svchost connects to multiple machines on port 2800 ??

  • Thread starter Thread starter Gunnar
  • Start date Start date
G

Gunnar

PID 1148 (svchost) in the list below attempts to connect to port 2800 on
multiple machines in the world. Continuous traffic of about 30kbit/s.What
service should I stop and how ?
The outgoing connections are made from random ports on my machine.


Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Owner.PRESARIO>tasklist /svc

Image Name PID Services
========================= ======
=============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 504 N/A
csrss.exe 716 N/A
winlogon.exe 740 N/A
services.exe 784 Eventlog, PlugPlay
lsass.exe 796 PolicyAgent, ProtectedStorage, SamSs
ati2evxx.exe 972 Ati HotKey Poller
svchost.exe 988 DcomLaunch, TermService
svchost.exe 1076 RpcSs
svchost.exe 1148 6to4, AudioSrv, BITS, CryptSvc, Dhcp,
ERSvc,
EventSystem,
FastUserSwitchingCompatibility,
helpsvc, Iprip, lanmanworkstation, Netman,
Nla, RasMan, Schedule, SENS, SharedAccess,
ShellHWDetection, srservice, TapiSrv,
Themes, TrkWks, W32Time, winmgmt, wscsvc,
wuauserv, WZCSVC
InCDsrv.exe 1172 InCDsrv
svchost.exe 1304 Dnscache
spoolsv.exe 1512 Spooler
svchost.exe 1592 Alerter, SSDPSRV, WebClient
svchost.exe 1656 BthServ
CCSETMGR.EXE 1892 ccSetMgr
cisvc.exe 1904 cisvc
CTSVCCDA.EXE 1960 Creative Service for CDROM Access
NAVAPSVC.EXE 2024 navapsvc
NISUM.EXE 204 NISUM
NPROTECT.EXE 236 NProtectService
snmp.exe 420 SNMP
NOPDB.exe 432 Speed Disk service
svchost.exe 560 stisvc
symlcsvc.exe 580 Symantec Core LC
wdfmgr.exe 608 UMWdf
MsPMSPSv.exe 656 WMDM PMSP Service
CCEVTMGR.EXE 696 ccEvtMgr
symwsc.exe 1028 SymWSC
CCPXYSVC.EXE 1748 ccPxySvc
SAVSCAN.EXE 2068 SAVScan
ati2evxx.exe 2452 N/A
explorer.exe 2564 N/A
hpsysdrv.exe 3004 N/A
shwicon.exe 3052 N/A
kbd.exe 3060 N/A
cthelper.exe 3236 N/A
atiptaxx.exe 3264 N/A
hpztsb07.exe 3380 N/A
CCAPP.EXE 3400 N/A
DUMeter.exe 3448 N/A
daemon.exe 3512 N/A
DVDTray.exe 3528 N/A
winampa.exe 3572 N/A
rundll32.exe 3800 N/A
svchost.exe 3992 HTTPFilter
InCD.exe 4048 N/A
realsched.exe 312 N/A
ctfmon.exe 864 N/A
RCScheduler.exe 1044 N/A
ReplayRadio.exe 3128 N/A
BTTray.exe 2952 N/A
G6FTPSrv.exe 2968 N/A
BTStackServer.exe 3616 N/A
Ymsgr_tray.exe 308 N/A
cidaemon.exe 480 N/A
taskmgr.exe 4008 N/A
NMain.exe 3284 N/A
PrcView.exe 2180 N/A
Skype.exe 160 N/A
IP_TOOLS.EXE 284 N/A
iexplore.exe 212 N/A
emule.exe 2844 N/A
notepad.exe 3680 N/A
SYMMONI.EXE 4776 N/A
msnmsgr.exe 4532 N/A
Capsa.exe 1412 N/A
msmsgs.exe 2248 N/A
cmd.exe 4296 N/A
tasklist.exe 4668 N/A
wmiprvse.exe 5692 N/A

C:\Documents and Settings\Owner.PRESARIO>
 
There isn't a service you can kill to stop it. It's hooked to svchost.exe
which is a system service and will stop Windows if you kill it.

The solution is to first get the process that is running out of the startup
programs. Try running msconfig and shutting off all startup items. Then scan
your system with an up-to-date antivirus and anti-spyware application.

Alternately, you can boot in Safe Mode and run the scans from there, but
some scanners won't operate in Safe Mode.

For a free virus scan and cleanup try Trend Micro's SysClean utility which
can be downloaded at http://www.trendmicro.com/download/dcs.asp. Download the
..COM file and the latest pattern from Trend. Copy both to a temp folder on
your hard drive. Boot in safe mode (power on computer, press F8 before the
Windows screen comes up and select Safe Mode from the menu) and run
sysclean.com from the command line.

The best choices for anti-spyware IMHO are AdAware at www.lavasoftusa.com
and Spybot Search& Destroy at www.safer-networking.org.

Good Luck.

Gunnar said:
PID 1148 (svchost) in the list below attempts to connect to port 2800 on
multiple machines in the world. Continuous traffic of about 30kbit/s.What
service should I stop and how ?
The outgoing connections are made from random ports on my machine.


Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Owner.PRESARIO>tasklist /svc

Image Name PID Services
========================= ======
=============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 504 N/A
csrss.exe 716 N/A
winlogon.exe 740 N/A
services.exe 784 Eventlog, PlugPlay
lsass.exe 796 PolicyAgent, ProtectedStorage, SamSs
ati2evxx.exe 972 Ati HotKey Poller
svchost.exe 988 DcomLaunch, TermService
svchost.exe 1076 RpcSs
svchost.exe 1148 6to4, AudioSrv, BITS, CryptSvc, Dhcp,
ERSvc,
EventSystem,
FastUserSwitchingCompatibility,
helpsvc, Iprip, lanmanworkstation, Netman,
Nla, RasMan, Schedule, SENS, SharedAccess,
ShellHWDetection, srservice, TapiSrv,
Themes, TrkWks, W32Time, winmgmt, wscsvc,
wuauserv, WZCSVC
InCDsrv.exe 1172 InCDsrv
svchost.exe 1304 Dnscache
spoolsv.exe 1512 Spooler
svchost.exe 1592 Alerter, SSDPSRV, WebClient
svchost.exe 1656 BthServ
CCSETMGR.EXE 1892 ccSetMgr
cisvc.exe 1904 cisvc
CTSVCCDA.EXE 1960 Creative Service for CDROM Access
NAVAPSVC.EXE 2024 navapsvc
NISUM.EXE 204 NISUM
NPROTECT.EXE 236 NProtectService
snmp.exe 420 SNMP
NOPDB.exe 432 Speed Disk service
svchost.exe 560 stisvc
symlcsvc.exe 580 Symantec Core LC
wdfmgr.exe 608 UMWdf
MsPMSPSv.exe 656 WMDM PMSP Service
CCEVTMGR.EXE 696 ccEvtMgr
symwsc.exe 1028 SymWSC
CCPXYSVC.EXE 1748 ccPxySvc
SAVSCAN.EXE 2068 SAVScan
ati2evxx.exe 2452 N/A
explorer.exe 2564 N/A
hpsysdrv.exe 3004 N/A
shwicon.exe 3052 N/A
kbd.exe 3060 N/A
cthelper.exe 3236 N/A
atiptaxx.exe 3264 N/A
hpztsb07.exe 3380 N/A
CCAPP.EXE 3400 N/A
DUMeter.exe 3448 N/A
daemon.exe 3512 N/A
DVDTray.exe 3528 N/A
winampa.exe 3572 N/A
rundll32.exe 3800 N/A
svchost.exe 3992 HTTPFilter
InCD.exe 4048 N/A
realsched.exe 312 N/A
ctfmon.exe 864 N/A
RCScheduler.exe 1044 N/A
ReplayRadio.exe 3128 N/A
BTTray.exe 2952 N/A
G6FTPSrv.exe 2968 N/A
BTStackServer.exe 3616 N/A
Ymsgr_tray.exe 308 N/A
cidaemon.exe 480 N/A
taskmgr.exe 4008 N/A
NMain.exe 3284 N/A
PrcView.exe 2180 N/A
Skype.exe 160 N/A
IP_TOOLS.EXE 284 N/A
iexplore.exe 212 N/A
emule.exe 2844 N/A
notepad.exe 3680 N/A
SYMMONI.EXE 4776 N/A
msnmsgr.exe 4532 N/A
Capsa.exe 1412 N/A
msmsgs.exe 2248 N/A
cmd.exe 4296 N/A
tasklist.exe 4668 N/A
wmiprvse.exe 5692 N/A

C:\Documents and Settings\Owner.PRESARIO>
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

svchost.exe Application Error 3
svchost processes --- OK, but 5 of them? using 30 Mb of RAM?, listening on multiple UDP ports? 1

Back
Top