Conteúdo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Fundo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Desenho: Liso Onda Linha Retalho Madeira Rocha Couro Colméia Vertical Triângulo
Bem-vindo ao Fórum do BABOO!

Desde 2000 o Fórum do BABOO tem ajudado milhões de internautas de Windows a resolverem seus problemas e dúvidas, além de ajudar na remoção de vírus e malwares de seus computadores. Somos o único fórum brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows, então se você tem uma dúvida ou problema que nenhum outro fórum resolve, poste-a aqui pois o MVP Babooadora desafios!
  

O Fórum do BABOO também conta com a participação exclusiva do administrador da área de Segurança MVP Mr.Million que tem reconhecimento internacional da Microsoft pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Se o seu computador está infectado por algum vírus, ele te ajudará a removê-lo!
  

Nosso time de especialistas também inclui Patropi  Osvaldomp  Caze  Ciro-Mota  XERLOUCO ROUMS  Tatha que responderão suas dúvidas sobre diversos assuntos.
 

Participe da nossa comunidade! 

 

Marcio_B_Alves

Solicitação de análise de logs

19 posts neste tópico

Bom Dia a Todos

Depois de uma (longa) ausência estou de volta e com virus no laptop.

Já fiz todos os procedimentos solicitados no Tópico Oficial.

De há uns dias para cá tou notando o laptop cada vez mais lento. 
Após análises de CCleaner e do Mbam noto que a lentidão continua, pelo que peço humildemente a vossa ajuda.

Segue o meu Log para exame

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:16:52, on 12/08/2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.15063.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Users\Márcio\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\RLinkToolbox 3\RLinkToolbox.exe
C:\Users\Márcio\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Ares\Ares.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
C:\Users\Márcio\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?PC=ASJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com/?PC=ASJB
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.1.9.384\ASUSWSLoader.exe
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [ASUS InstantKey] C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [ProductUpdater] C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Márcio\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Márcio\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
O4 - HKCU\..\Run: [RLinkToolbox.exe] C:\Program Files (x86)\RLinkToolbox 3\RLinkToolbox.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [BingSvc] C:\Users\Márcio\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [Epic Privacy Browser Installer] "C:\Users\Márcio\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: SafeKey Fill Forms - file://C:\Users\Márcio\AppData\LocalLow\SafeKey\context.html?cmd=fillforms
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{10673326-f0e4-4bdf-b066-6f0da5808806}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{10673326-f0e4-4bdf-b066-6f0da5808806}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files\ASUS\P4G\InsOnSrv.exe
O23 - Service: Asus WebStorage Windows Service - ASUS Cloud Corporation - C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Serviço de Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\Windows\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Serviço Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem93.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\Windows\system32\ibtsiva (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13734 bytes



Cumprimentos a todos desde a Suíça

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Marcio_B_Alves! Baixe MbrScan.exe by Eric_71 > salve no desktop.

Dê um duplo-clique para executar a ferramenta. Clique no botão Scan. Ao final do exame clique no botão Report. Abrirá um bloco de notas com o resultado do exame. É salvo no desktop com o nome de MbrScan.log.

Selecione, copie e cole o seu conteúdo na próxima resposta.

Baixe Farbar Service Scanner e salve no desktop. Execute a ferramenta.

Além das checkboxes que já estão marcadas por padrão, marque as seguintes:

  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender


Clique em Scan e aguarde o exame acabar, Ao final será gerado um log chamado FSS.txt que é salvo no mesmo diretório que está o FSS, ou seja, no desktop.

Selecione, copie e cole o seu conteúdo na próxima resposta.

 


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

Primeiramente Muito Obrigado pela sua rápida ajuda.

Seguem os Logs:


	MBRScan v1.1.1









	OS             : Windows 8  (64 bit)

	PROCESSOR      : Intel64 Family 6 Model 60 Stepping 3, GenuineIntel

	BOOT           : Normal Boot

	DATE           : 2017/08/12 (ISO 8601) at 12:05:31

	________________________________________________________________________________









	DISK           : Device\Harddisk0\DR0 __ST1000LM024 HN-M101MBB (2BA30001)

	BUS_TYPE       : (0x0B)  S-ATA

	USE_PIO        : YES

	MAX_TRANSFER   : 128 Kb

	ALIGNMENT_MASK : word aligned

	________________________________________________________________________________









	Device\Harddisk0\DR0    931.5 Go  [Fixed] ==> Unknown MBR Code...









	MBR_MD5   : A959A23ED916ADDD6D1290877C682D7E

	MBR_SHA1  : 406E784BDF8B51002A1BF2DCEB7DB918C0B003FE









	Device\Harddisk0\Partition1    2.00 To      0xEE EFI GPT[1] 

	________________________________________________________________________________









	############################### Additional scan ################################









	DRIVER  : C:\Windows\system32\ntoskrnl.exe => Invisible on the disk

	ADDRESS : 0x2E08F000

	SIZE    : 8.54 Mo









	DRIVER  : C:\Windows\system32\hal.dll => Invisible on the disk

	ADDRESS : 0x2E013000

	SIZE    : 496.0 Ko









	DRIVER  : C:\Windows\system32\kd.dll => Invisible on the disk

	ADDRESS : 0x2EA00000

	SIZE    : 44.0 Ko









	DRIVER  : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk

	ADDRESS : 0x34630000

	SIZE    : 568.0 Ko









	DRIVER  : C:\Windows\System32\drivers\msrpc.sys => Invisible on the disk

	ADDRESS : 0x346C0000

	SIZE    : 380.0 Ko









	DRIVER  : C:\Windows\System32\drivers\ksecdd.sys => Invisible on the disk

	ADDRESS : 0x34720000

	SIZE    : 164.0 Ko









	DRIVER  : C:\Windows\System32\drivers\werkernel.sys => Invisible on the disk

	ADDRESS : 0x34750000

	SIZE    : 68.0 Ko









	DRIVER  : C:\Windows\System32\drivers\CLFS.SYS => Invisible on the disk

	ADDRESS : 0x34770000

	SIZE    : 404.0 Ko









	DRIVER  : C:\Windows\System32\drivers\tm.sys => Invisible on the disk

	ADDRESS : 0x33A00000

	SIZE    : 148.0 Ko









	DRIVER  : C:\Windows\System32\drivers\FLTMGR.SYS => Invisible on the disk

	ADDRESS : 0x33A60000

	SIZE    : 404.0 Ko









	DRIVER  : C:\Windows\System32\drivers\clipsp.sys => Invisible on the disk

	ADDRESS : 0x33AD0000

	SIZE    : 896.0 Ko









	DRIVER  : C:\Windows\System32\drivers\cmimcext.sys => Invisible on the disk

	ADDRESS : 0x33BB0000

	SIZE    : 56.0 Ko









	DRIVER  : C:\Windows\System32\drivers\ntosext.sys => Invisible on the disk

	ADDRESS : 0x33BC0000

	SIZE    : 48.0 Ko









	DRIVER  : C:\Windows\system32\CI.dll => Invisible on the disk

	ADDRESS : 0x33BD0000

	SIZE    : 672.0 Ko









	DRIVER  : C:\Windows\System32\drivers\cng.sys => Invisible on the disk

	ADDRESS : 0x33C80000

	SIZE    : 648.0 Ko









	DRIVER  : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk

	ADDRESS : 0x33D30000

	SIZE    : 888.0 Ko









	DRIVER  : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk

	ADDRESS : 0x33E10000

	SIZE    : 76.0 Ko









	DRIVER  : C:\Windows\system32\drivers\SleepStudyHelper.sys => Invisible on the disk

	ADDRESS : 0x33E30000

	SIZE    : 56.0 Ko









	DRIVER  : C:\Windows\System32\Drivers\acpiex.sys => Invisible on the disk

	ADDRESS : 0x33E40000

	SIZE    : 140.0 Ko









	DRIVER  : C:\Windows\System32\Drivers\WppRecorder.sys => Invisible on the disk

	ADDRESS : 0x33E70000

	SIZE    : 56.0 Ko









	DRIVER  : C:\Windows\System32\drivers\ACPI.sys => Invisible on the disk

	ADDRESS : 0x33E80000

	SIZE    : 732.0 Ko









	DRIVER  : C:\Windows\System32\drivers\WMILIB.SYS => Invisible on the disk

	ADDRESS : 0x33F40000

	SIZE    : 48.0 Ko









	DRIVER  : C:\Windows\System32\drivers\intelpep.sys => Invisible on the disk

	ADDRESS : 0x33F60000

	SIZE    : 92.0 Ko









	DRIVER  : C:\Windows\system32\drivers\WindowsTrustedRT.sys => Invisible on the disk

	ADDRESS : 0x33F80000

	SIZE    : 88.0 Ko









	DRIVER  : C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys => Invisible on the disk

	ADDRESS : 0x33FA0000

	SIZE    : 44.0 Ko









	DRIVER  : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk

	ADDRESS : 0x33FB0000

	SIZE    : 76.0 Ko









	DRIVER  : C:\Windows\System32\drivers\msisadrv.sys => Invisible on the disk

	ADDRESS : 0x33FD0000

	SIZE    : 44.0 Ko









	DRIVER  : C:\Windows\System32\drivers\pci.sys => Invisible on the disk

	ADDRESS : 0x33FE0000

	SIZE    : 364.0 Ko









	DRIVER  : C:\Windows\System32\drivers\vdrvroot.sys => Invisible on the disk

	ADDRESS : 0x34040000

	SIZE    : 72.0 Ko









	DRIVER  : C:\Windows\system32\drivers\pdc.sys => Invisible on the disk

	ADDRESS : 0x34060000

	SIZE    : 140.0 Ko









	DRIVER  : C:\Windows\system32\drivers\CEA.sys => Invisible on the disk

	ADDRESS : 0x34090000

	SIZE    : 96.0 Ko









	DRIVER  : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk

	ADDRESS : 0x340B0000

	SIZE    : 172.0 Ko









	DRIVER  : C:\Windows\System32\drivers\spaceport.sys => Invisible on the disk

	ADDRESS : 0x340E0000

	SIZE    : 592.0 Ko









	DRIVER  : C:\Windows\System32\drivers\volmgr.sys => Invisible on the disk

	ADDRESS : 0x34180000

	SIZE    : 100.0 Ko









	DRIVER  : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk

	ADDRESS : 0x341A0000

	SIZE    : 376.0 Ko









	DRIVER  : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk

	ADDRESS : 0x34200000

	SIZE    : 120.0 Ko









	DRIVER  : C:\Windows\System32\drivers\iaStorA.sys => Invisible on the disk

	ADDRESS : 0x35570000

	SIZE    : 5.46 Mo









	DRIVER  : C:\Windows\System32\drivers\storport.sys => Invisible on the disk

	ADDRESS : 0x35AF0000

	SIZE    : 552.0 Ko









	DRIVER  : C:\Windows\System32\drivers\EhStorClass.sys => Invisible on the disk

	ADDRESS : 0x35B80000

	SIZE    : 112.0 Ko









	DRIVER  : C:\Windows\System32\drivers\fileinfo.sys => Invisible on the disk

	ADDRESS : 0x35BA0000

	SIZE    : 104.0 Ko









	DRIVER  : C:\Windows\System32\Drivers\Wof.sys => Invisible on the disk

	ADDRESS : 0x35BC0000

	SIZE    : 236.0 Ko









	DRIVER  : C:\Windows\system32\drivers\WdFilter.sys => Invisible on the disk

	ADDRESS : 0x34800000

	SIZE    : 312.0 Ko









	DRIVER  : C:\Windows\System32\Drivers\NTFS.sys => Invisible on the disk

	ADDRESS : 0x34850000

	SIZE    : 2.26 Mo









	DRIVER  : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk

	ADDRESS : 0x34AA0000

	SIZE    : 52.0 Ko









	DRIVER  : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk

	ADDRESS : 0x34AB0000

	SIZE    : 1.21 Mo









	DRIVER  : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk

	ADDRESS : 0x34BF0000

	SIZE    : 532.0 Ko









	DRIVER  : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk

	ADDRESS : 0x34C80000

	SIZE    : 192.0 Ko









	DRIVER  : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk

	ADDRESS : 0x34CB0000

	SIZE    : 2.61 Mo









	DRIVER  : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk

	ADDRESS : 0x34F50000

	SIZE    : 424.0 Ko









	DRIVER  : C:\Windows\System32\drivers\wfplwfs.sys => Invisible on the disk

	ADDRESS : 0x34FC0000

	SIZE    : 176.0 Ko









	DRIVER  : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk

	ADDRESS : 0x34FF0000

	SIZE    : 728.0 Ko









	DRIVER  : C:\Windows\System32\drivers\volume.sys => Invisible on the disk

	ADDRESS : 0x350B0000

	SIZE    : 44.0 Ko









	DRIVER  : C:\Windows\System32\drivers\volsnap.sys => Invisible on the disk

	ADDRESS : 0x350C0000

	SIZE    : 400.0 Ko









	DRIVER  : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk

	ADDRESS : 0x35130000

	SIZE    : 304.0 Ko









	DRIVER  : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk

	ADDRESS : 0x35180000

	SIZE    : 144.0 Ko









	DRIVER  : C:\Windows\system32\drivers\iorate.sys => Invisible on the disk

	ADDRESS : 0x351B0000

	SIZE    : 68.0 Ko









	DRIVER  : C:\Windows\System32\drivers\disk.sys => Invisible on the disk

	ADDRESS : 0x351E0000

	SIZE    : 120.0 Ko









	DRIVER  : C:\Windows\System32\drivers\CLASSPNP.SYS => Invisible on the disk

	ADDRESS : 0x35200000

	SIZE    : 404.0 Ko









	DRIVER  : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk

	ADDRESS : 0x35290000

	SIZE    : 108.0 Ko









	DRIVER  : C:\Windows\System32\drivers\cdrom.sys => Invisible on the disk

	ADDRESS : 0x35E00000

	SIZE    : 184.0 Ko









	DRIVER  : C:\Windows\system32\drivers\filecrypt.sys => Invisible on the disk

	ADDRESS : 0x36C10000

	SIZE    : 80.0 Ko









	DRIVER  : C:\Windows\system32\drivers\tbs.sys => Invisible on the disk

	ADDRESS : 0x363F0000

	SIZE    : 52.0 Ko









	DRIVER  : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk

	ADDRESS : 0x36C30000

	SIZE    : 40.0 Ko









	DRIVER  : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk

	ADDRESS : 0x36C40000

	SIZE    : 40.0 Ko









	DRIVER  : C:\Windows\System32\drivers\BasicDisplay.sys => Invisible on the disk

	ADDRESS : 0x36C50000

	SIZE    : 84.0 Ko









	DRIVER  : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk

	ADDRESS : 0x36C70000

	SIZE    : 80.0 Ko









	DRIVER  : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk

	ADDRESS : 0x36400000

	SIZE    : 2.35 Mo









	DRIVER  : C:\Windows\System32\drivers\vmbkmclr.sys => Invisible on the disk

	ADDRESS : 0x36660000

	SIZE    : 104.0 Ko









	DRIVER  : C:\Windows\System32\drivers\BasicRender.sys => Invisible on the disk

	ADDRESS : 0x36680000

	SIZE    : 64.0 Ko









	DRIVER  : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk

	ADDRESS : 0x36C90000

	SIZE    : 100.0 Ko









	DRIVER  : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk

	ADDRESS : 0x36CB0000

	SIZE    : 64.0 Ko









	DRIVER  : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk

	ADDRESS : 0x36CC0000

	SIZE    : 136.0 Ko









	DRIVER  : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk

	ADDRESS : 0x36CF0000

	SIZE    : 64.0 Ko









	DRIVER  : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk

	ADDRESS : 0x36D00000

	SIZE    : 328.0 Ko









	DRIVER  : C:\Windows\system32\drivers\afd.sys => Invisible on the disk

	ADDRESS : 0x36D60000

	SIZE    : 620.0 Ko









	DRIVER  : C:\Windows\System32\drivers\vwififlt.sys => Invisible on the disk

	ADDRESS : 0x352D0000

	SIZE    : 104.0 Ko









	DRIVER  : C:\Windows\System32\drivers\pacer.sys => Invisible on the disk

	ADDRESS : 0x352F0000

	SIZE    : 164.0 Ko









	DRIVER  : C:\Windows\system32\drivers\netbios.sys => Invisible on the disk

	ADDRESS : 0x35320000

	SIZE    : 72.0 Ko









	DRIVER  : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk

	ADDRESS : 0x35340000

	SIZE    : 468.0 Ko









	DRIVER  : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk

	ADDRESS : 0x353C0000

	SIZE    : 68.0 Ko









	DRIVER  : C:\Windows\System32\drivers\npsvctrig.sys => Invisible on the disk

	ADDRESS : 0x353E0000

	SIZE    : 60.0 Ko









	DRIVER  : C:\Windows\System32\drivers\mssmbios.sys => Invisible on the disk

	ADDRESS : 0x353F0000

	SIZE    : 64.0 Ko









	DRIVER  : C:\Windows\System32\drivers\gpuenergydrv.sys => Invisible on the disk

	ADDRESS : 0x35420000

	SIZE    : 40.0 Ko









	DRIVER  : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk

	ADDRESS : 0x35430000

	SIZE    : 172.0 Ko









	DRIVER  : C:\Windows\system32\DRIVERS\ahcache.sys => Invisible on the disk

	ADDRESS : 0x35490000

	SIZE    : 260.0 Ko









	DRIVER  : C:\Windows\System32\drivers\kdnic.sys => Invisible on the disk

	ADDRESS : 0x35500000

	SIZE    : 52.0 Ko









	DRIVER  : C:\Windows\System32\drivers\umbus.sys => Invisible on the disk

	ADDRESS : 0x35510000

	SIZE    : 84.0 Ko









	DRIVER  : C:\Windows\System32\drivers\CAD.sys => Invisible on the disk

	ADDRESS : 0x35530000

	SIZE    : 76.0 Ko









	DRIVER  : C:\Windows\system32\DRIVERS\igdkmd64.sys => Invisible on the disk

	ADDRESS : 0x37C00000

	SIZE    : 7.76 Mo









	DRIVER  : C:\Windows\System32\drivers\HDAudBus.sys => Invisible on the disk

	ADDRESS : 0x383D0000

	SIZE    : 116.0 Ko









	DRIVER  : C:\Windows\System32\drivers\portcls.sys => Invisible on the disk

	ADDRESS : 0x383F0000

	SIZE    : 396.0 Ko









	DRIVER  : C:\Windows\System32\drivers\drmk.sys => Invisible on the disk

	ADDRESS : 0x38460000

	SIZE    : 132.0 Ko









	DRIVER  : C:\Windows\System32\drivers\ks.sys => Invisible on the disk

	ADDRESS : 0x38490000

	SIZE    : 412.0 Ko









	DRIVER  : C:\Windows\system32\DRIVERS\AiCharger.sys => Invisible on the disk

	ADDRESS : 0x38500000

	SIZE    : 12.0 Ko









	DRIVER  : C:\Windows\System32\drivers\USBXHCI.SYS => Invisible on the disk

	ADDRESS : 0x38510000

	SIZE    : 400.0 Ko









	DRIVER  : C:\Windows\system32\drivers\ucx01000.sys => Invisible on the disk

	ADDRESS : 0x38580000

	SIZE    : 228.0 Ko









	DRIVER  : C:\Windows\System32\drivers\TeeDriverW8x64.sys => Invisible on the disk

	ADDRESS : 0x385C0000

	SIZE    : 192.0 Ko









	DRIVER  : C:\Windows\System32\drivers\usbehci.sys => Invisible on the disk

	ADDRESS : 0x385F0000

	SIZE    : 112.0 Ko









	DRIVER  : C:\Windows\System32\drivers\USBPORT.SYS => Invisible on the disk

	ADDRESS : 0x38610000

	SIZE    : 476.0 Ko









	DRIVER  : C:\Windows\System32\drivers\Netwbw02.sys => Invisible on the disk

	ADDRESS : 0x34220000

	SIZE    : 3.55 Mo









	DRIVER  : C:\Windows\System32\drivers\vwifibus.sys => Invisible on the disk

	ADDRESS : 0x38690000

	SIZE    : 56.0 Ko









	DRIVER  : C:\Windows\System32\drivers\rt640x64.sys => Invisible on the disk

	ADDRESS : 0x386A0000

	SIZE    : 920.0 Ko









	DRIVER  : C:\Windows\System32\drivers\i8042prt.sys => Invisible on the disk

	ADDRESS : 0x38790000

	SIZE    : 136.0 Ko









	DRIVER  : C:\Windows\System32\drivers\AsusTP.sys => Invisible on the disk

	ADDRESS : 0x39530000

	SIZE    : 380.0 Ko









	DRIVER  : C:\Windows\System32\drivers\mouclass.sys => Invisible on the disk

	ADDRESS : 0x39590000

	SIZE    : 76.0 Ko









	DRIVER  : C:\Windows\System32\drivers\kbfiltr.sys => Invisible on the disk

	ADDRESS : 0x395B0000

	SIZE    : 32.0 Ko









	DRIVER  : C:\Windows\System32\drivers\kbdclass.sys => Invisible on the disk

	ADDRESS : 0x395C0000

	SIZE    : 76.0 Ko









	DRIVER  : C:\Windows\system32\DRIVERS\GEARAspiWDM.sys => Invisible on the disk

	ADDRESS : 0x395E0000

	SIZE    : 28.0 Ko









	DRIVER  : C:\Windows\System32\drivers\ETDSMBus.sys => Invisible on the disk

	ADDRESS : 0x395F0000

	SIZE    : 44.0 Ko









	DRIVER  : C:\Windows\System32\drivers\CmBatt.sys => Invisible on the disk

	ADDRESS : 0x35550000

	SIZE    : 56.0 Ko









	DRIVER  : C:\Windows\System32\drivers\BATTC.SYS => Invisible on the disk

	ADDRESS : 0x35560000

	SIZE    : 56.0 Ko









	DRIVER  : C:\Windows\System32\drivers\wmiacpi.sys => Invisible on the disk

	ADDRESS : 0x351D0000

	SIZE    : 48.0 Ko









	DRIVER  : C:\Windows\System32\drivers\intelppm.sys => Invisible on the disk

	ADDRESS : 0x345B0000

	SIZE    : 224.0 Ko









	DRIVER  : C:\Windows\System32\drivers\AsHIDSwitch64.sys => Invisible on the disk

	ADDRESS : 0x35460000

	SIZE    : 36.0 Ko









	DRIVER  : C:\Windows\System32\drivers\HIDCLASS.SYS => Invisible on the disk

	ADDRESS : 0x345F0000

	SIZE    : 204.0 Ko









	DRIVER  : C:\Windows\System32\drivers\HIDPARSE.SYS => Invisible on the disk

	ADDRESS : 0x347E0000

	SIZE    : 72.0 Ko









	DRIVER  : C:\Windows\system32\drivers\nvvad64v.sys => Invisible on the disk

	ADDRESS : 0x35470000

	SIZE    : 52.0 Ko









	DRIVER  : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk

	ADDRESS : 0x33F50000

	SIZE    : 56.0 Ko









	DRIVER  : C:\Windows\System32\drivers\NdisVirtualBus.sys => Invisible on the disk

	ADDRESS : 0x37120000

	SIZE    : 52.0 Ko









	DRIVER  : C:\Windows\System32\drivers\swenum.sys => Invisible on the disk

	ADDRESS : 0x37130000

	SIZE    : 48.0 Ko









	DRIVER  : C:\Windows\System32\drivers\iwdbus.sys => Invisible on the disk

	ADDRESS : 0x37140000

	SIZE    : 48.0 Ko









	DRIVER  : C:\Windows\System32\drivers\rdpbus.sys => Invisible on the disk

	ADDRESS : 0x37150000

	SIZE    : 52.0 Ko









	DRIVER  : C:\Windows\System32\drivers\usbhub.sys => Invisible on the disk

	ADDRESS : 0x37160000

	SIZE    : 520.0 Ko









	DRIVER  : C:\Windows\System32\drivers\USBD.SYS => Invisible on the disk

	ADDRESS : 0x371F0000

	SIZE    : 56.0 Ko









	DRIVER  : C:\Windows\System32\drivers\UsbHub3.sys => Invisible on the disk

	ADDRESS : 0x36E80000

	SIZE    : 560.0 Ko









	DRIVER  : C:\Windows\system32\drivers\RTKVHD64.sys => Invisible on the disk

	ADDRESS : 0x3A3C0000

	SIZE    : 3.63 Mo









	DRIVER  : C:\Windows\System32\drivers\hidusb.sys => Invisible on the disk

	ADDRESS : 0x3A770000

	SIZE    : 72.0 Ko









	DRIVER  : C:\Windows\System32\drivers\mouhid.sys => Invisible on the disk

	ADDRESS : 0x3A790000

	SIZE    : 60.0 Ko









	DRIVER  : C:\Windows\system32\DRIVERS\ibtusb.sys => Invisible on the disk

	ADDRESS : 0x3A7A0000

	SIZE    : 216.0 Ko









	DRIVER  : C:\Windows\System32\drivers\BTHUSB.sys => Invisible on the disk

	ADDRESS : 0x3A7E0000

	SIZE    : 112.0 Ko









	DRIVER  : C:\Windows\System32\drivers\bthport.sys => Invisible on the disk

	ADDRESS : 0x39600000

	SIZE    : 988.0 Ko









	DRIVER  : C:\Windows\system32\Drivers\RtsUer.sys => Invisible on the disk

	ADDRESS : 0x39700000

	SIZE    : 412.0 Ko









	DRIVER  : C:\Windows\System32\drivers\usbccgp.sys => Invisible on the disk

	ADDRESS : 0x39770000

	SIZE    : 196.0 Ko









	DRIVER  : C:\Windows\System32\Drivers\usbvideo.sys => Invisible on the disk

	ADDRESS : 0x397B0000

	SIZE    : 292.0 Ko









	DRIVER  : C:\Windows\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys => Invisible on the disk

	ADDRESS : 0x39800000

	SIZE    : 120.0 Ko









	DRIVER  : C:\Windows\System32\drivers\rfcomm.sys => Invisible on the disk

	ADDRESS : 0x39820000

	SIZE    : 204.0 Ko









	DRIVER  : C:\Windows\System32\drivers\BthEnum.sys => Invisible on the disk

	ADDRESS : 0x39860000

	SIZE    : 132.0 Ko









	DRIVER  : C:\Windows\System32\drivers\bthpan.sys => Invisible on the disk

	ADDRESS : 0x39890000

	SIZE    : 152.0 Ko









	DRIVER  : C:\Windows\System32\Drivers\fastfat.SYS => Invisible on the disk

	ADDRESS : 0x398C0000

	SIZE    : 368.0 Ko









	DRIVER  : C:\Windows\System32\Drivers\dump_diskdump.sys => Invisible on the disk

	ADDRESS : 0x39930000

	SIZE    : 60.0 Ko









	DRIVER  : C:\Windows\System32\Drivers\dump_iaStorA.sys => Invisible on the disk

	ADDRESS : 0x35E30000

	SIZE    : 5.46 Mo









	DRIVER  : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk

	ADDRESS : 0x39EE0000

	SIZE    : 116.0 Ko









	DRIVER  : C:\Windows\System32\win32kbase.sys => Invisible on the disk

	ADDRESS : 0xAC3A0000

	SIZE    : 2.02 Mo









	DRIVER  : C:\Windows\System32\drivers\dxgmms2.sys => Invisible on the disk

	ADDRESS : 0x3A110000

	SIZE    : 716.0 Ko









	DRIVER  : C:\Windows\System32\drivers\monitor.sys => Invisible on the disk

	ADDRESS : 0x3A1D0000

	SIZE    : 68.0 Ko









	DRIVER  : C:\Windows\System32\TSDDD.dll => Invisible on the disk

	ADDRESS : 0xAC5C0000

	SIZE    : 40.0 Ko









	DRIVER  : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk

	ADDRESS : 0x3A1F0000

	SIZE    : 152.0 Ko









	DRIVER  : C:\Windows\system32\drivers\wcifs.sys => Invisible on the disk

	ADDRESS : 0x3A220000

	SIZE    : 152.0 Ko









	DRIVER  : C:\Windows\system32\drivers\storqosflt.sys => Invisible on the disk

	ADDRESS : 0x3A260000

	SIZE    : 100.0 Ko









	DRIVER  : C:\Windows\System32\drivers\registry.sys => Invisible on the disk

	ADDRESS : 0x3A280000

	SIZE    : 44.0 Ko









	DRIVER  : C:\Windows\system32\drivers\mmcss.sys => Invisible on the disk

	ADDRESS : 0x3A290000

	SIZE    : 80.0 Ko









	DRIVER  : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk

	ADDRESS : 0x39F00000

	SIZE    : 1.08 Mo









	DRIVER  : C:\Windows\system32\drivers\lltdio.sys => Invisible on the disk

	ADDRESS : 0x3A020000

	SIZE    : 88.0 Ko









	DRIVER  : C:\Windows\system32\drivers\mslldp.sys => Invisible on the disk

	ADDRESS : 0x3A040000

	SIZE    : 104.0 Ko









	DRIVER  : C:\Windows\system32\drivers\rspndr.sys => Invisible on the disk

	ADDRESS : 0x3A060000

	SIZE    : 104.0 Ko









	DRIVER  : C:\Windows\System32\DRIVERS\wanarp.sys => Invisible on the disk

	ADDRESS : 0x3A080000

	SIZE    : 108.0 Ko









	DRIVER  : C:\Windows\system32\drivers\ndisuio.sys => Invisible on the disk

	ADDRESS : 0x3A0A0000

	SIZE    : 88.0 Ko









	DRIVER  : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the disk

	ADDRESS : 0x3A2B0000

	SIZE    : 556.0 Ko









	DRIVER  : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk

	ADDRESS : 0x3A350000

	SIZE    : 120.0 Ko









	DRIVER  : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk

	ADDRESS : 0x3A370000

	SIZE    : 132.0 Ko









	DRIVER  : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk

	ADDRESS : 0x3A3A0000

	SIZE    : 104.0 Ko









	DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk

	ADDRESS : 0x36F10000

	SIZE    : 492.0 Ko









	DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk

	ADDRESS : 0x3A0C0000

	SIZE    : 244.0 Ko









	DRIVER  : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk

	ADDRESS : 0x36F90000

	SIZE    : 280.0 Ko









	DRIVER  : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk

	ADDRESS : 0x36FE0000

	SIZE    : 792.0 Ko









	DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk

	ADDRESS : 0x370B0000

	SIZE    : 312.0 Ko









	DRIVER  : C:\Windows\system32\drivers\Ndu.sys => Invisible on the disk

	ADDRESS : 0x36E00000

	SIZE    : 152.0 Ko









	DRIVER  : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk

	ADDRESS : 0x36E30000

	SIZE    : 76.0 Ko









	DRIVER  : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk

	ADDRESS : 0x36690000

	SIZE    : 736.0 Ko









	DRIVER  : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk

	ADDRESS : 0x36750000

	SIZE    : 564.0 Ko









	DRIVER  : C:\Windows\System32\drivers\vwifimp.sys => Invisible on the disk

	ADDRESS : 0x36E50000

	SIZE    : 68.0 Ko









	DRIVER  : C:\Windows\System32\drivers\condrv.sys => Invisible on the disk

	ADDRESS : 0x37100000

	SIZE    : 72.0 Ko









	DRIVER  : C:\Windows\System32\drivers\tunnel.sys => Invisible on the disk

	ADDRESS : 0x363B0000

	SIZE    : 192.0 Ko









	DRIVER  : C:\Windows\system32\Drivers\WdNisDrv.sys => Invisible on the disk

	ADDRESS : 0x367E0000

	SIZE    : 140.0 Ko









	DRIVER  : C:\Windows\System32\drivers\rdpvideominiport.sys => Invisible on the disk

	ADDRESS : 0x363E0000

	SIZE    : 52.0 Ko









	DRIVER  : C:\Windows\System32\cdd.dll => Invisible on the disk

	ADDRESS : 0xAC640000

	SIZE    : 260.0 Ko









	BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)









	SystemStartOptions :  NOEXECUTE=OPTIN  NOVGA









	________________________________________________________________________________









	_______MBR   \Device\Harddisk0\DR0  









	0x00000000   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000010   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000020   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000030   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000040   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000050   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000060   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000070   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000080   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000090   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x000000A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x000000B0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x000000C0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x000000D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x000000E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x000000F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000100   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000110   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000120   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000130   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000140   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x000001B0   00 00 00 00 00 00 00 00 21 D8 B5 76 00 00 00 00   ........!صv....

	0x000001C0   02 00 EE FF FF FF 01 00 00 00 FF FF FF FF 00 00   ..î.............

	0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

	



O Outro:

 

Farbar Service Scanner Version: 27-01-2016
Ran by Márcio (administrator) on 12-08-2017 at 12:07:03
Running from "C:\Users\Márcio\Desktop"
Microsoft Windows 10 Home  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Policy: 
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

Editado por Marcio_B_Alves

faltou um log

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe o ZHPCleaner e salve no desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/?wpdmdl=2148

Dê um duplo-clique sobre o ZHPCleaner.exe.

Clique no botão Scanner.

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final da verificação, clique no botão Reparar.

Concluído a operação, um log se abrirá. Caso isso não aconteça, clique no botão Relatório e salve o log.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

 


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Xerlouco Roums

Segue o Log:

 

~ ZHPCleaner v2017.8.13.139 by Nicolas Coolman (2017/08/13)
~ Run by Márcio (Administrator)  (13/08/2017 10:22:52)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Reparo
~ Report : C:\Users\Márcio\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Márcio\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit  (Build 15063)


---\\  Serviços (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Navegadores de Internet (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Arquivo hosts (1)
~ O arquivo hosts é legítimo (21)


---\\  Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Explorer ( Arquivos, Pastas) (3)
MOVIDO arquivo: C:\ProgramData\22a2f0b0000065a8  =>Adware.CrossRider
MOVIDO arquivo: C:\Program Files (x86)\QuickTime  =>Riskware.QuickTime
MOVIDO arquivo: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime  =>Riskware.QuickTime


---\\  Registro ( Chaves, Valores, Dados ) (4)
SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-1209883281-597615554-778349054-1002\SOFTWARE\Magicbit []  =>.SUP.Magicbit
SUPRIMIDO chave: HKCU\Software\Magicbit []  =>.SUP.Magicbit
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\StrongSignal []  =>PUP.Optional.StrongSignal
SUPRIMIDO valor: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task ["C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime]  =>Riskware.QuickTime


---\\  Resumo dos elementos encontrados na sua estação de trabalho (4)
https://nicolascoolman.eu/2017/03/11/pup-optional-crossrider/  =>Adware.CrossRider
https://nicolascoolman.eu/2017/01/15/riskware-quicktime/  =>Riskware.QuickTime
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Magicbit
https://www.nicolascoolman.com/fr/pup-optional-strongsignal  =>PUP.Optional.StrongSignal


---\\  Dodatkowe oczyszczenie. (17)
~ Chave de registro Tracing Supprimido (17)
~ Remover os relatórios antigos ZHPCleaner. (0)


---\\ Resultado de reparação
Reparação efectuada com sucesso
~ Este navegador está faltando ! (Mozilla Firefox)
~ Este navegador está faltando ! (Opera Software)


---\\ Estatísticas
~ Items scan : 593
~ Items encontrado : 0
~ items cancelados : 0
~ Items réparo : 7


~ End of clean in 00h00mn22s
~====================
ZHPCleaner-[R]-13082017-10_23_14.txt
ZHPCleaner--13082017-10_21_41.txt
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu AntiVirus.

Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Installer. Salve-o em seu desktop.

Dê um duplo clique no seu ícone no desktop.

  • Marque "YES, I accept the Terms of Use."
  • Clique em Start.
  • Aceite qualquer aviso de segurança de seu browser.
  • Marque as opções abaixo:
  • Enable detection of potencially unwanted applications.
  • Clique em Hide advanced settings e marque:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Clique Change e marque também a caixa Computador.
  • Clique em Start.
  • Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
  • Quando o scan terminar, clique em List Threats.
  • Clique em Export to text file e salve o log na sua área de trabalho.
  • Copie e cole o conteúdo em sua próxima resposta.
  • Obs: Se nada for encontrado, nenhum log será gerado.
  • Clique em Back.
  • Clique em Finish.

 


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue o Log:
C:\$Recycle.Bin\S-1-5-21-1209883281-597615554-778349054-1002\$RF48AI2.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
D:\SANDRA\LR\UmmyVD-Web-Loader-[130-yt-2xhnWjZiFfY].exe    a variant of Win32/Magicbit.D potentially unwanted application    cleaned by deleting
D:\SANDRA\LR\UmmyVD-Web-Loader-[130-yt-zhnLZKMA91U].exe    a variant of Win32/Magicbit.D potentially unwanted application    cleaned by deleting
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, por favor, siga estas instruções:

1 - Atualize o Malwarebytes' Anti-Malware (MBAM)

  • Ao final da atualização, no painel à esquerda, clique em Configurações. Na aba Proteção, ative Procurar rootkits;
  • Depois, no painel à esquerda, clique em Análise. Em seguida, clique no botão Iniciar Análise;
  • Começará então o exame. Aguarde, pois pode demorar. Ao terminar, uma janela irá se abrir próximo ao relógio;
  • Nela, clique em Ver Resultado. Deixe todas as entradas marcadas e clique no botão Colocar em Quarentena;
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo);
  • O log é automaticamente salvo pelo MBAM. Para exportá-lo, clique  na aba Relatórios -> Registro de aplicativos na janela principal do programa após a desinfecção ter sido realizada;
  • Clique duas vezes em cima do log mais atual e exporte em .TXT;
  • Selecione, copie e cole todo o conteúdo deste log em sua próxima resposta.


NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.
 

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos durante a execução das ferramentas abaixo.


2 - Baixe o AdwCleaner e salve no desktop.

http://www.bleepingcomputer.com/download/adwcleaner/dl/125/

Dê um duplo-clique sobre o adwcleaner.exe.

Clique no botão Examinar e aguarde o exame finalizar.

Clique no botão Limpar.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.
 
NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.


3 - Baixe o JRT e salve no desktop.

http://downloads.malwarebytes.org/file/jrt

Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

 


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

Seguem os 3 Logs:

1) 

Malwarebytes Anti-Malware
www.malwarebytes.org

Data da Verificação: 14/08/2017
Hora da Verificação: 22:27
Ficheiro de Relatório: mbam.txt
Administrador: Sim

Versão: 2.2.1.1043
Base de Dados de Malware: v2017.08.14.08
Base de dados de Rootkits: v2017.08.02.01
Licença: Grátis
Proteção contra Malware: Desativado
Proteção contra Websites Maliciosos: Desativado
Autoproteção: Desativado

SO: Windows 10
CPU: x64
Sistema de Ficheiros: NTFS
Utilizador: Márcio

Tipo de Verificação: Verificação de Ameaças
Resultado: Concluída
Objetos Verificados: 308952
Tempo Decorrido: 22 min, 35 s

Memória: Ativado
Arranque: Ativado
Sistema de Ficheiros: Ativado
Arquivos: Ativado
Rootkits: Ativado
Heurísticos: Ativado
PPI: Ativado
MPI: Ativado

Processos: 0
(Nenhum item malicioso detetado)

Módulos: 0
(Nenhum item malicioso detetado)

Chaves de Registo: 0
(Nenhum item malicioso detetado)

Valores de Registo: 0
(Nenhum item malicioso detetado)

Dados de Registo: 0
(Nenhum item malicioso detetado)

Pastas: 0
(Nenhum item malicioso detetado)

Ficheiros: 0
(Nenhum item malicioso detetado)

Sectores Físicos: 0
(Nenhum item malicioso detetado)


(end)

 

2)

# AdwCleaner 7.0.1.0 - Logfile created on Mon Aug 14 20:55:45 2017
# Updated on 2017/05/08 by Malwarebytes 
# Database: 08-11-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\Program Files (x86)\Common Files\freemake shared
PUP.Adware.Heuristic, C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
PUP.Adware.Heuristic, C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
PUP.Adware.Heuristic, C:\ProgramData\{c664f1a9-be63-bb49-c664-4f1a9be6c6a6}


***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

 

3)

# AdwCleaner 7.0.1.0 - Logfile created on Mon Aug 14 20:57:37 2017
# Updated on 2017/05/08 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Program Files (x86)\Common Files\freemake shared
Deleted: C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
Deleted: C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
Deleted: C:\ProgramData\{c664f1a9-be63-bb49-c664-4f1a9be6c6a6}


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1266 B] - [2017/8/14 20:55:45]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

 

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

ups.....

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64 
Ran by M rcio (Administrator) on 14/08/2017 at 23:03:42,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 2 

Successfully deleted: C:\ProgramData\productdata (Folder) 
Successfully deleted: C:\Windows\system32\Tasks\Driver Booster SkipUAC (M rcio) (Task)

Registry: 1 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14/08/2017 at 23:06:54,80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, baixe Farbar Recovery Scan Tool 64-Bit (FRST64) e salve na sua área de trabalho.

Dê um duplo-clique para executar a ferramenta. Aceite o contrato e depois clique no botão Examinar.

Aguarde e ao final, os logs FRST.txt e Addition.txt serão salvos no seu desktop.

Selecione, copie e cole o conteúdo destes 2 logs em sua próxima resposta.

ATENÇÃO: para o correto funcionamento da ferramenta, ela tem de estar diretamente na área de trabalho, não pode ficar em uma pasta.

 


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Criar uma conta

Quer postar a sua dúvida? Cadastre-se pois é rápido e fácil!


Crie uma nova conta

Entrar

Já tem uma conta? Faça o login.


Entrar Agora
Esse tópico é útil para você?
Então compartilhe e ajude outros internautas!

  • Vídeos do BABOO no YouTube

  • Posts

    • Solicito mais uma analise do PC via HijackThis. Rodei e limpei via ccleaner previamente.  Dessa vez ocorreu que a maquina parou de ter conexao, tentei ate dar ping e falhava.  Dai o antivírus McAfee deu um aviso que houve 43mil tentativas de conexao na maquina, e o antivírus barrou a internet. Tive que iniciar o Windows em modo de segurança p entao desinstalar o antivírus McAfee. Rodei o Malwarebytes tb... nao consigo entender o motivo disso obs.: a maquina é do meu pai....  Segue::  Logfile of Trend Micro HijackThis v2.0.4
      Scan saved at 01:59:53, on 18/08/2017
      Platform: Unknown Windows (WinNT 6.02.1008)
      MSIE: Internet Explorer v11.0 (11.00.15063.0000)
      Boot mode: Normal Running processes:
      C:\PROGRA~2\GbPlugin\GbpSv.exe
      C:\Program Files (x86)\Dell Update\DellUpTray.exe
      C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
      C:\Users\Celso\AppData\Local\Microsoft\OneDrive\OneDrive.exe
      C:\Program Files (x86)\AVG\antivírus\AVGUI.exe
      C:\Program Files (x86)\Google\Drive\googledrivesync.exe
      C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
      C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
      C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      C:\Program Files (x86)\Google\Drive\googledrivesync.exe
      C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
      C:\Users\Celso\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell17win10.msn.com/?PC=DCTE
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
      O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll
      O2 - BHO: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - (no file)
      O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
      O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
      O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
      O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll
      O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
      O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [OneDrive] "C:\Users\Celso\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
      O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
      O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIRCE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-240 Series"
      O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE')
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
      O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
      O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
      O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
      O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
      O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
      O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
      O15 - Trusted Zone: www.bancobrasil.com.br
      O15 - Trusted Zone: www14.bancobrasil.com.br
      O15 - Trusted Zone: www2.bancobrasil.com.br
      O15 - Trusted Zone: aapj.bb.com.br
      O15 - Trusted Zone: seg.bb.com.br
      O15 - Trusted Zone: www.bb.com.br
      O15 - Trusted Zone: http://www.bb.com.br
      O15 - Trusted Zone: http://www.caixa.gov.br
      O15 - Trusted Zone: cloud.gastecnologia.com.br
      O15 - Trusted Zone: www.google.com.br
      O15 - Trusted Zone: www.itau.b.br
      O15 - Trusted Zone: *.itau.b.br
      O15 - Trusted Zone: bankline.itau.com.br
      O15 - Trusted Zone: banklineplus.itau.com.br
      O15 - Trusted Zone: clickbanking.itau.com.br
      O15 - Trusted Zone: guardiao.itau.com.br
      O15 - Trusted Zone: internet.itau.com.br
      O15 - Trusted Zone: www.itau.com.br
      O15 - Trusted Zone: http://www.itau.com.br
      O15 - Trusted Zone: *.itau.com.br
      O15 - Trusted Zone: www.itaupersonnalite.com.br
      O15 - Trusted Zone: http://www.itaupersonnalite.com.br
      O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
      O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
      O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
      O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
      O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
      O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
      O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
      O20 - Winlogon Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
      O20 - Winlogon Notify:  GbPluginuni - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
      O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
      O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
      O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
      O23 - Service: AVG antivírus - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\antivírus\AVGSvc.exe
      O23 - Service: avgbIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\antivírus\x64\aswidsagenta.exe
      O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
      O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
      O23 - Service: Serviço Atualização do Dropbox (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
      O23 - Service: Serviço Atualização do Dropbox (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
      O23 - Service: DbxSvc - Unknown owner - C:\Windows\system32\DbxSvc.exe (file missing)
      O23 - Service: Dell Data Vault Service API (DDVCollectorSvcApi) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
      O23 - Service: Dell Data Vault Collector (DDVDataCollector) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
      O23 - Service: Dell Data Vault Processor (DDVRulesProcessor) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
      O23 - Service: Dell Customer Connect - Dell Inc. - C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
      O23 - Service: Dell Foundation Services - Dell - C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
      O23 - Service: Dell Help & Support - Dell Inc. - C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
      O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
      O23 - Service: Dell Update Service (DellUpdate) - Dell Inc. - C:\Program Files (x86)\Dell Update\DellUpService.exe
      O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
      O23 - Service: EpsonCustomerResearchParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
      O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
      O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
      O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
      O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
      O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
      O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
      O23 - Service: Intel(R) Security Assist - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
      O23 - Service: Intel(R) Security Assist Helper (isaHelperSvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
      O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
      O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
      O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
      O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: Product Registration - Dell - C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - CyberLink - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
      O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
      O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
      O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
      O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
      O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
      O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
      O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
      O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
      O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
      O23 - Service: Waves Audio Services (WavesSysSvc) - Waves Audio Ltd. - C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
      O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
      O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
      O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
      O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
      O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --
      End of file - 15571 bytes
       
    • Estou gravando vídeos em streaming com a captura de tela do Camtasia, mas tenho de ficar em frente ao PC esperando acabar o vídeo para dar stop. Tem como configurar a gravação por um tempo pré-definido, assim colocaria o tempo de gravação igual ao tempo do vídeo.
    • Continua lento e o desktop tá estranho 
    • Login banco de dados pelo Windows Authentication → Server Secuity →Logins→ Clique no nome de usuário que deseja acessar → Alter Login → Server Roles→ Choose public and sysadmin. Se estes passos são inúteis você pode tentar https://sql.recoverytoolbox.com/pt/

      Saudações
      Espero que isto ajude.
    • Alguém sabe se é possível fazer a troca de ícones de apps Windows 10? Estou personalizando os atalhos na minha barra de tarefas mas justo o Microsoft Edge n é possível alterar pois n aparece a opção propriedades em cima do atalho, criando um novo atalho também não executa o programa, alguém sabe uma solução?  
    • Boa Tarde, isto quer dizer que não é possível pelo pendrive, dei uma lida no link que você mandou, pelo que entendi, não é possível.  
    • pessoal, o que quero saber eh o seguinte. num intervalo , digamos, a1:a30, eh percorrido as celulas e testa se esta vazio. se tiver valor, executa uma intruçao. se nao, para o programa. pesquisei alguns exemplos, mas achei mt confusos pro que eu quero, que eh percorrer um intervalo numa coluna apenas. ha alguma forma facil de  fazer isso?
    • Na conta que está com problemas, abra uma janela PowerShell Admin, cole este comando abaixo e execute: Get-AppXPackage | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"} Reinicie e veja se o problema persiste.
    • Boa tarde. Se o Inglês não for problema, veja: https://msdn.microsoft.com/pt-br/library/windows/desktop/cc144200(v=vs.85).aspx Entenda que por ser um recurso que gera problemas de segurança ao Windows, ele poderá não estar ativo e funcional em todos os PCs.
    • Boa tarde. Provavelmente o slide não é formatado com caixas de texto de "Título e conteúdo", por isso os tópicos acabam aparecendo em branco.
O site BABOO está no ar para informar e ajudar o internauta de Windows. Este site foi publicado em 1999 por Aurélio "Baboo", engenheiro e um dos maiores especialistas brasileiros em Windows, que trabalha profissionalmente com esse sistema operacional desde 1987. Desde 2004 ele é premiado anualmente pela Microsoft como MVP (Most Valuable Professional) pela sua contribuição e ajuda à comunidade de usuários de Windows.

Em 2001 foi criado o
Fórum do BABOO para ajudar o internauta brasileiro a solucionar problemas e dúvidas sobre Windows, Segurança, Office, Hardware e outros temas. Desde 2010 a Microsoft também tem premiado o Mr.Million, administrador da área de Segurança do Fórum do BABOO, pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Atualmente ele é o único MVP brasileiro de Segurança em desktop.

O BABOO é o único site brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows e que participa diariamente e ativamente nos comentários e discussões do site e fórum BABOO.