitados ==
(Se uma entrada for incluída na fixlist, será removida.)
HKU\S-1-5-21-1875411646-3612572813-2532316385-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1875411646-3612572813-2532316385-1002\...\StartupApproved\Run: => "Privacy Eraser"
HKU\S-1-5-21-1875411646-3612572813-2532316385-1002\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
==================== Regras do Firewall (Whitelisted) ================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
FirewallRules: [{977D5438-2C8B-4637-A121-A395C0D1C647}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A37DE8A9-647F-49F1-8947-B7B91E437198}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4C5224C8-301E-4FA6-B33C-776CE35E6CD3}] => (Allow) C:\Users\Net\AppData\Local\Kingsoft\WPS Office\12.2.0.13489\office6\wps.exe => Nenhum Arquivo
FirewallRules: [{D01E8303-88E3-4372-87C8-241251717654}] => (Allow) C:\Users\Net\AppData\Local\Kingsoft\WPS Office\12.2.0.13489\office6\wpscloudsvr.exe => Nenhum Arquivo
FirewallRules: [{80EC98A6-E96F-49D3-BC7F-628E238B6BA9}] => (Allow) C:\Users\Net\AppData\Local\Kingsoft\WPS Office\12.2.0.13489\office6\promecefpluginhost.exe => Nenhum Arquivo
FirewallRules: [{96309AED-7551-48E5-B069-3C4D18957D7A}] => (Allow) C:\Users\Neo\AppData\Local\Temp\7zS22B1\HP.EasyStart.exe => Nenhum Arquivo
FirewallRules: [{6F7B5A15-0D45-498F-978D-A84D5EB8F133}] => (Allow) C:\Users\Neo\AppData\Local\Temp\7zS4EAB\HP.EasyStart.exe => Nenhum Arquivo
FirewallRules: [{B3F026C0-2C49-4896-A79A-F88CE227577C}] => (Allow) C:\Users\Neo\AppData\Local\Temp\7zS21AA\HP.EasyStart.exe => Nenhum Arquivo
FirewallRules: [{B5D2C557-0FA1-463F-9783-E50F1C497B83}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\USBSetup.exe (HP Inc. -> HP Inc.)
FirewallRules: [{D9E7E3C4-EDEB-4A4F-AE64-34BD2A2EC699}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> HP Inc.)
FirewallRules: [{71AD41E4-9C71-40CA-91A3-9E096FC27ACC}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (Free Time Software Technology Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [TCP Query User{F37BC3C0-3712-4A1A-8C74-04A3006AAAD5}E:\matrix\downloads\dreamule_bin\emule.exe] => (Allow) E:\matrix\downloads\dreamule_bin\emule.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{EFB9946B-19EC-43AC-B6E0-EBEDA07CC6F2}E:\matrix\downloads\dreamule_bin\emule.exe] => (Allow) E:\matrix\downloads\dreamule_bin\emule.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{C821544E-EF83-4684-B5BD-509D11799F6A}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{AB9C677C-0D2C-411E-97BA-4E68C73A9D49}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{0A4B9458-169C-43FB-A5F8-84DD0E95310E}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{6E4748F4-DFC2-476E-BB4D-5D1A1FF94615}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe => Nenhum Arquivo
FirewallRules: [{7EE1DA7C-FA9A-4DEF-A319-51995581E830}] => (Allow) C:\Users\Net\Downloads\hitpaw-edimakor.exe => Nenhum Arquivo
FirewallRules: [{87FB275E-34B6-4288-B4D9-BCABCCA6A10B}] => (Allow) C:\Users\Net\Downloads\hitpaw-edimakor.exe => Nenhum Arquivo
FirewallRules: [{D03073F4-7644-49B9-9D67-B9781FBF580B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Nenhum Arquivo
FirewallRules: [{28000B34-7BF2-474D-9D5D-A15578AE25B1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Nenhum Arquivo
FirewallRules: [{F2F668F5-7DD7-4809-8282-B637488776F7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Nenhum Arquivo
FirewallRules: [{0648CB0F-B5CC-4C12-A3F0-3581F5704FF3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Nenhum Arquivo
FirewallRules: [{B2860D58-2015-49D3-8683-993CD30B91C8}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_21253.510.996.1465_x64__8wekyb3d8bbwe\msteams.exe => Nenhum Arquivo
FirewallRules: [{17EFE77D-9BB4-4BE7-A785-BE5AADA9B675}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_21253.510.996.1465_x64__8wekyb3d8bbwe\msteams.exe => Nenhum Arquivo
FirewallRules: [{418004B6-A1B8-4BD6-812F-AF56ADA12443}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (Free Time Software Technology Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [TCP Query User{718890CA-676B-4D11-AF6A-17F497CFBF27}C:\users\net\appdata\local\zoom\plugin\webview2_x64\120.0.2210.91\msedgewebview2.exe] => (Allow) C:\users\net\appdata\local\zoom\plugin\webview2_x64\120.0.2210.91\msedgewebview2.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{8BFDD4AD-8C47-4894-8793-C41817E9504E}C:\users\net\appdata\local\zoom\plugin\webview2_x64\120.0.2210.91\msedgewebview2.exe] => (Allow) C:\users\net\appdata\local\zoom\plugin\webview2_x64\120.0.2210.91\msedgewebview2.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{186DFB0E-CE93-442A-924A-4110B9337F00}C:\users\net\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\net\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{E1AC5219-8CE5-457A-89CA-09D90B09B910}C:\users\net\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\net\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{DEE256AD-D7C4-4F58-B23A-F31F8ECECDB6}] => (Allow) C:\Users\Net\Downloads\hitpaw-video-converter.exe => Nenhum Arquivo
FirewallRules: [{51D447A4-B562-485F-986F-05FC5FEDF811}] => (Allow) C:\Users\Net\Downloads\hitpaw-video-converter.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{1E34A6F4-8ADA-4663-A2E0-3F967AD12F5F}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{EAF01C9F-81E2-4C0E-BB45-086C88A589C7}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{30D54B27-EE9C-4351-A460-E9EAE1D38D16}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (Free Time Software Technology Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [TCP Query User{011BA5E7-0B59-48C2-BC74-FFC4F7F65DA1}C:\program files\doomsday 2.3.1\bin\doomsday.exe] => (Allow) C:\program files\doomsday 2.3.1\bin\doomsday.exe () [Arquivo não assinado]
FirewallRules: [UDP Query User{A781F7C6-87AE-4E1E-89A2-911AF3224FFD}C:\program files\doomsday 2.3.1\bin\doomsday.exe] => (Allow) C:\program files\doomsday 2.3.1\bin\doomsday.exe () [Arquivo não assinado]
FirewallRules: [{4F985333-73FC-48DF-94CD-5623148D6696}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [Arquivo não assinado]
FirewallRules: [{75EEF45F-12A8-499F-94C3-C22B02A2DA8E}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [Arquivo não assinado]
FirewallRules: [{9A6045A9-BC80-469A-A07C-A4DF9BEF7993}] => (Allow) C:\Program Files (x86)\TubeDigger\TubeDigger.exe (TubeDigger) [Arquivo não assinado]
FirewallRules: [{4B857984-6B81-47FB-BFE8-425BF5A31669}] => (Allow) C:\Program Files (x86)\TubeDigger\CEF3\TubeDgr3.exe (TubeDigger) [Arquivo não assinado]
FirewallRules: [{F663F982-C061-4325-AD1B-B095021BF07C}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4ECE18A9-939E-4F92-8FA5-04F771E43EAE}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Pontos de Restauração =========================
30-07-2024 16:34:27 ZHPcleaner
==================== Dispositivos Apresentando Falhas No Gerenciador ============
==================== Erros no Log de eventos: ========================
Erros em Aplicativos:
==================
Error: (07/30/2024 12:26:14 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado..Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.
Operação:
Obtendo Dados do Gravador
Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {52da0391-c87d-48b3-89f0-05e9b261f172}
Error: (07/30/2024 05:31:06 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Falha na geração de contexto de ativação para "C:\Users\Neo\AppData\Local\CapCut\Apps\CapCut.exe". Erro no arquivo de manifesto ou de política "", na linha .
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:
Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.3672_none_6ec0f0a887fe525b.manifest.
Componente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.3672_none_2713b9d173822955.manifest.
Error: (07/28/2024 07:34:27 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado..Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.
Operação:
Obtendo Dados do Gravador
Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {7d2217c2-4784-409a-a1c2-294abdcadd2f}
Error: (07/28/2024 03:43:29 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado..Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.
Operação:
Obtendo Dados do Gravador
Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {9b057f36-23cf-45b6-b5e3-594f75951877}
Error: (07/27/2024 10:21:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Falha na geração de contexto de ativação para "C:\Program Files (x86)\SwifDooPDF\SwifDooHelper.exe". Erro no arquivo de manifesto ou de política "", na linha .
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:
Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.3672_none_6ec0f0a887fe525b.manifest.
Componente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.3672_none_2713b9d173822955.manifest.
Error: (07/27/2024 10:18:25 AM) (Source: Application Error) (EventID: 1000) (User: Matrix2025)
Description: Nome do aplicativo com falha: Explorer.EXE, versão: 10.0.22621.3880, carimbo de data/hora: 0x0a9e5890
Nome do módulo com falha: windows.storage.dll, versão: 10.0.22621.3880, carimbo de data/hora: 0x72b59cf0
Código de exceção: 0xc0000005
Deslocamento da falha: 0x000000000013a846
ID do processo com falha: 0x0x1b58
Hora de início do aplicativo com falha: 0x0x1dae025be3827f4
Caminho do aplicativo com falha: C:\Windows\Explorer.EXE
Caminho do módulo com falha: C:\Windows\SYSTEM32\windows.storage.dll
ID do Relatório: ec29888b-ac3f-463e-b659-d871d702017e
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:
Error: (07/26/2024 08:17:31 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: AUTORIDADE NT)
Description: O hive do usuário é carregado por outro processo (Bloqueio de Registro). Nome do processo: C:\Windows\System32\svchost.exe, PID: 7448, ProfSvc PID: 1944.
Error: (07/26/2024 08:17:31 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: AUTORIDADE NT)
Description: O hive do usuário é carregado por outro processo (Bloqueio de Registro). Nome do processo: C:\Windows\System32\svchost.exe, PID: 4068, ProfSvc PID: 1944.
Erros de Sistema:
=============
Error: (07/30/2024 05:37:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Browser devido ao seguinte erro:
O serviço não respondeu à requisição de início ou controle em tempo hábil.
Error: (07/30/2024 05:37:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Browser.
Error: (07/30/2024 05:22:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Browser devido ao seguinte erro:
O serviço não respondeu à requisição de início ou controle em tempo hábil.
Error: (07/30/2024 05:22:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Browser.
Error: (07/30/2024 05:09:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Microsoft Update Health Service devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.
Error: (07/30/2024 05:09:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Browser devido ao seguinte erro:
O serviço não respondeu à requisição de início ou controle em tempo hábil.
Error: (07/30/2024 05:09:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Browser.
Error: (07/30/2024 08:07:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Browser devido ao seguinte erro:
O serviço não respondeu à requisição de início ou controle em tempo hábil.
Windows Defender:
================
Date: 2024-07-30 17:34:42
Description:
Microsoft Defender Antivírus detectou PUA (aplicativo potencialmente indesejado).
Para obter mais informações, veja a seguir:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUADlManager:Win32/OfferCore&threatid=311999&enterprise=0
Nome: PUADlManager:Win32/OfferCore
Gravidade: Baixo
Categoria: Software Potencialmente Indesejado
Caminho: file:_C:\Users\Net\Downloads\DTLite1210-2155.exe
Origem da Detecção: Computador local
Tipo da Detecção: Concreto
Fonte da Detecção: Proteção em Tempo Real
Usuário: Matrix2025\Neo
Nome do Processo: C:\Users\Net\Desktop\FRST64.exe
Versão da Inteligência de Segurança: AV: 1.415.409.0, AS: 1.415.409.0, NIS: 1.415.409.0
Versão do Mecanismo: AM: 1.1.24060.5, NIS: 1.1.24060.5
Date: 2024-07-30 16:42:57
Description:
Microsoft Defender Antivírus detectou PUA (aplicativo potencialmente indesejado).
Para obter mais informações, veja a seguir:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUADlManager:Win32/OfferCore&threatid=311999&enterprise=0
Nome: PUADlManager:Win32/OfferCore
Gravidade: Baixo
Categoria: Software Potencialmente Indesejado
Caminho: file:_C:\Users\Net\Downloads\DTLite1210-2155.exe
Origem da Detecção: Computador local
Tipo da Detecção: Concreto
Fonte da Detecção: Proteção em Tempo Real
Usuário: Matrix2025\Net
Nome do Processo: C:\Windows\explorer.exe
Versão da Inteligência de Segurança: AV: 1.415.396.0, AS: 1.415.396.0, NIS: 1.415.396.0
Versão do Mecanismo: AM: 1.1.24060.5, NIS: 1.1.24060.5
Date: 2024-07-30 16:42:30
Description:
Microsoft Defender Antivírus detectou PUA (aplicativo potencialmente indesejado).
Para obter mais informações, veja a seguir:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUADlManager:Win32/OfferCore&threatid=311999&enterprise=0
Nome: PUADlManager:Win32/OfferCore
Gravidade: Baixo
Categoria: Software Potencialmente Indesejado
Caminho: file:_C:\Users\Net\Downloads\DTLite1210-2155.exe
Origem da Detecção: Computador local
Tipo da Detecção: Concreto
Fonte da Detecção: Proteção em Tempo Real
Usuário: Matrix2025\Net
Nome do Processo: C:\Windows\explorer.exe
Versão da Inteligência de Segurança: AV: 1.415.396.0, AS: 1.415.396.0, NIS: 1.415.396.0
Versão do Mecanismo: AM: 1.1.24060.5, NIS: 1.1.24060.5
Date: 2024-07-30 13:28:32
Description:
Microsoft Defender Antivírus detectou PUA (aplicativo potencialmente indesejado).
Para obter mais informações, veja a seguir:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUADlManager:Win32/OfferCore&threatid=311999&enterprise=0
Nome: PUADlManager:Win32/OfferCore
Gravidade: Baixo
Categoria: Software Potencialmente Indesejado
Caminho: file:_C:\Users\Net\Downloads\DTLite1210-2155.exe
Origem da Detecção: Computador local
Tipo da Detecção: Concreto
Fonte da Detecção: Proteção em Tempo Real
Usuário: Matrix2025\Neo
Nome do Processo: C:\Users\Net\Desktop\ZHPCleaner.exe
Versão da Inteligência de Segurança: AV: 1.415.396.0, AS: 1.415.396.0, NIS: 1.415.396.0
Versão do Mecanismo: AM: 1.1.24060.5, NIS: 1.1.24060.5
Date: 2024-07-30 13:28:15
Description:
Microsoft Defender Antivírus detectou PUA (aplicativo potencialmente indesejado).
Para obter mais informações, veja a seguir:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUADlManager:Win32/OfferCore&threatid=311999&enterprise=0
Nome: PUADlManager:Win32/OfferCore
Gravidade: Baixo
Categoria: Software Potencialmente Indesejado
Caminho: file:_C:\Users\Net\Downloads\DTLite1210-2155.exe
Origem da Detecção: Computador local
Tipo da Detecção: Concreto
Fonte da Detecção: Proteção em Tempo Real
Usuário: Matrix2025\Neo
Nome do Processo: C:\Users\Net\Desktop\ZHPCleaner.exe
Versão da Inteligência de Segurança: AV: 1.415.396.0, AS: 1.415.396.0, NIS: 1.415.396.0
Versão do Mecanismo: AM: 1.1.24060.5, NIS: 1.1.24060.5
Event[0]
Date: 2024-03-22 09:49:37
Description:
Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança.
Nova Versão da Inteligência de Segurança:
Versão da Inteligência de Segurança anterior: 1.407.622.0
Fonte da Atualização: Servidor do Microsoft Update
Tipo da Inteligência de Segurança: Antivírus
Tipo da atualização: Completa
Usuário: AUTORIDADE NT\SISTEMA
Versão Atual do Mecanismo:
Versão Anterior do Mecanismo: 1.1.24020.9
Código de Erro: 0x8007043c
Descrição do Erro: Não é possível compartilhar este serviço no modo de segurança
Date: 2024-03-22 09:39:22
Description:
O recurso de Proteção em Tempo Real do Microsoft Defender Antivírus encontrou um erro e falhou.
Recurso: Em Tempo de Acesso
Código do Erro: 0x8007043c
Descrição do erro: Não é possível compartilhar este serviço no modo de segurança
Motivo: A inteligência de segurança antimalware parou de funcionar por um motivo desconhecido. Em alguns casos, reiniciar o serviço pode resolver o problema.
Date: 2024-03-16 12:03:58
Description:
Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança.
Nova Versão da Inteligência de Segurança:
Versão da Inteligência de Segurança anterior: 1.407.471.0
Fonte da Atualização: Servidor do Microsoft Update
Tipo da Inteligência de Segurança: Antivírus
Tipo da atualização: Completa
Usuário: AUTORIDADE NT\SISTEMA
Versão Atual do Mecanismo:
Versão Anterior do Mecanismo: 1.1.24020.9
Código de Erro: 0x8007043c
Descrição do Erro: Não é possível compartilhar este serviço no modo de segurança
Date: 2024-03-16 11:53:42
Description:
O recurso de Proteção em Tempo Real do Microsoft Defender Antivírus encontrou um erro e falhou.
Recurso: Em Tempo de Acesso
Código do Erro: 0x8007043c
Descrição do erro: Não é possível compartilhar este serviço no modo de segurança
Motivo: A inteligência de segurança antimalware parou de funcionar por um motivo desconhecido. Em alguns casos, reiniciar o serviço pode resolver o problema.
Date: 2024-03-15 18:38:50
Description:
Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança.
Nova Versão da Inteligência de Segurança:
Versão da Inteligência de Segurança anterior: 1.407.454.0
Fonte da Atualização: Servidor do Microsoft Update
Tipo da Inteligência de Segurança: Antivírus
Tipo da atualização: Completa
Usuário: AUTORIDADE NT\SISTEMA
Versão Atual do Mecanismo:
Versão Anterior do Mecanismo: 1.1.24020.9
Código de Erro: 0x8007043c
Descrição do Erro: Não é possível compartilhar este serviço no modo de segurança
CodeIntegrity:
===============
Date: 2024-07-26 20:36:33
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\TubeDigger\TbdgHook64.dll that did not meet the Microsoft signing level requirements.
==================== Informações da Memória ===========================
BIOS: American Megatrends Inc. 0701 06/23/2014
placa-mãe: ASUSTeK COMPUTER INC. A58M-A/BR
Processador: AMD A8-7650K Radeon R7, 10 Compute Cores 4C+6G
Percentagem de memória em uso: 42%
RAM física total: 7110.45 MB
RAM física disponível: 4072.74 MB
Virtual Total: 7558.45 MB
Virtual disponível: 4084.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:139.96 GB) (Free:17.61 GB) (Model: SSD 256GB) NTFS
Drive d: (Novo volume) (Fixed) (Total:97.66 GB) (Free:13.67 GB) (Model: SSD 256GB) NTFS
Drive e: (Novo volume) (Fixed) (Total:476.91 GB) (Free:431.31 GB) (Model: SSD 512GB) NTFS
\\?\Volume{cb800121-0000-0000-0000-100000000000}\ (Reservado pelo Sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
\\?\Volume{cb800121-0000-0000-0000-a06d3b000000}\ () (Fixed) (Total:0.76 GB) (Free:0.08 GB) NTFS
\\?\Volume{3657e3c3-0000-0000-0060-253a77000000}\ (VTOYEFI) (Fixed) (Total:0.03 GB) (Free:0 GB) FAT
==================== MBR & Tabela de Partições ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: CB800121)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=140 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=0F Extended)
Partition 4: (Not Active) - (Size=778 MB) - (Type=27)
==========================================================
Disk: 1 (Size: 476.9 GB) (Disk ID: 3657E3C3)
Partition 1: (Not Active) - (Size=476.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=32 MB) - (Type=EF)
==================== Fim de Addition.txt =======================
Tive que usar o recurso copiar e colar porque está dando erro ao tentar anexar arquivos.
Fico no aguardo de mais instruçoes e desde já agradeço pela atenção.