Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Galera, dei uma lida nas resoluções anteriores e nenhuma resolveu meu problema, aqui está:
Busquei um tutorial na internet de como ativar o office no windows 10, segui os procedimentos e deu certo. Porém, percebi que o note tinha ficado um "lixo", muito lento, demorava muito tempo pra abrir as coisas e ele é recém comprado! Abri o gerenciador de tarefas e o uso do PC ESTAVA EM 100% e não sai disso.
Ao instalar o office, tive que desativar o windows defender e tive que instalar e rodar o hack tambem, agora esta horrivel.
Busquei muito na internet e descobri que esse malware que crackeia o office pode causar mal funcionamento na máquina e agora não consigo arrumar.
Sou leigo nesses assuntos tipo regedit e prompts de comando, sou só um gamer, me ajudem na resolução.
OBS: desinstalei o office e desinstalei o hack tambem, mas ainda fica em 100% o uso.
Meu note é um DELL INSPIRON 7000 GAMING.
/monthly_2018_04/5ae00a7850e2e_Screenshot(4).thumb.png.acefc343862d224f192e0c54bbe268ed.png" />.png.2e55228cfc564f13e401fb60305009fd.png)
Feito meu amigo, da uma luz para essa pessoa que vos fala,
Obrigado por todo o suporte:
addition
https://www.cjoint.com/c/HDAwzc3Y2f2
FRST
/_ Bom Dia! Fabinho Silveira _\
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{611cc63b-d6d9-4ccc-89b0-c1069879542d}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{81e3ccd4-97a4-44a4-b2be-09e85f1dfe4f}: [DhcpNameServer] 75.75.75.75 75.75.76.76
--
--
> Foi sua escolha esta configuração de rede?
Running from C:\Users\valeu\Downloads <<
> Mova a ferramenta FRST ao desktop,pois a mesma encontra-se em diretório incorreto!
> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto ou Unicode,caso solicite!
> Salve-as ao desktop! ( Área de trabalho ... )
start::
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2911689879-524526275-566669397-1001\...\Run: [windows] => C:\windows\windows.vbs [89 2017-05-06] () <==== ATTENTION
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [TCP Query User{687D7EC9-0893-433F-B1E4-1BBAB5F74AFC}C:\windows\window.exe] => (Allow) C:\windows\window.exe
FirewallRules: [UDP Query User{EEDD7129-C7A1-46A6-B70E-A9A8DD1A3FA6}C:\windows\window.exe] => (Allow) C:\windows\window.exe
2018-02-03 20:20 - 2018-02-03 20:31 - 000000000 ____D C:\ProgramData\AVAST Software
2018-04-23 14:50 - 2018-04-23 14:58 - 000000000 ____D C:\WINDOWS\AutoKMS
2018-04-23 14:48 - 2018-04-23 14:48 - 000004608 _____ C:\WINDOWS\SECOH-QAD.exe
2018-01-30 09:05 - 2018-01-30 06:08 - 000006137 _____ C:\WINDOWS\151931647_log -.txt
2018-01-30 09:05 - 2018-01-30 06:08 - 000006137 _____ C:\WINDOWS\151731647_log - Copia.txt
2018-01-30 09:05 - 2018-01-30 06:03 - 000006137 _____ C:\WINDOWS\151733647_log -.txt
2018-01-30 06:44 - 2018-01-30 06:09 - 000008414 _____ C:\WINDOWS\1517316477_log- -.txt
2018-01-30 06:44 - 2018-01-30 06:08 - 000008419 _____ C:\WINDOWS\1517316477_log --.txt
2018-01-30 06:44 - 2018-01-30 06:08 - 000008419 _____ C:\WINDOWS\1517316477_log -.txt
2018-01-30 06:44 - 2018-01-30 06:08 - 000006137 _____ C:\WINDOWS\151731647_log-.txt
2018-01-30 06:44 - 2018-01-30 06:03 - 000006137 _____ C:\WINDOWS\151731647_log -.txt
2018-01-30 06:44 - 2018-01-30 06:02 - 000006136 _____ C:\WINDOWS\- 154731541_log -.txt
2018-01-30 06:44 - 2018-01-30 06:02 - 000006136 _____ C:\WINDOWS\- 152731541_log -.txt
2018-01-30 05:37 - 2017-12-25 02:48 - 000157713 ____H C:\WINDOWS\windows.bat
2018-01-30 05:37 - 2017-12-10 09:14 - 004890112 _____ () C:\WINDOWS\Window.exe
2018-01-30 05:37 - 2017-12-10 09:14 - 004890112 _____ C:\WINDOWS\Window.exe
2018-01-30 05:37 - 2017-06-22 15:57 - 000000162 ____H C:\WINDOWS\system32.vbs
2018-01-30 05:37 - 2017-05-06 14:20 - 000000089 _____ C:\WINDOWS\windows.vbs
C:\ProgramData\AVAST Software
C:\Windows\Window.exe
C:\WINDOWS\windows.bat
C:\windows\windows.vbs
CreateRestorePoint:
RemoveProxy:
EmptyTemp:
Reboot:
Hosts:
end::
/applications/core/interface/imageproxy/imageproxy.php?img=https://imgur.com/IsRtnte.jpg&key=e02edae083edace15c6933c009d0a904d47de872b8951907e93617b0282d936c" class="ipsImage" alt="IsRtnte.jpg" />
> Execute **FRST/FRST64** >> Clique "**Corrigir**" << *Aguarde!*
> Poste o **relatório** "*Resultado da Correção pela Farbar Recovery Scan Tool*" (**Fixlog.txt**)
>** Este** e **outros relatórios**,podem ser encontrados** na pasta**: Disco Local (**C**) > FRST > ***Logs***
/applications/core/interface/imageproxy/imageproxy.php?img=http://r17.imgfast.net/users/1712/29/07/67/smiles/434264.gif&key=8b580fd8c41338fe0925cd84ba4dbbb4293b15fe6a04cbd03d242b4e86624720" class="ipsImage" alt="434264.gif" />
< Peço aos **visitantes** que **não** utilizem este **script** em **outros** computadores,sob risco de **danos** aos mesmos! >
[Abs]Eu não escolhi essa configuração de rede, moro na California, deve ser por isso?
Fiz o procedimento e ficou assim:
Fix result of Farbar Recovery Scan Tool (x64) Version: 25.04.2018
Ran by valeu (27-04-2018 14:51:23) Run:1
Running from C:\Users\valeu\Desktop
Loaded Profiles: valeu & luana (Available Profiles: valeu & luana)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2911689879-524526275-566669397-1001\...\Run: [windows] => C:\windows\windows.vbs [89 2017-05-06] () <==== ATTENTION
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [TCP Query User{687D7EC9-0893-433F-B1E4-1BBAB5F74AFC}C:\windows\window.exe] => (Allow) C:\windows\window.exe
FirewallRules: [UDP Query User{EEDD7129-C7A1-46A6-B70E-A9A8DD1A3FA6}C:\windows\window.exe] => (Allow) C:\windows\window.exe
2018-02-03 20:20 - 2018-02-03 20:31 - 000000000 ____D C:\ProgramData\AVAST Software
2018-04-23 14:50 - 2018-04-23 14:58 - 000000000 ____D C:\WINDOWS\AutoKMS
2018-04-23 14:48 - 2018-04-23 14:48 - 000004608 _____ C:\WINDOWS\SECOH-QAD.exe
2018-01-30 09:05 - 2018-01-30 06:08 - 000006137 _____ C:\WINDOWS\151931647_log -.txt
2018-01-30 09:05 - 2018-01-30 06:08 - 000006137 _____ C:\WINDOWS\151731647_log - Copia.txt
2018-01-30 09:05 - 2018-01-30 06:03 - 000006137 _____ C:\WINDOWS\151733647_log -.txt
2018-01-30 06:44 - 2018-01-30 06:09 - 000008414 _____ C:\WINDOWS\1517316477_log- -.txt
2018-01-30 06:44 - 2018-01-30 06:08 - 000008419 _____ C:\WINDOWS\1517316477_log --.txt
2018-01-30 06:44 - 2018-01-30 06:08 - 000008419 _____ C:\WINDOWS\1517316477_log -.txt
2018-01-30 06:44 - 2018-01-30 06:08 - 000006137 _____ C:\WINDOWS\151731647_log-.txt
2018-01-30 06:44 - 2018-01-30 06:03 - 000006137 _____ C:\WINDOWS\151731647_log -.txt
2018-01-30 06:44 - 2018-01-30 06:02 - 000006136 _____ C:\WINDOWS\- 154731541_log -.txt
2018-01-30 06:44 - 2018-01-30 06:02 - 000006136 _____ C:\WINDOWS\- 152731541_log -.txt
2018-01-30 05:37 - 2017-12-25 02:48 - 000157713 ____H C:\WINDOWS\windows.bat
2018-01-30 05:37 - 2017-12-10 09:14 - 004890112 _____ () C:\WINDOWS\Window.exe
2018-01-30 05:37 - 2017-12-10 09:14 - 004890112 _____ C:\WINDOWS\Window.exe
2018-01-30 05:37 - 2017-06-22 15:57 - 000000162 ____H C:\WINDOWS\system32.vbs
2018-01-30 05:37 - 2017-05-06 14:20 - 000000089 _____ C:\WINDOWS\windows.vbs
C:\ProgramData\AVAST Software
C:\Windows\Window.exe
C:\WINDOWS\windows.bat
C:\windows\windows.vbs
CreateRestorePoint:
RemoveProxy:
EmptyTemp:
Reboot:
Hosts:
*****************
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => could not remove, key could be protected
"HKU\S-1-5-21-2911689879-524526275-566669397-1001\Software\Microsoft\Windows\CurrentVersion\Run\\windows" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{687D7EC9-0893-433F-B1E4-1BBAB5F74AFC}C:\windows\window.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{EEDD7129-C7A1-46A6-B70E-A9A8DD1A3FA6}C:\windows\window.exe" => removed successfully
C:\ProgramData\AVAST Software => moved successfully
C:\WINDOWS\AutoKMS => moved successfully
C:\WINDOWS\SECOH-QAD.exe => moved successfully
C:\WINDOWS\151931647_log -.txt => moved successfully
C:\WINDOWS\151731647_log - Copia.txt => moved successfully
C:\WINDOWS\151733647_log -.txt => moved successfully
C:\WINDOWS\1517316477_log- -.txt => moved successfully
C:\WINDOWS\1517316477_log --.txt => moved successfully
C:\WINDOWS\1517316477_log -.txt => moved successfully
C:\WINDOWS\151731647_log-.txt => moved successfully
C:\WINDOWS\151731647_log -.txt => moved successfully
"C:\WINDOWS\- 154731541_log -.txt" => not found
"C:\WINDOWS\- 152731541_log -.txt" => not found
C:\WINDOWS\windows.bat => moved successfully
C:\WINDOWS\Window.exe => moved successfully
"C:\WINDOWS\Window.exe" => not found
C:\WINDOWS\system32.vbs => moved successfully
C:\WINDOWS\windows.vbs => moved successfully
"C:\ProgramData\AVAST Software" => not found
"C:\Windows\Window.exe" => not found
"C:\WINDOWS\windows.bat" => not found
"C:\windows\windows.vbs" => not found
Restore point was successfully created.
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2911689879-524526275-566669397-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2911689879-524526275-566669397-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2911689879-524526275-566669397-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2911689879-524526275-566669397-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
========= End of RemoveProxy: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 64975671 B
Java, Flash, Steam htmlcache => 31912287 B
Windows/system/drivers => 524348 B
Edge => 13 B
Chrome => 442784887 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 984 B
valeu => 72622776 B
luana => 94715715 B
RecycleBin => 0 B
EmptyTemp: => 682.3 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 27-04-2018 14:58:59)
Result of scheduled keys to remove after reboot:
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
==== End of Fixlog 14:58:59 ====A proposito, acho que funcionou?
Eliminou o tal hacker?
Depois que terminarmos posso apagar esse FRST e os logs? ou é melhor deixar no pc?
O computador voltou ao normal? tenho que fazer outro procedimento padrão ou não?
Desde já, agradeço demais a ajuda.
/monthly_2018_04/2094629155_Screenshot(8).thumb.png.6f70e170691b3bbe18d7672c89939fa0.png" class="ipsImage ipsImage_thumbnailed" alt="Screenshot (8).png">.png.543e5670d200edcfe499cdf938e0286a.png)
/_ Fabinho Silveira _\
Resta-lhe, para finalizar,a execução com a ZHPCleaner que é específica ao KMSpico,removendo algumas de suas entradas.
> Baixe: < ZHPCleaner > < /applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/6LcRokv.jpg&key=4684c965737c18f7476fe10aa0d12f9a5f0279583460e462d3bcad9875ed3ea0" /> ... de Nicolas Coolman >
> Ou |Aqui!| << Mirror!
>
Citar
https://www.youtube.com/watch?v=8olWT8u5RYQ
> Caso tenha algum impedimento ao download,assista este tutorial que foi postado no YouTube,para desativar o Windows SmartScreen.
> Estando na página,clique /applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/7ukwnm8.jpg&key=411680a7552ecf5560e81caa8178fc7cb71e09190a8cbd96b9b9f256cdfd3139" />
> Salve-a ao desktop! ( ZHPCleaner.exe )
> Desabilite seu antivírus e execute ZHPCleaner.exe <<
/applications/core/interface/imageproxy/imageproxy.php?img=https://imgur.com/nDQ00tR.jpg&key=5a7684e4ed599a69b7680762ec1e2092f2d6d3e0149cc28a4fbaede09240d2f7" />
> Ao **abrir** esta tela,**evite** clicar em **Update** ou **Atualização**,para não ser **direcionado** ao **ZHPBrowser**.
> Ps: **Feche** a **mensagem** ao clicar no **[X****]**.
[/applications/core/interface/imageproxy/imageproxy.php?img=http://7.t.imgbox.com/6MKUYyzn.jpg&key=8f3fd1595941bd85ca77864e608c9a5cb5b4cb9870e031caf9d8839bddf0baed" />](http://imgbox.com/6MKUYyzn)
> Com a **ferramenta aberta**,clique em **Scanner**.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/ljOOETD.jpg&key=17f616a66a0ac1f98d58b7ad72fc71eb684f7e9613c302777e420d4af6d64274" />
> Aguarde a **conclusão!**
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/9g2LW3p.jpg&key=0e1bebfae36cbb4c260bebf282446e492aa1234bbb6cdf835ba00e03c61990c3" />
> Ao **concluir**,clique **Repair**.
/applications/core/interface/imageproxy/imageproxy.php?img=https://imgur.com/88z05Yv.jpg&key=cf7e167afcb455fcd466b03d0e05ddf3a78efd594e8e4e5680a40e1a10f74511" />
> Ps: Ignore **possíveis alertas** quanto à sua **configuração de rede**. (**DNS**)
> Clique **Sim** >> **Sim!**
[/applications/core/interface/imageproxy/imageproxy.php?img=http://7.t.imgbox.com/CWxMrxRA.jpg&key=0766b1401c7f2a3c0d7d2272860c2b83abcae35df2605b9ebf777fd9dec628f7" />](http://imgbox.com/CWxMrxRA)
> Surgirão **guias** que estarão em **vermelho**,indicando **problemas a serem reparados**.
> Clique **Repair**.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/fN86PG8.jpg&key=0627b2d6ba9a8d38506700f60ee02989c4346b5b8c2a5f812deb142e1dc5d4dd" />
> Ao **concluir**,clique **Report**.
> Poste o **log** de **reparo**: **~ Type : Reparo**>
Citar
file:///C:/Users/xxx../AppData/Roaming/ZHP/ZHPCleaner.html
Ps: Ao clicar "Report",você obterá o relatório,dentre outras informações,em formato HTML.
file:///C:/Users/xxx.../AppData/Roaming/ZHP/ZHPCleaner.txt
Este será seu relatório direto,obtido ao modificar na barra de endereços,de (.html) para (.txt).
Basta selecionar (ctrl + A),copiar (ctrl + C) e colar ao seu Post ou Bloco de Notas. (ctrl + V)
Disponibilize o relatório em Cjoint.com <<
Outra opção,é hospedar o relatório em Hébergement de fichiers, Security-x.fr.
[Abs]
/_ Bom Dia! Fabinho Silveira _\
> Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=https://imgur.com/IASCZft.jpg&key=40414ec89238097230bb8b5e39db14e241e6e364fad206dd376412a3f2504ee7" class="ipsImage" alt="IASCZft.jpg" /> Farbar Recovery Scan Tool >
>
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
> No link àcima,temos a ferramenta para sistemas 32bits!
>
https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
> No link àcima,temos o download para sistemas 64bits! (FRST64.exe)
> Salve-a ao desktop! (Área de trabalho ...)
> Execute a ferramenta!
> Clique "Sim" >> "Examinar".
/applications/core/interface/imageproxy/imageproxy.php?img=http://4.t.imgbox.com/4y9giFrI.jpg&key=e139a576677427cef459662f3742a19b4656d7f6e9c77c567cce8c5cae3c9197" class="ipsImage" alt="4y9giFrI.jpg" />
> Antes de clicar "Examinar",verifique se as caixinhas em "Whitelist" estão assinaladas.
> Em "Exame Opcional",deixe marcada as checkbox "Addition.txt" e "Arquivos 90 Dias".
> Ps: Será gerado,também,o relatório "Addition.txt".
> Poste os relatórios! (FRST.txt + Addition.txt)
>
http://www.cjoint.com/
> Como os logs serão extensos,envie-os à cjoint.com.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/EUE4tdb.jpg&key=a1493902e025170e24c1db9b5cbad8c87dbfb6dcd8089f17bcd66f77da7e54c1" class="ipsImage" alt="EUE4tdb.jpg" />
> Clique no botão Parcourir...
> Busque o relatório e clique no botão Abrir.
> Clique no botão "Créer le lien Cjoint".
> Copie o link que está ao lado de "Le lien a été créé" e poste-o em sua resposta.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Copierlelien_zpsd51f499f.jpg&key=660428e74964025a431cba1b51ee2132f7bbee4aaf74172bd3f0a3be25c5b2b1" class="ipsImage" alt="Copierlelien_zpsd51f499f.jpg" />
> Ou clique "**Copier le lien (*)" e cole o link ao seu Post**.
> Outra opção,é hospedar os relatórios em Hébergement de fichiers, Security-x.fr.
>
http://dl.free.fr
> Ou ainda,em dl.free.fr.
> Fique atento,pois teremos 2 links a serem postados!
A+