svchost 100%
Czytałem już faq, ale nie pomogło. Zrobiłem wszystko jak pisało zablokowałem port 135. W konsoli odzyskiwania jak wykonałem expand nie zdekompreował mi pliku. Mogłem tylko skopiować. Dodam iż ten svchost jest usługą sieciwą, a w tym czsie jest uruchomony drugi svchost który jest już usługą lokalną.
Jak wyłączyć tą usługę sieciową, albo jak naprawić ten problem?
Jak wyłączyć tą usługę sieciową, albo jak naprawić ten problem?
Odpowiedzi: 1
Nie masz czasem Aktualizacji automatycznych uruchomionych ?? Sprawdź czy po ich wyłączeniu całkowitym będzie dobrze.
Strona 1 / 1
Robactwo można wykluczyć? Sprawdzałeś system antywirusem czy choćby Hijackiem itd?<br />Sprawdź sobie PID tego svchosta. Poza tym sprawdź podłączonego pod niego usługi (tasklist /svc) i bibliteki (tasklist /m)<br /><br />
<p>Wyłączenie automatycznych aktualizacji nie pomaga. </p><p>PID 1436 (tylko za każdym razem inny)</p><p>biblioteki </p><p>svchost.exe 1436 ntdll.dll, kernel32.dll, ADVAPI32.dll,<br /> RPCRT4.dll, ShimEng.dll, AcGenral.DLL,<br /> USER32.dll, GDI32.dll, WINMM.dll, ole32.dll,<br /> msvcrt.dll, OLEAUT32.dll, MSACM32.dll,<br /> VERSION.dll, SHELL32.dll, SHLWAPI.dll,<br /> USERENV.dll, UxTheme.dll, IMM32.DLL,<br /> wbsys.dll, comctl32.dll, comctl32.dll,<br /> dnsrslvr.dll, DNSAPI.dll, WS2_32.dll,<br /> WS2HELP.dll, iphlpapi.dll</p><p>usługi<br />svchost.exe 1436 Dnscache</p><p>Logfile of HijackThis v1.99.1<br />Scan saved at 16:38:42, on 2006-10-23<br />Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)<br />MSIE: Internet Explorer v7.00 (7.00.5700.0006)</p><p>Running processes:<br />C:\WINDOWS\System32\smss.exe<br />C:\WINDOWS\system32\winlogon.exe<br />C:\WINDOWS\system32\services.exe<br />C:\WINDOWS\system32\lsass.exe<br />E:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe<br />C:\WINDOWS\system32\svchost.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\WINDOWS\system32\spoolsv.exe<br />E:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe<br />e:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe<br />e:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe<br />C:\WINDOWS\system32\cisvc.exe<br />C:\WINDOWS\system32\inetsrv\inetinfo.exe<br />C:\WINDOWS\system32\nvsvc32.exe<br />C:\WINDOWS\system32\WgaTray.exe<br />C:\WINDOWS\Explorer.EXE<br />C:\WINDOWS\SOUNDMAN.EXE<br />C:\WINDOWS\autoclk.exe<br />C:\PROGRA~1\Wanadoo\TaskbarIcon.exe<br />E:\Program Files\DAEMON Tools\daemon.exe<br />E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe<br />E:\Program Files\DAP\DAP.EXE<br />C:\WINDOWS\system32\RUNDLL32.EXE<br />E:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe<br />E:\Program Files\AutoConnect\AutoConnect.exe<br />C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe<br />E:\Program Files\Tweak-XP Pro 3\AdBlocker.exe<br />E:\Program Files\BitComet\BitComet.exe<br />C:\WINDOWS\system32\ctfmon.exe<br />C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe<br />C:\Program Files\SAGEM\SAGEM <a href="mailto:F@st">F@st</a> 800-840\dslmon.exe<br />C:\WINDOWS\system32\cidaemon.exe<br />C:\WINDOWS\system32\cidaemon.exe<br />C:\WINDOWS\system32\cidaemon.exe<br />C:\WINDOWS\system32\taskmgr.exe<br />C:\Program Files\Internet Explorer\iexplore.exe<br />C:\WINDOWS\system32\wuauclt.exe<br />C:\WINDOWS\system32\wscntfy.exe<br />C:\WINDOWS\system32\cmd.exe<br />C:\WINDOWS\system32\notepad.exe<br />C:\Documents and Settings\admin\Pulpit\HijackThis.exe</p><p>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=54729">http://go.microsoft.com/fwlink/?LinkId=54729</a><br />R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=54896">http://go.microsoft.com/fwlink/?LinkId=54896</a><br />R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://go.microsoft.com/fwlink/?LinkId=54896">http://go.microsoft.com/fwlink/?LinkId=54896</a><br />R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID">http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID</a>}<br />R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie<br />R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza<br />O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll<br />O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll<br />O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll<br />O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll<br />O2 - BHO: {92E1B3F7-0546-421E-9835-904D25B7BA66} - {C4F147D7-BF25-488E-A12B-EFD43E7029BF} - C:\WINDOWS\system32\winvbie.dll (file missing)<br />O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll<br />O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"<br />O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE<br />O4 - HKLM\..\Run: [autoclk] autoclk.exe<br />O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe<br />O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe<br />O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup<br />O4 - HKLM\..\Run: [nwiz] nwiz.exe /install<br />O4 - HKLM\..\Run: [DAEMON Tools] "e:\Program Files\DAEMON Tools\daemon.exe" -lang 1033<br />O4 - HKLM\..\Run: [AVG7_CC] e:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP<br />O4 - HKLM\..\Run: [DownloadAccelerator] "E:\Program Files\DAP\DAP.EXE" /STARTUP<br />O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp<br />O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit<br />O4 - HKLM\..\Run: [Ashampoo FireWall] "E:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY<br />O4 - HKCU\..\Run: [AutoConnect] E:\Program Files\AutoConnect\AutoConnect.exe<br />O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Program Files\Gadu-Gadu\gg.exe" /tray<br />O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"<br />O4 - HKCU\..\Run: [BlockAds] "E:\Program Files\Tweak-XP Pro 3\AdBlocker.exe"<br />O4 - HKCU\..\Run: [BitComet] "E:\Program Files\BitComet\BitComet.exe"<br />O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe<br />O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"<br />O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe<br />O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM <a href="mailto:F@st">F@st</a> 800-840\dslmon.exe<br />O8 - Extra context menu item: &Clean Traces - E:\Program Files\DAP\Privacy Package\dapcleanerie.htm<br />O8 - Extra context menu item: &Download with &DAP - E:\Program Files\DAP\dapextie.htm<br />O8 - Extra context menu item: &Search - <a href="http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm185YYPL">http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm185YYPL</a><br />O8 - Extra context menu item: Download &all with DAP - E:\Program Files\DAP\dapextie2.htm<br />O8 - Extra context menu item: Pasek Narzędzi RoboForm - <a>file://C:\Program</a> Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html<br />O8 - Extra context menu item: Personalizuj Menu - <a>file://C:\Program</a> Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html<br />O8 - Extra context menu item: Wypełnij Pola - <a>file://C:\Program</a> Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html<br />O8 - Extra context menu item: Zapisz Pola - <a>file://C:\Program</a> Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html<br />O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll<br />O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll<br />O9 - Extra button: Wypełnij pola - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - <a>file://C:\Program</a> Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html<br />O9 - Extra 'Tools' menuitem: Wypełnij Pola - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - <a>file://C:\Program</a> Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html<br />O9 - Extra button: Zapisz - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - <a>file://C:\Program</a> Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html<br />O9 - Extra 'Tools' menuitem: Zapisz Pola - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - <a>file://C:\Program</a> Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html<br />O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - <a>file://C:\Program</a> Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html<br />O9 - Extra 'Tools' menuitem: Pasek Narzędzi RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - <a>file://C:\Program</a> Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html<br />O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL<br />O10 - Unknown file in Winsock LSP: e:\program files\ashampoo\ashampoo firewall\spi.dll<br />O10 - Unknown file in Winsock LSP: e:\program files\ashampoo\ashampoo firewall\spi.dll<br />O10 - Unknown file in Winsock LSP: e:\program files\ashampoo\ashampoo firewall\spi.dll<br />O10 - Unknown file in Winsock LSP: e:\program files\ashampoo\ashampoo firewall\spi.dll<br />O10 - Unknown file in Winsock LSP: e:\program files\ashampoo\ashampoo firewall\spi.dll<br />O10 - Unknown file in Winsock LSP: e:\program files\ashampoo\ashampoo firewall\spi.dll<br />O11 - Options group: [INTERNATIONAL] International*<br />O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - <a href="http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.15.cab">http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.15.cab</a><br />O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - <a href="http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab">http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab</a><br />O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - <a href="https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab">https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab</a><br />O17 - HKLM\System\CCS\Services\Tcpip\..\{AEC60A3B-099C-4B58-8D2F-7B33DA49FAB1}: NameServer = 194.204.152.34 217.98.63.164<br />O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL<br />O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll<br />O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL<br />O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL<br />O20 - Winlogon Notify: WBSrv - E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll<br />O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll<br />O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll<br />O23 - Service: AshampooDefragService - - E:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe<br />O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - e:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe<br />O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - e:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe<br />O23 - Service: InCD Helper (InCDsrv) - Nero AG - E:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe<br />O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe<br />O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe<br />O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)</p><p> </p>
no clues?
<BLOCKQUOTE><div><img src="http://portal.centrumxp.pl/Themes/default/images/icon-quote.gif"> <strong>traktor90:</strong></div><div>O2 - BHO: {92E1B3F7-0546-421E-9835-904D25B7BA66} - {C4F147D7-BF25-488E-A12B-EFD43E7029BF} - C:\WINDOWS\system32\winvbie.dll (file missing)</div></BLOCKQUOTE>Tego sie pozbadz. Pliku rowniez poszukaj na dysku.<br /><br />Po coz Ci WinPcap - sniffer ?<br />
Pliku winvbie.dll nie ma na moim dysku. Czyli w c:\windows\system32 też.