virus não deixa abrir painel de controle!

Question

*Delete a pasta c:\arquivos de programas\AskTBar
*Desinstale o Combofix. 
Menu> Executar> Combofix u/ > Enter

*Baixe o programa do link e salve-o no desktop
http://www.cijoint.fr/cjlink.php?file=cj200901/cijIF2X98T.zip
*Desative temporariamente seu antiv&iacute;rus
*Instale o programa (Suivant > Aceite o contrato > Suivant > Suivant > D&eacute;marrer > Quitter)
*Duplo clique no &iacute;cone criado no desktop
*Espete o Pendrive no PC e n&atilde;o remova-o at&eacute; o final do procedimento!
*Aguarde o PC ser reiniciado.
*Ao reiniciar o PC a ferramenta ser&aacute; executada automaticamente. Clique em [Continue] e aguarde...
*Ao receber a mensagem Nettoyage effectue!, tecle [ENTER]
*Cole o relat&oacute;rio criado em C:\UsbFix.txt e novo log do hijack

Answer

gustavo a pasta eu exclui,mais o combofix apareceu uma mensagem que &eacute; imcompativ&eacute;l s.o e n&atilde;o excluiu e passou novamente.

Answer

*Abra o Menu Iniciar > Executar > Digite: Combofix /u e desinstale o combofix. 
Note que a um espa&ccedil;o entre a palavra combofix e o tra&ccedil;o

Answer

bom dia Gustavo.
n&atilde;o desinstala j&aacute; tentei das duas formas ele fala se vai excutar?
quando aceito ele faz a varredura novamente e fica.
:anjinho:

Answer

Se voc&ecirc; tiver um pendrive em m&atilde;os. siga o procedimento a cima com a ferramenta USBfix.

Tente novamente este comando .

Iniciar > Executar > ComboFix /u  > Ok e aguarde que &eacute; obrigado a ser desinstalado.

Answer

desculpe gustavo mas n&atilde;o tenho pen drive.

Answer

Execute a ferramenta assim mesmo, sem o pendrive.

Se tiver alguma midia ex: pendrive,mp3 ou coisas do genero plug a sua maquina antes do scan..

Post o resultado

Answer

ol&aacute; Gustavo, consequi agora est&aacute; funcionando tudo certinho.
obrigada pela ajuda,mais precisei reparar o windows,estava faltando arquivos.
se vc precisar de algum logo eu posto aqui pra vc.
 
obrigada  :anjinho:

Answer

se poder postar o log do USBFix.exe eu agrade&ccedil;o.

Answer

a&iacute; est&aacute; o logo do usbfix desculpe pela demora,muito trbalho.
 
-------------- UsbFix V2.414 ---------------
* User : Administrador - FERNANDO-4A02C4
* Outils mis a jours le 09/01/2009 par Chiquitine29 et Chimay8
* Recherche effectu&eacute;e &agrave; 13:42:39 le ter 17/03/2009
* Windows Xp - Internet Explorer 6.0.2900.2180

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
  
--------------- [ Informations lecteurs ] ----------------   
  
C: - Unidade de disco fixo
D: - Unidade de CD-ROM
 
+- Contenu de l'autorun : C:\autorun.inf

+- Contenu de l'autorun : D:\autorun.inf  
[autorun]
OPEN=Setup.EXE
ICON=AUTORUN.ICO,0

--------------- [ Lecteur C ] ---------------- 
C: - Unidade de disco fixo

+- Listing des fichiers pr&eacute;sents :
[19/11/2008 11:09][--a------] C:\AUTOEXEC.BAT   
[03/08/2004 21:38][-rahs----] C:\NTDETECT.COM   
[16/03/2009 10:22][---hs----] C:\boot.ini   
[12/03/2009 15:33][drahs----] C:\autorun.inf   
[16/03/2009 09:12][--a------] C:\ComboFix.txt   
[16/03/2009 09:12][--a------] C:\UsbFix.txt   
[19/11/2008 11:09][--a------] C:\CONFIG.SYS   
[19/11/2008 11:09][--a------] C:\IO.SYS   
[19/11/2008 11:09][--a------] C:\MSDOS.SYS   
[19/11/2008 11:09][--a------] C:\pagefile.sys   
--------------- [ Lecteur D ] ---------------- 
D: - Unidade de CD-ROM

+- Listing des fichiers pr&eacute;sents :
[04/01/2007 00:36][-r-------] D:\Setup.exe   
[13/06/2000 09:59][-r-------] D:\Autorun.INF   
[17/07/2007 07:11][-r-------] D:\comparison.txt   
  
--------------- [ Registre / Startup ] ----------------   
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 
Userinit=C:\WINDOWS\system32\userinit.exe,
  
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] 
Search Page=http://www.google.com
Start Page=http://www.uol.com.br/
  
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersionun]
   CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
   msnmsgr=C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe /background
   BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}=C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionun]
   SunJavaUpdateSched=C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe
   nwiz=nwiz.exe /install
   NeroFilterCheck=C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
   ISUSPM Startup=C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
   ISUSScheduler=C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe -start
   avast!=C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
   NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
   NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents\IMAIL=
   Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents\MAPI=
   Installed=1
   NoChange=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents\MSFS=
   Installed=1
  
--------------- [ Registre / Mountpoint2 ] ----------------   
  
Supprim&eacute; ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a5e88de-cca2-11dd-b2cc-c4c6f71b2507}\Shell\AutoRun\command  
Supprim&eacute; ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a5e88e1-cca2-11dd-b2cc-c4c6f71b2507}\Shell\AutoRun\command  
Supprim&eacute; ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3550b934-c64b-11dd-b2c2-001bb9cef6bf}\Shell\AutoRun\command  
Supprim&eacute; ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50487df4-c564-11dd-b2bd-001bb9cef6bf}\Shell\AutoRun\command  
Supprim&eacute; ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50487df7-c564-11dd-b2bd-001bb9cef6bf}\Shell\AutoRun\command  
Supprim&eacute; ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d72044e-c7dc-11dd-b2c5-001bb9cef6bf}\Shell\AutoRun\command  
Supprim&eacute; ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{944fc11c-c7dd-11dd-b2c6-eb510ef95407}\Shell\AutoRun\command  
Supprim&eacute; ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b03ec1f6-c716-11dd-b2c4-001bb9cef6bf}\Shell\AutoRun\command  
Supprim&eacute; ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b03ec1f7-c716-11dd-b2c4-001bb9cef6bf}\Shell\AutoRun\command  
Supprim&eacute; ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b27dc190-ed9c-11dd-b2e3-f5ecef20bc07}\Shell\AutoRun\command  
Supprim&eacute; ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b27dc190-ed9c-11dd-b2e3-f5ecef20bc07}\Shell\explore\Command  
Supprim&eacute; ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b27dc190-ed9c-11dd-b2e3-f5ecef20bc07}\Shell\open\Command  
Supprim&eacute; ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fbab7fb4-c570-11dd-b2be-001bb9cef6bf}\Shell\AutoRun\command  
Supprim&eacute; ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fbab7fb5-c570-11dd-b2be-001bb9cef6bf}\Shell\AutoRun\command  
Supprim&eacute; ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fbab7fb7-c570-11dd-b2be-001bb9cef6bf}\Shell\AutoRun\command  
Supprim&eacute; ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fbab7fb8-c570-11dd-b2be-001bb9cef6bf}\Shell\AutoRun\command  
  
--------------- [ Nettoyage des disques ] ----------------   
   
Echec de la supression !! - [17/03/2009 13:43] C:\autorun.inf   
Supprim&eacute; ! - [17/03/2009 13:43][d-a------] C:\autorun.inf    
Echec de la supression !! - [04/01/2007 00:36] D:\Setup.exe   
Echec de la supression !! - [13/06/2000 09:59] D:\autorun.inf   
Echec de la supression !! - [13/06/2000 09:59] D:\autorun.inf   
  
--------------- [ Resum&eacute; ] ----------------   
  
 -> /!\ Le resultat doit etre [http://www.virustotal.com/fr/ interpr&eacute;t&eacute;] par un sp&eacute;cialiste  /!\   
  
[19/11/2008 11:09][--a------] C:\AUTOEXEC.BAT   
[03/08/2004 21:38][-rahs----] C:\NTDETECT.COM   
[16/03/2009 10:22][---hs----] C:\boot.ini   
[04/01/2007 00:36][-r-------] D:\Setup.exe   
[13/06/2000 09:59][-r-------] D:\Autorun.INF   
   
--------------- [ Vaccination ] ----------------   
   
C:\autorun.inf -> Dossier autorun.inf cr&eacute;e par UsbFix !  
 
--------------- ! Fin du rapport ! ----------------  
 
:anjinho:

Answer

Por gentileza novo log do hijackthis

Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:25:33, on 17/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe
C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\WinRAR\WinRAR.exe
C:\Documents and Settings\Administrador\Meus documentos\Programas\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Auxiliar de Conex&atilde;o do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe -start
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y %SystemRoot%\System32\syssetub.dll %SystemRoot%\System32\syssetup.dll (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y %SystemRoot%\System32\syssetub.dll %SystemRoot%\System32\syssetup.dll (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin
pjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_04\bin
pjpi150_04.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227132125484
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7FD3E11-3A3E-4614-9CAD-E989DA11119B}: NameServer = 200.204.0.10 200.204.0.138
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
--
End of file - 5905 bytes

Answer

Como est&aacute; sua maquina? tudo funcionando normalmente?

Sabe navegar pelo registro do windows?

Answer

ainda n&atilde;o, funciona o som.

Answer

Sabes navegar no registro?

Ferramentas

Mover Tópico