Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 27-11-2017 Executado por Administrador (administrador) em SERVERKONTEK (28-11-2017 09:43:16) Executando a partir de C:\Program Files\FRST Perfis Carregados: Administrador (Perfis Disponíveis: Cont1 & Cont2 & Cont3 & Cont4 & Cont6 & Cont7 & Recepcao & Cont10 & Administrador & Classic .NET AppPool) Platform: Windows Server 2008 R2 Standard (X64) Idioma: Português (Brasil) Internet Explorer Versão 8 (Navegador padrão: IE) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe (Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbService.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe () C:\Program Files\Davet Backup PRO\aua\bin\Aua.exe () C:\Program Files\Davet Backup PRO\bin\CDPService64.exe (Sun Microsystems, Inc.) C:\Program Files\Davet Backup PRO\aua\jvm\bin\auaJW.exe () C:\Program Files\Davet Backup PRO\bin\CDPService64.exe () C:\Program Files\Davet Backup PRO\bin\Scheduler.exe (Sun Microsystems, Inc.) C:\Program Files\Davet Backup PRO\jvm\bin\bschJW.exe () C:\Contabil\Utilitários\ServicoAgendador.exe (SAP AG or an SAP affiliate company) C:\Program Files\SQL Anywhere 16\Bin64\dbsrv16.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Microsoft Corporation) C:\Windows\System32\iashost.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe () C:\Program Files\Davet Backup PRO\bin\SystemTray64.exe (Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe () D:\Contabil\Agente de Comunicação com o Domínio Atendimento\Agente_comunicacao.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () D:\Contabil\Agente de Comunicação com o Domínio Atendimento\Servico\ServicoDominioAtendimento.exe (Microsoft Corporation) C:\Windows\System32\LogonUI.exe (Microsoft Corporation) C:\Windows\System32\rdpclip.exe (Caixa Econômica Federal) D:\CAIXA\CobCAIXA\CobCaixa.exe (Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_151\bin\javaw.exe (Microsoft Corporation) C:\Windows\splwow64.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation) HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [423424 2017-04-02] (LogMeIn, Inc.) HKLM\...\Run: [WebServicePortalFederal] => [X] HKLM\...\Run: [OBSystemTray] => C:\Program Files\Davet Backup PRO\bin\SystemTray64.exe [517120 2017-02-10] () HKLM\...\Run: [ConsultaNF-e_SEFAZ_RS] => [X] HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft) HKLM-x32\...\Run: [Agente de Comunicação com o Domínio Atendimento] => D:\Contabil\Agente de Comunicação com o Domínio Atendimento\Agente_comunicacao.exe [482816 2017-11-16] () HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation) HKLM\...\Policies\Explorer: [ShowSuperHidden] 1 Lsa: [Notification Packages] scecli rassfm ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\..\Interfaces\{D9A854B1-302B-4533-A07E-7B0F7A9283BB}: [NameServer] 200.175.5.139,200.175.89.139 Internet Explorer: ================== HKU\S-1-5-21-2811651713-100978984-422273784-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE URLSearchHook: HKU\S-1-5-21-2811651713-100978984-422273784-500 - (Sem Nome) - {D8278076-BC68-4484-9233-6E7F1628B56C} - Nenhum Arquivo SearchScopes: HKU\S-1-5-21-2811651713-100978984-422273784-500 -> {F0CA83A3-FD15-4C2C-9216-3FD5FBB67C60} URL = hxxp://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11406&pf=V7&p2=%5EBBE%5EOSJ000%5EYY%5EBR&gct=sb&itbv=12.12.2.83&apn_uid=B0876008-208C-462F-BD9B-EC6C123EE6D2&apn_ptnrs=BBE&apn_dtid=%5EOSJ000%5EYY%5EBR&apn_dbr=ie_8.0.7600.16385&doi=2014-06-02&trgb=IE&q={searchTerms}&psv= BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-18] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-18] (Oracle Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation) FireFox: ======== FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-18] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-18] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] () S2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [Arquivo não assinado] R2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2013-03-07] (Luis Cobian, CobianSoft) [Arquivo não assinado] S3 FCRegSvc; C:\Windows\system32\FCRegSvc.dll [25600 2009-07-13] (Microsoft Corporation) R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [349184 2009-07-13] (Microsoft Corporation) R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.) R2 IAS; C:\Windows\System32\ias.dll [26624 2009-07-13] (Microsoft Corporation) R2 IAS; C:\Windows\SysWOW64\ias.dll [19456 2009-07-13] (Microsoft Corporation) R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15360 2009-07-13] (Microsoft Corporation) S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2014-02-01] () [Arquivo não assinado] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [419304 2017-11-09] (LogMeIn, Inc.) R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [525288 2017-11-09] (LogMeIn, Inc.) R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-04-30] (LogMeIn, Inc.) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation) S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation) R2 OBAutoUpdate; C:\Program Files\Davet Backup PRO\aua\bin\Aua.exe [176128 2017-02-10] () [Arquivo não assinado] R2 OBCDPService; C:\Program Files\Davet Backup PRO\bin\CDPService64.exe [363008 2017-02-10] () [Arquivo não assinado] R2 OBScheduler; C:\Program Files\Davet Backup PRO\bin\Scheduler.exe [77824 2017-02-10] () [Arquivo não assinado] R3 RPCHTTPLBS; C:\Windows\System32\RpcProxy\LBService.dll [24576 2009-07-13] (Microsoft Corporation) S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [91648 2009-07-13] (Microsoft Corporation) S3 sacsvr; C:\Windows\system32\sacsvr.dll [14848 2009-07-13] (Microsoft Corporation) R2 ServicoAgendador; C:\Contabil\Utilitários\ServicoAgendador.exe [12288 2013-10-31] () [Arquivo não assinado] S3 ServicoBackupNuvem; D:\Contabil\Agente de Backup em Nuvem\ServicoBackupNuvem.exe [120320 2017-11-08] (Domínio Sistemas Ltda.) [Arquivo não assinado] R2 ServicoDominioAtendimento; D:\Contabil\Agente de Comunicação com o Domínio Atendimento\Servico\ServicoDominioAtendimento.exe [369152 2017-11-16] () [Arquivo não assinado] S3 ServicoGerenciadorAtualizacao; C:\Contabil\Utilitários\ServicoGerenciadorAtualizacao.exe [6656 2013-10-31] () [Arquivo não assinado] R2 SQLANYs_Servidor_Dominio16; C:\Program Files\SQL Anywhere 16\Bin64\dbsrv16.exe [112944 2014-03-20] (SAP AG or an SAP affiliate company) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) R2 TermServLicensing; C:\Windows\System32\lserver.dll [692224 2009-07-13] (Microsoft Corporation) R2 TSGateway; C:\Windows\system32\aaedge.dll [303616 2009-07-13] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation) S3 ASANYs_Servidor_Dominio; C:\Arquivos de programas\Sybase\Adaptive Server Anywhere 9.0\Win32\dbsrv9.exe -hvASANYs_Servidor_Dominio [X] ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] () S3 ioatdma; C:\Windows\System32\Drivers\qd260x64.sys [35328 2009-06-10] (Intel Corporation) S2 LMIInfo; C:\Windows\system32\drivers\LMIInfo.sys [30432 2017-01-11] (LogMeIn, Inc.) S4 LMIRfsClientNP; não ImagePath R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation) R3 MRxDAV; C:\Windows\SysWOW64\drivers\mrxdav.sys [115712 2009-07-13] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation) S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [96320 2009-07-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-11-27 10:24 - 2017-11-28 07:24 - 000257412 _____ C:\Users\Administrador\AppData\Local\Temp\ArmUI.ini 2017-11-27 10:12 - 2017-11-28 09:43 - 000000000 ____D C:\Users\Administrador\AppData\Local\Temp\1 2017-11-27 10:02 - 2017-11-28 09:43 - 000000000 ____D C:\FRST 2017-11-27 10:01 - 2017-11-28 09:43 - 000000000 ____D C:\Program Files\FRST 2017-11-20 09:51 - 2017-11-20 09:51 - 000708096 _____ C:\Windows\isRS-000.tmp 2017-11-20 09:38 - 2017-11-20 09:38 - 000000000 ____D C:\Contabil 2017-11-10 10:48 - 2017-11-27 20:00 - 000000000 ____D C:\Users\Administrador\.temp 2017-11-10 10:38 - 2017-11-10 10:47 - 000000000 ____D C:\Users\Administrador\.obm 2017-11-10 10:38 - 2017-11-10 10:38 - 000000000 ____D C:\Users\Todos os Usuários\Davet Backup PRO 2017-11-10 10:38 - 2017-11-10 10:38 - 000000000 ____D C:\ProgramData\Davet Backup PRO 2017-11-10 10:37 - 2017-11-10 10:38 - 000000000 ____D C:\Program Files\Davet Backup PRO 2017-11-10 10:37 - 2017-11-10 10:37 - 000001854 _____ C:\Users\Public\Desktop\Davet Backup PRO.lnk 2017-11-10 10:37 - 2017-11-10 10:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Davet Backup PRO 2017-11-03 11:07 - 2017-11-03 11:07 - 000000787 _____ C:\Users\Administrador\Desktop\Agendador de Backup.lnk 2017-11-03 10:15 - 2017-11-03 10:15 - 000000418 _____ C:\Users\Administrador\Desktop\DOMINIO.txt 2017-11-03 09:02 - 2005-08-22 13:53 - 000918528 _____ (Sybase, Inc.) C:\Windows\SysWOW64\dbtool7.dll 2017-11-03 09:02 - 2005-08-22 13:53 - 000443904 _____ (Sybase, Inc.) C:\Windows\SysWOW64\dblgpt7.dll 2017-11-03 09:02 - 2005-08-22 13:53 - 000396288 _____ (Sybase, Inc.) C:\Windows\SysWOW64\dblib7.dll 2017-11-03 09:02 - 2005-08-22 13:53 - 000387584 _____ (Sybase, Inc.) C:\Windows\SysWOW64\dblgen7.dll 2017-11-03 09:02 - 2005-08-22 13:53 - 000045056 _____ (A. Company) C:\Windows\SysWOW64\VBZip.dll 2017-11-03 09:02 - 2005-08-10 13:55 - 000385024 _____ (WinMain Software (hxxp://www.winmain.com)) C:\Windows\SysWOW64\cmax20.ocx 2017-11-03 09:02 - 2005-08-10 13:55 - 000032768 _____ C:\Windows\SysWOW64\GeradUtl.dll ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-11-28 06:56 - 2014-02-01 11:03 - 000000000 ____D C:\Users\Todos os Usuários\LogMeIn 2017-11-28 06:56 - 2014-02-01 11:03 - 000000000 ____D C:\ProgramData\LogMeIn 2017-11-27 22:07 - 2014-02-01 10:36 - 000004358 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4ADF7D47-8D5D-44DC-89C4-BCF689CEEE2D} 2017-11-27 10:16 - 2009-07-14 02:49 - 000014432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-11-27 10:16 - 2009-07-14 02:49 - 000014432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-11-27 10:15 - 2009-07-14 05:29 - 000765554 _____ C:\Windows\system32\prfh0416.dat 2017-11-27 10:15 - 2009-07-14 05:29 - 000170376 _____ C:\Windows\system32\prfc0416.dat 2017-11-27 10:15 - 2009-07-14 03:10 - 001798914 _____ C:\Windows\system32\PerfStringBackup.INI 2017-11-27 10:15 - 2009-07-14 01:20 - 000000000 ____D C:\Windows\inf 2017-11-27 10:12 - 2014-01-31 17:03 - 000000000 ____D C:\Users\Administrador 2017-11-27 10:10 - 2009-07-14 01:20 - 000000000 ____D C:\Windows\system32\inetsrv 2017-11-27 10:09 - 2017-06-14 17:16 - 000000440 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2017-11-27 10:09 - 2014-02-01 11:05 - 000000988 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk 2017-11-27 10:09 - 2014-02-01 09:34 - 000000000 ____D C:\Windows\system32\lserver 2017-11-27 10:08 - 2009-07-14 03:06 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-11-27 10:06 - 2014-02-21 12:57 - 000000000 ____D C:\Users\Administrador\AppData\Local\Temp\hsperfdata_Administrador 2017-11-20 18:32 - 2014-02-01 09:56 - 000545440 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2017-11-20 09:50 - 2014-02-03 14:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Domínio Contábil 2017-11-10 10:29 - 2014-02-01 10:37 - 000000000 ____D C:\Users\Administrador\WINDOWS 2017-11-10 10:21 - 2014-02-01 10:47 - 000000000 ____D C:\Users\Todos os Usuários\Microsoft Help 2017-11-09 16:36 - 2014-02-01 11:03 - 000109024 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll 2017-11-09 16:36 - 2014-02-01 11:03 - 000000000 ____D C:\Program Files (x86)\LogMeIn ==================== Arquivos na raiz de alguns diretórios ======= 2014-02-01 10:55 - 2014-02-01 10:55 - 003993600 _____ () C:\Program Files (x86)\GUT1B30.tmp 2014-02-11 17:43 - 2014-02-11 17:43 - 049940480 _____ () C:\Program Files (x86)\GUT6400.tmp ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2017-11-19 00:58 ==================== Fim de FRST.txt ============================