Insolita attività del disco fisso

Se Windows genera un errore, hai un problema di virus o vuoi discutere/segnalare l'uscita della nuova versione di un software per la piattaforma Microsoft, questa è la sezione giusta.
Regole del forum
Rispondi
Avatar utente
diego166
Livello: Disco fisso (9/15)
Livello: Disco fisso (9/15)
Messaggi: 672
Iscritto il: mar giu 18, 2013 12:38 am
Località: Milano

Insolita attività del disco fisso

Messaggio da diego166 »

Mi rivolgo ai più esperti del forum che si dedicano tutti i giorni alla risoluzione dei problemi dei pc..
Ho notato da una settimana un insolito lavoro del disco fisso durante il funzionamento di Windows, in particolare se utilizzo Google Chrome o se il pc resta in fase "background" a riposo.Vedo la spia dell Hdd fissa accesa, il sistema tende ad essere rallentato e nei processi vi è un svchost.exe che aumenta di memoria in modo considerevolmente elevato.
Sospetto virus o malware che si aggiri nel mio sistema, gia eseguito un Recovery con un immagine di sistema creata con Acronis True Image Home in una data remota da questo accaduto ma risultato dell esito è che non è cambiato nulla.

Da dove inizio con gli "esami del pc"? :)
Utilizzo Bitdefender antivirus Free Edition ed è regolarmente attivo ed aggiornato.
L hard disk è un Seagate Momentus XT 500 (500gb + 8gb SSD)..
Riporto un log con HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 23:17:08, on 30/03/2015
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v8.00 (8.00.7601.18660)

Running processes:
C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Users\Administrator\Desktop\DATA\AntiVirus\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files (x86)\Classic Shell\ClassicExplorer32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files (x86)\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
O4 - Startup: taskmgr.exe.lnk = C:\Windows\System32\taskmgr.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Norton Disk Doctor Service (DiskDoctorService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: Bitdefender Antivirus Free Edition (gzserv) - Unknown owner - C:\Program Files (x86)\AntiVirus\Bitdefender\Antivirus Free Edition\gzserv.exe" /service (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Utilities 16 Start Manager Service (NU16StartManagerSvc) - Symantec - C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Norton SpeedDisk Service (SpeedDiskService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
Grazie
Diego.166

System
System
Bot ufficiale TurboLab.it
Bot
Messaggi:
Iscritto il: sab dic 31, 2016 6:19 pm
Contatta: Contatta

Re: Insolita attività del disco fisso

Messaggio da System » lun mar 30, 2015 11:43 pm


Avatar utente
crazy.cat
Amministratore
Amministratore
Messaggi: 8725
Iscritto il: mer mag 01, 2013 4:02 pm
Località: Noventa Padovana
Contatta:

Re: Insolita attività del disco fisso

Messaggio da crazy.cat »

Intanto aggiorna hijackthis che sei rimasto alla preistoria come versione.
Poi utilizza process explorer e currports per vedere quali sono i processi più attivi e dove si collegano.
“La vita è come andare in bicicletta. Per mantenere l’equilibrio devi muoverti.”

Avatar utente
gioia271965
Livello: Chiavetta USB (8/15)
Livello: Chiavetta USB (8/15)
Messaggi: 490
Iscritto il: lun mar 24, 2014 2:22 pm
Località: Taranto

Re: Insolita attività del disco fisso

Messaggio da gioia271965 »

Oltre il consiglio di crazy.cat prova a scansionare...adwcleaner, malwarebytes, hitmanpro. Dai anche un'occhiata ai servizi attivi di Windows.
Se vuoi conoscere veramente una persona, guarda il suo Hard Disk!

Avatar utente
diego166
Livello: Disco fisso (9/15)
Livello: Disco fisso (9/15)
Messaggi: 672
Iscritto il: mar giu 18, 2013 12:38 am
Località: Milano

Re: Insolita attività del disco fisso

Messaggio da diego166 »

Ho aggiornato HiJackThis alla versione 2.0.5 e rifatto la scansione
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 00:34:08, on 01/04/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.18660)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Users\Administrator\Desktop\ProcessExplorerPortable\ProcessExplorerPortable.exe
C:\Users\Administrator\Desktop\ProcessExplorerPortable\App\ProcessExplorer\procexp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\Desktop\cports\cports.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\Desktop\DATA\AntiVirus\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files (x86)\Classic Shell\ClassicExplorer32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files (x86)\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - Startup: taskmgr.exe.lnk = C:\Windows\System32\taskmgr.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Norton Disk Doctor Service (DiskDoctorService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Bitdefender Antivirus Free Edition (gzserv) - Bitdefender - C:\Program Files (x86)\AntiVirus\Bitdefender\Antivirus Free Edition\gzserv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Utilities 16 Start Manager Service (NU16StartManagerSvc) - Unknown owner - C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Norton SpeedDisk Service (SpeedDiskService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7628 bytes
Con Process Explorer ho salvato la lista dei processi attivi
Process CPU Private Bytes Working Set PID Description Company Name
svchost.exe < 0.01 90.760 K 93.680 K 1052 Processo host per servizi di Windows Microsoft Corporation
chrome.exe 0.07 53.464 K 84.412 K 5112 Google Chrome Google Inc.
chrome.exe < 0.01 62.824 K 79.492 K 3348 Google Chrome Google Inc.
explorer.exe 0.10 40.408 K 58.688 K 2696 Esplora risorse Microsoft Corporation
chrome.exe 48.184 K 57.336 K 3120 Google Chrome Google Inc.
dwm.exe 1.66 35.972 K 50.756 K 2640 Gestione finestre desktop Microsoft Corporation
chrome.exe 0.03 40.188 K 48.668 K 2968 Google Chrome Google Inc.
procexp64.exe 5.30 25.752 K 46.704 K 4588 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
chrome.exe < 0.01 36.204 K 41.744 K 5044 Google Chrome Google Inc.
explorer.exe 0.01 26.876 K 37.292 K 4568 Esplora risorse Microsoft Corporation
svchost.exe < 0.01 23.664 K 34.948 K 1116 Processo host per servizi di Windows Microsoft Corporation
HijackThis.exe < 0.01 14.768 K 28.604 K 4548 HijackThis Trend Micro Inc.
gzserv.exe 0.03 253.668 K 23.060 K 908 Bitdefender Antivirus Free Edition Bitdefender
SearchIndexer.exe < 0.01 22.476 K 20.712 K 3820 Microsoft Windows Search Indexer Microsoft Corporation
svchost.exe 20.272 K 20.288 K 696 Processo host per servizi di Windows Microsoft Corporation
chrome.exe 0.23 19.260 K 19.252 K 3192 Google Chrome Google Inc.
audiodg.exe 16.076 K 17.200 K 3536 Isolamento grafico dispositivo audio Windows Microsoft Corporation
svchost.exe 0.19 10.472 K 16.072 K 1536 Processo host per servizi di Windows Microsoft Corporation
svchost.exe 0.01 10.292 K 15.356 K 1088 Processo host per servizi di Windows Microsoft Corporation
TrueImageMonitor.exe 0.06 20.676 K 15.228 K 2980 Acronis True Image Monitor Acronis
svchost.exe 0.01 16.600 K 15.092 K 1688 Processo host per servizi di Windows Microsoft Corporation
svchost.exe 12.980 K 14.028 K 1928 Processo host per servizi di Windows Microsoft Corporation
syncagentsrv.exe 0.01 5.804 K 12.996 K 2616 TrueImage Sync Agent Service Acronis
svchost.exe < 0.01 11.580 K 12.928 K 2484 Processo host per servizi di Windows Microsoft Corporation
wmpnetwk.exe < 0.01 15.096 K 12.664 K 3252 Servizio di condivisione in rete Windows Media Player Microsoft Corporation
nvxdsync.exe 8.548 K 12.020 K 1572 NVIDIA User Experience Driver Component NVIDIA Corporation
gziface.exe 0.08 87.388 K 10.408 K 2492 Bitdefender Antivirus Free Edition Bitdefender
ramdiskws.exe < 0.01 9.104 K 10.156 K 2564 SoftPerfect RAM Disk (64-bit) SoftPerfect Research
taskmgr.exe 0.36 4.088 K 9.608 K 2992 Gestione attività Windows Microsoft Corporation
WmiPrvSE.exe 5.556 K 9.528 K 3584 WMI Provider Host Microsoft Corporation
lsass.exe 4.448 K 9.468 K 692 Local Security Authority Process Microsoft Corporation
taskhost.exe 8.988 K 9.416 K 2468 Processo host per attività di Windows Microsoft Corporation
SearchProtocolHost.exe < 0.01 3.732 K 9.040 K 3644 Microsoft Windows Search Protocol Host Microsoft Corporation
nvvsvc.exe < 0.01 5.732 K 8.848 K 1620 NVIDIA Driver Helper Service, Version 327.23 NVIDIA Corporation
StartManSvc.exe < 0.01 4.416 K 8.652 K 2076 StartMan Application Symantec
procexp.exe 3.228 K 8.528 K 4264 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
spoolsv.exe 7.340 K 8.244 K 1884 Applicazione sottosistema spooler Microsoft Corporation
services.exe 5.940 K 7.636 K 676 Applicazione Servizi e Controller Microsoft Corporation
svchost.exe 4.244 K 7.604 K 852 Processo host per servizi di Windows Microsoft Corporation
ClassicStartMenu.exe 4.420 K 7.464 K 3056 Classic Start Menu IvoSoft
svchost.exe 4.780 K 7.376 K 408 Processo host per servizi di Windows Microsoft Corporation
SearchFilterHost.exe 3.684 K 7.332 K 5012 Microsoft Windows Search Filter Host Microsoft Corporation
dllhost.exe 3.744 K 7.296 K 4784 COM Surrogate Microsoft Corporation
WmiPrvSE.exe 3.576 K 6.988 K 3716 WMI Provider Host Microsoft Corporation
dllhost.exe 3.000 K 6.468 K 3084 COM Surrogate Microsoft Corporation
nvvsvc.exe 2.300 K 5.936 K 968 NVIDIA Driver Helper Service, Version 327.23 NVIDIA Corporation
taskeng.exe 2.612 K 5.808 K 4448 Modulo di gestione dell'Utilità di pianificazione Microsoft Corporation
TibMounterMonitor.exe 6.208 K 5.496 K 2772 Acronis TIB Mounter Monitor Acronis International GmbH
winlogon.exe 2.868 K 5.472 K 756 Applicazione Accesso a Windows Microsoft Corporation
csrss.exe 0.44 2.304 K 5.392 K 632 Processo runtime client server Microsoft Corporation
afcdpsrv.exe 0.05 5.656 K 5.168 K 556 File Level CDP Manager Service Acronis
svchost.exe 2.692 K 5.124 K 2160 Processo host per servizi di Windows Microsoft Corporation
mdm.exe 3.040 K 5.056 K 1108 Machine Debug Manager Microsoft Corporation
schedul2.exe 2.912 K 5.020 K 2012 Acronis Scheduler 2 Acronis
svchost.exe 2.336 K 4.784 K 1424 Processo host per servizi di Windows Microsoft Corporation
svchost.exe 2.556 K 4.576 K 3872 Processo host per servizi di Windows Microsoft Corporation
SSDMonitor.exe 2.032 K 4.256 K 2808 SSDMonit Application Symantec
schedhlp.exe 2.504 K 4.196 K 2712 Acronis Scheduler Helper Acronis
LSSrvc.exe 2.192 K 4.080 K 1800 LightScribe Service Hewlett-Packard Company
nvSCPAPISvr.exe 2.552 K 3.840 K 992 Stereo Vision Control Panel API Server NVIDIA Corporation
CTAudSvc.exe 1.280 K 3.792 K 1328 Creative Audio Service Creative Technology Ltd
wininit.exe 1.628 K 3.736 K 620 Applicazione di avvio di Windows Microsoft Corporation
lsm.exe 2.412 K 3.716 K 700 Servizio Gestione sessioni locali Microsoft Corporation
csrss.exe < 0.01 1.960 K 3.680 K 560 Processo runtime client server Microsoft Corporation
ProcessExplorerPortable.exe 0.01 38.896 K 2.376 K 3752 Process Explorer Portable (PortableApps.com Launcher) PortableApps.com
smss.exe 432 K 980 K 388 Gestione sessioni di Windows Microsoft Corporation
System 0.71 132 K 856 K 4
System Idle Process 88.81 0 K 24 K 0
Interrupts 1.81 0 K 0 K n/a Hardware Interrupts and DPCs
e con Currports mi viene visualizzato questo
==================================================
Process Name : chrome.exe
Process ID : 5112
Protocol : TCP
Local Port : 49699
Local Port Name :
Local Address : 192.168.1.3
Remote Port : 443
Remote Port Name : https
Remote Address : 216.58.210.228
Remote Host Name : mrs04s10-in-f4.1e100.net
State : Established
Process Path : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Product Name : Google Chrome
File Description : Google Chrome
File Version : 41.0.2272.101
Company : Google Inc.
Process Created On: 01/04/2015 00:25:36
User Name : User-PC\Administrator
Process Services :
Process Attributes: A
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title : Nuova scheda - Google Chrome
==================================================

==================================================
Process Name : chrome.exe
Process ID : 5112
Protocol : UDP
Local Port : 5353
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Product Name : Google Chrome
File Description : Google Chrome
File Version : 41.0.2272.101
Company : Google Inc.
Process Created On: 01/04/2015 00:25:36
User Name : User-PC\Administrator
Process Services :
Process Attributes: A
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title : Nuova scheda - Google Chrome
==================================================

==================================================
Process Name : syncagentsrv.exe
Process ID : 2616
Protocol : UDP
Local Port : 58611
Local Port Name :
Local Address : 192.168.1.3
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path : C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
Product Name : Acronis Sync Agent
File Description : TrueImage Sync Agent Service
File Version : 17,0,0,1877
Company : Acronis
Process Created On: 01/04/2015 00:18:03
User Name : NT AUTHORITY\SYSTEM
Process Services : syncagentsrv
Process Attributes: A
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 408
Protocol : TCP
Local Port : 135
Local Port Name : epmap
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:32
User Name : NT AUTHORITY\SERVIZIO DI RETE
Process Services : RpcEptMapper, RpcSs
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 4
Protocol : TCP
Local Port : 139
Local Port Name : netbios-ssn
Local Address : 192.168.1.3
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 3252
Protocol : TCP
Local Port : 554
Local Port Name : rtsp
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:16:03
User Name : NT AUTHORITY\SERVIZIO DI RETE
Process Services : WMPNetworkSvc
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 620
Protocol : TCP
Local Port : 49152
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:30
User Name : NT AUTHORITY\SYSTEM
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 696
Protocol : TCP
Local Port : 49153
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:32
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : AudioSrv, Dhcp, eventlog, HomeGroupProvider, lmhosts, wscsvc
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 692
Protocol : TCP
Local Port : 49154
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:30
User Name : NT AUTHORITY\SYSTEM
Process Services : KeyIso, SamSs
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 1116
Protocol : TCP
Local Port : 49155
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:32
User Name : NT AUTHORITY\SYSTEM
Process Services : AeLookupSvc, Browser, EapHost, iphlpsvc, LanmanServer, ProfSvc, Schedule, SENS, ShellHWDetection, Themes, Winmgmt, wuauserv
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 676
Protocol : TCP
Local Port : 49188
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:30
User Name : NT AUTHORITY\SYSTEM
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 4
Protocol : TCP
Local Port : 445
Local Port Name : microsoft-ds
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 4
Protocol : TCP
Local Port : 2869
Local Port Name : icslap
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 4
Protocol : TCP
Local Port : 5357
Local Port Name : wsd
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 4
Protocol : TCP
Local Port : 10243
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 4
Protocol : UDP
Local Port : 137
Local Port Name : netbios-ns
Local Address : 192.168.1.3
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 4
Protocol : UDP
Local Port : 138
Local Port Name : netbios-dgm
Local Address : 192.168.1.3
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 1536
Protocol : UDP
Local Port : 1900
Local Port Name : ssdp
Local Address : 127.0.0.1
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:43
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : FDResPub, SSDPSRV, upnphost, wcncsvc
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 1536
Protocol : UDP
Local Port : 1900
Local Port Name : ssdp
Local Address : 192.168.1.3
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:43
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : FDResPub, SSDPSRV, upnphost, wcncsvc
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 1116
Protocol : UDP
Local Port : 3544
Local Port Name : teredo
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:32
User Name : NT AUTHORITY\SYSTEM
Process Services : AeLookupSvc, Browser, EapHost, iphlpsvc, LanmanServer, ProfSvc, Schedule, SENS, ShellHWDetection, Themes, Winmgmt, wuauserv
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 1536
Protocol : UDP
Local Port : 3702
Local Port Name : ws-discovery
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:43
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : FDResPub, SSDPSRV, upnphost, wcncsvc
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 1088
Protocol : UDP
Local Port : 3702
Local Port Name : ws-discovery
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:32
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : EventSystem, fdPHost, FontCache, netprofm, nsi, WdiServiceHost, WinHttpAutoProxySvc
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 3252
Protocol : UDP
Local Port : 5004
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:16:03
User Name : NT AUTHORITY\SERVIZIO DI RETE
Process Services : WMPNetworkSvc
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 3252
Protocol : UDP
Local Port : 5005
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:16:03
User Name : NT AUTHORITY\SERVIZIO DI RETE
Process Services : WMPNetworkSvc
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 1688
Protocol : UDP
Local Port : 5355
Local Port Name : llmnr
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:42
User Name : NT AUTHORITY\SERVIZIO DI RETE
Process Services : CryptSvc, Dnscache, LanmanWorkstation, NlaSvc
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 1536
Protocol : UDP
Local Port : 49152
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:43
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : FDResPub, SSDPSRV, upnphost, wcncsvc
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 1088
Protocol : UDP
Local Port : 50454
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:32
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : EventSystem, fdPHost, FontCache, netprofm, nsi, WdiServiceHost, WinHttpAutoProxySvc
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 1088
Protocol : UDP
Local Port : 50804
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:32
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : EventSystem, fdPHost, FontCache, netprofm, nsi, WdiServiceHost, WinHttpAutoProxySvc
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 908
Protocol : UDP
Local Port : 56479
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:30
User Name : NT AUTHORITY\SYSTEM
Process Services : gzserv
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 1116
Protocol : UDP
Local Port : 62797
Local Port Name :
Local Address : 192.168.1.3
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:32
User Name : NT AUTHORITY\SYSTEM
Process Services : AeLookupSvc, Browser, EapHost, iphlpsvc, LanmanServer, ProfSvc, Schedule, SENS, ShellHWDetection, Themes, Winmgmt, wuauserv
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 1536
Protocol : UDP
Local Port : 64116
Local Port Name :
Local Address : 192.168.1.3
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:43
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : FDResPub, SSDPSRV, upnphost, wcncsvc
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 1536
Protocol : UDP
Local Port : 64117
Local Port Name :
Local Address : 127.0.0.1
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:43
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : FDResPub, SSDPSRV, upnphost, wcncsvc
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 408
Protocol : TCP
Local Port : 135
Local Port Name : epmap
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address : ::
Remote Host Name :
State : Listening
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:32
User Name : NT AUTHORITY\SERVIZIO DI RETE
Process Services : RpcEptMapper, RpcSs
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 4
Protocol : TCP
Local Port : 445
Local Port Name : microsoft-ds
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address : ::
Remote Host Name :
State : Listening
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 3252
Protocol : TCP
Local Port : 554
Local Port Name : rtsp
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address : ::
Remote Host Name :
State : Listening
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:16:03
User Name : NT AUTHORITY\SERVIZIO DI RETE
Process Services : WMPNetworkSvc
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 4
Protocol : TCP
Local Port : 2869
Local Port Name : icslap
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address : ::
Remote Host Name :
State : Listening
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 2484
Protocol : TCP
Local Port : 3587
Local Port Name : p2pgroup
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address : ::
Remote Host Name :
State : Listening
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:16:04
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : p2pimsvc, p2psvc, PNRPsvc
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 4
Protocol : TCP
Local Port : 5357
Local Port Name : wsd
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address : ::
Remote Host Name :
State : Listening
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 4
Protocol : TCP
Local Port : 10243
Local Port Name :
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address : ::
Remote Host Name :
State : Listening
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:05
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 620
Protocol : TCP
Local Port : 49152
Local Port Name :
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address : ::
Remote Host Name :
State : Listening
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:30
User Name : NT AUTHORITY\SYSTEM
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:05
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 696
Protocol : TCP
Local Port : 49153
Local Port Name :
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address : ::
Remote Host Name :
State : Listening
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:32
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : AudioSrv, Dhcp, eventlog, HomeGroupProvider, lmhosts, wscsvc
Process Attributes:
Added On : 01/04/2015 00:42:05
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 692
Protocol : TCP
Local Port : 49154
Local Port Name :
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address : ::
Remote Host Name :
State : Listening
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:30
User Name : NT AUTHORITY\SYSTEM
Process Services : KeyIso, SamSs
Process Attributes:
Added On : 01/04/2015 00:42:05
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 1116
Protocol : TCP
Local Port : 49155
Local Port Name :
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address : ::
Remote Host Name :
State : Listening
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:32
User Name : NT AUTHORITY\SYSTEM
Process Services : AeLookupSvc, Browser, EapHost, iphlpsvc, LanmanServer, ProfSvc, Schedule, SENS, ShellHWDetection, Themes, Winmgmt, wuauserv
Process Attributes:
Added On : 01/04/2015 00:42:05
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 676
Protocol : TCP
Local Port : 49188
Local Port Name :
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address : ::
Remote Host Name :
State : Listening
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:30
User Name : NT AUTHORITY\SYSTEM
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:05
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 1536
Protocol : UDP
Local Port : 1900
Local Port Name : ssdp
Local Address : ::1
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:43
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : FDResPub, SSDPSRV, upnphost, wcncsvc
Process Attributes:
Added On : 01/04/2015 00:42:05
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 1536
Protocol : UDP
Local Port : 1900
Local Port Name : ssdp
Local Address : fe80::bdd7:d3f4:65d:9b93
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:43
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : FDResPub, SSDPSRV, upnphost, wcncsvc
Process Attributes:
Added On : 01/04/2015 00:42:05
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 2484
Protocol : UDP
Local Port : 3540
Local Port Name : pnrp-port
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:16:04
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : p2pimsvc, p2psvc, PNRPsvc
Process Attributes:
Added On : 01/04/2015 00:42:05
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 1088
Protocol : UDP
Local Port : 3702
Local Port Name : ws-discovery
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:32
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : EventSystem, fdPHost, FontCache, netprofm, nsi, WdiServiceHost, WinHttpAutoProxySvc
Process Attributes:
Added On : 01/04/2015 00:42:05
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 1536
Protocol : UDP
Local Port : 3702
Local Port Name : ws-discovery
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:43
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : FDResPub, SSDPSRV, upnphost, wcncsvc
Process Attributes:
Added On : 01/04/2015 00:42:05
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 3252
Protocol : UDP
Local Port : 5004
Local Port Name :
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:16:03
User Name : NT AUTHORITY\SERVIZIO DI RETE
Process Services : WMPNetworkSvc
Process Attributes:
Added On : 01/04/2015 00:42:05
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 3252
Protocol : UDP
Local Port : 5005
Local Port Name :
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:16:03
User Name : NT AUTHORITY\SERVIZIO DI RETE
Process Services : WMPNetworkSvc
Process Attributes:
Added On : 01/04/2015 00:42:05
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 1688
Protocol : UDP
Local Port : 5355
Local Port Name : llmnr
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:42
User Name : NT AUTHORITY\SERVIZIO DI RETE
Process Services : CryptSvc, Dnscache, LanmanWorkstation, NlaSvc
Process Attributes:
Added On : 01/04/2015 00:42:05
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 1536
Protocol : UDP
Local Port : 49153
Local Port Name :
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:43
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : FDResPub, SSDPSRV, upnphost, wcncsvc
Process Attributes:
Added On : 01/04/2015 00:42:05
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 1088
Protocol : UDP
Local Port : 50455
Local Port Name :
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:32
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : EventSystem, fdPHost, FontCache, netprofm, nsi, WdiServiceHost, WinHttpAutoProxySvc
Process Attributes:
Added On : 01/04/2015 00:42:05
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 1088
Protocol : UDP
Local Port : 50805
Local Port Name :
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:32
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : EventSystem, fdPHost, FontCache, netprofm, nsi, WdiServiceHost, WinHttpAutoProxySvc
Process Attributes:
Added On : 01/04/2015 00:42:05
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 1536
Protocol : UDP
Local Port : 64114
Local Port Name :
Local Address : fe80::bdd7:d3f4:65d:9b93
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:43
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : FDResPub, SSDPSRV, upnphost, wcncsvc
Process Attributes:
Added On : 01/04/2015 00:42:05
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 1536
Protocol : UDP
Local Port : 64115
Local Port Name :
Local Address : ::1
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: 01/04/2015 00:15:43
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : FDResPub, SSDPSRV, upnphost, wcncsvc
Process Attributes:
Added On : 01/04/2015 00:42:05
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 2869
Local Port Name : icslap
Local Address : 192.168.1.3
Remote Port : 43025
Remote Port Name :
Remote Address : 192.168.1.1
Remote Host Name : Broadcom.Home
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 2869
Local Port Name : icslap
Local Address : 192.168.1.3
Remote Port : 43026
Remote Port Name :
Remote Address : 192.168.1.1
Remote Host Name : Broadcom.Home
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 2869
Local Port Name : icslap
Local Address : 192.168.1.3
Remote Port : 43027
Remote Port Name :
Remote Address : 192.168.1.1
Remote Host Name : Broadcom.Home
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 2869
Local Port Name : icslap
Local Address : 192.168.1.3
Remote Port : 43028
Remote Port Name :
Remote Address : 192.168.1.1
Remote Host Name : Broadcom.Home
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 2869
Local Port Name : icslap
Local Address : 192.168.1.3
Remote Port : 43024
Remote Port Name :
Remote Address : 192.168.1.1
Remote Host Name : Broadcom.Home
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49700
Local Port Name :
Local Address : 192.168.1.3
Remote Port : 5431
Remote Port Name :
Remote Address : 192.168.1.1
Remote Host Name : Broadcom.Home
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49701
Local Port Name :
Local Address : 192.168.1.3
Remote Port : 5431
Remote Port Name :
Remote Address : 192.168.1.1
Remote Host Name : Broadcom.Home
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49702
Local Port Name :
Local Address : 192.168.1.3
Remote Port : 5431
Remote Port Name :
Remote Address : 192.168.1.1
Remote Host Name : Broadcom.Home
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49704
Local Port Name :
Local Address : 192.168.1.3
Remote Port : 5431
Remote Port Name :
Remote Address : 192.168.1.1
Remote Host Name : Broadcom.Home
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49705
Local Port Name :
Local Address : 192.168.1.3
Remote Port : 5431
Remote Port Name :
Remote Address : 192.168.1.1
Remote Host Name : Broadcom.Home
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49706
Local Port Name :
Local Address : 192.168.1.3
Remote Port : 5431
Remote Port Name :
Remote Address : 192.168.1.1
Remote Host Name : Broadcom.Home
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49707
Local Port Name :
Local Address : 192.168.1.3
Remote Port : 5431
Remote Port Name :
Remote Address : 192.168.1.1
Remote Host Name : Broadcom.Home
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49708
Local Port Name :
Local Address : 192.168.1.3
Remote Port : 5431
Remote Port Name :
Remote Address : 192.168.1.1
Remote Host Name : Broadcom.Home
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49709
Local Port Name :
Local Address : 192.168.1.3
Remote Port : 5431
Remote Port Name :
Remote Address : 192.168.1.1
Remote Host Name : Broadcom.Home
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49710
Local Port Name :
Local Address : 192.168.1.3
Remote Port : 5431
Remote Port Name :
Remote Address : 192.168.1.1
Remote Host Name : Broadcom.Home
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49711
Local Port Name :
Local Address : 192.168.1.3
Remote Port : 5431
Remote Port Name :
Remote Address : 192.168.1.1
Remote Host Name : Broadcom.Home
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49712
Local Port Name :
Local Address : 192.168.1.3
Remote Port : 5431
Remote Port Name :
Remote Address : 192.168.1.1
Remote Host Name : Broadcom.Home
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49713
Local Port Name :
Local Address : 192.168.1.3
Remote Port : 5431
Remote Port Name :
Remote Address : 192.168.1.1
Remote Host Name : Broadcom.Home
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 01/04/2015 00:42:04
Module Filename :
Remote IP Country :
Window Title :
==================================================
Cosa potrei eliminare di anomalo segnalato da HijackThis?
Su Process Explorer noto sempre quell svchost.exe che risulta tra i piu attivi seguito da chrome.exe (PID 5112)
Diego.166

Avatar utente
crazy.cat
Amministratore
Amministratore
Messaggi: 8725
Iscritto il: mer mag 01, 2013 4:02 pm
Località: Noventa Padovana
Contatta:

Re: Insolita attività del disco fisso

Messaggio da crazy.cat »

con process explorer guarda cosa combina quel svchost e cerca di capire a quali processi/servizi può essere collegato.
Viene sfruttato da un sacco di cose che diventa difficile capirlo se non si ha il pc davanti.

A occhio, prova a disattivare/disinstallare le norton utilities e vedi se il pc smette di "lampeggiare"
“La vita è come andare in bicicletta. Per mantenere l’equilibrio devi muoverti.”

Avatar utente
diego166
Livello: Disco fisso (9/15)
Livello: Disco fisso (9/15)
Messaggi: 672
Iscritto il: mar giu 18, 2013 12:38 am
Località: Milano

Re: Insolita attività del disco fisso

Messaggio da diego166 »

A occhio, prova a disattivare/disinstallare le norton utilities e vedi se il pc smette di "lampeggiare"
Ho digitato services.msc e ho trovato ben 3 servizi che facevano riferimento alle norton Utilities 16. Ho disabilitato i servizi:
Norton Disk Doctor Service, SpeedDiskService, Norton Utilities 16 Start Manager Service.
L hard disk continua ad andare per fatti suoi..procedo con le scansioni Anti MAlware e vi farò sapere.. Grazie
Diego.166

Avatar utente
diego166
Livello: Disco fisso (9/15)
Livello: Disco fisso (9/15)
Messaggi: 672
Iscritto il: mar giu 18, 2013 12:38 am
Località: Milano

Re: Insolita attività del disco fisso

Messaggio da diego166 »

Riguardo a svchost.exe analizzato in process Explorer, clicando nella scheda delle proprietà facendo doppio clic sul servizio, vado su services e vedo i servizi ad esso collegati, mi sembra tutto nella norma,(se vuoi te li posto sotto), procedo con la scheda Threads e qui mi sorgono un po di perplessità. :(
Nel TID 2096 SysMain (sechost.dll) vedo il valore Cycles Delta che si scosta da Zero a 9 milioni e rotti nel ad ogni intervallo di un secondo..quindi un valore abbastanza dinamico..
Diego.166

Avatar utente
diego166
Livello: Disco fisso (9/15)
Livello: Disco fisso (9/15)
Messaggi: 672
Iscritto il: mar giu 18, 2013 12:38 am
Località: Milano

Re: Insolita attività del disco fisso

Messaggio da diego166 »

E già che c'ero, tanto per ottimizzare ulteriormente li punti "critici" di maggiore lavoro del disco fisso ho creato un Ramdisk con SoftPerfect RamDisk dedicando 500 mb della memoria RAM per cartelle come la Temp, la prefetch di windows e la cache dei browsers..
Da 2gb sono sceso a 1.5gb ma sempre sufficienti per Windows7, in quanto in futuro porterò il sistema a 8gb ddr2 pc6400 800Mhz.. :)
Diego.166

Avatar utente
diego166
Livello: Disco fisso (9/15)
Livello: Disco fisso (9/15)
Messaggi: 672
Iscritto il: mar giu 18, 2013 12:38 am
Località: Milano

Re: Insolita attività del disco fisso

Messaggio da diego166 »

ltre il consiglio di crazy.cat prova a scansionare...adwcleaner, malwarebytes, hitmanpro
Fatta anche questa procedura, sia Malwarebytes, hitmanPro che AdwCleaner non hanno rilevato nulla di anomalo.. :s
Diego.166

Avatar utente
diego166
Livello: Disco fisso (9/15)
Livello: Disco fisso (9/15)
Messaggi: 672
Iscritto il: mar giu 18, 2013 12:38 am
Località: Milano

Re: Insolita attività del disco fisso

Messaggio da diego166 »

Ho la strana sensazione che si tratti di un Rootkit e che i programmi fin ora utilizzati non siano riusciti a scovarlo.
Mi consigliate un buon Anti Rootkit?
Diego.166

Avatar utente
crazy.cat
Amministratore
Amministratore
Messaggi: 8725
Iscritto il: mer mag 01, 2013 4:02 pm
Località: Noventa Padovana
Contatta:

Re: Insolita attività del disco fisso

Messaggio da crazy.cat »

gmer e tdskiller.
“La vita è come andare in bicicletta. Per mantenere l’equilibrio devi muoverti.”

Avatar utente
Christian
Livello: CD-ROM (4/15)
Livello: CD-ROM (4/15)
Messaggi: 57
Iscritto il: mar apr 28, 2015 9:19 pm

Re: Insolita attività del disco fisso

Messaggio da Christian »

Noadware e Xoftspy....mi ha trovato ulteriori infezioni che i normali antivirus non erano riusciti a visionare
:ciao

System
System
Bot ufficiale TurboLab.it
Bot
Messaggi:
Iscritto il: sab dic 31, 2016 6:19 pm
Contatta: Contatta

Re: Re: Insolita attività del disco fisso

Messaggio da System » mer mag 06, 2015 9:15 pm


Rispondi
  • Argomenti simili
    Risposte
    Visite
    Ultimo messaggio