|
|
[ zgas @ 01.06.2007. 19:54 ] @
|
| Postovani,
svchost.exe mi trazi stalno neki izlaz na internet. Ako mu ne dozvolim - nemam konekciju. A ako mu dozvolim, sa njim nesto nije u redu jer mi nakon 5 - 10 minuta rada na internetu konekcija biva blokirana.
Ovo mi se desava redovno nakon instalacije sistema i odredjenog rada na internetu vec u zadnjih sigurno godinu dana. I jos nisam nasao program koji cisti ovu uzasnu zarazu. A od reinstalacija "i ghostom" mi je vec muka. Koristim najnoviji kaspersky i on nista ne detektuje.
Molim ako znate za lek da pomognete! |
[ Zoran Rodic @ 01.06.2007. 20:21 ] @
Udji u CMD i spusti se do direktorijuma gde zelis da bude snimljen izvestaj , najbolje desktop, pa otkucaj
tasklist /svc > izvestaj.txt
pa posalji ovde da vidimo sadrzaj
[ zgas @ 01.06.2007. 21:52 ] @
Code:
Image Name PID Services
========================= ====== =============================================
System Idle Process 0 N/A
System 4 N/A
SMSS.EXE 412 N/A
CSRSS.EXE 492 N/A
WINLOGON.EXE 520 N/A
SERVICES.EXE 564 Eventlog, PlugPlay
LSASS.EXE 576 PolicyAgent, ProtectedStorage, SamSs
SVCHOST.EXE 728 DcomLaunch, TermService
SVCHOST.EXE 776 RpcSs
SVCHOST.EXE 848 AudioSrv, Browser, CryptSvc, Dhcp, dmserver,
ERSvc, EventSystem,
FastUserSwitchingCompatibility, helpsvc,
lanmanserver, lanmanworkstation, Netman,
Nla, RasMan, Schedule, seclogon, SENS,
SharedAccess, ShellHWDetection, TapiSrv,
Themes, TrkWks, W32Time, winmgmt, wscsvc,
wuauserv, WZCSVC
SVCHOST.EXE 952 Dnscache
SVCHOST.EXE 992 LmHosts, RemoteRegistry, SSDPSRV, WebClient
EXPLORER.EXE 1104 N/A
SPOOLSV.EXE 1204 Spooler
Apache.exe 1332 Apache2
AVP.EXE 1384 AVP
Apache.exe 1480 N/A
AVP.EXE 396 N/A
CTFMON.EXE 316 N/A
DSLMON.EXE 1416 N/A
MySQLSystemTrayMonitor.ex 1428 N/A
WSCNTFY.EXE 2688 N/A
ALG.EXE 2776 ALG
mysqld-nt.exe 3764 MySQL
ThunderbirdPortable.exe 3840 N/A
thunderbird.exe 3872 N/A
FirefoxPortable.exe 3892 N/A
FIREFOX.EXE 3908 N/A
cmd.exe 2924 N/A
tasklist.exe 1072 N/A
wmiprvse.exe 2980 N/A
[ Miroslav Jeftić @ 01.06.2007. 21:55 ] @
Da li ti je uključen Windows update? Ne mora da znači i u tvom slučaju, ali meni je zbog Win update-a svchost.exe pravio "šou" pre neku nedelju. Jedino rešenje je bilo da ga deaktiviram - services.msc -- automatic updates -- properties -- disabled.
[ Zoran Rodic @ 01.06.2007. 22:09 ] @
TrkWks
uzrok
Fuwudoor TROJAN
Vidim da Symantec ima najvise saveta u vezi njegovog uklanjanja
Sta ima u StartUP ?
PS
Sumnjiv mi je i WZSSVC
[ Miroslav Jeftić @ 01.06.2007. 22:31 ] @
Da, ali i:
Citat: There is a Windows service called Distributed Link Tracking Client which has a service name TrkWks. If we examine the table above, we can see that the TrkWks service is part of the netsvcs group. If we look at the Registry key for this service we see that it's ServiceDLL is %SystemRoot%\system32\trkwks.dll. Therefore, using this information and what we learned above, we know that the executable command for the TrkWks service must be:
C:\WINDOWS\system32\svchost.exe -k netsvcs
i
Citat: DLL File: wzcsvc.dll or wzcsvc
DLL Name: Wireless Zero Configuration Service
Može da bude, a ne mora da znači.  [ zgas @ 01.06.2007. 22:38 ] @
>
>
>
Nemam ukljucen win update, cak i ne vrsim update windowsa (mozda zbog
toga i dobijam stalno taj virus, ne znam).
Sta mi je ciniti, ne razumem, da li se nesto vidi...?
[ Slobodan Trebovac @ 01.06.2007. 22:41 ] @
Da, ponekad samo na osnovu lokacije procesa mozemo da govorimo o njegovoj (ne)malicioznosti, jer u nekim slucajevima "normalan" i maliciozan proces imaju isto ime, kao sto moze da bude slucaj s vec pomenutim svchost.exe procesom.
@zgas
Kakav Kaspersky koristis, jel' KIS ili KAV? Sta jos imas od ovih sigurnosnih programa? Koristis li S&D, Ad-Aware, Spyware Doctor, zatim koji FW?
[ Zoran Rodic @ 01.06.2007. 23:50 ] @
Naravno, ali kako ovde ima problema, moramo poci od necega ;)
start => run => pa ukucaj msconfig => kartica startup pa nam kazi sta tamo ima
[ zgas @ 02.06.2007. 07:41 ] @
> Koristim Koristim KIS i imam sve servise ukljucene sem spam servisa. Znaci koristim i Kaspersky firewall.
>
U startup-u imam:
1. avp (Kaspersky antivirus)
2. NIJE NISTLA IMENOVANO (ovde ne postoji nista kao komand, a za
lokaciju ima:
HKLM/SEFTWARE/Microsoft/WINDOWS/CurrentVersion/Run)
3. ctfmon (KOMAND: e:/WINDOWS/sistem32/ctfmon.exe LOKACIJA:
HKLM/SEFTWARE/Microsoft/WINDOWS/CurrentVersion/Run)
4. DSLMON (adsl modem)
5. MYSQL sistem tray monitor
Mislim da sam jedno vreme koristio i NOD32 pa imao isti problem.
[ agasoft @ 02.06.2007. 10:17 ] @
> .Rođak, Jel koristiš neki firewall?
[ RobertNestaMarley @ 02.06.2007. 10:20 ] @
Moj savet je da predjes na nod 32 i zone alarm pro.
[Ovu poruku je menjao alkion dana 02.06.2007. u 12:50 GMT+1]
[ Nebojsa Mijovic @ 02.06.2007. 14:47 ] @
I meni se desavao ovaj problem.Znam koliko se sjecam da sam ga rijesio ukljucivanjem Firewall u SP2 plus sam instalirao Spyware Doctor.To je nestalo...
[ deki77 @ 02.06.2007. 15:20 ] @
Evo moj isto...
Code:
Image Name PID Services
========================= ====== =============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 544 N/A
csrss.exe 608 N/A
winlogon.exe 632 N/A
services.exe 676 Eventlog, PlugPlay
lsass.exe 688 NtLmSsp, PolicyAgent, ProtectedStorage, SamSs
ati2evxx.exe 844 Ati HotKey Poller
svchost.exe 856 DcomLaunch, TermService
svchost.exe 956 RpcSs
svchost.exe 1072 AudioSrv, Browser, CryptSvc, Dhcp, dmserver,
ERSvc, EventSystem,
FastUserSwitchingCompatibility, helpsvc,
Iprip, lanmanserver, lanmanworkstation,
Netman, Nla, RasMan, Schedule, seclogon,
SENS, SharedAccess, ShellHWDetection,
srservice, TapiSrv, Themes, TrkWks, W32Time,
winmgmt, wscsvc, wuauserv, WZCSVC
svchost.exe 1132 Dnscache
svchost.exe 1324 LmHosts, RemoteRegistry, SSDPSRV, WebClient
spoolsv.exe 1528 Spooler
cisvc.exe 1652 cisvc
inetinfo.exe 1696 IISADMIN, MSFtpsvc, SMTPSVC, W3SVC
MDM.EXE 1748 MDM
msdtc.exe 1808 MSDTC
nod32krn.exe 1844 NOD32krn
PnkBstrA.exe 1900 PnkBstrA
tcpsvcs.exe 1984 SimpTcp
snmp.exe 2040 SNMP
wdfmgr.exe 312 UMWdf
mqsvc.exe 508 MSMQ
mqtgsvc.exe 1140 MSMQTriggers
alg.exe 1664 ALG
wscntfy.exe 2504 N/A
ati2evxx.exe 2528 N/A
explorer.exe 2596 N/A
atiptaxx.exe 3000 N/A
realsched.exe 3036 N/A
rundll32.exe 3172 N/A
cocwqd.exe 3276 N/A
nod32kui.exe 3464 N/A
ctfmon.exe 3492 N/A
iexplore.exe 3672 N/A
wuauclt.exe 3744 N/A
iexplore.exe 2200 N/A
cmd.exe 3264 N/A
tasklist.exe 3924 N/A
wmiprvse.exe 4012 N/A
Problem mi je pravio Tojan ConHook.(c:/WINDOS/sistem32/geedb.dll/)
Nije mogao da se izbriše
Nod32 je rešio problem...btw explorer je rokao 60mb !!!
Copyright (C) 2001-2025 by www.elitesecurity.org. All rights reserved.
|