Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão:05-03-2016 01
Executado por Lucas (2016-03-25 20:50:19) Run:1
Executando a partir de C:\Users\Lucas\Desktop
Perfis Carregados: Lucas (Perfis Disponíveis: Lucas & Cadu)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
start
CloseProcesses:
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Nenhum Arquivo 
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => Nenhum Arquivo 
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Nenhum Arquivo 
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => Nenhum Arquivo 
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => Nenhum Arquivo
GroupPolicyUsers\S-1-5-21-1547552056-3526290009-4279622403-1006\User: Restrição <======= ATENÇÃO
R1 Bfilter; C:\WINDOWS\System32\drivers\Bfilter.sys [52032 2014-01-21] (Baidu, Inc.) 
R1 Bfmon; C:\WINDOWS\System32\drivers\Bfmon.sys [34624 2014-01-21] (Baidu, Inc.) 
R1 Bprotect; C:\WINDOWS\System32\drivers\Bprotect.sys [128992 2014-01-21] (Baidu, Inc.)
2016-03-25 11:45 - 2015-07-17 22:30 - 00003806 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2016-03-19 18:25 - 2016-01-04 22:43 - 00000000 ____D C:\Users\Todos os Usuários\ProductData 
2016-03-19 18:25 - 2016-01-04 22:43 - 00000000 ____D C:\ProgramData\ProductData
2016-03-05 11:53 - 2014-05-23 23:18 - 00000000 ____D C:\AdwCleaner
2014-05-24 13:15 - 2014-05-24 13:16 - 0017171 _____ () C:\Users\Lucas\AppData\Roaming\unins000.dat 
2014-05-24 13:15 - 2014-05-24 13:15 - 0730834 _____ () C:\Users\Lucas\AppData\Roaming\unins000.exe 
2014-06-07 23:14 - 2014-06-07 23:14 - 0003584 _____ () C:\Users\Lucas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-12 16:38 - 2014-04-12 16:40 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 
2014-04-12 16:37 - 2014-04-12 16:38 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
Task: {23C307BD-BE92-4D13-B8B2-3633A3EE83D0} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Nenhum Arquivo <==== ATENÇÃO 
Task: {24D9EF8E-4538-4391-824F-545BCAF35EFF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {33760DFE-196D-44D2-AA33-591838660EF8} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-07-17] () 
Task: {35601BB1-0DFE-4332-876B-B8772B493FBA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Nenhum Arquivo <==== ATENÇÃO
Task: {456952C7-AA25-4597-981E-6158FD291D7F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Nenhum Arquivo <==== ATENÇÃO
Task: {4C6935A1-7F89-4341-B3FF-73BE330949CD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Nenhum Arquivo <==== ATENÇÃO
Task: {677157DD-0CC0-4B2D-B573-0749E863A520} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd) 
Task: {6BD6C388-DB20-49A7-9B7D-D006374A96CE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Nenhum Arquivo <==== ATENÇÃO 
Task: {74F668AF-00D3-4146-B747-E7A586897BAD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {C5B1CC5C-6182-4D9F-857A-FB26E56586F5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {CD18BC0A-241F-4256-94EA-82CE225F1C68} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {DEA1BC00-4CAA-402E-B808-4DBDE1200278} - System32\Tasks\{CF3444D9-CE95-4B79-9846-CB59E479A137} => pcalua.exe -a "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Uninstall.exe" 
Task: {DF23A333-D032-44CA-99D5-C744E423894E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Nenhum Arquivo <==== ATENÇÃO
Task: {E5E703D3-8122-4C0A-B122-C1FB6A609679} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Nenhum Arquivo <==== ATENÇÃO
CreateRestorePoint:
RemoveProxy:
EmptyTemp:
Reboot:
Hosts:
end
*****************

Processos fechados com sucesso.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => valor removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => chave removido (a) com sucesso.
HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => chave não encontrado (a). 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => chave removido (a) com sucesso.
HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => chave não encontrado (a). 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => chave removido (a) com sucesso.
HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => chave não encontrado (a). 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => chave não encontrado (a). 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => chave não encontrado (a). 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => chave não encontrado (a). 
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1547552056-3526290009-4279622403-1006\User => movido com sucesso
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => movido com sucesso
Bfilter => Não foi possível finalizar o serviço.
Bfilter => serviço removido (a) com sucesso.
Bfmon => Não foi possível finalizar o serviço.
Bfmon => serviço removido (a) com sucesso.
Bprotect => Não foi possível finalizar o serviço.
Bprotect => serviço removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\AutoKMS => movido com sucesso
C:\Users\Todos os Usuários\ProductData => movido com sucesso
"C:\ProgramData\ProductData" => não encontrado (a).
C:\AdwCleaner => movido com sucesso
C:\Users\Lucas\AppData\Roaming\unins000.dat => movido com sucesso
C:\Users\Lucas\AppData\Roaming\unins000.exe => movido com sucesso
C:\Users\Lucas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => movido com sucesso
C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log => movido com sucesso
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23C307BD-BE92-4D13-B8B2-3633A3EE83D0}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23C307BD-BE92-4D13-B8B2-3633A3EE83D0}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24D9EF8E-4538-4391-824F-545BCAF35EFF}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24D9EF8E-4538-4391-824F-545BCAF35EFF}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{33760DFE-196D-44D2-AA33-591838660EF8}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33760DFE-196D-44D2-AA33-591838660EF8}" => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\AutoKMS => não encontrado (a).
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35601BB1-0DFE-4332-876B-B8772B493FBA}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35601BB1-0DFE-4332-876B-B8772B493FBA}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{456952C7-AA25-4597-981E-6158FD291D7F}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{456952C7-AA25-4597-981E-6158FD291D7F}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C6935A1-7F89-4341-B3FF-73BE330949CD}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C6935A1-7F89-4341-B3FF-73BE330949CD}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{677157DD-0CC0-4B2D-B573-0749E863A520}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{677157DD-0CC0-4B2D-B573-0749E863A520}" => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\CCleanerSkipUAC => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6BD6C388-DB20-49A7-9B7D-D006374A96CE}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BD6C388-DB20-49A7-9B7D-D006374A96CE}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74F668AF-00D3-4146-B747-E7A586897BAD}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74F668AF-00D3-4146-B747-E7A586897BAD}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C5B1CC5C-6182-4D9F-857A-FB26E56586F5}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5B1CC5C-6182-4D9F-857A-FB26E56586F5}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD18BC0A-241F-4256-94EA-82CE225F1C68}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD18BC0A-241F-4256-94EA-82CE225F1C68}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DEA1BC00-4CAA-402E-B808-4DBDE1200278}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DEA1BC00-4CAA-402E-B808-4DBDE1200278}" => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\{CF3444D9-CE95-4B79-9846-CB59E479A137} => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CF3444D9-CE95-4B79-9846-CB59E479A137}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF23A333-D032-44CA-99D5-C744E423894E}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF23A333-D032-44CA-99D5-C744E423894E}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5E703D3-8122-4C0A-B122-C1FB6A609679}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5E703D3-8122-4C0A-B122-C1FB6A609679}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => chave removido (a) com sucesso.
Ponto de Restauração criado com sucesso.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.
HKU\S-1-5-21-1547552056-3526290009-4279622403-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
HKU\S-1-5-21-1547552056-3526290009-4279622403-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.


========= Fim de RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => movido com sucesso
Hosts restaurado com sucesso.
EmptyTemp: => 325.3 MB de dados temporários Removidos.


O sistema precisou ser reiniciado.

==== Fim de Fixlog 20:52:09 ====