Resultado da CorreÃ§Ã£o pela Farbar Recovery Scan Tool (x64) VersÃ£o: 12-11-2017 03
Executado por Acer (16-11-2017 00:28:47) Run:1
Executando a partir de C:\Users\Acer\Desktop
Perfis Carregados: Acer (Perfis DisponÃ­veis: Acer)
Modo da InicializaÃ§Ã£o: Normal
==============================================

fixlist ConteÃºdo:
*****************
Start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriï¿½ï¿½o <==== ATENï¿½ï¿½O
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] 
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [Arquivo nï¿½o assinado] 
2017-10-04 23:56 - 2017-10-06 21:25 - 000000000 _____ () C:\Users\Acer\AppData\Local\Temp\29c801ba6a177616225dafc56717c5e8.dll 
2017-08-11 16:24 - 2017-08-11 16:24 - 000740416 _____ (Oracle Corporation) C:\Users\Acer\AppData\Local\Temp\jre-8u144-windows-au.exe 
2017-08-18 23:58 - 2017-09-16 02:41 - 000492544 _____ () C:\Users\Acer\AppData\Local\Temp\s3.exe 
Task: {29BF05EC-B7D0-46EF-AE92-715A27859C3F} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-12-11] ()
Task: {6C9AA8D8-358C-4C7E-A898-B18244D25B54} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe [2016-02-01] (Microsoft)
FirewallRules: [TCP Query User{B15C2C85-5470-47D0-B3CA-686681BFB8C2}C:\users\acer\appdata\local\temp\rarsfx2\hl.exe] => (Allow) C:\users\acer\appdata\local\temp\rarsfx2\hl.exe
FirewallRules: [UDP Query User{368E28D1-0082-4E22-8D99-4F542BDE0466}C:\users\acer\appdata\local\temp\rarsfx2\hl.exe] => (Allow) C:\users\acer\appdata\local\temp\rarsfx2\hl.exe
FirewallRules: [TCP Query User{4E091824-9C99-4B34-ABC2-BA103D060768}C:\users\acer\appdata\local\temp\rarsfx3\hl.exe] => (Allow) C:\users\acer\appdata\local\temp\rarsfx3\hl.exe
FirewallRules: [UDP Query User{2B0E9956-23F1-45EE-A430-574788D6B62E}C:\users\acer\appdata\local\temp\rarsfx3\hl.exe] => (Allow) C:\users\acer\appdata\local\temp\rarsfx3\hl.exe
FirewallRules: [TCP Query User{6A82F845-667E-44EA-AB25-66F54B2DCD4D}C:\users\acer\appdata\local\temp\rarsfx4\hl.exe] => (Allow) C:\users\acer\appdata\local\temp\rarsfx4\hl.exe
FirewallRules: [UDP Query User{04BA2A7E-5087-4530-884D-8B8C4E7FF12A}C:\users\acer\appdata\local\temp\rarsfx4\hl.exe] => (Allow) C:\users\acer\appdata\local\temp\rarsfx4\hl.exe
FirewallRules: [TCP Query User{8A63B587-23F4-4BA8-8330-9C6DF8F1EA72}C:\users\acer\appdata\local\temp\rarsfx5\hl.exe] => (Allow) C:\users\acer\appdata\local\temp\rarsfx5\hl.exe
FirewallRules: [UDP Query User{113EB00B-4C5B-463E-BDDE-1EFBD95B1376}C:\users\acer\appdata\local\temp\rarsfx5\hl.exe] => (Allow) C:\users\acer\appdata\local\temp\rarsfx5\hl.exe
FirewallRules: [{2059739A-497B-4908-84F0-01E1342DCA08}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{63751568-0EA0-4178-99AA-79E042B3BB32}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{9A266455-E300-4A5E-9A16-C2CA049C1DD9}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{CF39DCC0-84CB-4E01-B2CE-D843C401F7D4}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{0151E23D-06A1-4445-AE10-0471BE1835EA}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{C7984B71-EFE0-4C96-9425-8609F09FD501}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{88DE08AA-5B13-476E-A9D1-C672AAE0C0E7}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{3EC76567-5121-463D-AA91-C60D1092C95F}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
CreateRestorePoint:
EmptyTemp:
Reboot:
end
*****************

Processos fechados com sucesso.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => chave removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\xhunter1 => chave removido (a) com sucesso.
xhunter1 => serviÃ§o removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\Service KMSELDI => chave removido (a) com sucesso.
Service KMSELDI => serviÃ§o removido (a) com sucesso.
C:\Users\Acer\AppData\Local\Temp\29c801ba6a177616225dafc56717c5e8.dll => movido com sucesso
C:\Users\Acer\AppData\Local\Temp\jre-8u144-windows-au.exe => movido com sucesso
C:\Users\Acer\AppData\Local\Temp\s3.exe => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29BF05EC-B7D0-46EF-AE92-715A27859C3F} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29BF05EC-B7D0-46EF-AE92-715A27859C3F} => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\AutoPico Daily Restart => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{6C9AA8D8-358C-4C7E-A898-B18244D25B54} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C9AA8D8-358C-4C7E-A898-B18244D25B54} => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\AutoKMS => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => chave removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B15C2C85-5470-47D0-B3CA-686681BFB8C2}C:\users\acer\appdata\local\temp\rarsfx2\hl.exe => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{368E28D1-0082-4E22-8D99-4F542BDE0466}C:\users\acer\appdata\local\temp\rarsfx2\hl.exe => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4E091824-9C99-4B34-ABC2-BA103D060768}C:\users\acer\appdata\local\temp\rarsfx3\hl.exe => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2B0E9956-23F1-45EE-A430-574788D6B62E}C:\users\acer\appdata\local\temp\rarsfx3\hl.exe => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6A82F845-667E-44EA-AB25-66F54B2DCD4D}C:\users\acer\appdata\local\temp\rarsfx4\hl.exe => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{04BA2A7E-5087-4530-884D-8B8C4E7FF12A}C:\users\acer\appdata\local\temp\rarsfx4\hl.exe => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8A63B587-23F4-4BA8-8330-9C6DF8F1EA72}C:\users\acer\appdata\local\temp\rarsfx5\hl.exe => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{113EB00B-4C5B-463E-BDDE-1EFBD95B1376}C:\users\acer\appdata\local\temp\rarsfx5\hl.exe => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2059739A-497B-4908-84F0-01E1342DCA08} => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{63751568-0EA0-4178-99AA-79E042B3BB32} => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9A266455-E300-4A5E-9A16-C2CA049C1DD9} => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CF39DCC0-84CB-4E01-B2CE-D843C401F7D4} => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0151E23D-06A1-4445-AE10-0471BE1835EA} => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C7984B71-EFE0-4C96-9425-8609F09FD501} => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{88DE08AA-5B13-476E-A9D1-C672AAE0C0E7} => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3EC76567-5121-463D-AA91-C60D1092C95F} => valor removido (a) com sucesso.
Ponto de RestauraÃ§Ã£o criado com sucesso.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 51961535 B
Java, Flash, Steam htmlcache => 65368534 B
Windows/system/drivers => 65965312 B
Edge => 0 B
Chrome => 785931420 B
Firefox => 122605293 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66228 B
LocalService => 16674 B
NetworkService => 0 B
Acer => 1485640007 B

RecycleBin => 0 B
EmptyTemp: => 2.4 GB de dados temporÃ¡rios Removidos.

================================


O sistema precisou ser reiniciado.

==== Fim de Fixlog 00:31:01 ====