############################## | UsbFix V 7.157 | [Pesquisa]
Usuário: Leonardo (Administrador) # FALLEN
Atualizado em 30/12/2013 por El Desaparecido - Team SosVirus
Começou em 00:16:03 | 02/01/2014
Site :
http://www.es.usbfix.net
Changelog :
http://www.usbfix.net/maj/
Support :
http://www.sosvirus.net/
Upload Malware :
http://www.sosvirus.net/upload_malware.php
Contato :
http://www.es.usbfix.net/contacto/
PC: ASUSTeK Computer INC. (M4A89GTD-PRO/USB3)
CPU: AMD Phenom(tm) II X6 1090T Processor
RAM -> [Total : 8190 Mo| Free : 5961 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot
OS: Microsoft Windows 8.1 Pro com Media Center (6.3.9600 64-Bit)
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 31.0.1650.63
WB: Mozilla Firefox : 25.0.1
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Windows Defender [(!) Disabled | Updated]
AS: Windows Defender : 4.3.9600.16384 (winblue_rtm.130821-1623)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disco fixo # 112 Gb (55 Mb livre - 49%) [] # NTFS
D:\ -> Disco fixo # 363 Gb (153 Mb livre - 42%) [HD] # NTFS
E:\ -> Disco fixo # 1500 Gb (311 Mb livre - 21%) [Midia] # NTFS
F:\ -> Disco removível # 4 Gb (2 Mb livre - 42%) [CLAYTON] # FAT32
G:\ -> Disco removível # 7 Gb (4 Mb livre - 48%) [RAMOS II] # FAT32
################## | Processos Ativos |
C:\WINDOWS\system32\wininit.exe (ID: 648 |ParentID: 548)
C:\WINDOWS\system32\lsass.exe (ID: 708 |ParentID: 648)
C:\WINDOWS\system32\winlogon.exe (ID: 780 |ParentID: 640)
C:\WINDOWS\system32\svchost.exe (ID: 820 |ParentID: 700)
C:\WINDOWS\system32\svchost.exe (ID: 868 |ParentID: 700)
C:\WINDOWS\system32\dwm.exe (ID: 964 |ParentID: 780)
C:\WINDOWS\system32\atiesrxx.exe (ID: 996 |ParentID: 700)
C:\WINDOWS\System32\svchost.exe (ID: 92 |ParentID: 700)
C:\WINDOWS\System32\svchost.exe (ID: 296 |ParentID: 700)
C:\WINDOWS\system32\svchost.exe (ID: 332 |ParentID: 700)
C:\WINDOWS\system32\svchost.exe (ID: 444 |ParentID: 700)
C:\WINDOWS\system32\atieclxx.exe (ID: 752 |ParentID: 996)
C:\WINDOWS\system32\svchost.exe (ID: 1068 |ParentID: 700)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1164 |ParentID: 700)
C:\WINDOWS\System32\spoolsv.exe (ID: 1472 |ParentID: 700)
C:\WINDOWS\system32\svchost.exe (ID: 1516 |ParentID: 700)
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (ID: 1648 |ParentID: 700)
C:\Program Files (x86)\Corsair SSD Toolbox\CSSDTService.exe (ID: 1668 |ParentID: 700)
C:\WINDOWS\SysWOW64\PnkBstrA.exe (ID: 1948 |ParentID: 700)
C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe (ID: 1992 |ParentID: 700)
C:\WINDOWS\system32\dashost.exe (ID: 2000 |ParentID: 296)
C:\WINDOWS\system32\svchost.exe (ID: 1248 |ParentID: 700)
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (ID: 2140 |ParentID: 700)
C:\WINDOWS\system32\svchost.exe (ID: 2732 |ParentID: 700)
C:\WINDOWS\system32\SearchIndexer.exe (ID: 2088 |ParentID: 700)
C:\WINDOWS\system32\taskhostex.exe (ID: 2764 |ParentID: 332)
C:\WINDOWS\explorer.exe (ID: 908 |ParentID: 780)
C:\Windows\System32\rundll32.exe (ID: 2328 |ParentID: 908)
C:\Program Files (x86)\Skype\Phone\Skype.exe (ID: 4084 |ParentID: 908)
C:\Program Files (x86)\Unified Remote\RemoteServer.exe (ID: 3412 |ParentID: 908)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 3724 |ParentID: 3348)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID: 3848 |ParentID: 756)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 3840 |ParentID: 3348)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID: 3100 |ParentID: 3848)
C:\Windows\System32\WWAHost.exe (ID: 3668 |ParentID: 820)
C:\Windows\System32\RuntimeBroker.exe (ID: 2884 |ParentID: 820)
C:\WINDOWS\WinStore\WSHost.exe (ID: 4652 |ParentID: 820)
C:\WINDOWS\system32\DllHost.exe (ID: 5740 |ParentID: 820)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4864 |ParentID: 2396)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5144 |ParentID: 4864)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5048 |ParentID: 4864)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5076 |ParentID: 4864)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 3160 |ParentID: 4864)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4112 |ParentID: 4864)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4244 |ParentID: 4864)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4944 |ParentID: 4864)
C:\Users\Leonardo\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (ID: 1752 |ParentID: 4944)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6112 |ParentID: 4864)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4176 |ParentID: 4864)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5208 |ParentID: 4864)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2564 |ParentID: 4864)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5948 |ParentID: 4864)
C:\Windows\System32\WUDFHost.exe (ID: 4788 |ParentID: 296)
C:\WINDOWS\system32\wbem\wmiprvse.exe (ID: 2040 |ParentID: 820)
C:\WINDOWS\system32\taskeng.exe (ID: 3940 |ParentID: 332)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5744 |ParentID: 4864)
C:\WINDOWS\SysWOW64\ctfmon.exe (ID: 3524 |ParentID: 3840)
C:\UsbFix\Go.exe (ID: 4168 |ParentID: 2280)
C:\WINDOWS\system32\wbem\wmiprvse.exe (ID: 5632 |ParentID: 820)
################## | Regedit Run |
04 - HKLM\..\Run : [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
04 - HKLM\..\Run : [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
04 - HKLM\..\Run : [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
04 - HKLM\..\Run : []
04 - HKLM\..\Run : [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\..\Run : [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\..\Run : [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
04 - HKLM\..\Run : [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\..\RunOnce : []
04 - HKLM64\..\Run : [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
04 - HKLM64\..\Run : [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
04 - HKLM64\..\Run : [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKU\S-1-5-21-1724820821-2505827102-3964101304-1001\..\Run : [Google Update] "C:\Users\Leonardo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-1724820821-2505827102-3964101304-1001\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-1724820821-2505827102-3964101304-1001\..\Run : [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe
04 - HKU\S-1-5-21-1724820821-2505827102-3964101304-1001\..\Run : [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
################## | Procura genérica |
################## | Registro |
Presente ! HKCU\Software\TR2
Presente ! HKU\S-1-5-21-1724820821-2505827102-3964101304-1001\Software\TR2
################## | Vaccin |
D:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)
E:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)
F:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)
G:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)
################## | E.O.F |
http://www.usbfix.net -
http://www.sosvirus.net |