Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão:27-01-2016 Executado por Marcos Lucena (2016-02-04 02:24:40) Run:1 Executando a partir de C:\Users\Marcos Lucena\Desktop Perfis Carregados: Marcos Lucena (Perfis Disponíveis: Marcos Lucena & DefaultAppPool) Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** start CloseProcesses: HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-1415586297-2205061315-3192296508-1001\...\RunOnce: [Go_Palikan] => [X] HKU\S-1-5-21-1415586297-2205061315-3192296508-1001\...\MountPoints2: {91a80684-8492-11e3-8256-e006e6d008d2} - "E:\Windows/AutoRun.exe" HKU\S-1-5-21-1415586297-2205061315-3192296508-1001\...\MountPoints2: {d68e142c-44e7-11e4-8295-e006e6d008d2} - "F:\AutoRun.exe" HKU\S-1-5-21-1415586297-2205061315-3192296508-1001\...\MountPoints2: {d68e151c-44e7-11e4-8295-e006e6d008d2} - "F:\AutoRun.exe" CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.palikan.com/?f=1&a=bfp_coinisre_16_05&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0DtDtDzz0DtByC0EzyyDtN0D0Tzu0StCyEzyyEtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyB0EyB0FzzyCzy0AtGyDtAtCzztGzytA0FtDtGtAzy0BzztGtBtD0A0ByByC0DtCyDtAyD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0E0Dzz0F0BtC0DtGtDyEtDzytGyEzytBtDtGzz0FtAzytGtByEyC0FtCyCyD0DtDyE0EtD2QtN0A0LzuyE&cr=1425212007&ir= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.palikan.com/?f=1&a=bfp_coinisre_16_05&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0DtDtDzz0DtByC0EzyyDtN0D0Tzu0StCyEzyyEtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyB0EyB0FzzyCzy0AtGyDtAtCzztGzytA0FtDtGtAzy0BzztGtBtD0A0ByByC0DtCyDtAyD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0E0Dzz0F0BtC0DtGtDyEtDzytGyEzytBtDtGzz0FtAzytGtByEyC0FtCyCyD0DtDyE0EtD2QtN0A0LzuyE&cr=1425212007&ir= HKU\S-1-5-21-1415586297-2205061315-3192296508-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.palikan.com/?f=1&a=bfp_coinisre_16_05&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0DtDtDzz0DtByC0EzyyDtN0D0Tzu0StCyEzyyEtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyB0EyB0FzzyCzy0AtGyDtAtCzztGzytA0FtDtGtAzy0BzztGtBtD0A0ByByC0DtCyDtAyD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0E0Dzz0F0BtC0DtGtDyEtDzytGyEzytBtDtGzz0FtAzytGtByEyC0FtCyCyD0DtDyE0EtD2QtN0A0LzuyE&cr=1425212007&ir= SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&a=bfp_coinisre_16_05&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0DtDtDzz0DtByC0EzyyDtN0D0Tzu0StCyEzyyEtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyB0EyB0FzzyCzy0AtGyDtAtCzztGzytA0FtDtGtAzy0BzztGtBtD0A0ByByC0DtCyDtAyD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0E0Dzz0F0BtC0DtGtDyEtDzytGyEzytBtDtGzz0FtAzytGtByEyC0FtCyCyD0DtDyE0EtD2QtN0A0LzuyE&cr=1425212007&ir=&q={searchTerms} SearchScopes: HKLM -> {6586d803-df30-46d3-a89a-4136c8571d45} URL = SearchScopes: HKU\S-1-5-21-1415586297-2205061315-3192296508-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&a=bfp_coinisre_16_05&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0DtDtDzz0DtByC0EzyyDtN0D0Tzu0StCyEzyyEtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyB0EyB0FzzyCzy0AtGyDtAtCzztGzytA0FtDtGtAzy0BzztGtBtD0A0ByByC0DtCyDtAyD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0E0Dzz0F0BtC0DtGtDyEtDzytGyEzytBtDtGzz0FtAzytGtByEyC0FtCyCyD0DtDyE0EtD2QtN0A0LzuyE&cr=1425212007&ir=&q={searchTerms} SearchScopes: HKU\S-1-5-21-1415586297-2205061315-3192296508-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&a=bfp_coinisre_16_05&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0DtDtDzz0DtByC0EzyyDtN0D0Tzu0StCyEzyyEtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyB0EyB0FzzyCzy0AtGyDtAtCzztGzytA0FtDtGtAzy0BzztGtBtD0A0ByByC0DtCyDtAyD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0E0Dzz0F0BtC0DtGtDyEtDzytGyEzytBtDtGzz0FtAzytGtByEyC0FtCyCyD0DtDyE0EtD2QtN0A0LzuyE&cr=1425212007&ir=&q={searchTerms} SearchScopes: HKU\S-1-5-21-1415586297-2205061315-3192296508-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-21-1415586297-2205061315-3192296508-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=BR&ver=21&locale=pt_BR&gct=kwd&qsrc=2869 BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => Nenhum Arquivo Toolbar: HKU\S-1-5-21-1415586297-2205061315-3192296508-1001 -> Sem Nome - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Nenhum Arquivo Toolbar: HKU\S-1-5-21-1415586297-2205061315-3192296508-1001 -> Sem Nome - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Nenhum Arquivo CHR StartupUrls: Default -> "hxxp://www.palikan.com/?f=7&a=bfp_coinisre_16_05&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0DtDtDzz0DtByC0EzyyDtN0D0Tzu0StCyEzyyEtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyB0EyB0FzzyCzy0AtGyDtAtCzztGzytA0FtDtGtAzy0BzztGtBtD0A0ByByC0DtCyDtAyD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0E0Dzz0F0BtC0DtGtDyEtDzytGyEzytBtDtGzz0FtAzytGtByEyC0FtCyCyD0DtDyE0EtD2QtN0A0LzuyE&cr=1425212007&ir=" S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] () [Arquivo não assinado] S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X] S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X] S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X] S1 gbpddfac; system32\drivers\gbpddfac64.sys [X] S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; \SystemRoot\System32\drivers\ew_juextctrl.sys [X] S3 huawei_wwanecm; \SystemRoot\system32\DRIVERS\ew_juwwanecm.sys [X] S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] S3 ZTEusbmdm6k; \SystemRoot\system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; \SystemRoot\system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; \SystemRoot\system32\DRIVERS\ZTEusbser6k.sys [X] 2016-02-03 18:33 - 2016-02-03 18:33 - 00003794 _____ C:\Windows\System32\Tasks\gameo_update 2016-02-03 18:33 - 2016-02-03 18:33 - 00003536 _____ C:\Windows\System32\Tasks\ProfessionalCleaningSoftware_Popup 2016-02-03 18:33 - 2016-02-03 18:33 - 00003272 _____ C:\Windows\System32\Tasks\ProfessionalCleaningSoftware_Start 2016-02-03 18:33 - 2016-02-03 18:33 - 00000181 _____ C:\Users\Marcos Lucena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url 2016-02-03 18:33 - 2016-02-03 18:33 - 00000000 ___HD C:\Users\Marcos Lucena\AppData\Roaming\GoldenGate 2016-02-03 18:33 - 2016-02-03 18:33 - 00000000 ____D C:\Users\Marcos Lucena\AppData\Roaming\updates 2016-02-03 18:33 - 2016-02-03 18:33 - 00000000 ____D C:\Users\Marcos Lucena\AppData\Local\Professional_Cleaning_Sof 2016-02-03 18:33 - 2016-02-03 18:33 - 00000000 ____D C:\Users\Marcos Lucena\AppData\Local\Gameo 2016-02-03 18:31 - 2016-02-03 18:31 - 00000000 ____D C:\Users\Public\Documents\Guid 2016-02-03 18:31 - 2016-02-03 18:31 - 00000000 ____D C:\Program Files (x86)\WeatherTool 2016-02-03 18:31 - 2016-02-03 18:31 - 00000000 ____D C:\Program Files (x86)\Pro PC Cleaner 2016-01-09 15:36 - 2016-01-09 15:59 - 00000000 ____D C:\Users\Marcos Lucena\Downloads\PopcornTime 2016-01-09 15:35 - 2016-01-09 15:35 - 00001173 _____ C:\Users\Public\Desktop\Popcorn Time.lnk 2016-01-09 15:35 - 2016-01-09 15:35 - 00000000 ____D C:\Users\Marcos Lucena\AppData\Local\PopcornTimeDesktop 2016-01-09 15:35 - 2016-01-09 15:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time 2016-01-09 15:35 - 2016-01-09 15:35 - 00000000 ____D C:\Program Files (x86)\Popcorn Time 2016-01-09 15:19 - 2016-01-09 15:34 - 48359224 _____ (Popcorn Time ) C:\Users\Marcos Lucena\Downloads\PopcornTime-latest.exe 2016-01-07 19:10 - 2016-01-07 19:10 - 00000000 _____ C:\Windows\SysWOW64\REN6A38.tmp 2014-01-23 17:37 - 2014-01-23 17:37 - 0016005 _____ () C:\Users\Marcos Lucena\AppData\Roaming\unins000.dat 2014-03-13 10:58 - 2015-04-07 10:06 - 0032432 _____ () C:\Users\Marcos Lucena\AppData\Roaming\unins001.dat 2015-04-07 10:06 - 2015-04-07 10:06 - 0811218 _____ () C:\Users\Marcos Lucena\AppData\Roaming\unins001.exe 2014-09-19 13:31 - 2015-03-02 20:10 - 0016640 _____ () C:\Users\Marcos Lucena\AppData\Roaming\unins002.dat 2014-09-19 13:31 - 2015-03-02 20:10 - 0815826 _____ () C:\Users\Marcos Lucena\AppData\Roaming\unins002.exe 2014-07-21 17:12 - 2014-07-21 17:12 - 0000057 _____ () C:\ProgramData\Ament.ini Task: {89010A33-0AC3-454D-9D91-64DCEF8C97FB} - \SaveSense -> Nenhum Arquivo <==== ATENÇÃO Task: {F76B22E2-2A11-49AA-BFBB-CF9AF7F3F460} - System32\Tasks\gameo_update => C:\Users\Marcos <==== ATENÇÃO Task: {FB5E7882-18CE-40DE-A6D1-461B462F43F5} - System32\Tasks\Marcos LucenaPhosphaticCasuallyV2 => Rundll32.exe OverassertiveContinuable.dll,main 7 1 <==== ATENÇÃO Task: C:\Windows\Tasks\Price Fountain.job => C:\Users\MARCOS~1\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== ATENÇÃO AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== FirewallRules: [{B6DF96D0-9341-4323-B446-C7DE29AB338B}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe FirewallRules: [{FBA932CC-34AC-4DEE-B571-C3FEFCEC2420}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe FirewallRules: [{BE366AA3-FA64-4A69-ABF4-5B3922AC50DD}] => (Allow) C:\Program Files\KMSpico\KMSServer.exe FirewallRules: [{5071853F-9471-4E2F-9563-9AD073D65568}] => (Allow) C:\Program Files\KMSpico\KMSServer.exe FirewallRules: [{42E47AB1-0BC0-4E59-8AE0-A9C858CBD17D}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{8DE7E381-D9A7-4828-9FC7-63EA0FE562CD}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{82878897-8686-47A0-B5CE-E9CA3E295768}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{EE3D2292-7AA0-4416-91A0-18341D7E15B4}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{CF3E17EB-0094-4EC9-BFD6-BAB63FD58BE4}] => (Allow) C:\Users\Marcos Lucena\AppData\Local\Temp\WZSE0.TMP\G4IWF.exe FirewallRules: [{50D332F1-D893-4D9A-8EED-6E344629E3CD}] => (Allow) C:\Users\Marcos Lucena\AppData\Local\Temp\WZSE0.TMP\G4IWF.exe FirewallRules: [TCP Query User{3F126D8B-76D8-4D54-A49A-B5BB88678A6A}C:\users\marcos lucena\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\marcos lucena\appdata\local\popcorn time\node-webkit\popcorn time.exe FirewallRules: [UDP Query User{0AF9F535-1274-4A66-9C77-58E6062A686C}C:\users\marcos lucena\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\marcos lucena\appdata\local\popcorn time\node-webkit\popcorn time.exe FirewallRules: [{81174C2E-6568-4A2F-B36C-7A67EC4CDCB1}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{FB4C8B78-0F88-46FE-A34C-BFEB730E4E0D}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{1A2D883E-0C90-4FEC-9B5D-AE537E416D9B}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe FirewallRules: [{DE60455C-E2F2-4092-93CA-71AD1493EF2A}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe FirewallRules: [{5DCC829C-CF92-48FB-8683-2E5ABE839885}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe FirewallRules: [{DB88690C-EFBE-46F4-BC43-0574A5A94872}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe C:\Users\Marcos Lucena\AppData\Local\Temp\AcDeltree.exe C:\Users\Marcos Lucena\AppData\Local\Temp\apptemp.1.exe C:\Users\Marcos Lucena\AppData\Local\Temp\OverassertiveContinuable.dll CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files (x86)" CMD: dir /a "C:\Users\All Users" CreateRestorePoint: RemoveProxy: EmptyTemp: Reboot: Hosts: end ***************** Processos fechados com sucesso. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => valor removido (a) com sucesso. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => valor removido (a) com sucesso. HKU\S-1-5-21-1415586297-2205061315-3192296508-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Go_Palikan => valor não encontrado (a). "HKU\S-1-5-21-1415586297-2205061315-3192296508-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91a80684-8492-11e3-8256-e006e6d008d2}" => chave removido (a) com sucesso. HKCR\CLSID\{91a80684-8492-11e3-8256-e006e6d008d2} => chave não encontrado (a). "HKU\S-1-5-21-1415586297-2205061315-3192296508-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d68e142c-44e7-11e4-8295-e006e6d008d2}" => chave removido (a) com sucesso. HKCR\CLSID\{d68e142c-44e7-11e4-8295-e006e6d008d2} => chave não encontrado (a). "HKU\S-1-5-21-1415586297-2205061315-3192296508-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d68e151c-44e7-11e4-8295-e006e6d008d2}" => chave removido (a) com sucesso. HKCR\CLSID\{d68e151c-44e7-11e4-8295-e006e6d008d2} => chave não encontrado (a). "HKLM\SOFTWARE\Policies\Google" => chave removido (a) com sucesso. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso HKU\S-1-5-21-1415586297-2205061315-3192296508-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => chave removido (a) com sucesso. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => chave não encontrado (a). "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6586d803-df30-46d3-a89a-4136c8571d45}" => chave removido (a) com sucesso. HKCR\CLSID\{6586d803-df30-46d3-a89a-4136c8571d45} => chave não encontrado (a). HKU\S-1-5-21-1415586297-2205061315-3192296508-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso. "HKU\S-1-5-21-1415586297-2205061315-3192296508-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => chave removido (a) com sucesso. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => chave não encontrado (a). "HKU\S-1-5-21-1415586297-2205061315-3192296508-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => chave removido (a) com sucesso. HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => chave não encontrado (a). "HKU\S-1-5-21-1415586297-2205061315-3192296508-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => chave removido (a) com sucesso. HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => chave não encontrado (a). "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => chave removido (a) com sucesso. "HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => chave removido (a) com sucesso. HKU\S-1-5-21-1415586297-2205061315-3192296508-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => valor removido (a) com sucesso. HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => chave não encontrado (a). HKU\S-1-5-21-1415586297-2205061315-3192296508-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => valor removido (a) com sucesso. "HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => chave removido (a) com sucesso. Chrome StartupUrls => removido (a) com sucesso. Update service => serviço removido (a) com sucesso. BprotectEx => serviço removido (a) com sucesso. ew_hwusbdev => serviço removido (a) com sucesso. ew_usbenumfilter => serviço removido (a) com sucesso. gbpddfac => serviço removido (a) com sucesso. huawei_cdcacm => serviço removido (a) com sucesso. huawei_enumerator => serviço removido (a) com sucesso. huawei_ext_ctrl => serviço removido (a) com sucesso. huawei_wwanecm => serviço removido (a) com sucesso. PCFApiUtil => serviço removido (a) com sucesso. RtsUIR => serviço removido (a) com sucesso. USBCCID => serviço removido (a) com sucesso. ZTEusbmdm6k => serviço removido (a) com sucesso. ZTEusbnmea => serviço removido (a) com sucesso. ZTEusbser6k => serviço removido (a) com sucesso. C:\Windows\System32\Tasks\gameo_update => movido com sucesso C:\Windows\System32\Tasks\ProfessionalCleaningSoftware_Popup => movido com sucesso C:\Windows\System32\Tasks\ProfessionalCleaningSoftware_Start => movido com sucesso C:\Users\Marcos Lucena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url => movido com sucesso C:\Users\Marcos Lucena\AppData\Roaming\GoldenGate => movido com sucesso C:\Users\Marcos Lucena\AppData\Roaming\updates => movido com sucesso C:\Users\Marcos Lucena\AppData\Local\Professional_Cleaning_Sof => movido com sucesso C:\Users\Marcos Lucena\AppData\Local\Gameo => movido com sucesso C:\Users\Public\Documents\Guid => movido com sucesso "C:\Program Files (x86)\WeatherTool" => não encontrado (a). C:\Program Files (x86)\Pro PC Cleaner => movido com sucesso C:\Users\Marcos Lucena\Downloads\PopcornTime => movido com sucesso C:\Users\Public\Desktop\Popcorn Time.lnk => movido com sucesso C:\Users\Marcos Lucena\AppData\Local\PopcornTimeDesktop => movido com sucesso C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time => movido com sucesso C:\Program Files (x86)\Popcorn Time => movido com sucesso C:\Users\Marcos Lucena\Downloads\PopcornTime-latest.exe => movido com sucesso C:\Windows\SysWOW64\REN6A38.tmp => movido com sucesso C:\Users\Marcos Lucena\AppData\Roaming\unins000.dat => movido com sucesso C:\Users\Marcos Lucena\AppData\Roaming\unins001.dat => movido com sucesso C:\Users\Marcos Lucena\AppData\Roaming\unins001.exe => movido com sucesso C:\Users\Marcos Lucena\AppData\Roaming\unins002.dat => movido com sucesso C:\Users\Marcos Lucena\AppData\Roaming\unins002.exe => movido com sucesso C:\ProgramData\Ament.ini => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89010A33-0AC3-454D-9D91-64DCEF8C97FB}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89010A33-0AC3-454D-9D91-64DCEF8C97FB}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SaveSense" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F76B22E2-2A11-49AA-BFBB-CF9AF7F3F460}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F76B22E2-2A11-49AA-BFBB-CF9AF7F3F460}" => chave removido (a) com sucesso. C:\Windows\System32\Tasks\gameo_update => não encontrado (a). "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gameo_update" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FB5E7882-18CE-40DE-A6D1-461B462F43F5}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB5E7882-18CE-40DE-A6D1-461B462F43F5}" => chave removido (a) com sucesso. C:\Windows\System32\Tasks\Marcos LucenaPhosphaticCasuallyV2 => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Marcos LucenaPhosphaticCasuallyV2" => chave removido (a) com sucesso. C:\Windows\Tasks\Price Fountain.job => movido com sucesso C:\Program Files (x86)\GbPlugin => ":IncompleteStartProcessProtection.cnt" ADS removido (a) com sucesso.. C:\Program Files (x86)\GbPlugin => ":u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==" ADS removido (a) com sucesso.. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B6DF96D0-9341-4323-B446-C7DE29AB338B} => valor removido (a) com sucesso. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FBA932CC-34AC-4DEE-B571-C3FEFCEC2420} => valor removido (a) com sucesso. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BE366AA3-FA64-4A69-ABF4-5B3922AC50DD} => valor removido (a) com sucesso. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5071853F-9471-4E2F-9563-9AD073D65568} => valor removido (a) com sucesso. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{42E47AB1-0BC0-4E59-8AE0-A9C858CBD17D} => valor removido (a) com sucesso. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8DE7E381-D9A7-4828-9FC7-63EA0FE562CD} => valor removido (a) com sucesso. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{82878897-8686-47A0-B5CE-E9CA3E295768} => valor removido (a) com sucesso. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EE3D2292-7AA0-4416-91A0-18341D7E15B4} => valor removido (a) com sucesso. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CF3E17EB-0094-4EC9-BFD6-BAB63FD58BE4} => valor removido (a) com sucesso. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{50D332F1-D893-4D9A-8EED-6E344629E3CD} => valor removido (a) com sucesso. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3F126D8B-76D8-4D54-A49A-B5BB88678A6A}C:\users\marcos lucena\appdata\local\popcorn time\node-webkit\popcorn time.exe => valor removido (a) com sucesso. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0AF9F535-1274-4A66-9C77-58E6062A686C}C:\users\marcos lucena\appdata\local\popcorn time\node-webkit\popcorn time.exe => valor removido (a) com sucesso. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{81174C2E-6568-4A2F-B36C-7A67EC4CDCB1} => valor removido (a) com sucesso. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FB4C8B78-0F88-46FE-A34C-BFEB730E4E0D} => valor removido (a) com sucesso. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1A2D883E-0C90-4FEC-9B5D-AE537E416D9B} => valor removido (a) com sucesso. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DE60455C-E2F2-4092-93CA-71AD1493EF2A} => valor removido (a) com sucesso. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5DCC829C-CF92-48FB-8683-2E5ABE839885} => valor removido (a) com sucesso. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DB88690C-EFBE-46F4-BC43-0574A5A94872} => valor removido (a) com sucesso. C:\Users\Marcos Lucena\AppData\Local\Temp\AcDeltree.exe => movido com sucesso C:\Users\Marcos Lucena\AppData\Local\Temp\apptemp.1.exe => movido com sucesso C:\Users\Marcos Lucena\AppData\Local\Temp\OverassertiveContinuable.dll => movido com sucesso ========= dir /a "C:\Program Files" ========= O volume na unidade C nÆo tem nome. O N£mero de S‚rie do Volume ‚ D60D-6E95 Pasta de C:\Program Files 03/02/2016 18:43 . 03/02/2016 18:43 .. 13/08/2014 08:32 Adblock Plus for IE 21/01/2014 16:27 Arquivos Comuns [C:\Program Files\Common Files] 21/01/2014 17:10 ATI 21/01/2014 17:10 ATI Technologies 03/02/2016 18:51 Autodesk 09/08/2014 07:13 Bonjour 01/02/2014 01:36 CCleaner 03/02/2016 18:48 Common Files 22/01/2014 20:50 CONEXANT 22/08/2013 12:35 174 desktop.ini 14/03/2015 08:42 Diebold 23/01/2014 15:39 DivX 06/02/2014 18:31 Google 21/07/2014 17:12 HP 22/01/2014 17:11 Intel 13/01/2016 02:34 Internet Explorer 07/01/2016 19:10 Java 21/01/2014 16:52 Microsoft Office 15/07/2015 19:30 Microsoft SQL Server 07/02/2014 17:26 Microsoft Visual Studio 9.0 07/02/2014 17:26 Microsoft.NET 21/01/2014 17:44 MSBuild 22/01/2014 15:38 NVIDIA Corporation 21/01/2014 17:44 Reference Assemblies 21/01/2014 17:04 Synaptics 22/08/2013 11:47 Uninstall Information 19/08/2015 07:08 Windows Defender 11/09/2015 19:50 Windows Journal 17/01/2015 15:42 Windows Live 15/03/2015 23:34 Windows Mail 15/03/2015 23:34 Windows Media Player 15/03/2015 23:34 Windows Multimedia Platform 21/01/2014 16:27 Windows NT 15/03/2015 23:34 Windows Photo Viewer 15/03/2015 23:34 Windows Portable Devices 22/08/2013 12:36 Windows Sidebar 07/11/2015 18:46 WindowsApps 15/03/2015 23:27 WindowsPowerShell 1 arquivo(s) 174 bytes 39 pasta(s) 857.621.159.936 bytes dispon¡veis ========= Fim de CMD: ========= ========= dir /a "C:\Program Files (x86)" ========= O volume na unidade C nÆo tem nome. O N£mero de S‚rie do Volume ‚ D60D-6E95 Pasta de C:\Program Files (x86) 04/02/2016 02:24 . 04/02/2016 02:24 .. 21/01/2014 16:50 Adobe 15/05/2015 00:07 Anvsoft 09/08/2014 07:14 Apple Software Update 23/01/2014 15:29 Baidu Security 09/08/2014 07:13 Bonjour 05/02/2015 15:36 Claro 03/02/2016 18:51 Common Files 30/10/2014 12:09 Corel 22/08/2013 12:34 174 desktop.ini 14/03/2015 08:42 Diebold 23/01/2014 15:39 DivX 23/01/2014 15:29 DSP-worx 05/01/2016 16:48 Free mp3 Wma Converter 14/03/2015 08:42 GAS Tecnologia 30/11/2015 21:42 GbPlugin 02/02/2015 09:15 Google 28/09/2014 10:47 Hewlett-Packard 21/07/2014 17:12 HP 13/10/2014 16:34 HP Photo Creations 20/05/2015 12:04 InstallShield Installation Information 22/01/2014 21:18 Intel 14/12/2015 21:16 Internet Explorer 07/01/2016 19:10 Java 21/01/2014 16:49 K-Lite Codec Pack 31/01/2014 23:07 Malwarebytes' Anti-Malware 16/08/2014 09:04 Microsoft 21/01/2014 16:52 Microsoft Analysis Services 10/02/2014 16:25 Microsoft Office 10/02/2014 16:22 Microsoft SDKs 15/07/2015 19:30 Microsoft SQL Server 17/01/2015 15:43 Microsoft SQL Server Compact Edition 21/01/2014 16:55 Microsoft Sync Framework 10/02/2014 16:22 Microsoft Synchronization Services 10/02/2014 16:24 Microsoft Visual Studio 9.0 07/02/2014 17:26 Microsoft.NET 21/01/2014 17:44 MSBuild 09/01/2016 18:08 NortonInstaller 22/01/2014 15:38 NVIDIA Corporation 23/01/2014 15:29 OpenSource Flash Video Splitter 01/02/2014 01:39 PDFCreator 22/01/2014 20:08 Realtek 21/01/2014 17:44 Reference Assemblies 15/01/2016 22:20 Skype 20/05/2015 12:04 SupportInfo 21/01/2014 18:01 Temp 19/08/2015 07:08 Windows Defender 17/01/2015 15:43 Windows Live 15/03/2015 23:28 Windows Mail 15/03/2015 23:27 Windows Media Player 15/03/2015 23:27 Windows Multimedia Platform 22/08/2013 12:36 Windows NT 15/03/2015 23:27 Windows Photo Viewer 15/03/2015 23:27 Windows Portable Devices 22/08/2013 12:36 Windows Sidebar 22/08/2013 12:36 WindowsPowerShell 21/01/2014 16:46 WinRAR 29/06/2015 12:32 Wondershare 23/01/2014 15:30 Xvid 1 arquivo(s) 174 bytes 59 pasta(s) 857.621.155.840 bytes dispon¡veis ========= Fim de CMD: ========= ========= dir /a "C:\Users\All Users" ========= O volume na unidade C nÆo tem nome. O N£mero de S‚rie do Volume ‚ D60D-6E95 Pasta de C:\Users\All Users 04/02/2016 02:24 . 04/02/2016 02:24 .. 21/01/2014 19:09 Adobe 09/08/2014 07:13 Apple 22/08/2013 11:45 Application Data [C:\ProgramData] 03/02/2016 18:48 Autodesk 23/01/2014 15:30 Baidu Security 13/03/2014 10:58 boost_interprocess 26/09/2014 17:39 Claro 15/05/2015 00:08 Common Files 22/01/2014 20:49 Conexant 24/11/2014 11:48 Corel 30/10/2014 14:19 CorelDRAW Graphics Suite X6 21/01/2014 16:27 Dados de Aplicativos [C:\ProgramData] 05/02/2015 15:36 DatacardService 22/01/2014 10:38 Dell 22/08/2013 11:45 Desktop [C:\Users\Public\Desktop] 23/01/2014 15:40 DivX 21/01/2014 16:27 Documentos [C:\Users\Public\Documents] 22/08/2013 11:45 Documents [C:\Users\Public\Documents] 22/08/2014 13:20 EPSON 21/03/2015 19:43 FLEXnet 07/04/2015 10:07 GAS Tecnologia 26/01/2016 23:50 GbPlugin 17/10/2014 13:45 HP 31/01/2015 10:25 HP Photo Creations 01/02/2014 01:40 Log 31/01/2014 23:07 Malwarebytes 21/01/2014 16:27 Menu Iniciar [C:\ProgramData\Microsoft\Windows\Start Menu] 17/01/2015 15:28 Microsoft 12/01/2016 19:12 Microsoft Help 17/01/2015 15:30 Microsoft OneDrive 21/01/2014 16:27 Modelos [C:\ProgramData\Microsoft\Windows\Templates] 21/01/2014 16:47 Mozilla 21/01/2014 19:12 Nero 09/01/2016 18:05 Norton 17/11/2014 17:09 NortonInstaller 03/02/2016 18:32 372 ntuser.pol 22/01/2014 15:38 NVIDIA Corporation 07/01/2016 22:07 Oracle 13/01/2016 19:29 Package Cache 17/11/2014 17:09 PCSettings 30/10/2014 14:36 Protexis 15/03/2015 23:27 regid.1991-06.com.microsoft 08/07/2015 23:38 Skype 22/08/2013 11:45 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 22/08/2013 11:45 Templates [C:\ProgramData\Microsoft\Windows\Templates] 15/05/2015 00:11 TuneUp Software 13/10/2014 16:34 Visan 29/06/2015 11:51 Wondershare 15/05/2015 00:08 {FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 1 arquivo(s) 372 bytes 50 pasta(s) 857.621.151.744 bytes dispon¡veis ========= Fim de CMD: ========= Ponto de Restauração criado com sucesso. ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso. HKU\S-1-5-21-1415586297-2205061315-3192296508-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso. HKU\S-1-5-21-1415586297-2205061315-3192296508-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso. ========= Fim de RemoveProxy: ========= C:\Windows\System32\Drivers\etc\hosts => movido com sucesso Hosts restaurado com sucesso. EmptyTemp: => 1 GB de dados temporários Removidos. O sistema precisou ser reiniciado. ==== Fim de Fixlog 02:30:06 ====