windows defender desligado pela política de grupos

Question

/!\ Boa Noite! alfredoluis /!\
Uma d&uacute;vida: fiz o procedimento do frst e addtion ocultando os arquivos protegidos do sistema operacional. Ser&aacute; que devo fazer desmarcando a op&ccedil;&atilde;o de oculta&ccedil;&atilde;o dos arquivos?
> Sem grandes preju&iacute;zos,posso aceitar do jeito que realizou.

> Copie estas informa&ccedil;&otilde;es que est&atilde;o em vermelho,para o Bloco de Notas.
> Salve-as com o nome [COLOR=green]fixlist[/COLOR].  Salve-as no desktop! ( [COLOR=#b300b3]&Aacute;rea de trabalho ...[/COLOR] ) -/- C:\Users\Alfredo\[COLOR=#b300b3]Desktop[/COLOR]  DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKU\S-1-5-21-2447171046-917324971-2953145129-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [aicancafipiklohohmoognddncljhkio] - C:\Users\Alfredo\AppData\Local\CRE\aicancafipiklohohmoognddncljhkio.crx 
CHR HKU\S-1-5-21-2447171046-917324971-2953145129-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\:censurado:\plugins\DVDVideoSoftBrowserExtension.crx [2014-07-23]
CHR HKU\S-1-5-21-2447171046-917324971-2953145129-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Users\Alfredo\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx [2013-06-18]
CHR HKLM-x32\...\Chrome\Extension: [aicancafipiklohohmoognddncljhkio] - C:\Users\Alfredo\AppData\Local\CRE\aicancafipiklohohmoognddncljhkio.crx 
CHR HKLM-x32\...\Chrome\Extension: [amfclgbdpgndipgoegfpkkgobahigbcl] - C:\Users\Alfredo\AppData\Local\Smartbar/Application\1Extension.crx 
CHR HKLM-x32\...\Chrome\Extension: [gbdabnfmdemcjjadpkpjibhhacggangd] - C:\Users\Alfredo\AppData\Local\Google\Chrome\User Data\Default\Extensions\novo_price_comparison.crx 
CHR HKLM-x32\...\Chrome\Extension: [ijblflkdjdopkpdgllkmlbgcffjbnfda] - C:\Users\Alfredo\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx 
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-06-12]
CHR HKLM-x32\...\Chrome\Extension: [lkemddiljapcmhicklfpcbpfffahfbja] - C:\Users\Alfredo\AppData\Local\Google\Chrome\User Data\Default\extensions\WebNavigation.crx 
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-30] (AVAST Software)
S3 catchme; \??\C:\Users\Alfredo\AppData\Local\Temp\catchme.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
2016-01-02 14:44 - 2016-01-02 14:49 - 00000000 ____D C:\AdwCleaner
2016-01-02 14:41 - 2016-01-02 14:42 - 01745920 _____ C:\Users\Alfredo\Desktop\AdwCleaner.exe
2016-01-02 00:17 - 2016-01-02 00:44 - 00000881 _____ C:\Users\Alfredo\Desktop\ZHPCleaner.lnk
2016-01-02 00:17 - 2016-01-02 00:17 - 01980928 _____ C:\Users\Alfredo\Desktop\ZHPCleaner.exe
2016-01-02 00:15 - 2016-01-02 00:15 - 01980928 _____ C:\Users\Alfredo\ZHPCleaner.exe
2016-01-01 23:17 - 2016-01-01 23:21 - 00000000 ____D C:\Program Files (x86)\ZHPFix
2016-01-01 23:17 - 2016-01-01 23:17 - 00001922 _____ C:\Users\Public\Desktop\ZHPFix.lnk
2016-01-01 23:17 - 2016-01-01 23:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2016-01-01 23:15 - 2016-01-01 23:16 - 03521617 _____ (Nicolas Coolman ) C:\Users\Alfredo\Desktop\ZHPFix.exe
2016-01-01 17:11 - 2016-01-02 00:52 - 00000000 ____D C:\Users\Alfredo\AppData\Roaming\ZHP
2016-01-01 17:11 - 2016-01-01 17:11 - 00000871 _____ C:\Users\Alfredo\Desktop\ZHPDiag.lnk
2016-01-01 17:10 - 2016-01-01 17:11 - 02054656 _____ C:\Users\Alfredo\Desktop\ZHPDiag3.exe
2016-01-01 14:57 - 2016-01-01 14:58 - 01599336 _____ (Malwarebytes) C:\Users\Alfredo\Desktop\JRT.exe
2015-12-31 00:32 - 2015-12-31 03:12 - 00004712 _____ C:\WINDOWS\SysWOW64\Nydpauyjo.ini
2015-12-31 00:32 - 2015-12-31 03:12 - 00002424 _____ C:\WINDOWS\SysWOW64\NydpauyjoOff.ini
2015-12-31 00:32 - 2015-12-31 00:32 - 00034712 _____ () C:\WINDOWS\system32\Drivers\bsdriver.sys
2015-12-31 00:32 - 2015-12-31 00:32 - 00000000 ____D C:\Users\Alfredo\AppData\Local\Tempfolder
2015-12-31 00:32 - 2015-12-30 23:34 - 00768360 _____ C:\WINDOWS\system32\Nydpauyjo64.dll
2015-12-31 00:32 - 2015-12-30 23:34 - 00289128 _____ C:\WINDOWS\SysWOW64\Nydpauyjo.dll
2015-12-30 10:16 - 2015-12-31 00:32 - 00056728 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\cherimoya.sys
CustomCLSID: HKU\S-1-5-21-2447171046-917324971-2953145129-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Alfredo\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-2447171046-917324971-2953145129-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Alfredo\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-2447171046-917324971-2953145129-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Alfredo\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-2447171046-917324971-2953145129-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Alfredo\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-2447171046-917324971-2953145129-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Alfredo\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2447171046-917324971-2953145129-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Alfredo\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-2447171046-917324971-2953145129-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Alfredo\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2447171046-917324971-2953145129-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Alfredo\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Nenhum Arquivo
Task: {0E464B7D-5555-4247-9779-A83394D0F064} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {14CDB34E-553E-4191-B188-5535A86F14E1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2447171046-917324971-2953145129-1000Core => C:\Users\Alfredo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-04] (Google Inc.)
Task: {3DD67D8E-BFB8-4C03-8825-236E1FE426D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {A88597EB-886E-4BC7-9CE8-1E222B439BC4} - \{1A0CBE13-75AE-4300-82B2-D763359C2602} -> Nenhum Arquivo  C:\Users\Alfredo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-04] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2447171046-917324971-2953145129-1000Core.job => C:\Users\Alfredo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2447171046-917324971-2953145129-1000UA.job => C:\Users\Alfredo\AppData\Local\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4
C:\WINDOWS\system32\Drivers\bsdriver.sys
C:\Users\Alfredo\ZHPCleaner.exe
C:\Users\Alfredo\AppData\Local\Temp\sqlite3.dll
Folder: C:\Program Files\shopperz301220151513
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nydpauyjo
CreateRestorePoint:
EmptyTemp:
Reboot:
end[/COLOR]
> Execute FRST/FRST64 >> Clique Corrigir  Na mensagem,clique Executar.
> Poste o relat&oacute;rio! ([COLOR=green]Fixlog.txt[/COLOR])
https://www.hardware.com.br/static/c/m/bda2ffa2e92f7f2a44c02bfd0ae2986b
< [COLOR=red]Pe&ccedil;o aos visitantes que n&atilde;o utilizem este script em outros computadores,sob risco de danos aos mesmos![/COLOR] >

A+

Answer

segue o fixlog.txt.
  O meu teclado foi desabilitado depois que executei o programa. estou digitando pelo teclado virtual.
O Windows n&atilde;o pode iniciar este dispositivo de hardware porque suas informa&ccedil;&otilde;es de configura&ccedil;&atilde;o (no Registro) est&atilde;o incompletas ou danificadas. (C&oacute;digo 19)

[SPOILER=fixlog.txt]
Resultado da Corre&ccedil;&atilde;o pela Farbar Recovery Scan Tool (x64) Vers&atilde;o:31-12-2015
Executado por Alfredo (2016-01-02 19:21:35) Run:2
Executando a partir de C:\Users\Alfredo\Desktop
Perfis Carregados: Alfredo (Perfis Dispon&iacute;veis: Alfredo & Convidado & DefaultAppPool)
Modo da Inicializa&ccedil;&atilde;o: Normal
==============================================

fixlist Conte&uacute;do:
*****************
start
CloseProcesses:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKU\S-1-5-21-2447171046-917324971-2953145129-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [aicancafipiklohohmoognddncljhkio] - C:\Users\Alfredo\AppData\Local\CRE\aicancafipiklohohmoognddncljhkio.crx 
CHR HKU\S-1-5-21-2447171046-917324971-2953145129-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\:censurado:\plugins\DVDVideoSoftBrowserExtension.crx [2014-07-23]
CHR HKU\S-1-5-21-2447171046-917324971-2953145129-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Users\Alfredo\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx [2013-06-18]
CHR HKLM-x32\...\Chrome\Extension: [aicancafipiklohohmoognddncljhkio] - C:\Users\Alfredo\AppData\Local\CRE\aicancafipiklohohmoognddncljhkio.crx 
CHR HKLM-x32\...\Chrome\Extension: [amfclgbdpgndipgoegfpkkgobahigbcl] - C:\Users\Alfredo\AppData\Local\Smartbar/Application\1Extension.crx 
CHR HKLM-x32\...\Chrome\Extension: [gbdabnfmdemcjjadpkpjibhhacggangd] - C:\Users\Alfredo\AppData\Local\Google\Chrome\User Data\Default\Extensions
ovo_price_comparison.crx 
CHR HKLM-x32\...\Chrome\Extension: [ijblflkdjdopkpdgllkmlbgcffjbnfda] - C:\Users\Alfredo\AppData\Local\Google\Chrome\User Data\Default\Extensions
ewtab.crx 
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Extphtml5video.crx [2012-06-12]
CHR HKLM-x32\...\Chrome\Extension: [lkemddiljapcmhicklfpcbpfffahfbja] - C:\Users\Alfredo\AppData\Local\Google\Chrome\User Data\Default\extensions\WebNavigation.crx 
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-30] (AVAST Software)
S3 catchme; \??\C:\Users\Alfredo\AppData\Local\Temp\catchme.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
2016-01-02 14:44 - 2016-01-02 14:49 - 00000000 ____D C:\AdwCleaner
2016-01-02 14:41 - 2016-01-02 14:42 - 01745920 _____ C:\Users\Alfredo\Desktop\AdwCleaner.exe
2016-01-02 00:17 - 2016-01-02 00:44 - 00000881 _____ C:\Users\Alfredo\Desktop\ZHPCleaner.lnk
2016-01-02 00:17 - 2016-01-02 00:17 - 01980928 _____ C:\Users\Alfredo\Desktop\ZHPCleaner.exe
2016-01-02 00:15 - 2016-01-02 00:15 - 01980928 _____ C:\Users\Alfredo\ZHPCleaner.exe
2016-01-01 23:17 - 2016-01-01 23:21 - 00000000 ____D C:\Program Files (x86)\ZHPFix
2016-01-01 23:17 - 2016-01-01 23:17 - 00001922 _____ C:\Users\Public\Desktop\ZHPFix.lnk
2016-01-01 23:17 - 2016-01-01 23:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2016-01-01 23:15 - 2016-01-01 23:16 - 03521617 _____ (Nicolas Coolman ) C:\Users\Alfredo\Desktop\ZHPFix.exe
2016-01-01 17:11 - 2016-01-02 00:52 - 00000000 ____D C:\Users\Alfredo\AppData\Roaming\ZHP
2016-01-01 17:11 - 2016-01-01 17:11 - 00000871 _____ C:\Users\Alfredo\Desktop\ZHPDiag.lnk
2016-01-01 17:10 - 2016-01-01 17:11 - 02054656 _____ C:\Users\Alfredo\Desktop\ZHPDiag3.exe
2016-01-01 14:57 - 2016-01-01 14:58 - 01599336 _____ (Malwarebytes) C:\Users\Alfredo\Desktop\JRT.exe
2015-12-31 00:32 - 2015-12-31 03:12 - 00004712 _____ C:\WINDOWS\SysWOW64\Nydpauyjo.ini
2015-12-31 00:32 - 2015-12-31 03:12 - 00002424 _____ C:\WINDOWS\SysWOW64\NydpauyjoOff.ini
2015-12-31 00:32 - 2015-12-31 00:32 - 00034712 _____ () C:\WINDOWS\system32\Drivers\bsdriver.sys
2015-12-31 00:32 - 2015-12-31 00:32 - 00000000 ____D C:\Users\Alfredo\AppData\Local\Tempfolder
2015-12-31 00:32 - 2015-12-30 23:34 - 00768360 _____ C:\WINDOWS\system32\Nydpauyjo64.dll
2015-12-31 00:32 - 2015-12-30 23:34 - 00289128 _____ C:\WINDOWS\SysWOW64\Nydpauyjo.dll
2015-12-30 10:16 - 2015-12-31 00:32 - 00056728 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\cherimoya.sys
CustomCLSID: HKU\S-1-5-21-2447171046-917324971-2953145129-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Alfredo\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-2447171046-917324971-2953145129-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Alfredo\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-2447171046-917324971-2953145129-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Alfredo\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-2447171046-917324971-2953145129-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Alfredo\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-2447171046-917324971-2953145129-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Alfredo\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2447171046-917324971-2953145129-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Alfredo\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-2447171046-917324971-2953145129-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Alfredo\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2447171046-917324971-2953145129-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Alfredo\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Nenhum Arquivo
Task: {0E464B7D-5555-4247-9779-A83394D0F064} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {14CDB34E-553E-4191-B188-5535A86F14E1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2447171046-917324971-2953145129-1000Core => C:\Users\Alfredo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-04] (Google Inc.)
Task: {3DD67D8E-BFB8-4C03-8825-236E1FE426D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {A88597EB-886E-4BC7-9CE8-1E222B439BC4} - \{1A0CBE13-75AE-4300-82B2-D763359C2602} -> Nenhum Arquivo  C:\Users\Alfredo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-04] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2447171046-917324971-2953145129-1000Core.job => C:\Users\Alfredo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2447171046-917324971-2953145129-1000UA.job => C:\Users\Alfredo\AppData\Local\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4
C:\WINDOWS\system32\Drivers\bsdriver.sys
C:\Users\Alfredo\ZHPCleaner.exe
C:\Users\Alfredo\AppData\Local\Temp\sqlite3.dll
Folder: C:\Program Files\shopperz301220151513
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nydpauyjo
CreateRestorePoint:
EmptyTemp:
Reboot:
end
*****************

Processos fechados com sucesso.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => valor restaurado com sucesso
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\DefaultScope => valor restaurado com sucesso
HKU\S-1-5-21-2447171046-917324971-2953145129-1000\SOFTWARE\Google\Chrome\Extensions\aicancafipiklohohmoognddncljhkio => chave removido (a) com sucesso.
HKU\S-1-5-21-2447171046-917324971-2953145129-1000\SOFTWARE\Google\Chrome\Extensions
ikpibnbobmbdbheedjfogjlikpgpnhp => chave removido (a) com sucesso.
C:\Program Files (x86)\Common Files\:censurado:\plugins\DVDVideoSoftBrowserExtension.crx => n&atilde;o encontrado (a).
HKU\S-1-5-21-2447171046-917324971-2953145129-1000\SOFTWARE\Google\Chrome\Extensions
njbodopomfddehlalfilheomcahbpei => chave removido (a) com sucesso.
C:\Users\Alfredo\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx => movido com sucesso
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aicancafipiklohohmoognddncljhkio => chave removido (a) com sucesso.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl => chave removido (a) com sucesso.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gbdabnfmdemcjjadpkpjibhhacggangd => chave removido (a) com sucesso.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ijblflkdjdopkpdgllkmlbgcffjbnfda => chave removido (a) com sucesso.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk => chave removido (a) com sucesso.
C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Extphtml5video.crx => movido com sucesso
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lkemddiljapcmhicklfpcbpfffahfbja => chave removido (a) com sucesso.
aswKbd => N&atilde;o foi poss&iacute;vel finalizar o servi&ccedil;o.
aswKbd => servi&ccedil;o removido (a) com sucesso.
catchme => servi&ccedil;o removido (a) com sucesso.
gbpddreg => servi&ccedil;o removido (a) com sucesso.
C:\AdwCleaner => movido com sucesso
C:\Users\Alfredo\Desktop\AdwCleaner.exe => movido com sucesso
C:\Users\Alfredo\Desktop\ZHPCleaner.lnk => movido com sucesso
C:\Users\Alfredo\Desktop\ZHPCleaner.exe => movido com sucesso
C:\Users\Alfredo\ZHPCleaner.exe => movido com sucesso
C:\Program Files (x86)\ZHPFix => movido com sucesso
C:\Users\Public\Desktop\ZHPFix.lnk => movido com sucesso
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP => movido com sucesso
C:\Users\Alfredo\Desktop\ZHPFix.exe => movido com sucesso
C:\Users\Alfredo\AppData\Roaming\ZHP => movido com sucesso
C:\Users\Alfredo\Desktop\ZHPDiag.lnk => movido com sucesso
C:\Users\Alfredo\Desktop\ZHPDiag3.exe => movido com sucesso
C:\Users\Alfredo\Desktop\JRT.exe => movido com sucesso
C:\WINDOWS\SysWOW64\Nydpauyjo.ini => movido com sucesso
C:\WINDOWS\SysWOW64\NydpauyjoOff.ini => movido com sucesso
N&atilde;o pode ser movido C:\WINDOWS\system32\Drivers\bsdriver.sys => Agendado para ser movido na reinicializa&ccedil;&atilde;o.
C:\Users\Alfredo\AppData\Local\Tempfolder => movido com sucesso
C:\WINDOWS\system32\Nydpauyjo64.dll => movido com sucesso
C:\WINDOWS\SysWOW64\Nydpauyjo.dll => movido com sucesso
N&atilde;o pode ser movido C:\WINDOWS\system32\Drivers\cherimoya.sys => Agendado para ser movido na reinicializa&ccedil;&atilde;o.
HKU\S-1-5-21-2447171046-917324971-2953145129-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208} => chave removido (a) com sucesso.
HKU\S-1-5-21-2447171046-917324971-2953145129-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1} => chave removido (a) com sucesso.
HKU\S-1-5-21-2447171046-917324971-2953145129-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8} => chave removido (a) com sucesso.
HKU\S-1-5-21-2447171046-917324971-2953145129-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => chave removido (a) com sucesso.
HKU\S-1-5-21-2447171046-917324971-2953145129-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => chave removido (a) com sucesso.
HKU\S-1-5-21-2447171046-917324971-2953145129-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9} => chave removido (a) com sucesso.
HKU\S-1-5-21-2447171046-917324971-2953145129-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F} => chave removido (a) com sucesso.
HKU\S-1-5-21-2447171046-917324971-2953145129-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0E464B7D-5555-4247-9779-A83394D0F064} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E464B7D-5555-4247-9779-A83394D0F064} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14CDB34E-553E-4191-B188-5535A86F14E1} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14CDB34E-553E-4191-B188-5535A86F14E1} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2447171046-917324971-2953145129-1000Core => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-2447171046-917324971-2953145129-1000Core => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3DD67D8E-BFB8-4C03-8825-236E1FE426D1} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DD67D8E-BFB8-4C03-8825-236E1FE426D1} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A88597EB-886E-4BC7-9CE8-1E222B439BC4} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A88597EB-886E-4BC7-9CE8-1E222B439BC4} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1A0CBE13-75AE-4300-82B2-D763359C2602} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF9D04FA-DEDF-4124-B19D-0ED544F11D09} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF9D04FA-DEDF-4124-B19D-0ED544F11D09} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2447171046-917324971-2953145129-1000UA => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-2447171046-917324971-2953145129-1000UA => chave removido (a) com sucesso.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => movido com sucesso
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => movido com sucesso
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2447171046-917324971-2953145129-1000Core.job => movido com sucesso
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2447171046-917324971-2953145129-1000UA.job => movido com sucesso
C:\WINDOWS\system32\Drivers\gbpddfac64.sys => :X5ZN8aGvT4 ADS removido (a) com sucesso..
C:\WINDOWS\system32\Drivers\wsddfac.sys => :X5ZN8aGXs4 ADS removido (a) com sucesso..
N&atilde;o pode ser movido C:\WINDOWS\system32\Drivers\bsdriver.sys => Agendado para ser movido na reinicializa&ccedil;&atilde;o.
C:\Users\Alfredo\ZHPCleaner.exe => n&atilde;o encontrado (a).
C:\Users\Alfredo\AppData\Local\Temp\sqlite3.dll => movido com sucesso

========================= Folder: C:\Program Files\shopperz301220151513 ========================

n&atilde;o encontrado (a).

====== Fim de Folder: ======

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nydpauyjo => chave removido (a) com sucesso.
Ponto de Restaura&ccedil;&atilde;o criado com sucesso.
EmptyTemp: => 122.6 MB de dados tempor&aacute;rios Removidos.

Resultado dos arquivos que foram agendados para serem movidos (Modo de Inicializa&ccedil;&atilde;o: Normal) (Data&Hora: 2016-01-02 19:42:38)

C:\WINDOWS\system32\Drivers\bsdriver.sys => N&atilde;o pode ser movido
C:\WINDOWS\system32\Drivers\cherimoya.sys => N&atilde;o pode ser movido
C:\WINDOWS\system32\Drivers\bsdriver.sys => N&atilde;o pode ser movido

==== Fim de Fixlog 19:42:38 ====
[/SPOILER]

Answer

/!\ Boa Noite! alfredoluis /!\

> Teclado desabilitado por Registro [COLOR=rgb(179, 0, 89)]bugado[/COLOR],vc pode restaurar por meio da ERDNT localizado na pasta da JRT. &Eacute; o backup efetuado por ERUNT.

> Vamos tentar a habilita&ccedil;&atilde;o de seu antiv&iacute;rus nativo. ( [COLOR=rgb(0, 0, 255)]Windows Defender[/COLOR] )
> V&aacute; ao Menu Iniciar do Windows. ([COLOR=rgb(179, 0, 0)] Windows+R[/COLOR])
> Digite CMD e clique com o Bot&atilde;o Direito do mouse em Prompt de Comando.
> Ps: Escolha a op&ccedil;&atilde;o Executar como Administrador no menu abaixo.
> Na nova janela que ser&aacute; aberta (preta), digite os comandos abaixo:

https://www.hardware.com.br/static/c/m/2c99c8a9078cfe96fcb0a9efc41eace7

[COLOR=rgb(255, 0, 0)]winmgmt /verifyrepository[/COLOR] >> Aperte

https://www.hardware.com.br/static/c/m/9ca3f7bfad8a622dc2de7392629740ce

[COLOR=rgb(255, 0, 0)]net stop winmgmt[/COLOR] >> Aperte  (Confirme pressionando a letra [COLOR=rgb(179, 0, 179)]S[/COLOR])

https://www.hardware.com.br/static/c/m/721bb74093fd6dda85d614acbb6510bf

[COLOR=rgb(255, 0, 0)]winmgmt /resetrepository[/COLOR] >> Aperte

> Ao reiniciar,abra novamente o prompt de comando.
> Abrir o [COLOR=rgb(89, 179, 0)]CMD.exe[/COLOR] como Administrador.

https://www.hardware.com.br/static/c/m/a4c84e6c5fecc5e7772615da386f6c43

> Digite: [COLOR=red]sc start WinDefend enable >> [COLOR=#000000]Aperte [/COLOR][/COLOR]
> Reinicie o computador.
> Verifique se o Windows Defender est&aacute; funcional.

Abs!

Answer

n&atilde;o deu certo. no prompt surgiu a seguinte mensagem:

Microsoft Windows [vers&atilde;o 10.0.10586]
(c) 2015 Microsoft Corporation. Todos os direitos reservados.

C:\WINDOWS\syst

em32>sc start WinDefend enable
[SC] StartService FALHA 577:

O Windows n&atilde;o pode verificar a assinatura digital deste arquivo. Talvez uma altera&ccedil;&atilde;o recente de hardware ou software tenha instalado um arquivo com uma assinatura incorreta ou danificado, ou talvez o arquivo seja um software mal-intencionado de origem desconhecida.

C:\WINDOWS\system32>

Teclado desabilitado por Registro bugado,vc pode restaurar por meio da ERDNT localizado na pasta da JRT. &Eacute; o backup efetuado por ERUNT.
deverei executar oerdnit? q se encontra na pasta C:\FRST\Hives?

Answer

/!\ Boa Noite! alfredoluis /!\

> Ok! Seu Windows apresentava muitas infec&ccedil;&otilde;es e corrup&ccedil;&otilde;es em arquivos podem haver.

https://www.hardware.com.br/static/c/m/7869d403d5487e05c5bbef2c89818706

> O mais interessante &eacute; que vc tinha uma antiga configura&ccedil;&atilde;o ao teclado,proporcionada por um driver do Avast. Sua remo&ccedil;&atilde;o deixou vc sem teclado. Creio que a instala&ccedil;&atilde;o do Avast,pode resolver o problema,e j&aacute; que vc est&aacute; mesmo sem antiv&iacute;rus...
> Ou tentar o backup da [COLOR=#59b300]FRST[/COLOR] indo a pasta[COLOR=#ff8000] system32[/COLOR] >> [COLOR=#ff8000]Drivers[/COLOR] >>[COLOR=#b30059] aswKbd.sys[/COLOR].xBAD
> Remova a extens&atilde;o .xBAD e mova [COLOR=#ff0000]aswKbd.sys[/COLOR] para a pasta >> [COLOR=#ff8000]Drivers [/COLOR][COLOR=#000000]do seu Windows.[/COLOR]
> Reinicie o computador!
deverei executar oerdnit? q se encontra na pasta C:\FRST\Hives?
> Sim! &Eacute; outra op&ccedil;&atilde;o.

Abs!

Answer

faz anos que nao uso avast. antes de atualizar para o windows 10 eu ja usava o windows security.
na pasta drivers ja esta o arquivo aswKbd.sys sem a extens&atilde;o .xBAD

Answer

/!\ Boa Noite! alfredoluis /!\

> Pegadinha do Avast,creio eu....
> Cabe lhe relatar que ERDNT,salva entradas ao Registro e nunca vi esta ferramenta salvar drivers. rsrs...
> A Avast substituiu [COLOR=#b30059]kbdclass.sys[/COLOR],que &eacute; original do Windows pelo seu driver.
> Que coisa estranha ou intrusiva.
... na pasta drivers ja esta o arquivo aswKbd.sys sem a extens&atilde;o .xBAD
> Tem que ser a pasta drivers do Windows. E...houve alguma corre&ccedil;&atilde;o?

A+

Answer

executei o erdnit, mas nada mudou. sim, me refiro ao drive que fica na pasta drivers do Windows
caso seja util saber: a pasta C:\ProgramData\AVAST Software esta vazia.

s&oacute; nao entendo pq somente agora avast modificou o drive, pois faz anos q n o uso.

onde posso baixar o kbdclass.sys ?

Answer

/!\ Boa Noite! alfredoluis /!\

> Normalmente,a corre&ccedil;&atilde;o &eacute; executada pelo System File check,quando dispomos do CD do Windows.
> Vc j&aacute; verificou se possui o driver [COLOR=#b30000]kbdclass.sys [/COLOR][COLOR=#000000]na pasta Drivers?[/COLOR]
> Em todo caso ,posso lhe enviar de meu PC,que &eacute; Windows 8.1

https://www.hardware.com.br/static/c/m/746f9b0e648201bd5502434081495939

> N&atilde;o sei se a vers&atilde;o seria compat&iacute;vel com seu Windows 10.

< [COLOR=#0000ff]kbdclass.sys[/COLOR] >

> Vai aqui o link.
s&oacute; nao entendo pq somente agora avast modificou o drive, pois faz anos q n o uso.
> Isto n&atilde;o &eacute; de agora e h&aacute; tempos ocorria,mas quem poderia prever tal cilada da Avast?
> Se fosse a Baidu,o pessoal j&aacute; caia de pau!  :D

A+

Answer

no meu tem o kbdcass.sys. ser&aacute; q posso deletar o aswKbd.sys?

Answer

/!\ Boa Noite! alfredoluis /!\
http://www.sevenforums.com/hardware-devices/240851-keyboard-doesnt-work.html?s=36c6f2c849072193cf7d9df808ee4381
> Aqui com os gringos o [COLOR=#00b300]raya2[/COLOR] est&aacute; com o mesmo erro,mas n&atilde;o vi solu&ccedil;&atilde;o para ele.
no meu tem o kbdcass.sys. ser&aacute; q posso deletar o aswKbd.sys?
> N&atilde;o delete,tente o comando sfc /scannow,mesmo sem o CD,pois algum cache pode ser acessado e restaurar seu teclado.
> Tente,tamb&eacute;m,o comando chkdsk /spotfix que funciona muito bem no Windows 8.
> Se nada disto funcionar,lhe resta a Restaura&ccedil;&atilde;o do Sistema,para data anterior ao evento ou incidente.

A+

Answer

Oi. nada disso deu certo. Nem mesmo a restaura&ccedil;&atilde;o do sistema.

Por&eacute;m, como a instala&ccedil;&atilde;o do windows 10 &eacute; de gra&ccedil;a, baixei-o novamente, e pelo menos o teclado voltou a funcionar.

Acho que todos aqueles procedimentos que voc&ecirc; me passou serviram, acredito, para eliminar os v&iacute;rus e arquivos maliciosos.

Todavia, o windows defender continuou com o mesmo problema.

Quanto ao windows defender vou ver o que posso fazer com algu&eacute;m pessoalmente.

Ent&atilde;o era s&oacute; isso mesmo.

Obrigado pela aten&ccedil;&atilde;o e paci&ecirc;ncia dispensadas desde o in&iacute;cio de ano!! hehehe
grande abra&ccedil;o e feliz ano novo!

Answer

/!\ Boa Tarde! alfredoluis /!\ 
Quanto ao windows defender vou ver o que posso fazer com algu&eacute;m pessoalmente.
> Mas n&atilde;o fique muito tempo sem antiv&iacute;rus,pois pode comprometer seu computador com novas infec&ccedil;&otilde;es.
> Bom trabalho! E Feliz Ano Novo!

Abs!

Ferramentas

Mover Tópico