Ajuda com vírus, relatório Usb.fixResolvido/Fechado

Question

Olá, estou com problemas de vírus no meu HD externo a um tempo, antes era aquele vírus das pastas que viram atalhos, li na internet e dei um jeito, agora tem várias pastas ocultas lá que não são minhas e não consigo deletar, achei o site e li sobre o Usb.fix, resolvi testar e aqui está meu relatório Usb.Fix, espero que consiga resolver, obrigada :(



[b]############################## | UsbFix V 7.176 | [Pesquisa][/b]

Usuário: Cecilia (Administrador) # CECILIA-HARRYP
Atualizado em 18/07/2014 por El Desaparecido - SosVirus
Começou em 14:50:36 | 24/07/2014

Site : [url=http://www.pt.usbfix.net/]http://www.pt.usbfix.net/[/url]
Changelog : [url=http://www.usbfix.net/maj/]https://www.usb-antivirus.com/fr/maj/[/url]
Asistencia : [url=http://www.sosvirus.net/]https://www.sosvirus.net/[/url]
Upload Malware : [url=http://www.sosvirus.net/upload_malware.php]http://www.sosvirus.net/upload_malware.php[/url]
Contato : [url=http://www.pt.usbfix.net/contato/]http://www.pt.usbfix.net/contato/[/url]

[b]################## | System information |[/b]

MB: Hewlett-Packard (1445) 
CPU: AMD Turion(tm) II P560 Dual-Core Processor
RAM -> [Total : 3835 Mo | Free : 1035 Mo]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft(TM) Windows 7 Ultimate (6.1.7601 64-Bit) Service Pack 1
WB: Internet Explorer : 11.00.9600.16428
WB: Google Chrome : 36.0.1985.125
WB: Mozilla Firefox : 31.0

[b]################## | Security Information |[/b]

AV: AVG AntiVirus Free Edition 2014 [[b](!) Não ativo[/b] |Atualizado]
AS: Windows Defender [[b](!) Não ativo[/b] |Atualizado]
AS: AVG AntiVirus Free Edition 2014 [[b](!) Não ativo[/b] |Atualizado]
FW: Windows Firewall [[b](!) Não ativo[/b]]
SC: Security Center [Ativo]
WU: Windows Update [Ativo]

[b]################## | Disk Information |[/b]

C:\ (%SystemDrive%) -> Disco fixo # 466 Gb (366 Mb livre - 79%) [] # NTFS
E:\ -> Disco fixo # 932 Gb (494 Mb livre - 53%) [Princesa Jujuba] # NTFS
F:\ -> Disco removível # 4 Gb (2 Mb livre - 47%) [CECILIA] # FAT32

[b]################## | Processos Ativos |[/b]

C:\Windows\System32\smss.exe (ID: 272|ParentID: 4|SISTEMA)
C:\Windows\System32\wininit.exe (ID: 740|ParentID: 660)
C:\Windows\System32\services.exe (ID: 812|ParentID: 740)
C:\Windows\System32\winlogon.exe (ID: 840|ParentID: 752)
C:\Windows\System32\lsass.exe (ID: 868|ParentID: 740)
C:\Windows\System32\lsm.exe (ID: 888|ParentID: 740)
C:\Windows\System32\svchost.exe (ID: 972|ParentID: 812)
C:\PROGRA~2\GbPlugin\GbpSv.exe (ID: 308|ParentID: 812)
C:\Windows\System32\svchost.exe (ID: 680|ParentID: 812)
C:\Windows\System32\atiesrxx.exe (ID: 872|ParentID: 812)
C:\Windows\System32\svchost.exe (ID: 1068|ParentID: 812)
C:\Windows\System32\svchost.exe (ID: 1128|ParentID: 812)
C:\Windows\System32\svchost.exe (ID: 1168|ParentID: 812)
C:\Windows\System32\svchost.exe (ID: 1200|ParentID: 812)
C:\Windows\System32\audiodg.exe (ID: 1288|ParentID: 1068)
C:\Windows\System32\atieclxx.exe (ID: 1404|ParentID: 872)
C:\Windows\System32\svchost.exe (ID: 1472|ParentID: 812)
C:\Windows\System32\spoolsv.exe (ID: 1676|ParentID: 812)
C:\Windows\System32\svchost.exe (ID: 1708|ParentID: 812)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1800|ParentID: 812)
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (ID: 1820|ParentID: 812)
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (ID: 1884|ParentID: 812)
C:\Windows\System32\svchost.exe (ID: 2488|ParentID: 812)
C:\Windows\System32\sppsvc.exe (ID: 2516|ParentID: 812)
C:\Windows\System32\svchost.exe (ID: 2132|ParentID: 812)
C:\Windows\System32\SearchIndexer.exe (ID: 1056|ParentID: 812)
C:\Windows\System32	askhost.exe (ID: 3028|ParentID: 812|Cecilia)
C:\Windows\System32\dwm.exe (ID: 2400|ParentID: 1128|Cecilia)
C:\Windows\explorer.exe (ID: 2012|ParentID: 200|Cecilia)
C:\Program Files (x86)\uTorrent\uTorrent.exe (ID: 956|ParentID: 2012|Cecilia)
C:\Users\Cecilia\AppData\Local\Skillbrains\lightshot\5.1.4.6\Lightshot.exe (ID: 3092|ParentID: 3076|Cecilia)
C:\Program Files (x86)\Origin\Origin.exe (ID: 3148|ParentID: 2012|Cecilia)
C:\Program Files (x86)\AVG\AVG2014\avgui.exe (ID: 3304|ParentID: 3180|Cecilia)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID: 3356|ParentID: 3288|Cecilia)
C:\Windows\SysWOW64\ctfmon.exe (ID: 4044|ParentID: 3304|Cecilia)
C:\PROGRA~2\Raptraptr.exe (ID: 3444|ParentID: 3084|Cecilia)
C:\PROGRA~2\Raptraptr_im.exe (ID: 3964|ParentID: 3444|Cecilia)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID: 3336|ParentID: 3356|Cecilia)
C:\Program Files (x86)\Raptraptr_ep64.exe (ID: 2948|ParentID: 3444|Cecilia)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 4848|ParentID: 3180|Cecilia)
C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (ID: 3124|ParentID: 812)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (ID: 3268|ParentID: 2012|Cecilia)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (ID: 4772|ParentID: 3268|Cecilia)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (ID: 1556|ParentID: 3268|Cecilia)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (ID: 4588|ParentID: 1556|Cecilia)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (ID: 4608|ParentID: 4588|Cecilia)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2980|ParentID: 2012|Cecilia)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 3500|ParentID: 2980|Cecilia)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4908|ParentID: 2980|Cecilia)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 640|ParentID: 2980|Cecilia)
C:\Program Files (x86)\Windows Media Player\wmplayer.exe (ID: 5716|ParentID: 2012|Cecilia)
C:\Program Files (x86)\Steam\Steam.exe (ID: 5264|ParentID: 5688|Cecilia)
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (ID: 592|ParentID: 5264|Cecilia)
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (ID: 5524|ParentID: 592|Cecilia)
C:\Program Files (x86)\Common Files\Steam\SteamService.exe (ID: 3244|ParentID: 812)
C:\Program Files (x86)\RaidCall.BRaidcall.exe (ID: 4284|ParentID: 5284|Cecilia)
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (ID: 5188|ParentID: 592|Cecilia)
C:\Windows\SysWOW64
otepad.exe (ID: 5728|ParentID: 4020|Cecilia)
C:\UsbFix\UsbFix.exe (ID: 2292|ParentID: 2012|Cecilia)

[b]################## | Autorun |[/b]


[b]################## | Regedit Run |[/b]

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
04 - HKCU\..\Run : [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
04 - HKCU\..\Run : [LightShot] C:\Users\Cecilia\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue
04 - HKCU\..\Run : [Raptr] C:\PROGRA~2\Raptraptrstub.exe --startup
04 - HKCU\..\Run : [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
04 - HKLM\..\Run : [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\..\Run : [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
04 - HKLM\..\Run : [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [AutoStarter] C:\ProgramData\AutoStarter\AutoStarter.exe
04 - HKLM\..\Run : [RaidCall] C:\Program Files (x86)\RaidCall.BRaidcall.exe
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1300132834-1479614385-35549922-1000\..\Run : [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
04 - HKU\S-1-5-21-1300132834-1479614385-35549922-1000\..\Run : [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
04 - HKU\S-1-5-21-1300132834-1479614385-35549922-1000\..\Run : [LightShot] C:\Users\Cecilia\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue
04 - HKU\S-1-5-21-1300132834-1479614385-35549922-1000\..\Run : [Raptr] C:\PROGRA~2\Raptraptrstub.exe --startup
04 - HKU\S-1-5-21-1300132834-1479614385-35549922-1000\..\Run : [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\..\RunOnce : [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"https://support.microsoft.com/en-us/windows/install-windows-7-service-pack-1-sp1-b3da2c0f-cdb6-0572-8596-bab972897f61" /build:7601

[b]################## | Procura genérica |[/b]

Presente ! C:\Users\Cecilia\autorun.inf
Presente ! C:\Windows\Tasks\update-sys.job
Presente ! C:\Windows\Tasks\update-S-1-5-21-1300132834-1479614385-35549922-1000.job

[b]################## | Registro |[/b]

Presente ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe

[b]################## | E.O.F | [url=http://www.sosvirus.net/]https://www.sosvirus.net/[/url] | [url=http://www.pt.usbfix.net/]http://www.pt.usbfix.net/[/url] |[/b]

JESUS CRISTO · Answer

HELLO,CECILIA



NO RELATÓRIO QUE VC POSTOU NÃO MOSTRA NENHUMA INFORMAÇÃO SOBRE O HD EXTERNO.


APENAS:

E:\ -> Disco fixo # 932 Gb (494 Mb livre - 53%) [Princesa Jujuba] # NTFS 


NO PROGRAMA USBFIX


TEM UMA OPÇÃO CHAMADA LISTING,NESSA OPÇÃO DEVE MOSTRAR O QUE FOI ENCONTRADO.


DEPOIS CLICK EM LIMPAR.

EU RECOMENDO O USO DO PROGRAMA: COMBOFIX


POIS ELE REALMENTE LIMPA QUALQUER VIRUS!


LINK: https://www.bleepingcomputer.com/download/combofix/


CONECTE O HD EXTERNO:


CLICK EM DOWNLOAD NOW E  EXECUTE O PROGRAMA NO DESKTOP COM O ANTIVIRUS DESATIVADO PARA NÃO ATRAPALHAR O ESCANEAMENTO.


"DURANTE O ESCANEAMENTO NÃO UTILIZE NEM PROGRAMA".



POSTE O RESULTADO!

CeciliaLeite · Answer

Ok, irei fazer isso agora, obrigada *-*

CeciliaLeite · Answer

Não foram :( Olha, no Usb.Fix aparece ela, te mostrar: 

[b]############################## | UsbFix V 7.176 | [Listing][/b]

Usuário: Cecilia (Administrador) # CECILIA-HARRYP
Atualizado em 18/07/2014 por El Desaparecido - SosVirus
Começou em 16:04:38 | 24/07/2014

Site : [url=http://www.pt.usbfix.net/]http://www.pt.usbfix.net/[/url]
Changelog : [url=http://www.usbfix.net/maj/]https://www.usb-antivirus.com/fr/maj/[/url]
Asistencia : [url=http://www.sosvirus.net/]https://www.sosvirus.net/[/url]
Upload Malware : [url=http://www.sosvirus.net/upload_malware.php]http://www.sosvirus.net/upload_malware.php[/url]
Contato : [url=http://www.pt.usbfix.net/contato/]http://www.pt.usbfix.net/contato/[/url]

[b]################## | System information |[/b]

MB: Hewlett-Packard (1445) 
CPU: AMD Turion(tm) II P560 Dual-Core Processor
RAM -> [Total : 3835 Mo | Free : 2032 Mo]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft(TM) Windows 7 Ultimate (6.1.7601 64-Bit) Service Pack 1
WB: Internet Explorer : 11.00.9600.16428
WB: Google Chrome : 36.0.1985.125
WB: Mozilla Firefox : 31.0

[b]################## | Security Information |[/b]

AV: AVG AntiVirus Free Edition 2014 [Ativo |Atualizado]
AS: Windows Defender [[b](!) Não ativo[/b] |Atualizado]
AS: AVG AntiVirus Free Edition 2014 [Ativo |Atualizado]
FW: Windows Firewall [Ativo]
SC: Security Center [Ativo]
WU: Windows Update [Ativo]

[b]################## | Disk Information |[/b]

C:\ (%SystemDrive%) -> Disco fixo # 466 Gb (367 Mb livre - 79%) [] # NTFS
E:\ -> Disco fixo # 932 Gb (494 Mb livre - 53%) [Princesa Jujuba] # NTFS
F:\ -> Disco removível # 4 Gb (2 Mb livre - 47%) [CECILIA] # FAT32

[b]################## | Autorun |[/b]


[b]################## | C:\ %SystemDrive% - Disco fixo (NTFS) |[/b]

[24/07/2014 - 15:42:54 | A | 26 Ko] - C:\ComboFix.txt
[10/06/2009 - 18:42:20 | A | 0 Ko] - C:\config.sys
[24/07/2014 - 10:10:29 | ASH | 3926940 Ko] - C:\pagefile.sys
[24/07/2014 - 10:10:29 | ASH | 2945204 Ko] - C:\hiberfil.sys
[01/07/2014 - 08:52:53 | N | 0 Ko] - C:\spyhunter.log
[21/07/2014 - 15:01:17 | A | 716 Ko] - C:\spyhunter.fix
[24/07/2014 - 15:43:02 | SHD] - C:\$RECYCLE.BIN
[10/06/2009 - 18:42:20 | A | 0 Ko] - C:\autoexec.bat
[14/07/2009 - 00:20:08 | D] - C:\PerfLogs
[14/07/2009 - 02:08:56 | SHD] - C:\Documents and Settings
[25/06/2014 - 13:28:38 | SHD] - C:\Arquivos de Programas
[25/06/2014 - 16:45:25 | D] - C:\AMD
[25/06/2014 - 16:55:43 | RD] - C:\MSOCache
[27/06/2014 - 13:01:29 | D] - C:\$AVG
[28/06/2014 - 12:12:49 | D] - C:\Recovery
[28/06/2014 - 12:47:29 | D] - C:\Swsetup
[28/06/2014 - 20:12:55 | RD] - C:\Users
[29/06/2014 - 19:10:20 | D] - C:\Level Up Games
[21/07/2014 - 13:46:34 | RD] - C:\Program Files
[23/07/2014 - 17:56:46 | D] - C:\ProgramData
[23/07/2014 - 21:32:09 | RD] - C:\Program Files (x86)
[24/07/2014 - 14:43:07 | D] - C:\UsbFix
[24/07/2014 - 15:27:17 | SHD] - C:\System Volume Information
[24/07/2014 - 15:42:56 | D] - C:\Windows
[24/07/2014 - 15:42:58 | D] - C:\Qoobox

[b]################## | E:\ - Disco fixo (NTFS) |[/b]

[07/09/2013 - 20:00:21 | RA | 4198682 Ko] - E:\Windows_7_todas.as.versoes_x86_ou_x64_pt-BR.iso
[21/05/2014 - 10:39:17 | A | 191 Ko] - E:\bookmarks.html
[24/07/2014 - 16:01:14 | SHD] - E:\$RECYCLE.BIN
[05/09/2013 - 15:24:23 | A | 0 Ko] - E:\protege.bat
[16/05/2013 - 17:23:53 | D] - E:\Coisas do HD
[19/05/2014 - 13:20:35 | D] - E:\Jogos
[19/05/2014 - 20:17:20 | RD] - E:\Pictures
[22/05/2014 - 11:43:12 | D] - E:\Coisas do meu Harry
[28/06/2014 - 19:50:18 | D] - E:\Programas
[01/07/2014 - 17:33:21 | SHD] - E:\System Volume Information
[24/07/2014 - 16:01:06 | D] - E:\30b51a5f4c689e62e7

[b]################## | F:\ - Disco removível (FAT32) |[/b]

[21/02/2013 - 01:40:26 | A | 30 Ko] - F:\Army of Darkness.srt
[12/05/2014 - 14:32:52 | A | 46 Ko] - F:\Game.of.Thrones.S04E06.HDTV.x264-KILLERS.srt
[22/07/2014 - 18:44:22 | A | 51 Ko] - F:\Under.the.Dome.S02E04.HDTV.x264-LOL.srt
[16/05/2014 - 14:33:40 | A | 299770 Ko] - F:\Game.of.Thrones.S04E06.HDTV.x264-KILLERS.mp4
[04/07/2014 - 09:27:50 | A | 1467401 Ko] - F:\Army of Darkness.mp4
[22/07/2014 - 15:14:36 | A | 313472 Ko] - F:\Under.the.Dome.S02E04.HDTV.x264-LOL.mp4

[b]################## | E.O.F | [url=http://www.sosvirus.net/]https://www.sosvirus.net/[/url] | [url=http://www.pt.usbfix.net/]http://www.pt.usbfix.net/[/url] |[/b]

Ajuda com vírus, relatório Usb.fix

3 Respostas

Conversas semelhantes

Assine nossa newsletter!