Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 19.04.2018
Executado por Suporte (administrador) em ZRS158WKS02 (19-04-2018 19:00:47)
Executando a partir de D:\Comum
Perfis Carregados: Suporte (Perfis Disponíveis: instalador & Suporte & Oficial & 061394680485 & 058901890426 & userscript & 060916850400 & 026849150418 & Suporte & instalador)
Platform: Windows 7 Professional Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: IE)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
() C:\Seguranca\Util\SIC_SRVC.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
() D:\aplic\sevin\HSF\HotSwapFlash.exe
(Trend Micro Inc.) D:\aplic\trend\Ntrtscan.exe
() C:\Seguranca\Util\SisSrv.exe
() C:\Windows\SysWOW64\SisService.exe
(Trend Micro Inc.) D:\aplic\trend\TmListen.exe
(Trend Micro Inc.) D:\aplic\BM\TMBMSRV.exe
(Trend Micro Inc.) D:\aplic\trend\CNTAoSMgr.exe
(Trend Micro Inc.) D:\aplic\trend\CCSF\TmCCSF.exe
(UltraVNC) C:\Program Files\UltraVNC\winvnc.exe
(OCS Inventory NG) C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe
(UltraVNC) C:\Program Files\UltraVNC\winvnc.exe
() C:\Seguranca\Util\SisVolume\SvcVol.exe
() C:\Seguranca\Util\SisMessage.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
() D:\aplic\Biometria\Akiyama\IDEM\signature\idem-signature.exe
(OCS Inventory NG) C:\Program Files (x86)\OCS Inventory Agent\OcsSystray.exe
(Trend Micro Inc.) D:\aplic\trend\PccNTMon.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(eXPy) D:\aplic\Biometria\Bus\Bus\bus_webservice.exe
(eXPy) D:\aplic\Biometria\Bus\Bus\bus_webservice.exe
(eXPy) D:\aplic\Biometria\Bus\Bus\bus_webservice.exe
(eXPy) D:\aplic\Biometria\Bus\Bus\bus_webservice.exe
() D:\aplic\Biometria\Bus\Bus\C2Java_Capture.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [IgfxTray] => [X]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13632216 2013-07-09] (Realtek Semiconductor)
HKLM\...\Run: [AssociacaoMSC] => C:\seguranca\util\AssociacaoMSC.exe [521216 2014-07-18] ()
HKLM\...\Run: [Script] => C:\Seguranca\Util\Script.exe [505344 2013-10-08] ()
HKLM\...\Run: [TransmissorArqBIO] => D:\Aplic\Biometria\EdiClient\TransmArqBIO.exe [320512 2014-10-20] ()
HKLM\...\Run: [notificador] => d:\aplic\sevin\HSF\notificador.exe [985600 2014-12-18] ()
HKLM\...\Run: [EDI_Service] => D:\aplic\EDIclientCXA\edi\service.exe [58368 2016-09-16] ()
HKLM\...\Run: [EDI_Updater] => D:\aplic\EDIclientCXA\edi\serviceUpdater.exe [8704 2016-09-16] ()
HKLM-x32\...\Run: [OfficeScanNT Monitor] => d:\aplic\trend\pccntmon.exe [3382632 2017-01-26] (Trend Micro Inc.)
HKLM-x32\...\Run: [FingerService] => D:\aplic\biometria\Bus\bus\start-finger.bat [119 2016-03-12] ()
HKLM-x32\...\Run: [PhotoService] => D:\aplic\biometria\Bus\bus\start-photo.bat [94 2016-03-12] ()
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [222240 2016-04-28] (Geek Software GmbH)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Seguranca\Util\SisMessage.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKLM\...\Policies\Explorer: [__NoViewOnDrive] 4096
HKLM\...\Policies\Explorer: [NoDrives] 4096
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\Run: [EPSON T25 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGEB.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\Policies\system: [Wallpaper] C:\WINDOWS\JE\je.jpg
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\Policies\Explorer: [NoSMBalloonTip] 1
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\Policies\Explorer: [NoSetTaskbar] 1
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\Policies\Explorer: [NoInternetIcon] 1
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\Policies\Explorer: [NoAutoUpdate] 1
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\Policies\Explorer: [NoNetHood] 1
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\Policies\Explorer: [NoThemesTab] 1
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\MountPoints2: {744b1ecb-19c5-11e5-9caf-806e6f6e6963} - E:\SWSETUP\APPINSTL\hpsoftwaresetup.exe
HKU\S-1-5-18\...\Run: [EPSON T25 Series (Copiar 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGEB.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
GroupPolicy: Restrição <==== ATENÇÃO
GroupPolicy\User: Restrição <==== ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
AutoConfigURL: [S-1-5-21-3476711279-2351808270-2009126276-1003] => hxxp://intranet.tre-rs.gov.br/proxy/config.proxy
Hosts: 10.4.1.2 RS2
Tcpip\Parameters: [DhcpNameServer] 10.4.1.5 10.4.1.6
Tcpip\..\Interfaces\{9107350F-A167-4964-966E-CB82370ED13B}: [DhcpNameServer] 10.4.1.5 10.4.1.6
ManualProxies: 0hxxp://intranet.tre-rs.gov.br/proxy/config.proxy
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <==== ATENÇÃO
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://intranet.tre-rs.gov.br
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://intranet.tre-rs.gov.br
BHO: Trend Micro Osprey Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> d:\aplic\trend\TmopIEPlg.dll [2016-01-15] (Trend Micro Inc.)
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> d:\aplic\trend\CCSF\module\BES\TmBpIe64.dll [2016-09-07] (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-17] (Oracle Corporation)
BHO-x32: Trend Micro Osprey Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> d:\aplic\trend\TmopIEPlg32.dll [2016-01-15] (Trend Micro Inc.)
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> d:\aplic\trend\CCSF\module\BES\IE32\TmBpIe32.dll [2016-09-07] (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-17] (Oracle Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - d:\aplic\trend\CCSF\module\BES\TmBpIe64.dll [2016-09-07] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - d:\aplic\trend\CCSF\module\BES\IE32\TmBpIe32.dll [2016-09-07] (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - d:\aplic\trend\TmopIEPlg.dll [2016-01-15] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - d:\aplic\trend\TmopIEPlg32.dll [2016-01-15] (Trend Micro Inc.)
FireFox:
========
FF ProfilePath: D:\Usuarios\Suporte\AppData\Roaming\Mozilla\Firefox\Profiles\6etfb739.default [2013-12-16]
FF HKLM\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - d:\aplic\trend\FirefoxExtensionOsprey
FF Extension: (Trend Micro Osprey Firefox Extension) - d:\aplic\trend\FirefoxExtensionOsprey [2017-05-24] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - d:\aplic\trend\FirefoxExtensionOsprey
FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll [Nenhum Arquivo]
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-10-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: D:\Usuarios\Suporte\AppData\Local\Google\Chrome\User Data\Default [2015-06-24]
CHR Extension: (Google Docs) - D:\Usuarios\Suporte\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-24]
CHR Extension: (Google Drive) - D:\Usuarios\Suporte\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-24]
CHR Extension: (YouTube) - D:\Usuarios\Suporte\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-24]
CHR Extension: (Google Search) - D:\Usuarios\Suporte\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-24]
CHR Extension: (Google Wallet) - D:\Usuarios\Suporte\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-24]
CHR Extension: (Gmail) - D:\Usuarios\Suporte\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-24]
CHR crx: C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\default_apps\search.crx [2015-08-27]
CHR crx: C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\default_apps\search.crx [2015-01-21]
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 HotSwapFlash; D:\Aplic\Sevin\HSF\HotSwapFlash.exe [131072 2016-08-30] () [Arquivo não assinado]
R2 ntrtscan; d:\aplic\trend\ntrtscan.exe [7536080 2017-01-26] (Trend Micro Inc.)
R2 OCS Inventory Service; C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe [45568 2015-11-03] (OCS Inventory NG) [Arquivo não assinado]
R2 SIC_SRVC; C:\Seguranca\Util\sic_srvc.exe [392192 2016-08-29] () [Arquivo não assinado]
R2 sissrv; c:\seguranca\util\sissrv.exe [40960 2012-08-27] () [Arquivo não assinado]
R2 Sis_Socket; C:\Windows\SysWOW64\SisService.exe [89600 2016-08-29] () [Arquivo não assinado]
R2 SvcVol; C:\Seguranca\Util\SisVolume\SvcVol.exe [252416 2016-08-29] () [Arquivo não assinado]
R3 TMBMServer; d:\aplic\BM\TMBMSRV.exe [594432 2016-10-03] (Trend Micro Inc.)
R3 tmccsf; d:\aplic\trend\CCSF\tmccsf.exe [1501952 2017-01-26] (Trend Micro Inc.)
R2 tmlisten; d:\aplic\trend\tmlisten.exe [5616200 2017-01-26] (Trend Micro Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R3 WinVNC; C:\Arquivos de Programas\UltraVNC\winvnc.exe [2182224 2016-05-22] (UltraVNC)
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 9truecrypt; C:\Windows\System32\DRIVERS\9truecrypt.sys [224592 2016-08-29] (TrueCrypt Foundation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-07-10] (Intel Corporation)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52832 2014-07-30] (hxxp://libusb-win32.sourceforge.net)
S3 libusb0; C:\Windows\SysWOW64\DRIVERS\libusb0.sys [42592 2012-01-17] (hxxp://libusb-win32.sourceforge.net)
R2 ProtFXP; C:\Windows\System32\DRIVERS\ProtFXP.sys [68944 2016-08-29] ()
R2 Sisdrv; C:\Windows\System32\DRIVERS\Sisdrv.sys [11600 2016-08-29] ()
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [129752 2016-09-29] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [435424 2016-09-29] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [72504 2016-04-21] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [143072 2016-07-15] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [91872 2016-09-29] (Trend Micro Inc.)
R2 TmFilter; d:\aplic\trend\TmXPFlt.sys [396944 2017-10-24] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [561952 2016-06-24] (Trend Micro Inc.)
R2 TmPreFilter; d:\aplic\trend\TmPreFlt.sys [70288 2017-10-24] (Trend Micro Inc.)
R1 tmumh; C:\Windows\System32\DRIVERS\TMUMH.sys [111840 2016-10-03] (Trend Micro Inc.)
R3 tmusa; C:\Windows\System32\DRIVERS\tmusa.sys [131808 2016-07-15] (Trend Micro Inc.)
R2 VSApiNt; d:\aplic\trend\VSApiNt.sys [2788504 2017-10-24] (Trend Micro Inc.)
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2018-04-19 19:00 - 2018-04-19 19:00 - 000000000 ____D C:\FRST
2018-04-19 18:47 - 2018-04-19 18:47 - 000000000 ____D C:\Program Files\LibreOffice
2018-04-19 18:32 - 2018-04-19 18:32 - 000000000 ____D C:\Windows\LastGood
2018-04-19 18:32 - 2013-04-26 15:24 - 000368112 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2018-04-19 18:30 - 2018-04-19 18:30 - 000003288 _____ C:\bootsqm.dat
2018-04-18 17:06 - 2018-04-18 17:06 - 000162525 _____ D:\Usuarios\061394680485\Desktop\2018.04.18_REsp_1416757.pdf
2018-04-18 15:47 - 2018-04-18 15:47 - 000907578 _____ D:\Usuarios\061394680485\Desktop\2018.04.09_AgInt_no_AgR_em_REsp_1.074.195.pdf
2018-04-18 14:46 - 2018-04-18 14:46 - 000163220 _____ D:\Usuarios\061394680485\Desktop\2018.04.06_CC_150698 (1).pdf
2018-04-18 14:39 - 2018-04-18 14:39 - 000163220 _____ D:\Usuarios\061394680485\Desktop\2018.04.06_CC_150698.pdf
2018-04-18 14:37 - 2018-04-18 14:37 - 003973810 _____ D:\Usuarios\061394680485\Desktop\2018.04.06_Extrato_de_pauta.pdf
2018-04-18 14:37 - 2018-04-18 14:37 - 000062503 _____ D:\Usuarios\061394680485\Desktop\2018.04.06_Portaria_73.pdf
2018-04-18 14:23 - 2018-04-18 14:23 - 000105390 _____ D:\Usuarios\061394680485\Desktop\exec_ativ_18579.pdf
2018-04-18 14:19 - 2018-04-18 14:19 - 000156425 _____ D:\Usuarios\061394680485\Desktop\Instrucoes_complementares2.odt
2018-04-18 14:09 - 2018-04-18 14:09 - 000425840 _____ D:\Usuarios\061394680485\Desktop\Relatorio__-_RAEs_com__pendencia_de_coleta_de_biometricas_por_ZE_v2.ods
2018-04-18 13:48 - 2018-04-18 13:48 - 000059343 _____ D:\Usuarios\061394680485\Desktop\2018.04.04_Portaria_68.pdf
2018-04-18 13:29 - 2018-04-18 13:28 - 001305413 _____ D:\Usuarios\061394680485\Desktop\2018.04.02_Rcl_29.671.pdf
2018-04-18 13:27 - 2018-04-18 13:27 - 001847521 _____ D:\Usuarios\061394680485\Desktop\2018.04.02_Resolucao_23.562.pdf
2018-03-29 19:45 - 2018-03-29 19:45 - 000633144 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2018-03-29 19:45 - 2018-03-29 19:45 - 000395592 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2018-03-29 19:45 - 2018-03-29 19:45 - 000333632 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2018-03-29 19:45 - 2018-03-29 19:45 - 000087880 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2018-03-26 09:01 - 2018-03-26 09:06 - 000430241 _____ D:\Usuarios\061394680485\Desktop\IPL - PRORROGAÇÃO DE PRAZO.odt
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2018-04-19 19:01 - 2015-06-23 20:02 - 000000000 ____D C:\Temp
2018-04-19 18:41 - 2015-06-24 18:55 - 000001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2018-04-19 18:41 - 2015-06-24 16:49 - 000014216 __RSH D:\Usuarios\Suporte\ntuser.pol
2018-04-19 18:41 - 2015-06-24 16:49 - 000000000 ____D D:\Usuarios\Suporte
2018-04-19 18:41 - 2015-06-24 16:44 - 000000060 _____ C:\Windows\system32\RespPolicy.ini
2018-04-19 18:39 - 2016-08-08 15:01 - 000004950 _____ C:\Windows\system32\CIS.INI
2018-04-19 18:39 - 2015-06-24 10:19 - 000004934 _____ C:\Windows\system32\cis2.ini
2018-04-19 18:38 - 2009-07-14 01:45 - 000015168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-19 18:38 - 2009-07-14 01:45 - 000015168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-19 18:34 - 2016-06-24 10:24 - 000052592 __RSH D:\Usuarios\061394680485\ntuser.pol
2018-04-19 18:34 - 2016-06-24 10:24 - 000000000 ____D D:\Usuarios\061394680485
2018-04-19 18:31 - 2015-06-23 20:01 - 000000128 _____ C:\Windows\system32\config\netlogon.ftl
2018-04-19 18:31 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-19 18:26 - 2015-06-24 18:55 - 000001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2018-04-19 17:48 - 2009-07-14 01:45 - 000419480 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-19 16:38 - 2015-06-24 18:36 - 000000000 ____D C:\Program Files (x86)\LibreOffice 4
2018-04-19 10:13 - 2015-06-24 19:14 - 000015355 _____ C:\Windows\cfgall.ini
2018-03-22 15:39 - 2016-06-24 13:44 - 000000838 _____ C:\Windows\system32\Drivers\etc\tmsshf.bin
2018-03-21 09:06 - 2018-03-15 09:24 - 000432799 _____ D:\Usuarios\061394680485\Desktop\EXPEDIENTE PRORROGAÇÃO DE PRAZO.odt
2018-03-20 14:02 - 2017-05-25 08:40 - 000001116 _____ C:\Windows\cfgrt_ex.ini
Alguns arquivos em TEMP:
====================
2016-09-13 15:38 - 2016-09-13 15:38 - 000349255 ____N (Java(TM) Native Access (JNA)) D:\Usuarios\061394680485\AppData\Local\Temp\jna1450998511113370795.dll
2016-09-30 16:39 - 2016-09-30 16:39 - 000349255 ____N (Java(TM) Native Access (JNA)) D:\Usuarios\061394680485\AppData\Local\Temp\jna2206946120170286911.dll
2016-09-13 15:37 - 2016-09-13 15:37 - 000349255 ____N (Java(TM) Native Access (JNA)) D:\Usuarios\061394680485\AppData\Local\Temp\jna2268761328619980800.dll
2016-06-24 11:48 - 2016-06-24 11:48 - 000347147 _____ (Java(TM) Native Access (JNA)) D:\Usuarios\061394680485\AppData\Local\Temp\jna2686503002833342246.dll
2016-09-13 16:59 - 2016-09-13 16:59 - 000349255 ____N (Java(TM) Native Access (JNA)) D:\Usuarios\061394680485\AppData\Local\Temp\jna3257912209671141373.dll
2016-08-08 14:19 - 2016-08-08 14:19 - 000349255 ____N (Java(TM) Native Access (JNA)) D:\Usuarios\061394680485\AppData\Local\Temp\jna3363873149869696474.dll
2016-06-24 10:56 - 2016-06-24 10:56 - 000347147 ____N (Java(TM) Native Access (JNA)) D:\Usuarios\061394680485\AppData\Local\Temp\jna33659445248224449.dll
2016-09-13 15:49 - 2016-09-13 15:49 - 000349255 ____N (Java(TM) Native Access (JNA)) D:\Usuarios\061394680485\AppData\Local\Temp\jna4408403933919137417.dll
2016-07-06 15:01 - 2016-07-06 15:01 - 000347147 _____ (Java(TM) Native Access (JNA)) D:\Usuarios\061394680485\AppData\Local\Temp\jna523662112025319634.dll
2016-06-24 11:45 - 2016-06-24 11:45 - 000347147 ____N (Java(TM) Native Access (JNA)) D:\Usuarios\061394680485\AppData\Local\Temp\jna5336296767020407779.dll
2016-09-13 16:23 - 2016-09-13 16:23 - 000349255 ____N (Java(TM) Native Access (JNA)) D:\Usuarios\061394680485\AppData\Local\Temp\jna5363926518336583325.dll
2016-09-14 17:28 - 2016-09-14 17:28 - 000349255 ____N (Java(TM) Native Access (JNA)) D:\Usuarios\061394680485\AppData\Local\Temp\jna7534039419340018331.dll
2016-06-27 09:48 - 2016-06-27 09:48 - 000347147 _____ (Java(TM) Native Access (JNA)) D:\Usuarios\061394680485\AppData\Local\Temp\jna8150044639604535758.dll
2016-09-30 18:57 - 2016-09-30 18:57 - 000349255 ____N (Java(TM) Native Access (JNA)) D:\Usuarios\061394680485\AppData\Local\Temp\jna8169961371841475601.dll
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2018-04-19 11:06
==================== Fim de FRST.txt ============================
Executado por Suporte (administrador) em ZRS158WKS02 (19-04-2018 19:00:47)
Executando a partir de D:\Comum
Perfis Carregados: Suporte (Perfis Disponíveis: instalador & Suporte & Oficial & 061394680485 & 058901890426 & userscript & 060916850400 & 026849150418 & Suporte & instalador)
Platform: Windows 7 Professional Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: IE)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
() C:\Seguranca\Util\SIC_SRVC.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
() D:\aplic\sevin\HSF\HotSwapFlash.exe
(Trend Micro Inc.) D:\aplic\trend\Ntrtscan.exe
() C:\Seguranca\Util\SisSrv.exe
() C:\Windows\SysWOW64\SisService.exe
(Trend Micro Inc.) D:\aplic\trend\TmListen.exe
(Trend Micro Inc.) D:\aplic\BM\TMBMSRV.exe
(Trend Micro Inc.) D:\aplic\trend\CNTAoSMgr.exe
(Trend Micro Inc.) D:\aplic\trend\CCSF\TmCCSF.exe
(UltraVNC) C:\Program Files\UltraVNC\winvnc.exe
(OCS Inventory NG) C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe
(UltraVNC) C:\Program Files\UltraVNC\winvnc.exe
() C:\Seguranca\Util\SisVolume\SvcVol.exe
() C:\Seguranca\Util\SisMessage.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
() D:\aplic\Biometria\Akiyama\IDEM\signature\idem-signature.exe
(OCS Inventory NG) C:\Program Files (x86)\OCS Inventory Agent\OcsSystray.exe
(Trend Micro Inc.) D:\aplic\trend\PccNTMon.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(eXPy) D:\aplic\Biometria\Bus\Bus\bus_webservice.exe
(eXPy) D:\aplic\Biometria\Bus\Bus\bus_webservice.exe
(eXPy) D:\aplic\Biometria\Bus\Bus\bus_webservice.exe
(eXPy) D:\aplic\Biometria\Bus\Bus\bus_webservice.exe
() D:\aplic\Biometria\Bus\Bus\C2Java_Capture.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [IgfxTray] => [X]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13632216 2013-07-09] (Realtek Semiconductor)
HKLM\...\Run: [AssociacaoMSC] => C:\seguranca\util\AssociacaoMSC.exe [521216 2014-07-18] ()
HKLM\...\Run: [Script] => C:\Seguranca\Util\Script.exe [505344 2013-10-08] ()
HKLM\...\Run: [TransmissorArqBIO] => D:\Aplic\Biometria\EdiClient\TransmArqBIO.exe [320512 2014-10-20] ()
HKLM\...\Run: [notificador] => d:\aplic\sevin\HSF\notificador.exe [985600 2014-12-18] ()
HKLM\...\Run: [EDI_Service] => D:\aplic\EDIclientCXA\edi\service.exe [58368 2016-09-16] ()
HKLM\...\Run: [EDI_Updater] => D:\aplic\EDIclientCXA\edi\serviceUpdater.exe [8704 2016-09-16] ()
HKLM-x32\...\Run: [OfficeScanNT Monitor] => d:\aplic\trend\pccntmon.exe [3382632 2017-01-26] (Trend Micro Inc.)
HKLM-x32\...\Run: [FingerService] => D:\aplic\biometria\Bus\bus\start-finger.bat [119 2016-03-12] ()
HKLM-x32\...\Run: [PhotoService] => D:\aplic\biometria\Bus\bus\start-photo.bat [94 2016-03-12] ()
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [222240 2016-04-28] (Geek Software GmbH)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Seguranca\Util\SisMessage.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKLM\...\Policies\Explorer: [__NoViewOnDrive] 4096
HKLM\...\Policies\Explorer: [NoDrives] 4096
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\Run: [EPSON T25 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGEB.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\Policies\system: [Wallpaper] C:\WINDOWS\JE\je.jpg
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\Policies\Explorer: [NoSMBalloonTip] 1
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\Policies\Explorer: [NoSetTaskbar] 1
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\Policies\Explorer: [NoInternetIcon] 1
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\Policies\Explorer: [NoAutoUpdate] 1
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\Policies\Explorer: [NoNetHood] 1
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\Policies\Explorer: [NoThemesTab] 1
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\...\MountPoints2: {744b1ecb-19c5-11e5-9caf-806e6f6e6963} - E:\SWSETUP\APPINSTL\hpsoftwaresetup.exe
HKU\S-1-5-18\...\Run: [EPSON T25 Series (Copiar 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGEB.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
GroupPolicy: Restrição <==== ATENÇÃO
GroupPolicy\User: Restrição <==== ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
AutoConfigURL: [S-1-5-21-3476711279-2351808270-2009126276-1003] => hxxp://intranet.tre-rs.gov.br/proxy/config.proxy
Hosts: 10.4.1.2 RS2
Tcpip\Parameters: [DhcpNameServer] 10.4.1.5 10.4.1.6
Tcpip\..\Interfaces\{9107350F-A167-4964-966E-CB82370ED13B}: [DhcpNameServer] 10.4.1.5 10.4.1.6
ManualProxies: 0hxxp://intranet.tre-rs.gov.br/proxy/config.proxy
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <==== ATENÇÃO
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://intranet.tre-rs.gov.br
HKU\S-1-5-21-3476711279-2351808270-2009126276-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://intranet.tre-rs.gov.br
BHO: Trend Micro Osprey Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> d:\aplic\trend\TmopIEPlg.dll [2016-01-15] (Trend Micro Inc.)
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> d:\aplic\trend\CCSF\module\BES\TmBpIe64.dll [2016-09-07] (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-17] (Oracle Corporation)
BHO-x32: Trend Micro Osprey Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> d:\aplic\trend\TmopIEPlg32.dll [2016-01-15] (Trend Micro Inc.)
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> d:\aplic\trend\CCSF\module\BES\IE32\TmBpIe32.dll [2016-09-07] (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-17] (Oracle Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - d:\aplic\trend\CCSF\module\BES\TmBpIe64.dll [2016-09-07] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - d:\aplic\trend\CCSF\module\BES\IE32\TmBpIe32.dll [2016-09-07] (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - d:\aplic\trend\TmopIEPlg.dll [2016-01-15] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - d:\aplic\trend\TmopIEPlg32.dll [2016-01-15] (Trend Micro Inc.)
FireFox:
========
FF ProfilePath: D:\Usuarios\Suporte\AppData\Roaming\Mozilla\Firefox\Profiles\6etfb739.default [2013-12-16]
FF HKLM\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - d:\aplic\trend\FirefoxExtensionOsprey
FF Extension: (Trend Micro Osprey Firefox Extension) - d:\aplic\trend\FirefoxExtensionOsprey [2017-05-24] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - d:\aplic\trend\FirefoxExtensionOsprey
FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll [Nenhum Arquivo]
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-10-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: D:\Usuarios\Suporte\AppData\Local\Google\Chrome\User Data\Default [2015-06-24]
CHR Extension: (Google Docs) - D:\Usuarios\Suporte\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-24]
CHR Extension: (Google Drive) - D:\Usuarios\Suporte\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-24]
CHR Extension: (YouTube) - D:\Usuarios\Suporte\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-24]
CHR Extension: (Google Search) - D:\Usuarios\Suporte\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-24]
CHR Extension: (Google Wallet) - D:\Usuarios\Suporte\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-24]
CHR Extension: (Gmail) - D:\Usuarios\Suporte\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-24]
CHR crx: C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\default_apps\search.crx [2015-08-27]
CHR crx: C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\default_apps\search.crx [2015-01-21]
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 HotSwapFlash; D:\Aplic\Sevin\HSF\HotSwapFlash.exe [131072 2016-08-30] () [Arquivo não assinado]
R2 ntrtscan; d:\aplic\trend\ntrtscan.exe [7536080 2017-01-26] (Trend Micro Inc.)
R2 OCS Inventory Service; C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe [45568 2015-11-03] (OCS Inventory NG) [Arquivo não assinado]
R2 SIC_SRVC; C:\Seguranca\Util\sic_srvc.exe [392192 2016-08-29] () [Arquivo não assinado]
R2 sissrv; c:\seguranca\util\sissrv.exe [40960 2012-08-27] () [Arquivo não assinado]
R2 Sis_Socket; C:\Windows\SysWOW64\SisService.exe [89600 2016-08-29] () [Arquivo não assinado]
R2 SvcVol; C:\Seguranca\Util\SisVolume\SvcVol.exe [252416 2016-08-29] () [Arquivo não assinado]
R3 TMBMServer; d:\aplic\BM\TMBMSRV.exe [594432 2016-10-03] (Trend Micro Inc.)
R3 tmccsf; d:\aplic\trend\CCSF\tmccsf.exe [1501952 2017-01-26] (Trend Micro Inc.)
R2 tmlisten; d:\aplic\trend\tmlisten.exe [5616200 2017-01-26] (Trend Micro Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R3 WinVNC; C:\Arquivos de Programas\UltraVNC\winvnc.exe [2182224 2016-05-22] (UltraVNC)
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 9truecrypt; C:\Windows\System32\DRIVERS\9truecrypt.sys [224592 2016-08-29] (TrueCrypt Foundation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-07-10] (Intel Corporation)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52832 2014-07-30] (hxxp://libusb-win32.sourceforge.net)
S3 libusb0; C:\Windows\SysWOW64\DRIVERS\libusb0.sys [42592 2012-01-17] (hxxp://libusb-win32.sourceforge.net)
R2 ProtFXP; C:\Windows\System32\DRIVERS\ProtFXP.sys [68944 2016-08-29] ()
R2 Sisdrv; C:\Windows\System32\DRIVERS\Sisdrv.sys [11600 2016-08-29] ()
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [129752 2016-09-29] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [435424 2016-09-29] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [72504 2016-04-21] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [143072 2016-07-15] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [91872 2016-09-29] (Trend Micro Inc.)
R2 TmFilter; d:\aplic\trend\TmXPFlt.sys [396944 2017-10-24] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [561952 2016-06-24] (Trend Micro Inc.)
R2 TmPreFilter; d:\aplic\trend\TmPreFlt.sys [70288 2017-10-24] (Trend Micro Inc.)
R1 tmumh; C:\Windows\System32\DRIVERS\TMUMH.sys [111840 2016-10-03] (Trend Micro Inc.)
R3 tmusa; C:\Windows\System32\DRIVERS\tmusa.sys [131808 2016-07-15] (Trend Micro Inc.)
R2 VSApiNt; d:\aplic\trend\VSApiNt.sys [2788504 2017-10-24] (Trend Micro Inc.)
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2018-04-19 19:00 - 2018-04-19 19:00 - 000000000 ____D C:\FRST
2018-04-19 18:47 - 2018-04-19 18:47 - 000000000 ____D C:\Program Files\LibreOffice
2018-04-19 18:32 - 2018-04-19 18:32 - 000000000 ____D C:\Windows\LastGood
2018-04-19 18:32 - 2013-04-26 15:24 - 000368112 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2018-04-19 18:30 - 2018-04-19 18:30 - 000003288 _____ C:\bootsqm.dat
2018-04-18 17:06 - 2018-04-18 17:06 - 000162525 _____ D:\Usuarios\061394680485\Desktop\2018.04.18_REsp_1416757.pdf
2018-04-18 15:47 - 2018-04-18 15:47 - 000907578 _____ D:\Usuarios\061394680485\Desktop\2018.04.09_AgInt_no_AgR_em_REsp_1.074.195.pdf
2018-04-18 14:46 - 2018-04-18 14:46 - 000163220 _____ D:\Usuarios\061394680485\Desktop\2018.04.06_CC_150698 (1).pdf
2018-04-18 14:39 - 2018-04-18 14:39 - 000163220 _____ D:\Usuarios\061394680485\Desktop\2018.04.06_CC_150698.pdf
2018-04-18 14:37 - 2018-04-18 14:37 - 003973810 _____ D:\Usuarios\061394680485\Desktop\2018.04.06_Extrato_de_pauta.pdf
2018-04-18 14:37 - 2018-04-18 14:37 - 000062503 _____ D:\Usuarios\061394680485\Desktop\2018.04.06_Portaria_73.pdf
2018-04-18 14:23 - 2018-04-18 14:23 - 000105390 _____ D:\Usuarios\061394680485\Desktop\exec_ativ_18579.pdf
2018-04-18 14:19 - 2018-04-18 14:19 - 000156425 _____ D:\Usuarios\061394680485\Desktop\Instrucoes_complementares2.odt
2018-04-18 14:09 - 2018-04-18 14:09 - 000425840 _____ D:\Usuarios\061394680485\Desktop\Relatorio__-_RAEs_com__pendencia_de_coleta_de_biometricas_por_ZE_v2.ods
2018-04-18 13:48 - 2018-04-18 13:48 - 000059343 _____ D:\Usuarios\061394680485\Desktop\2018.04.04_Portaria_68.pdf
2018-04-18 13:29 - 2018-04-18 13:28 - 001305413 _____ D:\Usuarios\061394680485\Desktop\2018.04.02_Rcl_29.671.pdf
2018-04-18 13:27 - 2018-04-18 13:27 - 001847521 _____ D:\Usuarios\061394680485\Desktop\2018.04.02_Resolucao_23.562.pdf
2018-03-29 19:45 - 2018-03-29 19:45 - 000633144 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2018-03-29 19:45 - 2018-03-29 19:45 - 000395592 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2018-03-29 19:45 - 2018-03-29 19:45 - 000333632 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2018-03-29 19:45 - 2018-03-29 19:45 - 000087880 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2018-03-26 09:01 - 2018-03-26 09:06 - 000430241 _____ D:\Usuarios\061394680485\Desktop\IPL - PRORROGAÇÃO DE PRAZO.odt
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2018-04-19 19:01 - 2015-06-23 20:02 - 000000000 ____D C:\Temp
2018-04-19 18:41 - 2015-06-24 18:55 - 000001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2018-04-19 18:41 - 2015-06-24 16:49 - 000014216 __RSH D:\Usuarios\Suporte\ntuser.pol
2018-04-19 18:41 - 2015-06-24 16:49 - 000000000 ____D D:\Usuarios\Suporte
2018-04-19 18:41 - 2015-06-24 16:44 - 000000060 _____ C:\Windows\system32\RespPolicy.ini
2018-04-19 18:39 - 2016-08-08 15:01 - 000004950 _____ C:\Windows\system32\CIS.INI
2018-04-19 18:39 - 2015-06-24 10:19 - 000004934 _____ C:\Windows\system32\cis2.ini
2018-04-19 18:38 - 2009-07-14 01:45 - 000015168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-19 18:38 - 2009-07-14 01:45 - 000015168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-19 18:34 - 2016-06-24 10:24 - 000052592 __RSH D:\Usuarios\061394680485\ntuser.pol
2018-04-19 18:34 - 2016-06-24 10:24 - 000000000 ____D D:\Usuarios\061394680485
2018-04-19 18:31 - 2015-06-23 20:01 - 000000128 _____ C:\Windows\system32\config\netlogon.ftl
2018-04-19 18:31 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-19 18:26 - 2015-06-24 18:55 - 000001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2018-04-19 17:48 - 2009-07-14 01:45 - 000419480 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-19 16:38 - 2015-06-24 18:36 - 000000000 ____D C:\Program Files (x86)\LibreOffice 4
2018-04-19 10:13 - 2015-06-24 19:14 - 000015355 _____ C:\Windows\cfgall.ini
2018-03-22 15:39 - 2016-06-24 13:44 - 000000838 _____ C:\Windows\system32\Drivers\etc\tmsshf.bin
2018-03-21 09:06 - 2018-03-15 09:24 - 000432799 _____ D:\Usuarios\061394680485\Desktop\EXPEDIENTE PRORROGAÇÃO DE PRAZO.odt
2018-03-20 14:02 - 2017-05-25 08:40 - 000001116 _____ C:\Windows\cfgrt_ex.ini
Alguns arquivos em TEMP:
====================
2016-09-13 15:38 - 2016-09-13 15:38 - 000349255 ____N (Java(TM) Native Access (JNA)) D:\Usuarios\061394680485\AppData\Local\Temp\jna1450998511113370795.dll
2016-09-30 16:39 - 2016-09-30 16:39 - 000349255 ____N (Java(TM) Native Access (JNA)) D:\Usuarios\061394680485\AppData\Local\Temp\jna2206946120170286911.dll
2016-09-13 15:37 - 2016-09-13 15:37 - 000349255 ____N (Java(TM) Native Access (JNA)) D:\Usuarios\061394680485\AppData\Local\Temp\jna2268761328619980800.dll
2016-06-24 11:48 - 2016-06-24 11:48 - 000347147 _____ (Java(TM) Native Access (JNA)) D:\Usuarios\061394680485\AppData\Local\Temp\jna2686503002833342246.dll
2016-09-13 16:59 - 2016-09-13 16:59 - 000349255 ____N (Java(TM) Native Access (JNA)) D:\Usuarios\061394680485\AppData\Local\Temp\jna3257912209671141373.dll
2016-08-08 14:19 - 2016-08-08 14:19 - 000349255 ____N (Java(TM) Native Access (JNA)) D:\Usuarios\061394680485\AppData\Local\Temp\jna3363873149869696474.dll
2016-06-24 10:56 - 2016-06-24 10:56 - 000347147 ____N (Java(TM) Native Access (JNA)) D:\Usuarios\061394680485\AppData\Local\Temp\jna33659445248224449.dll
2016-09-13 15:49 - 2016-09-13 15:49 - 000349255 ____N (Java(TM) Native Access (JNA)) D:\Usuarios\061394680485\AppData\Local\Temp\jna4408403933919137417.dll
2016-07-06 15:01 - 2016-07-06 15:01 - 000347147 _____ (Java(TM) Native Access (JNA)) D:\Usuarios\061394680485\AppData\Local\Temp\jna523662112025319634.dll
2016-06-24 11:45 - 2016-06-24 11:45 - 000347147 ____N (Java(TM) Native Access (JNA)) D:\Usuarios\061394680485\AppData\Local\Temp\jna5336296767020407779.dll
2016-09-13 16:23 - 2016-09-13 16:23 - 000349255 ____N (Java(TM) Native Access (JNA)) D:\Usuarios\061394680485\AppData\Local\Temp\jna5363926518336583325.dll
2016-09-14 17:28 - 2016-09-14 17:28 - 000349255 ____N (Java(TM) Native Access (JNA)) D:\Usuarios\061394680485\AppData\Local\Temp\jna7534039419340018331.dll
2016-06-27 09:48 - 2016-06-27 09:48 - 000347147 _____ (Java(TM) Native Access (JNA)) D:\Usuarios\061394680485\AppData\Local\Temp\jna8150044639604535758.dll
2016-09-30 18:57 - 2016-09-30 18:57 - 000349255 ____N (Java(TM) Native Access (JNA)) D:\Usuarios\061394680485\AppData\Local\Temp\jna8169961371841475601.dll
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2018-04-19 11:06
==================== Fim de FRST.txt ============================