svchost.exe odchadzajuce spojenie?

snapcase · Příspěvek od **snapcase** » ned 10. čer 2007, 21:51

mam problem s svchost.exe. v Comodo firewalle mi ukazuje stale toto spojenie:

kedze sa v sietach moc nevyznam, tak netusim o co ide. comodo pise aktivitu medzi 5 az 40%.
problem je v tom, ze od kedy sa toto deje, tak net byva casto nestabilny a zvykne vypadavat. to sa u Chella moc nestava.
mam tusaka, ze nejde o chybu u mna, ale u providera, kedze sa tento problem objavil tesne pred nedavnym zvysovanim rychlosti a ostava dodnes.

aktualizacie som skusal vypnut.

je moje podozrenie spravne alebo to je nejaka chyba u mna?

Baron Prášil

http://home.eunet.cz/rysanek/blabol/tcp.htm

tady je něco o tom

snapcase · Příspěvek od **snapcase** » pon 11. čer 2007, 19:12

hmm, dik za ochotu.

ale akosi to neriesi problem preco sa to deje povedzme 5 hodin denne. pocas tejto doby mam pingy okolo 100 na pingmetri www.dsl.sk . bezne su pingy u mna okolo 10.
teraz som chcel nieco stiahnut cez torrent a ide to cca 10-30kB download a cca 10kB upload. linku mam 512kB/48kB.

nepomaha ani vypnutie Comoda ci PeerGuardian-a.

vypis z HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 19:10:56, on 11. 6. 2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Documents and Settings\PumaPerez\Desktop\Miranda\Wolf's Profi Miranda-Pack v1.3.0\miranda32.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Comodo\Firewall\cpf.exe
C:\Program Files\Azureus\Azureus.exe
C:\Documents and Settings\PumaPerez\Desktop\HT\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MirandaIM] "C:\Documents and Settings\PumaPerez\Desktop\Miranda\Wolf's Profi Miranda-Pack v1.3.0\miranda32.exe" "C:\Documents and Settings\PumaPerez\Desktop\Miranda\Wolf's Profi Miranda-Pack v1.3.0\Profiles\profile"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

Baron Prášil

log je v pohodě

použij ProcessExplorerNt

spusť ho a projeď šipkou ty svchosty a až najdeš Services: tak udělej screen a pošli

snapcase · Příspěvek od **snapcase** » stř 11. črc 2007, 13:41

ospravedlnujem sa za neskoru odpoved.
dufam, ze som ta spravne pochopil:

teraz som si vsimol vec, ktora by mohla mat s tymto spojitost. v programe PeerGuardiam2 vidim stale nejake spojenia cez IGMP a ICMP protocol. dokonca windowsacky security alert mi hlasi, ze Comodo firewall je vypnuty, pri tom opticky sa zda byt zapnuty.