Répondre à : Ordi lent et Serge le lama 2016-09-08T13:45:37+00:00
dap
Participant
Nombre d'articles : 9

Bonjour!
Voici le rapport de UsbFix.
A bientot

############################## | UsbFix V 7.171 | [Elimina]

Utente: niela (Amministratore) # NIELA-PC
Aggiornato il 09/06/2014 di El Desaparecido – SosVirus
Avviato alle 08:30:08 | 12/06/2014

Sito : http://www.it.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Assistenza : http://it.kioskea.net/forum/virus-e-sicurezza-7
Upload Malware : https://www.sosvirus.net/upload_malware.php
Contatto : http://www.it.usbfix.net/contattaci/

PC: Acer (JE01_CT )
CPU: Intel(R) Atom(TM) CPU N2800 @ 1.86GHz
RAM -> [Total : 1012 Mo| Free : 43 Mo]
Bios: Insyde Corp.
Boot: Normal boot

OS: Microsoft Windows 7 Starter (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.17107
WB: Google Chrome : 35.0.1916.114

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: McAfee Antivirus e antispyware [Enabled | Updated]
AV: McAfee Antivirus e Antispyware [(!) Disabled | Updated]
AS: McAfee Antivirus e antispyware [Enabled | Updated]
AS: Windows Defender [(!) Disabled | Updated]
AS: McAfee Antivirus e Antispyware [(!) Disabled | Updated]
FW: McAfee Firewall [(!) Disabled]
FW: McAfee Firewall [(!) Disabled]
FW: Windows FireWall [(!) Disabled]

C: (%SystemDrive%) -> Disco fisso # 285 GB (242 GB libri – 85%) [Acer] # NTFS
D: -> Disco rimovibile # 7 GB (1 GB libri – 17%) [Transcend] # FAT32
E: -> Disco rimovibile # 4 GB (3 GB libri – 77%) [DANIELA] # FAT32

################## | Processi Arrestati |

C:WindowsSystem32spoolsv.exe (ID: 1544|ParentID: 572)
C:Program FilesCommon FilesAdobeARM1.0armsvc.exe (ID: 1728|ParentID: 572|SYSTEM)
C:WindowsSystem32taskhost.exe (ID: 1756|ParentID: 572|niela)
C:Program FilesBluetooth SuiteAdminService.exe (ID: 1804|ParentID: 572|SYSTEM)
C:Windowsexplorer.exe (ID: 124|ParentID: 1856|niela)
C:Program FilesLaunch Managerdsiwmis.exe (ID: 328|ParentID: 572|SYSTEM)
C:Program FilesAcerAcer ePower ManagementePowerSvc.exe (ID: 380|ParentID: 572|SYSTEM)
C:Program FilesLaunch ManagerLMworker.exe (ID: 680|ParentID: 328|niela)
C:Program FilesLaunch ManagerLMutilps32.exe (ID: 812|ParentID: 328|SYSTEM)
C:Program FilesAcerRegistrationGREGsvc.exe (ID: 928|ParentID: 572|SYSTEM)
C:Program FilesRealtekRealtek PCIE Card ReaderRIconMan.exe (ID: 1268|ParentID: 572|SYSTEM)
C:Program FilesAcerAcer UpdaterUpdaterService.exe (ID: 1412|ParentID: 572|SYSTEM)
C:Program FilesMalwarebytes Anti-Malwarembamscheduler.exe (ID: 1696|ParentID: 572|SYSTEM)
C:Program FilesCommon FilesmcafeemcsvchostMcSvHost.exe (ID: 2108|ParentID: 572|SYSTEM)
C:Program FilesSymantecNorton Online BackupNOBuAgent.exe (ID: 2168|ParentID: 572|SYSTEM)
C:Program FilesAcerAcer VCMRS_Service.exe (ID: 2304|ParentID: 572|SYSTEM)
C:WindowsSystem32rundll32.exe (ID: 2496|ParentID: 2108|SYSTEM)
C:Program FilesMalwarebytes Anti-Malwarembam.exe (ID: 2508|ParentID: 2072|niela)
C:Program FilesMicrosoft Application Virtualization Clientsftvsa.exe (ID: 2736|ParentID: 572|SYSTEM)
C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe (ID: 2912|ParentID: 124|niela)
C:WindowsSystem32igfxtray.exe (ID: 2960|ParentID: 124|niela)
C:WindowsSystem32hkcmd.exe (ID: 2976|ParentID: 124|niela)
C:WindowsSystem32igfxpers.exe (ID: 3008|ParentID: 124|niela)
C:WindowsSystem32igfxsrvc.exe (ID: 3120|ParentID: 732|niela)
C:Program FilesBluetooth SuiteBtvStack.exe (ID: 3332|ParentID: 124|niela)
C:Program FilesBluetooth SuiteAthBtTray.exe (ID: 3340|ParentID: 124|niela)
C:Program FilesLaunch ManagerLManager.exe (ID: 3356|ParentID: 124|niela)
C:Program FilesElantechETDCtrl.exe (ID: 3388|ParentID: 124|niela)
C:Program FilesRealtekAudioHDARtHDVCpl.exe (ID: 3408|ParentID: 124|niela)
C:Program FilesAcerAcer ePower ManagementePowerTray.exe (ID: 3544|ParentID: 124|niela)
C:Program FilesCommon FilesJavaJava Updatejusched.exe (ID: 3624|ParentID: 124|niela)
C:Program FilesAcerAcer VCMAcerVCM.exe (ID: 3668|ParentID: 124|niela)
C:Program FilesMicrosoft Application Virtualization Clientsftlist.exe (ID: 3204|ParentID: 572|SYSTEM)
C:WindowsSystem32igfxext.exe (ID: 4320|ParentID: 732|niela)
C:WindowsSystem32wbemunsecapp.exe (ID: 4536|ParentID: 732|niela)
C:Program FilesAcerAcer ePower ManagementePowerEvent.exe (ID: 4824|ParentID: 380|SYSTEM)
C:Program FilesCommon Filesmicrosoft sharedVirtualization HandlerCVHSVC.EXE (ID: 4968|ParentID: 572|SYSTEM)
C:WindowsMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe (ID: 5452|ParentID: 572|SERVIZIO LOCALE)
C:Program FilesElantechETDCtrlHelper.exe (ID: 5776|ParentID: 3388|niela)
C:WindowsSystem32SearchIndexer.exe (ID: 5616|ParentID: 572|SYSTEM)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 5216|ParentID: 572|SERVIZIO DI RETE)
C:Program FilesIntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe (ID: 1612|ParentID: 572|SYSTEM)
C:WindowsSystem32wuauclt.exe (ID: 768|ParentID: 1176|niela)
C:WindowsSystem32taskeng.exe (ID: 1292|ParentID: 1176|niela)
C:Program FilesEgisTec IPSPmmUpdate.exe (ID: 560|ParentID: 1292|niela)
C:Program FilesMicrosoftBingBar7.1.391.0SeaPort.EXE (ID: 4872|ParentID: 572|SYSTEM)
C:Program FilesEgisTec IPSEgisUpdate.exe (ID: 412|ParentID: 5040|niela)
C:WindowsSystem32taskhost.exe (ID: 1032|ParentID: 572|niela)
C:WindowsSystem32rundll32.exe (ID: 7016|ParentID: 572|SYSTEM)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 760|ParentID: 124|niela)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2580|ParentID: 760|niela)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 3944|ParentID: 760|niela)
C:WindowsSystem32cmd.exe (ID: 6192|ParentID: 760|niela)
C:WindowsSystem32conhost.exe (ID: 3476|ParentID: 516|niela)
C:Program FilesMcAfeeSiteAdvisorMcChHost.exe (ID: 6776|ParentID: 6192|niela)
C:Program FilesMcAfeeSiteAdvisorsaUI.exe (ID: 7836|ParentID: 732|niela)
C:Program FilesGoogleChromeApplicationchrome.exe (ID: 5188|ParentID: 760|niela)
C:WindowsSystem32WUDFHost.exe (ID: 7164|ParentID: 1096|SERVIZIO LOCALE)

################## | Autorun |

E:Documents.lnk -> E:
E:Music.lnk -> E:
E:New Folder.lnk -> E:
E:Video.lnk -> E:
E:Passwords.lnk -> E:
E:Pictures.lnk -> E:

################## | Ricerca generica |

Eliminato! E:New Folder.lnk
Eliminato! E:Passwords.lnk
Eliminato! E:Documents.lnk
Eliminato! E:Pictures.lnk
Eliminato! E:Music.lnk
Eliminato! E:Video.lnk
Eliminato! E:autorrrrinf
Non cancellato ! E:RECYCLERec308663.exe
Eliminato! E:imeDesktop.ini
Eliminato! E:ime
Eliminato! E:RecyclerR-1-5-21-1482476501-1644491937-682003330-1013Desktop.ini
Eliminato! E:RecyclerR-1-5-21-1482476501-1644491937-682003330-1013

(!) File temporanei eliminati.

################## | Registro sistema |

################## | Regedit Run |

F2 – HKLM..Winlogon : [Shell] explorer.exe
F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
04 – HKLM..Run : [mcui_exe] “C:Program FilesMcAfee.comAgentmcagent.exe” /runkey
04 – HKLM..Run : [SuiteTray] “C:Program FilesEgisTec MyWinLockerSuitex86SuiteTray.exe”
04 – HKLM..Run : [Norton Online Backup] C:Program FilesSymantecNorton Online BackupNOBuClient.exe
04 – HKLM..Run : [Adobe ARM] “C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe”
04 – HKLM..Run : [IgfxTray] C:Windowssystem32igfxtray.exe
04 – HKLM..Run : [HotKeysCmds] C:Windowssystem32hkcmd.exe
04 – HKLM..Run : [Persistence] C:Windowssystem32igfxpers.exe
04 – HKLM..Run : [GfxServiceInstall] C:Windowssystem32GfxCUIServiceInstall.vbs
04 – HKLM..Run : [AtherosBtStack] “C:Program FilesBluetooth SuiteBtvStack.exe”
04 – HKLM..Run : [AthBtTray] “C:Program FilesBluetooth SuiteAthBtTray.exe”
04 – HKLM..Run : [LManager] C:Program FilesLaunch ManagerLManager.exe
04 – HKLM..Run : [ETDCtrl] %ProgramFiles%ElantechETDCtrl.exe
04 – HKLM..Run : [RTHDVCPL] C:Program FilesRealtekAudioHDARtHDVCpl.exe -s
04 – HKLM..Run : [Power Management] C:Program FilesAcerAcer ePower ManagementePowerTray.exe
04 – HKLM..Run : [mcpltui_exe] “C:Program FilesMcAfee.comAgentmcagent.exe” /runkey
04 – HKLM..Run : [SunJavaUpdateSched] “C:Program FilesCommon FilesJavaJava Updatejusched.exe”
04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-19..RunOnce : [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
04 – HKUS-1-5-20..RunOnce : [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
04 – HKUS-1-5-18..RunOnce : [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}

################## | C: %SystemDrive% – Disco fisso (NTFS) |

[10/06/2009 – 23:42:20 | N | 0 Ko] – C:config.sys
[11/06/2014 – 22:29:06 | ASH | 777444 Ko] – C:hiberfil.sys
[12/06/2014 – 07:56:23 | ASH | 1211392 Ko] – C:pagefile.sys
[04/06/2014 – 14:35:16 | N | 3 Ko] – C:bootsqm.dat
[22/03/2014 – 21:49:36 | SHD] – C:$Recycle.Bin
[10/06/2009 – 23:42:20 | A | 0 Ko] – C:autoexec.bat
[19/03/2012 – 12:16:03 | RASH | 8 Ko] – C:BOOTSECT.BAK
[14/07/2009 – 04:37:05 | D] – C:PerfLogs
[14/07/2009 – 06:53:55 | SHD] – C:Documents and Settings
[22/03/2014 – 20:33:38 | D] – C:Intel
[22/03/2014 – 20:38:02 | D] – C:book
[22/03/2014 – 21:45:25 | D] – C:Programmi
[22/03/2014 – 21:45:26 | SHD] – C:Recovery
[22/03/2014 – 21:45:35 | D] – C:Users
[22/03/2014 – 21:49:20 | D] – C:OEM
[26/03/2014 – 09:03:27 | D] – C:Windows
[21/05/2014 – 17:47:40 | SHD] – C:System Volume Information
[09/06/2014 – 10:57:59 | HD] – C:ProgramData
[09/06/2014 – 12:03:30 | D] – C:Desktop
[09/06/2014 – 15:45:31 | D] – C:Program Files
[11/06/2014 – 22:23:50 | D] – C:AdwCleaner
[12/06/2014 – 08:21:39 | D] – C:UsbFix

################## | D: – Disco rimovibile (FAT32) |

[27/04/2013 – 20:32:26 | N | 0 Ko] – D:Nuovo documento di testo.txt
[07/06/2014 – 14:12:26 | N | 0 Ko] – D:Copibook.txt
[26/04/2013 – 16:38:48 | D] – D:.Trashes
[26/04/2013 – 16:38:48 | SH | 4 Ko] – D:._.Trashes
[29/04/2014 – 21:06:42 | D] – D:.Trash-1004
[07/06/2014 – 14:41:54 | D] – D:.Trash-1001
[16/05/2013 – 14:46:54 | N | 195 Ko] – D:~WRL0005.tmp
[26/04/2013 – 16:38:48 | D] – D:.Spotlight-V100
[03/05/2014 – 13:57:32 | N | 80 Ko] – D:tesi prima.rtf
[26/04/2013 – 16:52:04 | N | 4 Ko] – D:._???? ????? ??????? ???????.pdf
[03/07/2013 – 20:30:28 | N | 104 Ko] – D:belleville.jpg
[14/05/2014 – 14:49:30 | N | 51 Ko] – D:Projet de thèse- Potenza (2).docx
[24/10/2013 – 12:56:20 | N | 0 Ko] – D:.~lock.Dario.PotenzaCVfoto.doc#
[06/04/2013 – 18:53:16 | D] – D:DCIM cell
[01/05/2013 – 17:43:28 | D] – D:CV & co
[07/05/2013 – 11:27:36 | D] – D:dottorato all’orientale
[20/06/2013 – 09:42:24 | D] – D:bpa inalco
[21/06/2013 – 09:45:06 | D] – D:miscellanea
[29/06/2013 – 17:42:36 | D] – D:tesi )
[05/07/2013 – 08:55:10 | D] – D:il lavoro mobilita l’uomo
[29/07/2013 – 18:10:58 | D] – D:te
[15/12/2013 – 09:42:14 | D] – D:Toncino
[22/03/2014 – 08:42:44 | D] – D:Cotutela
[22/03/2014 – 08:43:42 | D] – D:CAF
[24/03/2014 – 14:27:02 | D] – D:Imprimer
[29/04/2014 – 12:16:42 | D] – D:pal
[29/04/2014 – 21:07:00 | D] – D:tesivv
[14/05/2014 – 14:43:06 | D] – D:2014_04_19_12_53_07
[14/05/2014 – 14:59:36 | D] – D:elim
[14/05/2014 – 15:02:02 | D] – D:documenti
[14/05/2014 – 15:02:10 | D] – D:Doc arabo
[14/05/2014 – 15:02:24 | D] – D:baggianate
[05/06/2014 – 18:24:12 | D] – D:Iscrizione 2anno
[05/06/2014 – 18:25:56 | D] – D:Aides pass
[07/06/2014 – 14:12:36 | D] – D:2014_06_07_14_12_15
[07/06/2014 – 15:19:50 | D] – D:CEDEJ IFAO
[10/06/2014 – 14:59:54 | D] – D:JD

################## | E: – Disco rimovibile (FAT32) |

[09/10/2011 – 10:36:26 | N | 411 Ko] – E:tesi per libretto.xps
[18/12/2011 – 19:58:02 | SHD] – E:.Trashes
[18/12/2011 – 19:58:02 | AH | 4 Ko] – E:._.Trashes
[28/03/2011 – 22:07:38 | SHD] – E:.Trash-1000
[18/03/2012 – 13:18:24 | SHD] – E:.TemporaryItems
[18/03/2012 – 13:18:24 | AH | 4 Ko] – E:._.TemporaryItems
[18/03/2012 – 12:10:56 | SHD] – E:.Spotlight-V100
[19/11/2010 – 16:42:48 | N | 4 Ko] – E:._Cours 1, La Ka’ba et Médine.ppt
[19/11/2010 – 16:42:58 | N | 4 Ko] – E:._Cours 4 Mosquées abbassides d’Irak et de Syrie.ppt
[19/11/2010 – 16:43:32 | N | 4 Ko] – E:._Cours 5 Mosquées Tulunides et Aghlabides.ppt
[26/11/2010 – 15:27:48 | N | 4 Ko] – E:._Le minbar.ppt
[11/09/2011 – 13:15:16 | N | 4 Ko] – E:._RyanairBoardingPass.pdf
[13/01/2012 – 10:12:16 | N | 21 Ko] – E:GeneratePDFTickets.pdf
[30/04/2012 – 11:06:24 | N | 1189 Ko] – E:pf camera commercio.PDF
[07/05/2012 – 11:41:44 | N | 107 Ko] – E:tunisi.pdf
[23/07/2012 – 15:10:32 | N | 206 Ko] – E:tunis certo signee.pdf
[21/09/2012 – 12:09:32 | N | 9 Ko] – E:statement.pdf
[18/10/2012 – 13:18:50 | N | 21 Ko] – E:ticket2012313976.pdf
[24/01/2012 – 23:16:58 | N | 14 Ko] – E:motivazione e link tirocinio.odt
[19/07/2012 – 15:46:58 | N | 23 Ko] – E:note honoraire-Daniela Potenza.ods
[14/09/2012 – 13:45:50 | N | 230 Ko] – E:scan sep 14 2012.jpg
[23/11/2012 – 09:56:02 | N | 788 Ko] – E:m1 daniela potenza.jpg
[11/01/2012 – 15:44:40 | N | 11 Ko] – E:mae.docx
[12/01/2012 – 15:58:50 | N | 10 Ko] – E:valutare.docx
[21/05/2012 – 15:45:40 | N | 18 Ko] – E:Nouveau Document Microsoft Office Word.docx
[25/09/2012 – 20:57:24 | N | 89 Ko] – E:Présentation du recensement pédagogique IUFM.docx
[19/11/2012 – 17:39:00 | N | 22 Ko] – E:M1 Daniela Potenza.docx
[06/08/2011 – 22:36:56 | N | 4 Ko] – E:._Traduzione.doc 6agosto
[06/09/2011 – 17:50:52 | N | 4 Ko] – E:._alfred farag.doc
[06/09/2011 – 17:53:18 | N | 4 Ko] – E:._Traduzione 3.doc
[01/10/2011 – 08:41:56 | N | 4 Ko] – E:._Traduzione 2a parte334.doc
[01/10/2011 – 08:42:02 | N | 4 Ko] – E:._Traduzione.doc
[01/10/2011 – 08:42:12 | N | 4 Ko] – E:._contesto.doc
[01/10/2011 – 08:42:12 | N | 4 Ko] – E:._i personaggi e il metateatro.doc
[17/11/2012 – 00:29:10 | D] – E:~Control.{645FF040-5081-101B-9F08-00AA002F954E}
[30/11/2011 – 10:16:12 | D] – E:fakerica
[10/01/2012 – 20:18:20 | D] – E:CV & co
[14/01/2012 – 09:56:28 | D] – E:tesi
[25/05/2012 – 14:18:58 | D] – E:traduzione
[04/06/2012 – 15:57:18 | D] – E:stage tunis
[21/09/2012 – 12:35:46 | D] – E:documenti
[09/10/2012 – 19:01:54 | D] – E:Dictionnaires Unilingues
[09/10/2012 – 19:24:58 | D] – E:Dictionnaire d’arabe classique (BILINGUE)
[17/11/2012 – 00:29:08 | HD] – E:RECYCLER
[24/11/2012 – 07:49:38 | D] – E:documenti2

################## | Vaccin |

D:Autorun.inf -> Vaccino creato da UsbFix (El Desaparecido)
E:Autorun.inf -> Vaccino creato da UsbFix (El Desaparecido)

################## | E.O.F | https://www.sosvirus.net/ | http://www.it.usbfix.net/ |