• Baixa UsbFix em seu computador e executar UsbFix.
  • UsbFix colidirá automaticamente e um atalho de lançamento será criado em seu escritório.
  • Insira o(s) pendrive(s) ou outra(s) mídia(s) removível que você suspeite que possa(m) estar infectada(s).
  • Na tela do Usbfix que estará aberta, você clicará no botão “Pesquisa“.
Tutorial do UsbFix - Pesquisa
  • A janela que segue é uma lembrança nas ordens abaixo :

Insira o(s) pendrive(s) ou outra(s) mídia(s) removível que você suspeite que possa(m) estar infectada(s).

  • Depois disto no botão OK.
Tutorial do UsbFix - Pesquisa
  • Aguarde enquanto a pesquisa por infecções está sendo efetuado.
usbfix-pt-scan
  • Durante o esquadrinhe, UsbFix informa o número de elementos analisados para você e o indica o número de elementos infetados.
usbfix-pt-scan-detected
  • Uma vez os terminaram esquadrinham, um relatório vai abrir.
Tutorial do UsbFix - Pesquisa
  • Copy e adere os conteúdos deste relatório no foro ou você é tomado cuidado.
  • Uma cópia do relatório é derrubada em o escritório : UsbFix_Report.txt, o relatório é além protegido abaixo :
    C:\UsbFix\Log\UbsFix [Scan 1] nome_do_PC.txt.
  • Se você não é ajudado, nós o convidamos a criar um assunto no foro de desinfecção SosVirus,
    você receberá um livre e personalizou ajuda.
SosVirus

Ajuda Grátis

Forum SosVirus

Ajudar UsbFix

[sdonations]1[/sdonations]

Note este tutorial

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5,00 out of 5)
Tutorial do UsbFix - Pesquisa - ManualLoading...

Aqui é um exemplo de exibição de relatório completa a presença de infecções

############################## | UsbFix V 7.167 |

[Pesquisa]

Usuário: SosVirus (Administrador) # WIN-09IAK1HLCUV
Atualizado em 13/03/2014 por El Desaparecido – Team SosVirus
Começou em 15:37:55 | 15/03/2014

Site : //www.usb-antivirus.com/pt/
Changelog : https://www.usb-antivirus.com/maj/
Support : https://www.sosvirus.org/
Upload Malware : https://www.sosvirus.net/upload_malware.php
Contato : //www.usb-antivirus.com/pt/contato/

PC: Intel Corporation (440BX Desktop Reference Platform)
CPU: AMD FX(tm)-8150 Eight-Core Processor
RAM -> [Total : 2047 Mo| Free : 1186 Mo] Bios: Phoenix Technologies LTD
Boot: Normal boot

OS: Microsoft Windows 7 Édition Intégrale (6.1.7600 64-Bit)
WB: Windows Internet Explorer : 8.0.7600.16385

SC: Security Center [Enabled] WU: Windows Update [Enabled] AS: Windows Defender [Enabled | (!) Outdated] FW: Windows FireWall [Enabled]

C:\ (%systemdrive%) -> Disco fixo # 60 Gb (47 Mb livre – 79%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Disco removível # 15 Gb (15 Mb livre – 99%) [UsbFix] # NTFS

################## | Processos Ativos |

C:\Windows\system32\csrss.exe (ID: 364 |ParentID: 356)
C:\Windows\system32\wininit.exe (ID: 416 |ParentID: 356)
C:\Windows\system32\csrss.exe (ID: 428 |ParentID: 408)
C:\Windows\system32\winlogon.exe (ID: 476 |ParentID: 408)
C:\Windows\system32\services.exe (ID: 524 |ParentID: 416)
C:\Windows\system32\lsass.exe (ID: 532 |ParentID: 416)
C:\Windows\system32\lsm.exe (ID: 540 |ParentID: 416)
C:\Windows\system32\svchost.exe (ID: 648 |ParentID: 524)
C:\Windows\system32\svchost.exe (ID: 712 |ParentID: 524)
C:\Windows\System32\svchost.exe (ID: 760 |ParentID: 524)
C:\Windows\System32\svchost.exe (ID: 868 |ParentID: 524)
C:\Windows\system32\svchost.exe (ID: 928 |ParentID: 524)
C:\Windows\system32\svchost.exe (ID: 320 |ParentID: 524)
C:\Windows\system32\svchost.exe (ID: 936 |ParentID: 524)
C:\Windows\System32\spoolsv.exe (ID: 1228 |ParentID: 524)
C:\Windows\system32\taskhost.exe (ID: 1272 |ParentID: 524)
C:\Windows\system32\svchost.exe (ID: 1296 |ParentID: 524)
C:\Program Files\VMware\VMware Tools\vmtoolsd.exe (ID: 1552 |ParentID: 524)
C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe (ID: 1800 |ParentID: 524)
C:\Windows\system32\sppsvc.exe (ID: 1868 |ParentID: 524)
C:\Windows\system32\svchost.exe (ID: 1992 |ParentID: 524)
C:\Windows\system32\dllhost.exe (ID: 1044 |ParentID: 524)
C:\Program Files\VMware\VMware Tools\TPAutoConnect.exe (ID: 1664 |ParentID: 1800)
C:\Windows\system32\conhost.exe (ID: 1796 |ParentID: 428)
C:\Windows\system32\WUDFHost.exe (ID: 2084 |ParentID: 868)
C:\Windows\System32\msdtc.exe (ID: 2192 |ParentID: 524)
C:\Windows\system32\Dwm.exe (ID: 2724 |ParentID: 868)
C:\Windows\Explorer.EXE (ID: 2748 |ParentID: 2704)
C:\Program Files\VMware\VMware Tools\vmtoolsd.exe (ID: 2852 |ParentID: 2748)
C:\Windows\System32\wscript.exe (ID: 2860 |ParentID: 2748)
C:\Windows\System32\wscript.exe (ID: 2880 |ParentID: 2748)
C:\Windows\System32\wscript.exe (ID: 2888 |ParentID: 2748)
C:\Windows\System32\svchost.exe (ID: 2904 |ParentID: 524)
C:\Windows\System32\wscript.exe (ID: 2996 |ParentID: 2748)
C:\Windows\System32\wscript.exe (ID: 3004 |ParentID: 2748)
C:\Windows\System32\wscript.exe (ID: 3044 |ParentID: 2748)
C:\Users\SosVirus\AppData\Local\Temp\AppleMobileDeviceService.exe (ID: 1640 |ParentID: 2748)
C:\Windows\System32\WScript.exe (ID: 836 |ParentID: 2748)
C:\Windows\System32\wscript.exe (ID: 2460 |ParentID: 2748)
C:\Windows\System32\WScript.exe (ID: 1180 |ParentID: 2748)
C:\Windows\System32\wscript.exe (ID: 348 |ParentID: 2748)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2036 |ParentID: 648)
C:\Windows\System32\WScript.exe (ID: 3124 |ParentID: 2748)
C:\Windows\system32\SearchIndexer.exe (ID: 3964 |ParentID: 524)
C:\Users\SosVirus\AppData\Local\services.exe (ID: 2832 |ParentID: 3852)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 3264 |ParentID: 524)
C:\Users\SosVirus\AppData\Local\services.exe (ID: 3320 |ParentID: 3840)
C:\Users\SosVirus\AppData\Local\lsass.exe (ID: 3596 |ParentID: 3852)
C:\Users\SosVirus\AppData\Local\lsass.exe (ID: 1744 |ParentID: 3840)
C:\Windows\system32\svchost.exe (ID: 3660 |ParentID: 524)
C:\Windows\System32\mshta.exe (ID: 2508 |ParentID: 1180)
C:\Users\SosVirus\AppData\Roaming\FlashPlayer Install\FlashPlayerPlug_11_4_76_983.exe (ID: 4048 |ParentID: 3080)
C:\Users\SosVirus\AppData\Roaming\FlashPlayer Install\FlashPlayerPlug_11_4_76_983.exe (ID: 2016 |ParentID: 3216)
C:\Windows\system32\SearchProtocolHost.exe (ID: 3732 |ParentID: 3964)
C:\Windows\system32\SearchFilterHost.exe (ID: 3772 |ParentID: 3964)

################## | Regedit Run |

04 – HKCU\..\Run : [bkvzudnqxs] wscript.exe //B “C:\Users\SosVirus\AppData\Local\Temp\bkvzudnqxs..vbs”
04 – HKCU\..\Run : [cjsnzludeq] wscript.exe //B “C:\Users\SosVirus\AppData\Local\Temp\cjsnzludeq.vbs”
04 – HKCU\..\Run : [11111] wscript.exe //B “C:\Users\SosVirus\AppData\Local\Temp\11111.vbs”
04 – HKCU\..\Run : [Tok-Cirrhatus] 04 – HKCU\..\Run : [Activator] wscript.exe //B “C:\Users\SosVirus\AppData\Local\Temp\Activator.vbs”
04 – HKCU\..\Run : [angry birds] wscript.exe //B “C:\Users\SosVirus\angry birds.vbe”
04 – HKCU\..\Run : [Vhfmfh] C:\Users\SosVirus\AppData\Roaming\Vhfmfh.exe
04 – HKCU\..\Run : [bjnuvxbhdt] wscript.exe //B “C:\Users\SosVirus\AppData\Local\Temp\bjnuvxbhdt.vbs”
04 – HKCU\..\Run : [ef20df3e12205bd60708b9d00ed5c191] “C:\Users\SosVirus\AppData\Local\Temp\AppleMobileDeviceService.exe” ..
04 – HKCU\..\Run : [Facebook.vbs] “C:\Users\SosVirus\AppData\Local\Temp\Facebook.vbs”
04 – HKCU\..\Run : [FlashPlayerPlug_11_4_76_983] C:\Users\SosVirus\AppData\Roaming\FlashPlayer Install\FlashPlayerPlug_11_4_76_983.exe
04 – HKCU\..\Run : [photo 2013 45151545124] wscript.exe //B “C:\Users\SosVirus\AppData\Roaming\photo 2013 45151545124.jpg______________.vbs”
04 – HKCU\..\Run : [Servieca.vbs] “C:\Users\SosVirus\AppData\Local\Temp\Servieca.vbs”
04 – HKCU\..\Run : [Serge_Le_Lama] wscript.exe //B “C:\Users\SosVirus\AppData\Local\Temp\Serge_Le_Lama.vbe”
04 – HKLM\..\Run : [ef20df3e12205bd60708b9d00ed5c191] “C:\Users\SosVirus\AppData\Local\Temp\AppleMobileDeviceService.exe” ..
04 – [64bit] HKLM\..\Run : [VMware User Process] “C:\Program Files\VMware\VMware Tools\vmtoolsd.exe” -n vmusr
04 – HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 – HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 – HKU\S-1-5-21-3646584570-386733232-1750847734-1000\..\Run : [bkvzudnqxs] wscript.exe //B “C:\Users\SosVirus\AppData\Local\Temp\bkvzudnqxs..vbs”
04 – HKU\S-1-5-21-3646584570-386733232-1750847734-1000\..\Run : [cjsnzludeq] wscript.exe //B “C:\Users\SosVirus\AppData\Local\Temp\cjsnzludeq.vbs”
04 – HKU\S-1-5-21-3646584570-386733232-1750847734-1000\..\Run : [11111] wscript.exe //B “C:\Users\SosVirus\AppData\Local\Temp\11111.vbs”
04 – HKU\S-1-5-21-3646584570-386733232-1750847734-1000\..\Run : [Tok-Cirrhatus-2553] “C:\Users\SosVirus\AppData\Local\br6129on.exe”
04 – HKU\S-1-5-21-3646584570-386733232-1750847734-1000\..\Run : [Tok-Cirrhatus] 04 – HKU\S-1-5-21-3646584570-386733232-1750847734-1000\..\Run : [Activator] wscript.exe //B “C:\Users\SosVirus\AppData\Local\Temp\Activator.vbs”
04 – HKU\S-1-5-21-3646584570-386733232-1750847734-1000\..\Run : [angry birds] wscript.exe //B “C:\Users\SosVirus\angry birds.vbe”
04 – HKU\S-1-5-21-3646584570-386733232-1750847734-1000\..\Run : [Vhfmfh] C:\Users\SosVirus\AppData\Roaming\Vhfmfh.exe
04 – HKU\S-1-5-21-3646584570-386733232-1750847734-1000\..\Run : [bjnuvxbhdt] wscript.exe //B “C:\Users\SosVirus\AppData\Local\Temp\bjnuvxbhdt.vbs”
04 – HKU\S-1-5-21-3646584570-386733232-1750847734-1000\..\Run : [ef20df3e12205bd60708b9d00ed5c191] “C:\Users\SosVirus\AppData\Local\Temp\AppleMobileDeviceService.exe” ..
04 – HKU\S-1-5-21-3646584570-386733232-1750847734-1000\..\Run : [Facebook.vbs] “C:\Users\SosVirus\AppData\Local\Temp\Facebook.vbs”
04 – HKU\S-1-5-21-3646584570-386733232-1750847734-1000\..\Run : [FlashPlayerPlug_11_4_76_983] C:\Users\SosVirus\AppData\Roaming\FlashPlayer Install\FlashPlayerPlug_11_4_76_983.exe
04 – HKU\S-1-5-21-3646584570-386733232-1750847734-1000\..\Run : [photo 2013 45151545124] wscript.exe //B “C:\Users\SosVirus\AppData\Roaming\photo 2013 45151545124.jpg______________.vbs”
04 – HKU\S-1-5-21-3646584570-386733232-1750847734-1000\..\Run : [Servieca.vbs] “C:\Users\SosVirus\AppData\Local\Temp\Servieca.vbs”
04 – HKU\S-1-5-21-3646584570-386733232-1750847734-1000\..\Run : [Serge_Le_Lama] wscript.exe //B “C:\Users\SosVirus\AppData\Local\Temp\Serge_Le_Lama.vbe”
04 – HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 – HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

################## | Procura genérica |

Presente ! C:\Users\SosVirus\AppData\Roaming\photo 2013 45151545124.jpg______________.vbs
Presente ! C:\Users\SosVirus\AppData\Roaming\Microsoft\Windows\Templates\10440-NendangBro.com
Presente ! C:\Users\SosVirus\AppData\Local\br6129on.exe
Presente ! C:\Users\SosVirus\AppData\Local\csrss.exe
Presente ! C:\Users\SosVirus\AppData\Local\inetinfo.exe
Presente ! C:\Users\SosVirus\AppData\Local\lsass.exe
Presente ! C:\Users\SosVirus\AppData\Local\services.exe
Presente ! C:\Users\SosVirus\AppData\Local\smss.exe
Presente ! C:\Users\SosVirus\AppData\Local\svchost.exe
Presente ! C:\Users\SosVirus\Documents\Documents.exe
Presente ! C:\Users\SosVirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\angry birds.vbe
Presente ! C:\Users\SosVirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serge_Le_Lama.vbe
Presente ! C:\Users\SosVirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\11111.vbs
Presente ! C:\Users\SosVirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Activator.vbs
Presente ! C:\Users\SosVirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bjnuvxbhdt.vbs
Presente ! C:\Users\SosVirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bkvzudnqxs..vbs
Presente ! C:\Users\SosVirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cjsnzludeq.vbs
Presente ! C:\Users\SosVirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs
Presente ! C:\Users\SosVirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\photo 2013 45151545124.jpg______________.vbs
Presente ! C:\Users\SosVirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Servieca.vbs
Presente ! C:\Users\SosVirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ef20df3e12205bd60708b9d00ed5c191.exe
Presente ! C:\Users\SosVirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug_11_4_76_983.exe
Presente ! C:\Users\SosVirus\AppData\Local\Temp\Serge_Le_Lama.vbe
Presente ! C:\Users\SosVirus\AppData\Local\Temp\FlashPlayerMsj.exe
Presente ! C:\Users\SosVirus\angry birds.vbe
Presente ! E:\angry birds.vbe
Presente ! E:\Serge_Le_Lama.vbe
Presente ! E:\11111.vbs
Presente ! E:\Activator.vbs
Presente ! E:\bjnuvxbhdt.vbs
Presente ! E:\bkvzudnqxs..vbs
Presente ! E:\cjsnzludeq.vbs
Presente ! E:\Facebook.vbs
Presente ! E:\Google.vbs
Presente ! E:\photo 2013 45151545124.jpg______________.vbs
Presente ! E:\Servieca.vbs
Presente ! E:\Chrome.exe
Presente ! C:\Users\SosVirus\AppData\Local\Temp\AppleMobileDeviceService.exe
Presente ! C:\Users\SosVirus\AppData\Local\Temp\AppleMobileDeviceService.exe.tmp
Presente ! C:\Users\SosVirus\AppData\Roaming\Vhfmfh.exe
Presente ! C:\Users\SosVirus\AppData\Local\Temp\11111.vbs
Presente ! C:\Users\SosVirus\AppData\Local\Temp\Activator.vbs
Presente ! C:\Users\SosVirus\AppData\Local\Temp\bjnuvxbhdt.vbs
Presente ! C:\Users\SosVirus\AppData\Local\Temp\bkvzudnqxs..vbs
Presente ! C:\Users\SosVirus\AppData\Local\Temp\cjsnzludeq.vbs
Presente ! C:\Users\SosVirus\AppData\Local\Temp\Facebook.vbs
Presente ! C:\Users\SosVirus\AppData\Local\Temp\Servieca.vbs
Presente ! E:\11111.lnk
Presente ! E:\11111.vbs.lnk
Presente ! E:\Activator.lnk
Presente ! E:\Activator.vbs.lnk
Presente ! E:\angry birds.lnk
Presente ! E:\angry birds.vbe.lnk
Presente ! E:\Autorun.inf.lnk
Presente ! E:\bjnuvxbhdt.lnk
Presente ! E:\bjnuvxbhdt.vbs.lnk
Presente ! E:\bkvz