virus pen driveFechado

Question

Bom dia, 

[b]############################## | UsbFix V 7.172 | [Pesquisa][/b]

Usuário: PC-05 (Administrador) # PC-9478218B80DC
Atualizado em 23/06/2014 por El Desaparecido - SosVirus
Começou em 08:29:44 | 28/06/2014

Site : [url=http://www.pt.usbfix.net/]http://www.pt.usbfix.net/[/url]
Changelog : [url=http://www.usbfix.net/maj/]http://www.usbfix.net/maj/[/url]
Asistencia : [url=http://pt.kioskea.net/forum/seguranca-virus-7]https://br.ccm.net/forum/seguranca-7[/url]
Upload Malware : [url=http://www.sosvirus.net/upload_malware.php]http://www.sosvirus.net/upload_malware.php[/url]
Contato : [url=http://www.pt.usbfix.net/contato/]http://www.pt.usbfix.net/contato/[/url]

[b]################## | System information |[/b]

CPU: Intel(R) Core(TM)2 Duo CPU     E7200  @ 2.53GHz
RAM -> [Total : 3319 Mo | Free : 1361 Mo]
Boot: Normal boot

OS: Microsoft Windows XP (5.1.2600 32-Bit) Service Pack 3
WB: Internet Explorer : 8.00.6001.18702
WB: Google Chrome : 35.0.1916.153
WB: Mozilla Firefox : 30.0

[b]################## | Security Information |[/b]

AS: Malwarebytes Anti-Malware : 1.0.0.532
FW: Windows Firewall [Ativo]
SC: Security Center [Ativo]
WU: Windows Update [Ativo]

[b]################## | Disk Information |[/b]

C:\ (%SystemDrive%) -> Disco fixo # 293 Gb (195 Mb livre - 67%) [] # NTFS
D:\ -> Disco removível # 2 Gb (1 Mb livre - 73%) [MARQUITOS] # FAT
E:\ -> CD-ROM # 51 Mb (0 Mb livre - 0%) [Meu Disco] # CDFS
F:\ -> Disco fixo # 466 Gb (61 Mb livre - 13%) [SAMSUNG HD] # FAT32
H:\ -> Disco fixo # 173 Gb (141 Mb livre - 82%) [] # NTFS

[b]################## | Processos Ativos |[/b]

C:\WINDOWS\system32\smss.exe (ID: 696|ParentID: 4|SYSTEM)
C:\ARQUIV~1\AVG\AVG2014\avgrsx.exe (ID: 732|ParentID: 720|SYSTEM)
C:\Arquivos de programas\AVG\AVG2014\avgcsrvx.exe (ID: 776|ParentID: 732|SYSTEM)
C:\WINDOWS\system32\winlogon.exe (ID: 1028|ParentID: 696|SYSTEM)
C:\WINDOWS\system32\services.exe (ID: 1072|ParentID: 1028|SYSTEM)
C:\WINDOWS\system32\lsass.exe (ID: 1084|ParentID: 1028|SYSTEM)
C:\WINDOWS\system32\svchost.exe (ID: 1244|ParentID: 1072|SYSTEM)
C:\WINDOWS\system32\svchost.exe (ID: 1444|ParentID: 1072|SYSTEM)
C:\WINDOWS\system32\svchost.exe (ID: 1488|ParentID: 1072|SYSTEM)
C:\WINDOWS\system32\spoolsv.exe (ID: 1880|ParentID: 1072|SYSTEM)
C:\WINDOWS\explorer.exe (ID: 248|ParentID: 1928|PC-05)
C:\WINDOWS\system32\igfxtray.exe (ID: 1088|ParentID: 248|PC-05)
C:\WINDOWS\system32\hkcmd.exe (ID: 1272|ParentID: 248|PC-05)
C:\WINDOWS\system32\igfxpers.exe (ID: 1280|ParentID: 248|PC-05)
C:\WINDOWS\system32\igfxsrvc.exe (ID: 1364|ParentID: 1244|PC-05)
C:\Arquivos de programas\NSPro\NSPro.exe (ID: 1556|ParentID: 248|PC-05)
C:\WINDOWS\system32undll32.exe (ID: 1656|ParentID: 248|PC-05)
C:\Arquivos de programas\AVG\AVG2014\avgidsagent.exe (ID: 1732|ParentID: 1072|SYSTEM)
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (ID: 1808|ParentID: 248|PC-05)
C:\Arquivos de programas\AVG\AVG2014\avgwdsvc.exe (ID: 1996|ParentID: 1072|SYSTEM)
C:\Arquivos de programas\Bonjour\mDNSResponder.exe (ID: 208|ParentID: 1072|SYSTEM)
C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40ST7.EXE (ID: 404|ParentID: 1072|SYSTEM)
C:\WINDOWS\system32\wscript.exe (ID: 484|ParentID: 248|PC-05)
C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE (ID: 516|ParentID: 1072|SYSTEM)
C:\Arquivos de programas\AVG SafeGuard toolbar\vprot.exe (ID: 596|ParentID: 248|PC-05)
C:\WINDOWS\system32\ctfmon.exe (ID: 608|ParentID: 248|PC-05)
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe (ID: 624|ParentID: 248|PC-05)
C:\Arquivos de programas\Messenger\msmsgs.exe (ID: 640|ParentID: 248|PC-05)
C:\WINDOWS\system32\svchost.exe (ID: 444|ParentID: 1072|SYSTEM)
C:\WINDOWS\system32\svchost.exe (ID: 1216|ParentID: 1072|LOCAL SERVICE)
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe (ID: 2068|ParentID: 1244|PC-05)
C:\WINDOWS\system32\svchost.exe (ID: 2200|ParentID: 1072|LOCAL SERVICE)
C:\Documents and Settings\PC-05\Dados de aplicativos\Dropbox\bin\Dropbox.exe (ID: 2384|ParentID: 248|PC-05)
C:\Arquivos de programas\AVG\AVG2014\avgnsx.exe (ID: 2676|ParentID: 1996|SYSTEM)
C:\Arquivos de programas\AVG\AVG2014\avgemcx.exe (ID: 2700|ParentID: 1996|SYSTEM)
C:\WINDOWS\system32\svchost.exe (ID: 3484|ParentID: 1072|SYSTEM)
C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe (ID: 3508|ParentID: 1072|SYSTEM)
C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe (ID: 3608|ParentID: 3508|SYSTEM)
C:\Arquivos de programas\Malwarebytes Anti-Malware\mbam.exe (ID: 3696|ParentID: 248|PC-05)
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jucheck.exe (ID: 2432|ParentID: 1808|PC-05)
C:\Arquivos de programas\AVG\AVG2014\avgcsrvx.exe (ID: 408|ParentID: 1996|SYSTEM)
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe (ID: 2600|ParentID: 248|PC-05)
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe (ID: 1220|ParentID: 2600|PC-05)
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe (ID: 4288|ParentID: 2600|PC-05)
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe (ID: 4344|ParentID: 2600|PC-05)
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe (ID: 5312|ParentID: 2600|PC-05)
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe (ID: 4856|ParentID: 2600|PC-05)
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe (ID: 1948|ParentID: 2600|PC-05)
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe (ID: 4836|ParentID: 2600|PC-05)
C:\UsbFix\UsbFix.exe (ID: 5664|ParentID: 4556|PC-05)

[b]################## | Autorun |[/b]


[b]################## | Regedit Run |[/b]

F2 - HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\WINDOWS\system32\userinit.exe,
F3 - HKCU\..\Winlogon : [Shell] Explorer.exe
04 - HKCU\..\Run : [ctfmon.exe] C:\windows\system32\ctfmon.exe
04 - HKCU\..\Run : [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
04 - HKCU\..\Run : [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
04 - HKCU\..\Run : [GoogleChromeAutoLaunch_28CE4C5D509018797EB876F7FD9A722A] "C:\Arquivos de programas\Google\Chrome\Application\chrome.exe" --no-startup-window
04 - HKCU\..\Run : [bxlgsogjjd] wscript.exe //B "C:\Documents and Settings\PC-05\Dados de aplicativos\bxlgsogjjd..vbs"
04 - HKLM\..\Run : [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
04 - HKLM\..\Run : [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
04 - HKLM\..\Run : [Persistence] C:\WINDOWS\system32\igfxpers.exe
04 - HKLM\..\Run : [NSPro] C:\Arquivos de programas\NSPro\NSPro.exe
04 - HKLM\..\Run : [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
04 - HKLM\..\Run : [bxlgsogjjd] wscript.exe //B "C:\Documents and Settings\PC-05\Dados de aplicativos\bxlgsogjjd..vbs"
04 - HKLM\..\Run : [AVG_UI] "C:\Arquivos de programas\AVG\AVG2014\avgui.exe" /TRAYONLY
04 - HKLM\..\Run : [vProt] "C:\Arquivos de programas\AVG SafeGuard toolbar\vprot.exe"
04 - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-19\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-20\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-21-1292428093-1409082233-682003330-1003\..\Run : [ctfmon.exe] C:\windows\system32\ctfmon.exe
04 - HKU\S-1-5-21-1292428093-1409082233-682003330-1003\..\Run : [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
04 - HKU\S-1-5-21-1292428093-1409082233-682003330-1003\..\Run : [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
04 - HKU\S-1-5-21-1292428093-1409082233-682003330-1003\..\Run : [GoogleChromeAutoLaunch_28CE4C5D509018797EB876F7FD9A722A] "C:\Arquivos de programas\Google\Chrome\Application\chrome.exe" --no-startup-window
04 - HKU\S-1-5-21-1292428093-1409082233-682003330-1003\..\Run : [bxlgsogjjd] wscript.exe //B "C:\Documents and Settings\PC-05\Dados de aplicativos\bxlgsogjjd..vbs"
04 - HKU\S-1-5-21-1292428093-1409082233-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run : [ctfmon.exe] C:\windows\system32\ctfmon.exe
04 - HKU\S-1-5-21-1292428093-1409082233-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run : [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
04 - HKU\S-1-5-21-1292428093-1409082233-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run : [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
04 - HKU\S-1-5-21-1292428093-1409082233-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run : [GoogleChromeAutoLaunch_28CE4C5D509018797EB876F7FD9A722A] "C:\Arquivos de programas\Google\Chrome\Application\chrome.exe" --no-startup-window
04 - HKU\S-1-5-21-1292428093-1409082233-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run : [bxlgsogjjd] wscript.exe //B "C:\Documents and Settings\PC-05\Dados de aplicativos\bxlgsogjjd..vbs"
04 - HKU\S-1-5-18\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

[b]################## | Procura genérica |[/b]

Presente ! C:\Documents and Settings\PC-05\Dados de aplicativos\bxlgsogjjd..vbs
Presente ! C:\Documents and Settings\PC-05\Menu Iniciar\Programas\Inicializar\bxlgsogjjd..vbs
Presente ! D:\bxlgsogjjd..vbs
Presente ! D:\.lnk
Presente ! D:\04.lnk

[b]################## | Registro |[/b]

Presente ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Presente ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Presente ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Presente ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Presente ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Presente ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Presente ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Presente ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Presente ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Presente ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Presente ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Presente ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Presente ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Presente ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Presente ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Presente ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Presente ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Optionsjatydimofu.exe
Presente ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Presente ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options	bdelta.exetoolbar783881609.exe
Presente ! HKU\S-1-5-21-1292428093-1409082233-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run|bxlgsogjjd
Presente ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|bxlgsogjjd
Presente ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|bxlgsogjjd

[b]################## | E.O.F | [url=http://www.sosvirus.net/]http://www.sosvirus.net/[/url] | [url=http://www.pt.usbfix.net/]http://www.pt.usbfix.net/[/url] |[/b]


Configura&ccedil;&atilde;o: Windows XP / Chrome 35.0.1916.153

aaafelix · Answer

A única coisa que entendi foi AVG antivírus. Se fosse você trocava para o AVAST (fácil de usar, gratuito e com interface moderna). Deixe seu pendrive conectado ao equipamento e faça um escaneamento ao reiniciar. Antes siga os passos: Abra a pasta "Meus Documentos", "Ferramentas", "Modo de exibição". Desmarque a caixa "Ocultar arquivos protegidos do sistema operacional (Recomendado)", "Aplicar" e "Ok". Reinicie seu pc e tenha paciência (não mande nada para quarentena) exclua todos. Você também pode entrar nessa página https://br.ccm.net/forum/affich-333432-pen-drive-arquivos-em-atalho lá tem outra opção. Abraços,
aaafelix.

Virus pen drive

1 Respostas

Conversas semelhantes

Assine nossa newsletter!