Torna indietro   Hardware Upgrade Forum > Networking e sicurezza > Antivirus e Sicurezza > Aiuto sono infetto! Cosa faccio?

Apple MacBook Air M3: chi deve davvero comprarlo? La recensione
Apple MacBook Air M3: chi deve davvero comprarlo? La recensione
A distanza di circa 8 mesi arriva l’importante aggiornamento dei MacBook Air: nessun cambiamento estetico, ma una revisione hardware interna con l’upgrade al processore M3. Le prestazioni migliorano rispetto alle generazioni precedenti, e questo fa sorgere una domanda spontanea: a chi è rivolto oggi questo laptop? Cerchiamo di capirlo nella nostra recensione 
ASUS ROG Swift OLED PG49WCD: quando QD-OLED e ultrawide si fondono
ASUS ROG Swift OLED PG49WCD: quando QD-OLED e ultrawide si fondono
Da ASUS un monitor particolare ma molto completo: principalmente indirizzato al videogiocatore, può essere sfruttato con efficacia anche per attività creative e di produzione multimediale
Dreame L10s Pro Ultra Heat: la pulizia di casa tutta sostanza
Dreame L10s Pro Ultra Heat: la pulizia di casa tutta sostanza
Il nuovo robot aspirapolvere domestico di Dreame abbina funzionalità complete a un moccio flottante che raggiunge al meglio gli angoli delle pareti. Un prodotto tutto in uno semplice da utilizzare ma molto efficace, in grado di rispondere al meglio alle necessità di pulizia della casa
Tutti gli articoli Tutte le news

Vai al Forum
Rispondi
 
Strumenti
Old 05-04-2021, 16:00   #1
CrisBonis
Junior Member
 
Iscritto dal: Apr 2021
Messaggi: 11
winsmart + sm@rt_sd.bin sulla USB KEY

Ciao a tutti, qualcuno conosce un qualche forma di virus/trojan che crea sulle chiavette USB un cartella nominata 'winsmart' con all'interno un file che si chiama 'sm@art_sd.bin' ?

Grazie Cris
CrisBonis è offline   Rispondi citando il messaggio o parte di esso
Old 05-04-2021, 17:20   #2
CrisBonis
Junior Member
 
Iscritto dal: Apr 2021
Messaggi: 11
Quote:
Originariamente inviato da Phoenix2005 Guarda i messaggi
Fai analizzare il file sm@art_sd.bin a VirusTotal e posta il link del risultato della scansione.
https://www.virustotal.com/gui/file/...9f7a/detection

ho ripassato il sistema (Win 10 Pro) con la maggior parte degli antivirus e antimalware che ho troato su Google, nessuno trova nulla, eppure se gli metti dentro una chiavetta anche appena formattata, compare.



CrisBonis è offline   Rispondi citando il messaggio o parte di esso
Old 06-04-2021, 14:54   #3
CrisBonis
Junior Member
 
Iscritto dal: Apr 2021
Messaggi: 11
64 Bit HP CIO Components Installer Hewlett-Packard 7.2.4 13/04/2020 881,00 KB
Account aziendale o dell'istituto di istruzione Assegnato dall'organizzazione C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy 1000.19041.0.423 07/12/2019 4,71 MB
Adobe Acrobat Reader DC - Italiano Adobe Systems Incorporated C:\Program Files (x86)\Adobe\ar\ 21.001.20145 11/03/2021 463,77 MB
Adobe Connect Adobe Systems Inc. C:/Users/stmis/AppData/Roaming/Adobe/Connect 2021.2.18.64 04/03/2021 214,70 MB
Adobe Refresh Manager Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\ 1.8.0 09/02/2021 2,02 MB
AMD Settings Advanced Micro Devices, Inc. 2021.0310.1434.26222 03/04/2021 365,95 MB
AMD Software Advanced Micro Devices, Inc. C:\Program Files\AMD\CIM\BIN64 21.3.1 03/04/2021 286,13 MB
AMD WVR64 Advanced Micro Devices, Inc. 1.0.2 03/04/2021 35,49 MB
Anteprima codice a barre Windows Microsoft Corporation C:\Windows\SystemApps\Windows.CBSPreview_cw5n1h2txyewy 10.0.423.19041 07/12/2019 571,00 KB
AnyDesk philandro Software GmbH C:\Program Files (x86)\AnyDesk ad 6.2.3 14/04/2020 2,00 MB
App di blocco con accesso assegnato Microsoft Corporation C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy 1000.19041.0.844 07/12/2019 541,00 KB
Apple Software Update Apple Inc. C:\Program Files (x86)\Apple Software Update\ 2.1.3.127 14/04/2020 2,38 MB
AppLogLibSetup Brother Industries Ltd. 1.0.3.0 22/10/2020 102,00 KB
Assistente aggiornamento Windows 10 Microsoft Corporation C:\Windows10Upgrade\ 1.4.9200.23192 10/11/2020 5,00 MB
Assistente vocale Microsoft C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe 10.0.423.19041 07/12/2019 1.019,00 KB
AsyncTextService Microsoft Corporation C:\Windows\SystemApps\Microsoft.AsyncTextService_8wekyb3d8bbwe 10.0.423.19041 07/12/2019 655,00 KB
AWP v4.4.5 64-bit - SR2 Oberthur Technologies C:\Program Files (x86)\Oberthur Technologies\AWP\ 4.4.5 04/04/2021 45,80 MB
Bit4id - Universal MW 1.4.10.480 Bit4id C:\Program Files (x86)\Bit4Id\Universal MW\ 1.4.10.480 14/04/2020 41,54 MB
Bonjour Apple Inc. 3.0.0.10 01/04/2021 2,05 MB
Branding64 Advanced Micro Devices, Inc. 1.00.0002 03/04/2021 1,61 MB
BrLauncher Brother Industries Ltd. 2.0.11.0 22/10/2020 4,16 MB
BrLogRx Brother Industries Ltd. 1.0.3.1 22/10/2020 343,00 KB
Brother iPrint&Scan Brother Industries, Ltd. 6.1.3.4 08/02/2021 573,42 MB
Brother iPrint&Scan Brother Industries, Ltd. C:\ProgramData\Package Cache\{f3688e1e-b3e5-403f-9750-b51816920212}\ 6.1.3.4 08/02/2021 951,81 MB
Brother PCFax Driver Brother Industries Ltd. 1.4.1.0 22/10/2020 8,94 MB
Brother Port Driver Brother Industries Ltd. 1.0.6.1 22/10/2020 10,59 MB
Brother Printer Driver Brother Industries Ltd. 1.7.0.0 22/10/2020 24,06 MB
Brother Scanner Driver Brother Industries Ltd. 1.0.24.1 22/10/2020 16,40 MB
BrSupportTools Brother Industries Ltd. 1.0.20.0 22/10/2020 5,57 MB
Bubble Witch 3 Saga king.com C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.3.30.0_x86__kgqvnymyfvs32 7.3.0.30 20/03/2021 320,83 MB
Calcolatrice Windows Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2101.10.0_x64__8wekyb3d8bbwe 10.2101.0.10 24/02/2021 13,20 MB
CapturePicker Microsoft Corporation C:\Windows\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy 10.0.423.19041 07/12/2019 602,00 KB
Cattura e annota Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.2008.2277.0_x64__8wekyb3d8bbwe 10.2008.0.2277 11/09/2020 3,76 MB
Cisco EAP-FAST Module Cisco Systems, Inc. C:\Program Files (x86)\Cisco\Cisco EAP-FAST Module 2.2.14 28/10/2020 1,54 MB
Cisco LEAP Module Cisco Systems, Inc. C:\Program Files (x86)\Cisco\Cisco LEAP Module 1.0.19 28/10/2020 632,00 KB
Cisco PEAP Module Cisco Systems, Inc. C:\Program Files (x86)\Cisco\Cisco PEAP Module 1.1.6 28/10/2020 1,22 MB
Cisco Webex Meetings Cisco Webex LLC 40.2.18.5 28/05/2020 262,04 MB
Configurazione di Windows Hello Microsoft Corporation C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy 10.0.423.19041 07/12/2019 2,29 MB
Contatti Microsoft Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.People_10.1909.12456.0_x64__8wekyb3d8bbwe 10.1909.0.12456 29/01/2021 26,61 MB
Contenuto Microsoft Microsoft Corporation C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy 10.0.423.19041 07/12/2019 5,81 MB
ControlCenter4 Brother Industries, Ltd. 4.6.6.1 22/10/2020 86,56 MB
ControlCenter4 CSDK Brother Industries, Ltd. 4.6.1.1 22/10/2020 266,24 MB
Controllo ottico Microsoft Corporation C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe 10.0.423.19041 07/12/2019 2,80 MB
Cortana Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2103.17603.0_x64__8wekyb3d8bbwe 2.2103.0.17603 01/04/2021 46,39 MB
Crystal Reports Basic Runtime for Visual Studio 2008 Business Objects 10.5.0.0 23/05/2020 38,96 MB
CutePDF Writer Acro Software Inc. C:\Program Files (x86)\CutePDF Writer 4.0 14/04/2020 4,93 MB
Day Organizer, ver. 3.1.0 Patrik Tanzer 3.1.0000 23/05/2020 26,66 MB
Desktop Restore version 1.7.1 Jamie O'Connell C:\Program Files\Desktop Restore\ 1.7.1 14/04/2020 1,29 MB
Desktop Telematico 1.0.0 SOGEI C:\dtel 1.0.0.0 14/04/2020 1,20 GB
DigiWebNet INPS 1.0.0 16/04/2020 7,79 MB
Email e account Microsoft Corporation C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy 10.0.423.19041 07/12/2019 4,58 MB
Esperienza shell di Windows Microsoft Corporation C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy 10.0.423.19041 07/12/2019 520,00 KB
Esperienza shell di Windows Microsoft Corporation C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy 10.0.610.19041 07/12/2019 25,73 MB
Estensioni di immagine Webp Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.32731.0_x64__8wekyb3d8bbwe 1.0.0.32731 14/10/2020 1,14 MB
Estensioni file multimediali Web Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.40471.0_x64__8wekyb3d8bbwe 1.0.0.40471 03/03/2021 2,48 MB
Estensioni immagini HEIF Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.40392.0_x64__8wekyb3d8bbwe 1.0.0.40392 03/03/2021 4,04 MB
Estensioni video VP9 Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.40631.0_x64__8wekyb3d8bbwe 1.0.0.40631 27/03/2021 5,91 MB
Excel Excel C:\Users\stmis\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__leffmjdabcgaflkikcefahmlgpodjkdm\ 1.0 14/10/2020 48,00 KB
Film e TV Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21021.10311.0_x64__8wekyb3d8bbwe 10.21021.0.10311 03/03/2021 42,47 MB
Finestra di dialogo Aggiungi suggerimenti cartella Microsoft Corporation C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy 10.0.423.19041 07/12/2019 774,00 KB
Finestra di dialogo credenziali Microsoft Corporation C:\Windows\SystemApps\microsoft.creddialoghost_cw5n1h2txyewy 10.0.423.19041 07/12/2019 367,00 KB
Firma Certa Namirial spa C:\Program Files (x86)\FirmaCerta\ 1.0 04/04/2021 103,71 MB
Flusso captive portal Microsoft Corporation C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy 10.0.423.19041 07/12/2019 670,00 KB
Flusso connessione di rete Microsoft Corporation C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy 10.0.423.19041 07/12/2019 623,00 KB
Funzionalità per la famiglia di account Microsoft Microsoft Corporation C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy 1000.19041.0.423 07/12/2019 504,00 KB
Girino-Agent teamsystem.com 2.2.10 30/03/2021 40,52 MB
Google Chrome Google LLC C:\Program Files (x86)\Google\Chrome\Application 89.0.4389.114 30/03/2021 462,91 MB
GoSign Desktop InfoCert S.p.A 1.1.0 11/03/2021 372,68 MB
GoTo Opener LogMeIn, Inc. 1.0.539 14/01/2021 352,00 KB
GoToMeeting 10.16.0.19598 LogMeIn, Inc. C:\Users\stmis\AppData\Local\GoToMeeting\19598\ 10.16.0.19598 03/04/2021 69,57 MB
GPL Ghostscript Artifex Software Inc. C:\Program Files\gs\gs9.52\ 9.52 01/07/2020 52,02 MB
Groove Musica Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.20122.11121.0_x64__8wekyb3d8bbwe 10.20122.0.11121 20/01/2021 40,04 MB
HiSuite Huawei Technologies Co., Ltd. C:\Program Files (x86)\HiSuite\ 11.0.0.360 30/11/2020 97,62 MB
Host esperienza dello Store Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_12101.1001.21.0_x64__8wekyb3d8bbwe 12101.1001.0.21 11/03/2021 16,36 MB
HowToGuide Brother Industries Ltd. 1.0.1.0 22/10/2020 681,00 KB
HP Unified IO HP 2.0.0.434 17/04/2020 3,71 MB
HP Unified IO HP 2.0.0.434 17/04/2020 1,64 MB
hppFaxDrvM1530 Hewlett-Packard 004.000.00001 17/04/2020 12,07 MB
hppLaserJetService Hewlett-Packard 009.033.00926 17/04/2020 1,61 MB
hppSendFaxM1530 Hewlett-Packard 004.000.00001 17/04/2020 3,65 MB
hppTLBXFXM1530 Hewlett-Packard 001.012.00948 17/04/2020 1,23 MB
HttpToUsbBridge Brother Industries Ltd. 1.2.25.1 08/02/2021 11,06 MB
Hub di Feedback Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.2009.10055.0_x64__8wekyb3d8bbwe 1.2009.0.10055 20/02/2021 31,03 MB
I.R.I.S. OCR HP 12.3.6.6 17/04/2020 71,38 MB
ID-One Cosmo microSD Driver 2.1.3 Oberthur Technologies 1.0.0 04/04/2021 2,95 MB
Il tuo account E-mail, telefono o Skype C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy 10.0.423.19041 07/12/2019 5,90 MB
Il tuo telefono Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21022.160.0_x64__8wekyb3d8bbwe 1.21022.0.160 30/03/2021 289,30 MB
Impostazioni Microsoft Corporation C:\Windows\ImmersiveControlPanel 10.0.1000.2 07/12/2019 7,79 MB
INPS uniEMens individuale INPS 3.9.3 16/08/2020 25,13 MB
Intr@Web-Stand-Alone-21.0.0.0 Sogei S.p.A. C:\Agenzia delle Dogane\Intr@Web-Stand-Alone-21.0.0.0 21.0.0.0 10/06/2020 154,82 MB
IrfanView 4.54 (64-bit) Irfan Skiljan C:\Program Files\IrfanView\ 4.54 14/04/2020 6,50 MB
ISWeb INPS 1.20.0 16/04/2020 8,58 MB
italiano Pacchetto di esperienze locali Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.LanguageExperiencePackit-IT_19041.17.51.0_neutral__8wekyb3d8bbwe 19041.17.0.51 11/03/2021 79,77 MB
Java 7 Update 80 Oracle C:\Program Files (x86)\Java\jre7\ 7.0.800 14/04/2020 120,80 MB
Java 8 Update 281 Oracle Corporation C:\Program Files (x86)\Java\jre1.8.0_281\ 8.0.2810.9 25/01/2021 40,58 MB
Java 8 Update 281 (64-bit) Oracle Corporation C:\Program Files\Java\jre1.8.0_281\ 8.0.2810.9 25/01/2021 47,26 MB
Java Auto Updater Oracle Corporation 2.8.281.9 25/01/2021 2,11 MB
K-Lite Codec Pack 15.2.0 Full KLCP C:\Program Files (x86)\K-Lite Codec Pack\ 15.2.0 14/04/2020 169,95 MB
k4swsvc Service Bit4id C:\Program Files (x86)\SwitchService\k4swsvc\ 1.0 30/12/1899 0 Bytes
Keyboard LEDs KARPOLAN C:\Program Files (x86)\Keyboard LEDs 2.7 14/04/2020 1.022,00 KB
LibreOffice 6.4.2.2 The Document Foundation C:\Program Files\LibreOffice\ 6.4.2.2 13/04/2020 753,16 MB
Lifesize Lifesize C:\Users\stmis\AppData\Local\lifesize_app 2.216.2840 21/01/2021 95,83 MB
M.U.T. - Modulo Unico Telematico vers. 2 - 1 MUT - CNCE 2.4.2.0 30/12/1899 16,05 MB
Mappe Windows Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.WindowsMaps_10.2101.9.0_x64__8wekyb3d8bbwe 10.2101.0.9 24/02/2021 37,12 MB
Microsoft .NET Host - 5.0.4 (x64) Microsoft Corporation 40.16.29816 10/03/2021 396,00 KB
Microsoft .NET Host FX Resolver - 5.0.4 (x64) Microsoft Corporation 40.16.29816 10/03/2021 468,00 KB
Microsoft .NET Runtime - 5.0.4 (x64) Microsoft Corporation 40.16.29816 10/03/2021 64,50 MB
Microsoft Edge Microsoft Corporation C:\Program Files (x86)\Microsoft\Edge\Application 89.0.774.68 03/04/2021 402,81 MB
Microsoft Edge Microsoft Corporation C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe 44.19041.0.906 07/12/2019 1,21 MB
Microsoft Edge Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.MicrosoftEdge.Stable_89.0.774.68_neutral__8wekyb3d8bbwe 89.0.68.774 03/04/2021 59,00 KB
Microsoft Edge DevTools Client Microsoft Corporation C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe 1000.19041.0.423 07/12/2019 10,62 MB
Microsoft Foto Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe 2020.20120.0.4004 05/03/2021 216,36 MB
Microsoft Memo Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.8.8.0_x64__8wekyb3d8bbwe 3.8.0.8 29/01/2021 39,03 MB
Microsoft Office XP Small Business Microsoft Corporation INSTALLLOCATION 10.0.2627.3 13/04/2020 445,46 MB
Microsoft OneDrive Microsoft Corporation C:\Users\stmis\AppData\Local\Microsoft\OneDrive\21.030.0211.0002\ 21.030.0211.0002 15/03/2021 152,65 MB
Microsoft Pay Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe 2.4.0.18324 07/12/2019 4,94 MB
Microsoft Silverlight Microsoft Corporation c:\Program Files\Microsoft Silverlight\ 5.1.50918.0 21/11/2020 50,75 MB
Microsoft Solitaire Collection Microsoft Studios C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe 4.9.0.1252 02/02/2021 57,40 MB
Microsoft Store Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.WindowsStore_12101.1001.14.0_x64__8wekyb3d8bbwe 12101.1001.0.14 27/03/2021 53,92 MB
Microsoft Update Health Tools Microsoft Corporation 2.77.0.0 03/04/2021 1,10 MB
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 8.0.61001 15/04/2020 290,00 KB
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 8.0.61000 14/04/2020 562,00 KB
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 9.0.30729.6161 13/04/2020 13,21 MB
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 9.0.30729.6161 13/04/2020 10,20 MB
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 10.0.40219 21/12/2020 13,87 MB
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 10.0.40219 15/04/2020 11,15 MB
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation C:\ProgramData\Package Cache\{e9c79bb5-31ef-4a80-90e9-1a39971dae23}\ 12.0.30501.0 14/04/2020 20,57 MB
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation C:\ProgramData\Package Cache\{eb96e401-0158-4062-b443-aff1b34e69b3}\ 12.0.30501.0 15/04/2020 17,19 MB
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 Microsoft Corporation 12.0.21005 14/04/2020 11,51 MB
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 Microsoft Corporation 12.0.21005 14/04/2020 2,47 MB
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 Microsoft Corporation 12.0.21005 15/04/2020 9,23 MB
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 Microsoft Corporation 12.0.21005 15/04/2020 2,03 MB
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 Microsoft Corporation C:\ProgramData\Package Cache\{e2803110-78b3-4664-a479-3611a381656a}\ 14.0.24215.1 22/01/2021 19,55 MB
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215 Microsoft Corporation 14.0.24215 22/01/2021 9,84 MB
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215 Microsoft Corporation 14.0.24215 22/01/2021 496,00 KB
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 Microsoft Corporation C:\ProgramData\Package Cache\{6913e92a-b64e-41c9-a5e6-cef39207fe89}\ 14.25.28508.3 10/11/2020 22,57 MB
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.25.28508 Microsoft Corporation 14.25.28508 10/11/2020 11,48 MB
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.25.28508 Microsoft Corporation 14.25.28508 10/11/2020 2,09 MB
Microsoft Windows Desktop Runtime - 5.0.4 (x64) Microsoft Corporation C:\ProgramData\Package Cache\{ff817559-f11f-4faa-af52-26feb4b46fff}\ 5.0.4.29817 10/03/2021 202,43 MB
Microsoft Windows Desktop Runtime - 5.0.4 (x64) Microsoft Corporation 40.16.29817 10/03/2021 84,68 MB
Mozilla Firefox 87.0 (x64 it) Mozilla C:\Program Files\Mozilla Firefox 87.0 14/04/2020 208,73 MB
Mozilla Maintenance Service Mozilla C:\Program Files (x86)\Mozilla Maintenance Service\ 75.0 13/04/2020 568,00 KB
Mozilla Thunderbird 68.7.0 (x86 it) Mozilla C:\Program Files (x86)\Mozilla Thunderbird 68.7.0 13/04/2020 163,09 MB
MSN Meteo Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.BingWeather_4.46.30621.0_x64__8wekyb3d8bbwe 4.46.0.30621 01/04/2021 30,10 MB
NcsiUwpApp Microsoft C:\Windows\SystemApps\NcsiUwpApp_8wekyb3d8bbwe 1000.19041.0.423 07/12/2019 227,00 KB
NetworkRepairTool Brother Industries, Ltd. 1.2.16.0 22/10/2020 2,20 MB
NVIDIA Control Panel NVIDIA Corp. C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj 8.1.0.960 19/01/2021 37,02 MB
Office Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2008.12711.0_x64__8wekyb3d8bbwe 18.2008.0.12711 19/09/2020 25,57 MB
OneNote for Windows 10 Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.13801.20202.0_x64__8wekyb3d8bbwe 16001.13801.0.20202 25/02/2021 132,52 MB
OpenOffice 4.1.7 Apache Software Foundation C:\Program Files (x86)\OpenOffice 4\ 4.17.9800 13/04/2020 339,19 MB
Outlook Outlook C:\Users\stmis\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__bjhmmnoficofgoiacjaajpkfndojknpb\ 1.0 14/10/2020 49,00 KB
PC-FAXReceive Brother Insutries Ltd. 1.8.003.0 22/10/2020 6,66 MB
PCFaxTx Brother Industries Ltd. 3.7.3.1 22/10/2020 16,33 MB
PinningConfirmationDialog Microsoft Corporation C:\Windows\SystemApps\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy 1000.19041.0.423 07/12/2019 340,00 KB
Portale realtà mista Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.20111.1381.0_x64__8wekyb3d8bbwe 2000.20111.0.1381 17/12/2020 18,09 MB
PowerPoint PowerPoint C:\Users\stmis\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__opfacbhaojodjaojgocnibmklknchehf\ 1.0 14/10/2020 50,00 KB
PowerShell 7-x64 Microsoft Corporation 7.0.1.0 04/06/2020 224,93 MB
PrintDialog Microsoft Corporation C:\Windows\PrintDialog 6.2.0.1 07/12/2019 2,13 MB
Programma di installazione app Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.4.3161.0_x64__8wekyb3d8bbwe 1.4.0.3161 18/11/2020 8,95 MB
PureBasic 5.72 Demo (64 bit) Fantaisie Software C:\Program Files\PureBasic\ 04/06/2020 24,37 MB
QuickTime 7 Apple Inc. C:\Program Files (x86)\QuickTime\ 7.79.80.95 14/04/2020 69,16 MB
Realtek USB Wireless LAN Driver REALTEK Semiconductor Corp. C:\Program Files (x86)\InstallShield Installation Information\{DBCC4C27-F949-482b-B786-7B3B67587CD2} Drv_3.00.0019 28/10/2020 11,71 MB
Redditi PF 2020 Agenzia delle Entrate C:\Program Files (x86)\Java\jre1.8.0_261\bin\ 30/12/1899 0 Bytes
Registratore vocale Windows Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.2101.28.0_x64__8wekyb3d8bbwe 10.2101.0.28 24/02/2021 4,91 MB
RemoteSetup Brother Industries Ltd. 3.10.2.0 22/10/2020 9,33 MB
Richiesta supporto Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.GetHelp_10.2101.40482.0_x64__8wekyb3d8bbwe 10.2101.0.40482 22/03/2021 16,00 MB
ScannerUtilityInstaller Brother 1.19.9.1 22/10/2020 1,61 MB
Schermata di blocco predefinita di Windows Microsoft Corporation C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy 10.0.423.19041 07/12/2019 3,53 MB
Security Task Manager 2.4 Neuber Software C:\Program Files (x86)\Security Task Manager\ 2.4 04/04/2021 4,17 MB
Setup_cig_sm INPS_SM_CIG 1.0.0 16/04/2020 3,66 MB
Sicurezza di Windows Microsoft Corporation C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy 10.0.423.19041 07/12/2019 14,26 MB
Skype Skype C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c 15.68.0.96 02/02/2021 232,60 MB
SoftwareUpdateNotification Brother Industries, Ltd. 1.0.9.0 22/10/2020 13,44 MB
Startup Delayer v3.0 (build 366) r2 Studios C:\Program Files\r2 Studios\Startup Delayer 3.0 (build 366) 04/04/2021 11,74 MB
StatusMonitor Brother Insutries Ltd. 1.20.1.0 22/10/2020 14,58 MB
Suggerimenti Microsoft Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.Getstarted_9.13.33161.0_x64__8wekyb3d8bbwe 9.13.0.33161 08/12/2020 18,80 MB
SumatraPDF Krzysztof Kowalczyk C:\Users\stmis\AppData\Local\SumatraPDF 3.2 22/04/2020 20,04 MB
Supporto applicazioni Apple Apple Inc. C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ 2.3.6 14/04/2020 65,68 MB
Sveglie e orologio Windows Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.2101.28.0_x64__8wekyb3d8bbwe 10.2101.0.28 05/03/2021 5,61 MB
TeamViewer TeamViewer C:\Program Files (x86)\TeamViewer 15.6.7 01/06/2020 100,02 MB
Test ed esami Microsoft Corporation C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy 10.0.423.19041 07/12/2019 1.010,00 KB
ToolboxProxy HP C:\Program Files (x86)\HP\Common\HPEWSProxy\ 035.024.006 17/04/2020 3,11 MB
UDK Package Microsoft Corporation C:\Windows\SystemApps\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy 10.0.423.19041 07/12/2019 229,00 KB
UsbRepairTool Brother Industries, Ltd. 1.4.0.0 22/10/2020 3,05 MB
Wake-up SD Service versione 1.0 Namirial S.p.A. 1.0 04/04/2021 1,62 MB
WebSGD versione 20210200 TeamSystem SpA C:\Users\stmis\AppData\Local\Programs\WebSGD\ 20210200 04/03/2021 70,87 MB
WhatsApp WhatsApp C:\Users\stmis\AppData\Local\WhatsApp 2.2110.12 03/04/2021 121,87 MB
Winaero Tweaker Winaero C:\Program Files\Winaero Tweaker\ 0.17.1.0 31/08/2020 5,06 MB
Windows Defender SmartScreen Microsoft Corporation C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy 1000.19041.0.423 07/12/2019 394,00 KB
Windows Feature Experience Pack Microsoft Windows C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy 120.2212.0.551 07/12/2019 17,91 MB
Windows Search Microsoft Corporation C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy 1.14.19041.0 07/12/2019 16,80 MB
WinRAR 5.90 (64-bit) win.rar GmbH C:\Program Files\WinRAR\ 5.90.0 13/04/2020 7,33 MB
Word Word C:\Users\stmis\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__hikhggiobiflkdfdgdajcfklmcibbopi\ 1.0 14/10/2020 48,00 KB
Xbox Game Bar Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.521.3093.0_x64__8wekyb3d8bbwe 5.521.0.3093 23/03/2021 40,75 MB
Xbox Game Bar Plugin Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.54.4001.0_x64__8wekyb3d8bbwe 1.54.0.4001 05/06/2020 3,00 MB
Xbox Game Speech Window Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.21.13002.0_x64__8wekyb3d8bbwe 1.21.0.13002 15/04/2020 754,00 KB
Xbox Game UI Microsoft Corporation C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy 1000.19041.0.423 07/12/2019 1,29 MB
Xbox Identity Provider Microsoft Corporation C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.67.21001.0_x64__8wekyb3d8bbwe 12.67.0.21001 04/08/2020 10,38 MB
Zoom Zoom Video Communications, Inc. C:\Users\stmis\AppData\Roaming\Zoom\bin 5.6.1 (617) 29/03/2021 9,77 MB
CrisBonis è offline   Rispondi citando il messaggio o parte di esso
Old 07-04-2021, 15:26   #4
CrisBonis
Junior Member
 
Iscritto dal: Apr 2021
Messaggi: 11
ci provo, grazie
CrisBonis è offline   Rispondi citando il messaggio o parte di esso
Old 09-04-2021, 13:58   #5
CrisBonis
Junior Member
 
Iscritto dal: Apr 2021
Messaggi: 11
Fatto tutto, risulta tutto ok, in modalità provvisoria il virus/trojan/malware non è attivo perchè sulla USB non crea nulla.

PS
nel frattempo ho installato Acronis perchè per sicurezza ho fatto un backup.

Allego log di hijack in modalità provvisoria e in modalità normale

-------------------------------------------Provvisoria-----------------------------

Logfile of HiJackThis Fork (Beta) by Alex Dragokas v.2.10.0.6

Platform: x64 Windows 10 (Pro), 10.0.19042.906 (ReleaseId: 2009), Service Pack: 0
Time: 09.04.2021 - 10:56 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: stmis (group: Administrator) on PAGHE, FirstRun: yes

Chrome: 89.0.4389.114
Firefox: 87.0.0.7747
Internet Explorer: 11.0.19041.1
Default: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument %1 (Microsoft Edge)

Boot mode: Safe mode

Running processes:
Number | Path
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MsMpEng.exe
1 C:\Windows\explorer.exe
1 C:\Windows\HelpPane.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
3 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smss.exe
16 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
1 D:\virus\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxyOverride] = *.local
O1 - Hosts: 127.0.0.1 activation.acronis.com web-api-tih.acronis.com
O1 - Hosts: 127.0.0.1 liveupdate.acronis.com
O1 - Hosts: 127.0.0.1 download.acronis.com
O1 - Hosts: 127.0.0.1 orders.acronis.com
O1 - Hosts: 127.0.0.1 ns1.acronis.com
O1 - Hosts: 127.0.0.1 ns2.acronis.com
O1 - Hosts: 127.0.0.1 ns3.acronis.com
O1 - Hosts: 127.0.0.1 account.acronis.com
O1 - Hosts: 127.0.0.1 gateway.acronis.com
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_281\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_281\bin\ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_281\bin\jp2ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_281\bin\ssv.dll
O4 - HKCU\..\Run: [Bomgar_Cleanup_ZD947041715789] = C:\WINDOWS\system32\cmd.exe /C rd /S /Q "C:\Users\stmis\AppData\Local\Temp\nsv935.tmpb" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD947041715789 /f
O4 - HKCU\..\Run: [Bomgar_Cleanup_ZD958431879628] = C:\WINDOWS\system32\cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x606f0aae" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD958431879628 /f
O4 - HKCU\..\Run: [GoSign Desktop] = C:\Users\stmis\AppData\Local\InfoCert\GoSign Desktop\GoSignDesktop.exe --start-tray
O4 - HKCU\..\Run: [WebSGD] = C:\Users\stmis\AppData\Local\Programs\WebSGD\WebSGD.exe
O4 - HKLM\..\Run: [AWP Manager] = C:\Program Files\Oberthur Technologies\AWP\AWPManager.exe
O4 - HKLM\..\Run: [bit4id csp store register (M x64)] = C:\Windows\system32\bit4upki-store.dll "C:\Windows\system32\bit4upki-store.dll",RunImportServer
O4 - HKLM\..\Run: [Certificate Synchronizer] = C:\Program Files\Oberthur Technologies\AWP\OcsCertSynchronizer.exe
O4 - HKLM\..\Run: [StartupDelayer] = C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe /LaunchType=Auto /LaunchApps=Common
O4 - HKLM\..\Session Manager: [BootExecute] = sdnclean64.exe (file missing)
O4 - HKLM\..\StartupApproved\Run: [Acronis Scheduler2 Service] = C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (2020/11/24)
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe (2020/11/24)
O4 - HKLM\..\StartupApproved\Run32: [APSDaemon] = C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (2020/11/13)
O4 - HKLM\..\StartupApproved\Run32: [BrotherSoftwareUpdateNotification] = C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe /Autorun (2020/11/24)
O4 - HKLM\..\StartupApproved\Run32: [BrStsMon00] = C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN (2020/11/13)
O4 - HKLM\..\StartupApproved\Run32: [ControlCenter4] = C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun (2020/11/13)
O4 - HKLM\..\StartupApproved\StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe --control (2020/11/24)
O4 - HKLM\..\StartupApproved\StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE -b -l (2020/11/13)
O4-32 - HKLM\..\Run: [AcronisTibMounterMonitor] = C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe
O4-32 - HKLM\..\Run: [bit4id csp store register (M)] = C:\Windows\SysWOW64\RUNDLL32.EXE "C:\Windows\system32\bit4upki-store.dll",RunImportServer
O4-32 - HKLM\..\Run: [M17A] = C:\WINDOWS\twain_32\Brimm17a\Common\TwDsUiLaunch.exe
O4-32 - HKLM\..\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4-32 - HKLM\..\Run: [TrueImageMonitor.exe] = C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\E&sporta in Microsoft Excel: (default) = C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE
O10 - Unknown file in Winsock LSP: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
O16-32 - DPF: HKLM\..\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\DownloadInformation: GpcContainer Class [CODEBASE] =
O18 - HKLM\Software\Classes\Protocols\Handler\cdo: [CLSID] = {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - HKLM\Software\Classes\Protocols\Handler\msdaipp\0x00000001: [CLSID] = {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll
O18 - HKLM\Software\Classes\Protocols\Handler\msdaipp\oledb: [CLSID] = {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll
O18 - HKLM\Software\Classes\Protocols\Handler\mso-offdap: [CLSID] = {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_25_0_38450.dll
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe
O22 - Task (.job): (Not scheduled) G2MUpdateTask-S-1-5-21-2578058632-607301022-2213227287-1001.job - C:\Users\stmis\AppData\Local\GoToMeeting\19598\g2mupdate.exe
O22 - Task (.job): (Not scheduled) G2MUploadTask-S-1-5-21-2578058632-607301022-2213227287-1001.job - C:\Users\stmis\AppData\Local\GoToMeeting\19598\g2mupload.exe
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira\System Speedup (empty)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy (empty)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_AC - C:\WINDOWS\system32\MusNotification.exe /RunOnAC RebootDialog (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_Battery - C:\WINDOWS\system32\MusNotification.exe /RunOnBattery RebootDialog (Microsoft)
O22 - Task: (disabled) \Agent Activation Runtime\S-1-5-21-2578058632-607301022-2213227287-1001 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe
O22 - Task: (disabled) \Agent Activation Runtime\S-1-5-21-2578058632-607301022-2213227287-500 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: (update) \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\WINDOWS\system32\MusNotification.exe (Microsoft)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\AC Power Install - C:\WINDOWS\system32\usoclient.exe StartInstall (Microsoft)
O22 - Task: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
O22 - Task: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task: AMDInstallLauncher - C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe /InstallAUEP
O22 - Task: AMDLinkUpdate - C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe -AMDLinkUpdate
O22 - Task: G2MUpdateTask-S-1-5-21-2578058632-607301022-2213227287-1001 - C:\Users\stmis\AppData\Local\GoToMeeting\19598\g2mupdate.exe
O22 - Task: G2MUploadTask-S-1-5-21-2578058632-607301022-2213227287-1001 - C:\Users\stmis\AppData\Local\GoToMeeting\19598\g2mupload.exe
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: klcp_update - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe /verysilent /update /freq=30
O22 - Task: ModifyLinkUpdate - C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe -UpdateCurrentUser
O22 - Task: StartCN - C:\Program Files\AMD\CNext\CNext\cncmd.exe startwithdelay
O22 - Task: StartDVR - C:\Program Files\AMD\CNext\CNext\RSServCmd.exe
O23 - Service S2: Servizio Bonjour - (Bonjour Service) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service S2: Acronis Active Protection (TM) Service - (AcronisActiveProtectionService) - C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
O23 - Service S2: Acronis Agent Core Service - (aakore) - C:\Program Files (x86)\Acronis\Agent\aakore.exe run
O23 - Service S2: Acronis Managed Machine Service Mini - (mmsminisrv) - C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
O23 - Service S2: Acronis Nonstop Backup Service - (afcdpsrv) - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service S2: Acronis Scheduler2 Service - (AcrSch2Svc) - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service S2: AcuConnect 8.1.2 on port 5633 - (AcuConnect 5633) - F:\teamportal\programs\core\acu32\bin\acurcl.exe -startservice
O23 - Service S2: AcuConnect 8.1.2 on the default port (5632) - (AcuConnect) - F:\teamportal\programs\core\acu\bin\acurcl.exe -startservice
O23 - Service S2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service S2: AMD Crash Defender Service - C:\WINDOWS\system32\amdfendrsr.exe
O23 - Service S2: AMD External Events Utility - C:\WINDOWS\System32\DriverStore\FileRepository\u0365275.inf_amd64_136741f59e43f995\B364966\atiesrxx.exe
O23 - Service S2: AnyDesk Service - (AnyDesk) - C:\Program Files (x86)\AnyDesk\AnyDesk.exe --service
O23 - Service S2: Brother USB Application Controller - (USBAppControl) - C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
O23 - Service S2: Brother Workflow Application Controller - (WorkflowAppControl) - C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
O23 - Service S2: Girino-Agent - (girino-agent) - C:\Program Files\Girino\girino.exe -config "C:\ProgramData\Girino\config.json"
O23 - Service S2: Girino-Agent Updater - (girino-updater) - C:\Program Files\Girino\girino-updater.exe -logfile "C:\ProgramData\Girino\girino-updater.log"
O23 - Service S2: HuaweiHiSuiteService64.exe - C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe -/service
O23 - Service S2: Machine Debug Manager - (MDM) - C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
O23 - Service S2: Management Service smart card embedded in a MicroSD - (SCSD_Service) - C:\Program Files\Oberthur Technologies\ID-One Cosmo microSD Driver 2.1.3\SC_SD_Service.exe
O23 - Service S2: Namirial WakeUpSD Service - (WakeUpSvc) - C:\WINDOWS\SysWOW64\Namirial\WakeUpSDService.exe
O23 - Service S2: Net Driver HPZ12 - C:\WINDOWS\System32\svchost.exe -k HPZ12; "ServiceDll" = C:\Windows\System32\HPZinw12.dll
O23 - Service S2: Pml Driver HPZ12 - C:\WINDOWS\System32\svchost.exe -k HPZ12; "ServiceDll" = C:\Windows\System32\HPZipm12.dll
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S2: TpAcuXDBC - F:\teamportal\programs\core\python\lib\site-packages\win32\PythonService.exe
O23 - Service S2: TpAppServ - F:\teamportal\programs\core\python\lib\site-packages\win32\PythonService.exe
O23 - Service S2: TpCrond - F:\teamportal\programs\core\python\lib\site-packages\win32\PythonService.exe TpCrond
O23 - Service S2: TpCtreeRTG - F:\teamportal\programs\core\acu\bin\ctreesql.exe
O23 - Service S2: TpDb - F:\teamportal\programs\core\postgresql\bin\pg_ctl.exe runservice -N "TpDb" -D "F:\teamportal\data\db"
O23 - Service S2: TpDbPooler - F:\teamportal\programs\core\extra\pgbouncer\bin\pgbouncer.exe --service "F:\teamportal\data\db\pgb_conf.ini"
O23 - Service S2: TpHttpd - F:\teamportal\programs\core\apache\bin\httpd.exe -k runservice
O23 - Service S2: TpMatrixWS_9443 - F:\teamportal\programs\core\python\lib\site-packages\win32\PythonService.exe
O23 - Service S2: TpMatrixWS_9444 - F:\teamportal\programs\core\python\lib\site-packages\win32\PythonService.exe
O23 - Service S2: TpRgwy - F:\teamportal\programs\core\python\lib\site-packages\win32\PythonService.exe
O23 - Service S2: TpScd - F:\teamportal\programs\core\python\lib\site-packages\win32\PythonService.exe
O23 - Service S2: TpSchedd - F:\teamportal\programs\core\python\lib\site-packages\win32\PythonService.exe
O23 - Service S2: TpStorage - F:\teamportal\programs\core\python\lib\site-packages\win32\PythonService.exe TpStorage
O23 - Service S3: BrYNSvc - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service S3: Cisco WebEx Update Service - (WebexService) - C:\Program Files (x86)\Webex\Webex\Applications\WebExService.exe
O23 - Service S3: ForensiT AppX Management Service - (ForensiTAppxService) - C:\Program Files (x86)\ForensiT\AppX Management Service\ForensiTAppxService.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.114\elevation_service.exe
O23 - Service S3: Key4SwitchService - C:\Program Files (x86)\SwitchService\svc\hkeyswsvc.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: RunSwUSB - C:\Windows\runSW.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: TeamViewer - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service S3: Tib Mounter Service - C:\Program Files (x86)\Common Files\Acronis\TibMounter64\tib_mounter_service.exe


--
End of file - Time spent: 12,6 sec. - 32922 bytes, CRC32: FFFFFFFF. Sign: 砼䣠

---------------------------------------------normale------------------------

Logfile of HiJackThis Fork (Beta) by Alex Dragokas v.2.10.0.6

Platform: x64 Windows 10 (Pro), 10.0.19042.906 (ReleaseId: 2009), Service Pack: 0
Time: 09.04.2021 - 11:06 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: stmis (group: Administrator) on PAGHE, FirstRun: yes

Chrome: 89.0.4389.114
Firefox: 87.0.0.7747
Internet Explorer: 11.0.19041.1
Default: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument %1 (Microsoft Edge)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Acronis\Agent\aakore.exe
1 C:\Program Files (x86)\Acronis\Agent\bin\adp-agent.exe
1 C:\Program Files (x86)\Acronis\Agent\bin\bckp_amgr.exe
1 C:\Program Files (x86)\Acronis\Agent\bin\grpm-mini.exe
1 C:\Program Files (x86)\Acronis\Agent\bin\monitoring-mini.exe
1 C:\Program Files (x86)\Acronis\Agent\bin\task-manager.exe
1 C:\Program Files (x86)\Acronis\Agent\bin\updater.exe
1 C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
1 C:\Program Files (x86)\AnyDesk\AnyDesk.exe
1 C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
1 C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
1 C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
1 C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
1 C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
1 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
1 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
1 C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1 C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
1 C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
1 C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
1 C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
1 C:\Program Files\AMD\CNext\CNext\amdow.exe
1 C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
1 C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
1 C:\Program Files\Bonjour\mDNSResponder.exe
1 C:\Program Files\Girino\girino.exe
1 C:\Program Files\Girino\girino-updater.exe
1 C:\Program Files\Oberthur Technologies\AWP\AWPManager.exe
1 C:\Program Files\Oberthur Technologies\AWP\OcsCertSynchronizer.exe
1 C:\Program Files\Oberthur Technologies\ID-One Cosmo microSD Driver 2.1.3\SC_SD_Service.exe
1 C:\Program Files\Windows Media Player\wmpnetwk.exe
1 C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2103.17603.0_x64__8wekyb3d8bbwe\Cortana.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsStore_12101.1001.14.0_x64__8wekyb3d8bbwe\WinStore.App.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\NisSrv.exe
4 C:\Users\stmis\AppData\Local\InfoCert\GoSign Desktop\GoSignDesktop.exe
1 C:\Users\stmis\AppData\Local\Programs\WebSGD\WebSGD.exe
1 C:\Windows\explorer.exe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
1 C:\Windows\servicing\TrustedInstaller.exe
1 C:\Windows\splwow64.exe
1 C:\Windows\System32\amdfendrsr.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\cmd.exe
8 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
2 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\DriverStore\FileRepository\u0365275.inf_amd64_136741f59e43f995\B364966\atieclxx.exe
1 C:\Windows\System32\DriverStore\FileRepository\u0365275.inf_amd64_136741f59e43f995\B364966\atiesrxx.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\rundll32.exe
6 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SettingSyncHost.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
1 C:\Windows\System32\sppsvc.exe
87 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\SysWOW64\Namirial\WakeUpSDService.exe
1 C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.903_none_e780eeb325fbfdae\TiWorker.exe
1 D:\virus\HiJackThis.exe
1 F:\teamportal\programs\core\acu\bin\xdbc\xdbcsrvr.exe
1 F:\teamportal\programs\core\acu32\bin\acurcl.exe
2 F:\teamportal\programs\core\apache\bin\httpd.exe
2 F:\teamportal\programs\core\apache\bin\rotatelogs.exe
1 F:\teamportal\programs\core\extra\bin\redis-server.exe
1 F:\teamportal\programs\core\extra\jre\bin\java.exe
1 F:\teamportal\programs\core\extra\pgbouncer\bin\pgbouncer.exe
1 F:\teamportal\programs\core\postgresql\bin\pg_ctl.exe
10 F:\teamportal\programs\core\postgresql\bin\postgres.exe
9 F:\teamportal\programs\core\python\Lib\site-packages\win32\pythonservice.exe
10 F:\teamportal\programs\opt\mws\bin\matrixws.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxyOverride] = *.local
O1 - Hosts: 127.0.0.1 activation.acronis.com web-api-tih.acronis.com
O1 - Hosts: 127.0.0.1 liveupdate.acronis.com
O1 - Hosts: 127.0.0.1 download.acronis.com
O1 - Hosts: 127.0.0.1 orders.acronis.com
O1 - Hosts: 127.0.0.1 ns1.acronis.com
O1 - Hosts: 127.0.0.1 ns2.acronis.com
O1 - Hosts: 127.0.0.1 ns3.acronis.com
O1 - Hosts: 127.0.0.1 account.acronis.com
O1 - Hosts: 127.0.0.1 gateway.acronis.com
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_281\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_281\bin\ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_281\bin\jp2ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_281\bin\ssv.dll
O4 - HKCU\..\Run: [GoSign Desktop] = C:\Users\stmis\AppData\Local\InfoCert\GoSign Desktop\GoSignDesktop.exe --start-tray
O4 - HKCU\..\Run: [WebSGD] = C:\Users\stmis\AppData\Local\Programs\WebSGD\WebSGD.exe
O4 - HKLM\..\Run: [AWP Manager] = C:\Program Files\Oberthur Technologies\AWP\AWPManager.exe
O4 - HKLM\..\Run: [bit4id csp store register (M x64)] = C:\Windows\system32\bit4upki-store.dll "C:\Windows\system32\bit4upki-store.dll",RunImportServer
O4 - HKLM\..\Run: [Certificate Synchronizer] = C:\Program Files\Oberthur Technologies\AWP\OcsCertSynchronizer.exe
O4 - HKLM\..\Run: [StartupDelayer] = C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe /LaunchType=Auto /LaunchApps=Common
O4 - HKLM\..\Session Manager: [BootExecute] = sdnclean64.exe (file missing)
O4 - HKLM\..\StartupApproved\Run: [Acronis Scheduler2 Service] = C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (2020/11/24)
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe (2020/11/24)
O4 - HKLM\..\StartupApproved\Run32: [APSDaemon] = C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (2020/11/13)
O4 - HKLM\..\StartupApproved\Run32: [BrotherSoftwareUpdateNotification] = C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe /Autorun (2020/11/24)
O4 - HKLM\..\StartupApproved\Run32: [BrStsMon00] = C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN (2020/11/13)
O4 - HKLM\..\StartupApproved\Run32: [ControlCenter4] = C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun (2020/11/13)
O4 - HKLM\..\StartupApproved\StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe --control (2020/11/24)
O4 - HKLM\..\StartupApproved\StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE -b -l (2020/11/13)
O4 - HKU\S-1-5-21-2578058632-607301022-2213227287-1030\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'tsx_usr')
O4 - HKU\S-1-5-21-2578058632-607301022-2213227287-1031\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'tsx_dba')
O4 - HKU\S-1-5-21-2578058632-607301022-2213227287-1032\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'girino')
O4-32 - HKLM\..\Run: [AcronisTibMounterMonitor] = C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe
O4-32 - HKLM\..\Run: [bit4id csp store register (M)] = C:\Windows\SysWOW64\RUNDLL32.EXE "C:\Windows\system32\bit4upki-store.dll",RunImportServer
O4-32 - HKLM\..\Run: [M17A] = C:\WINDOWS\twain_32\Brimm17a\Common\TwDsUiLaunch.exe
O4-32 - HKLM\..\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4-32 - HKLM\..\Run: [TrueImageMonitor.exe] = C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\E&sporta in Microsoft Excel: (default) = C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE
O10 - Unknown file in Winsock LSP: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
O16-32 - DPF: HKLM\..\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\DownloadInformation: GpcContainer Class [CODEBASE] =
O17 - DHCP DNS 1: 192.168.1.1
O18 - HKLM\Software\Classes\Protocols\Handler\cdo: [CLSID] = {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - HKLM\Software\Classes\Protocols\Handler\msdaipp\0x00000001: [CLSID] = {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll
O18 - HKLM\Software\Classes\Protocols\Handler\msdaipp\oledb: [CLSID] = {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll
O18 - HKLM\Software\Classes\Protocols\Handler\mso-offdap: [CLSID] = {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_25_0_38450.dll
O22 - BITS Job: (download) {B0DD18D8-5049-4749-8A5A-00D0A5531059} - http://edgedl.gvt1.com/edgedl/release2/chrome/APGKZlf2NGyGiER_1Him6vc_88.0.4324.182/88.0.4324.182_88.0.4324.150_chrome_updater.exe -> C:\Users\DEFAUL~1.009\AppData\Local\Temp\{1E6EB54B-406A-470C-9487-451F5EDF5578}-88.0.4324.182_88.0.4324.150_chrome_updater.exe
O22 - BITS Job: Fix all (including legit)
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe
O22 - Task (.job): (Not scheduled) G2MUpdateTask-S-1-5-21-2578058632-607301022-2213227287-1001.job - C:\Users\stmis\AppData\Local\GoToMeeting\19598\g2mupdate.exe
O22 - Task (.job): (Not scheduled) G2MUploadTask-S-1-5-21-2578058632-607301022-2213227287-1001.job - C:\Users\stmis\AppData\Local\GoToMeeting\19598\g2mupload.exe
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira\System Speedup (empty)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy (empty)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_AC - C:\WINDOWS\system32\MusNotification.exe /RunOnAC RebootDialog (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_Battery - C:\WINDOWS\system32\MusNotification.exe /RunOnBattery RebootDialog (Microsoft)
O22 - Task: (disabled) \Agent Activation Runtime\S-1-5-21-2578058632-607301022-2213227287-1001 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe
O22 - Task: (disabled) \Agent Activation Runtime\S-1-5-21-2578058632-607301022-2213227287-500 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: (update) \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\WINDOWS\system32\MusNotification.exe (Microsoft)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\AC Power Install - C:\WINDOWS\system32\usoclient.exe StartInstall (Microsoft)
O22 - Task: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
O22 - Task: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task: AMDInstallLauncher - C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe /InstallAUEP
O22 - Task: AMDLinkUpdate - C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe -AMDLinkUpdate
O22 - Task: G2MUpdateTask-S-1-5-21-2578058632-607301022-2213227287-1001 - C:\Users\stmis\AppData\Local\GoToMeeting\19598\g2mupdate.exe
O22 - Task: G2MUploadTask-S-1-5-21-2578058632-607301022-2213227287-1001 - C:\Users\stmis\AppData\Local\GoToMeeting\19598\g2mupload.exe
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: klcp_update - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe /verysilent /update /freq=30
O22 - Task: ModifyLinkUpdate - C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe -UpdateCurrentUser
O22 - Task: StartCN - C:\Program Files\AMD\CNext\CNext\cncmd.exe startwithdelay
O22 - Task: StartDVR - C:\Program Files\AMD\CNext\CNext\RSServCmd.exe
O23 - Service R2: Servizio Bonjour - (Bonjour Service) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service R2: Acronis Active Protection (TM) Service - (AcronisActiveProtectionService) - C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
O23 - Service R2: Acronis Agent Core Service - (aakore) - C:\Program Files (x86)\Acronis\Agent\aakore.exe run
O23 - Service R2: Acronis Managed Machine Service Mini - (mmsminisrv) - C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
O23 - Service R2: Acronis Nonstop Backup Service - (afcdpsrv) - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service R2: Acronis Scheduler2 Service - (AcrSch2Svc) - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service R2: AcuConnect 8.1.2 on port 5633 - (AcuConnect 5633) - F:\teamportal\programs\core\acu32\bin\acurcl.exe -startservice
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: AMD Crash Defender Service - C:\WINDOWS\system32\amdfendrsr.exe
O23 - Service R2: AMD External Events Utility - C:\WINDOWS\System32\DriverStore\FileRepository\u0365275.inf_amd64_136741f59e43f995\B364966\atiesrxx.exe
O23 - Service R2: AnyDesk Service - (AnyDesk) - C:\Program Files (x86)\AnyDesk\AnyDesk.exe --service
O23 - Service R2: Brother USB Application Controller - (USBAppControl) - C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
O23 - Service R2: Brother Workflow Application Controller - (WorkflowAppControl) - C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
O23 - Service R2: Girino-Agent - (girino-agent) - C:\Program Files\Girino\girino.exe -config "C:\ProgramData\Girino\config.json"
O23 - Service R2: Girino-Agent Updater - (girino-updater) - C:\Program Files\Girino\girino-updater.exe -logfile "C:\ProgramData\Girino\girino-updater.log"
O23 - Service R2: HuaweiHiSuiteService64.exe - C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe -/service
O23 - Service R2: Machine Debug Manager - (MDM) - C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
O23 - Service R2: Management Service smart card embedded in a MicroSD - (SCSD_Service) - C:\Program Files\Oberthur Technologies\ID-One Cosmo microSD Driver 2.1.3\SC_SD_Service.exe
O23 - Service R2: Namirial WakeUpSD Service - (WakeUpSvc) - C:\WINDOWS\SysWOW64\Namirial\WakeUpSDService.exe
O23 - Service R2: Net Driver HPZ12 - C:\WINDOWS\System32\svchost.exe -k HPZ12; "ServiceDll" = C:\Windows\System32\HPZinw12.dll
O23 - Service R2: Pml Driver HPZ12 - C:\WINDOWS\System32\svchost.exe -k HPZ12; "ServiceDll" = C:\Windows\System32\HPZipm12.dll
O23 - Service R2: TpAcuXDBC - F:\teamportal\programs\core\python\lib\site-packages\win32\PythonService.exe
O23 - Service R2: TpAppServ - F:\teamportal\programs\core\python\lib\site-packages\win32\PythonService.exe
O23 - Service R2: TpCrond - F:\teamportal\programs\core\python\lib\site-packages\win32\PythonService.exe TpCrond
O23 - Service R2: TpDb - F:\teamportal\programs\core\postgresql\bin\pg_ctl.exe runservice -N "TpDb" -D "F:\teamportal\data\db"
O23 - Service R2: TpDbPooler - F:\teamportal\programs\core\extra\pgbouncer\bin\pgbouncer.exe --service "F:\teamportal\data\db\pgb_conf.ini"
O23 - Service R2: TpHttpd - F:\teamportal\programs\core\apache\bin\httpd.exe -k runservice
O23 - Service R2: TpMatrixWS_9443 - F:\teamportal\programs\core\python\lib\site-packages\win32\PythonService.exe
O23 - Service R2: TpMatrixWS_9444 - F:\teamportal\programs\core\python\lib\site-packages\win32\PythonService.exe
O23 - Service R2: TpRgwy - F:\teamportal\programs\core\python\lib\site-packages\win32\PythonService.exe
O23 - Service R2: TpScd - F:\teamportal\programs\core\python\lib\site-packages\win32\PythonService.exe
O23 - Service R2: TpSchedd - F:\teamportal\programs\core\python\lib\site-packages\win32\PythonService.exe
O23 - Service R2: TpStorage - F:\teamportal\programs\core\python\lib\site-packages\win32\PythonService.exe TpStorage
O23 - Service S2: AcuConnect 8.1.2 on the default port (5632) - (AcuConnect) - F:\teamportal\programs\core\acu\bin\acurcl.exe -startservice
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S2: TpCtreeRTG - F:\teamportal\programs\core\acu\bin\ctreesql.exe
O23 - Service S3: BrYNSvc - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service S3: Cisco WebEx Update Service - (WebexService) - C:\Program Files (x86)\Webex\Webex\Applications\WebExService.exe
O23 - Service S3: ForensiT AppX Management Service - (ForensiTAppxService) - C:\Program Files (x86)\ForensiT\AppX Management Service\ForensiTAppxService.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.114\elevation_service.exe
O23 - Service S3: Key4SwitchService - C:\Program Files (x86)\SwitchService\svc\hkeyswsvc.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: RunSwUSB - C:\Windows\runSW.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: TeamViewer - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service S3: Tib Mounter Service - C:\Program Files (x86)\Common Files\Acronis\TibMounter64\tib_mounter_service.exe


--
End of file - Time spent: 15,8 sec. - 42658 bytes, CRC32: FFFFFFFF. Sign: �՜

Ultima modifica di CrisBonis : 09-04-2021 alle 14:00.
CrisBonis è offline   Rispondi citando il messaggio o parte di esso
Old 14-04-2021, 11:53   #6
CrisBonis
Junior Member
 
Iscritto dal: Apr 2021
Messaggi: 11
lo faccio in questi giorni, poi posto, grazie Phoenix2005

Ultima modifica di CrisBonis : 14-04-2021 alle 17:00.
CrisBonis è offline   Rispondi citando il messaggio o parte di esso
Old 19-04-2021, 10:01   #7
CrisBonis
Junior Member
 
Iscritto dal: Apr 2021
Messaggi: 11
Quote:
Originariamente inviato da Phoenix2005 Guarda i messaggi
Prego.


O23 - Service S2: Management Service smart card embedded in a MicroSD - (SCSD_Service) - C:\Program Files\Oberthur Technologies\ID-One Cosmo microSD Driver 2.1.3\SC_SD_Service.exe

.

Sono stati installati in automatico, quando installi il software per la firma digitale, vengono installati anche questi, installati in data di nascita/origine del PC assemblato, quindi presuppongo che siano puliti, ma controllo. Grazie
CrisBonis è offline   Rispondi citando il messaggio o parte di esso
Old 25-04-2021, 12:19   #8
CrisBonis
Junior Member
 
Iscritto dal: Apr 2021
Messaggi: 11
Trovato il responsabile

Ciao
il responsabile è:
MANAGEMENT SERVICE SMART CARD EMBEDDED IN A MICROSD
DI OBERTHUR TECHNOLOGIES

ho tolto uno ad uno i servizi lanciando msconfig.exe e provando a togliere
e rimettere la chiavetta Usb, quando ho spento questo servizio e dopo
il riavvio, sulla chiavetta non si è formata più l'incriminata cartella.

Grazie per tutto l'aiuto

Allego schermata

CrisBonis è offline   Rispondi citando il messaggio o parte di esso
Old 26-04-2021, 14:41   #9
CrisBonis
Junior Member
 
Iscritto dal: Apr 2021
Messaggi: 11
Quote:
Originariamente inviato da Phoenix2005 Guarda i messaggi
Perfetto. oppure si potrebbe trattare di un malware che si è agganciato al servizio in questione.
il sito del produttore mi sembra oscurato o venduto, quindi non si può fare

Ho quotato la tua ipotesi perchè penso che sia proprio andata cosi, ho altri 2 PC configurati nello stesso modo, ma per ora risultano puliti.
L'unica differenza è che su questo avevo scaricato un copia Acronis True Image per WD (gratuito per clienti WD) come Torrent, perche il sito della casa madre non andava quel giorno. L'istallazione mi era sembrata un pochino strana, perchè conoscendo il software, essendo io un WD 'aficionado', si è chiusa a metà, poi si è riaperta e ha finito, sembrava tutto corretto, perchè poi il tutto funzionava come sempre. Morale...triplo occhio ai Torrent eseguibili.
CrisBonis è offline   Rispondi citando il messaggio o parte di esso
Old 01-05-2021, 14:04   #10
CrisBonis
Junior Member
 
Iscritto dal: Apr 2021
Messaggi: 11
Quote:
Originariamente inviato da Phoenix2005 Guarda i messaggi
Prova a vedere se ...
Grazie, comunque nessun programma di protezione (di qualsiasi tipo) ha rilevato l'HACK, qualunque esso sia.
CrisBonis è offline   Rispondi citando il messaggio o parte di esso
 Rispondi


Apple MacBook Air M3: chi deve davvero comprarlo? La recensione Apple MacBook Air M3: chi deve davvero comprarlo...
ASUS ROG Swift OLED PG49WCD: quando QD-OLED e ultrawide si fondono ASUS ROG Swift OLED PG49WCD: quando QD-OLED e ul...
Dreame L10s Pro Ultra Heat: la pulizia di casa tutta sostanza Dreame L10s Pro Ultra Heat: la pulizia di casa t...
HONOR Magic6 Pro: come funziona Magic Portal, il modo ''intelligente'' di condividere HONOR Magic6 Pro: come funziona Magic Portal, il...
L'innovazione richiede fiducia: Workday si propone come guida nell'era dell'IA L'innovazione richiede fiducia: Workday si propo...
Italia strategica per Oracle. Arriva la ...
Sam-Bankman Fried: 25 anni di reclusione...
Mobility Analytics di WINDTRE Business p...
Il lander lunare JAXA SLIM si è r...
Warframe conquista l'iPhone: senza soluz...
Marvel Rivals!, l'inaspettato shooter Pv...
Twitch aggiorna le linee guida sui conte...
Galaxy M55 ufficiale: la nuova fascia me...
Google corregge sette vulnerabilit&agrav...
IA: le imprese italiane sono in prima li...
Garmin Dash Cam 57: un'alleata perfetta ...
Elgato Facecam MK2: come rendere ancora ...
2 iRobot Roomba al prezzo più sco...
La tua connessione in fibra ottica potre...
Il controller DualSense per PS5 con un p...
Chromium
GPU-Z
OCCT
LibreOffice Portable
Opera One Portable
Opera One 106
CCleaner Portable
CCleaner Standard
Cpu-Z
Driver NVIDIA GeForce 546.65 WHQL
SmartFTP
Trillian
Google Chrome Portable
Google Chrome 120
VirtualBox
Tutti gli articoli Tutte le news Tutti i download

Strumenti

Regole
Non Puoi aprire nuove discussioni
Non Puoi rispondere ai messaggi
Non Puoi allegare file
Non Puoi modificare i tuoi messaggi

Il codice vB è On
Le Faccine sono On
Il codice [IMG] è On
Il codice HTML è Off
Vai al Forum


Tutti gli orari sono GMT +1. Ora sono le: 20:17.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Served by www3v