CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo Na co zezwalać zaporze ?

Na co zezwalać zaporze ?

Po zainstalowaniu zapory (Sygate Personal Firewall), zostałem zasypany pytaniami, czy zezwolić na komunikację internetową programom typu Gadu–Gadu, Tlen, eMule, itp. To oczywiste. Moje pytanie dotyczy dwóch procesów: Generic Host Process for Win32 Services i NDIS User mode I/O Driver. Co to za procesy i czy moźna zezwolić im na komunikację?

Odpowiedzi: 5

Dobrze, niech się proces łączy. Chociaź na razie internet śmiga, nie będę kusił losu. Trzeba ufać bardziej doświadczonym uźytkownikom :wink: (po to czytam to forum). Dzięki EL NINO, dzięki coyote_xp.
sebastian16
Dodano
02.05.2005 20:43:26
Skoro dostep radiowy, pozwol na dostep.
Jak gada M$
The NDIS User–mode I/O (NDISUIO) driver is a protocol driver that supports sending
and receiving Ethernet frames using ReadFile and WriteFile.
EL NINO
Dodano
02.05.2005 20:29:30
Po wyłączeniu NDIS User mode I/O Driver nie zauwaźyłem źadnych nieprawidłowości (na razie), jedynie na dysku C
pojawił się plik notatnika drwtsn32 o treści:

Microsoft (R) DrWtsn32
Copyright (C) 1985–2001 Microsoft Corp. Wszelkie prawa zastrzeźone.

Wystąpił wyjątek aplikacji:
Apl: C:\WINDOWS\System32\svchost.exe (pid=1156)
Kiedy: 2005–05–02 @ 16:07:51.468
Numer wyjątku: c0000005 (naruszenie praw dostępu)

*––––> Informacje o systemie
Nazwa komputera:
Nazwa uźytkownika: ŸŸ
Identyfikator sesji terminala: 0
Liczba procesorów: 1
Wersja systemu Windows: 5.1

*––––> Lista zadań
0 System Process
4 System
672 smss.exe
720 csrss.exe
744 winlogon.exe
788 services.exe
800 lsass.exe
1036 svchost.exe
1116 svchost.exe
1156 svchost.exe
1192 smc.exe
1364 svchost.exe
1404 svchost.exe
1968 kavmm.exe
548 alg.exe
604 wmiprvse.exe
3964 logonui.exe
1724 wuauclt.exe
528 drwtsn32.exe

*––––> Lista modułów
(0000000001000000 – 0000000001006000: C:\WINDOWS\System32\svchost.exe
(000000000ffd0000 – 000000000fff8000: C:\WINDOWS\System32\rsaenh.dll
(0000000020000000 – 00000000202d2000: C:\WINDOWS\System32\xpsp2res.dll
(000000004c0e0000 – 000000004c0f7000: c:\windows\system32\wscsvc.dll
(000000004cbd0000 – 000000004cbe0000: C:\WINDOWS\System32\xmlprovi.dll
(000000004d530000 – 000000004d588000: C:\WINDOWS\System32\WINHTTP.dll
(0000000050000000 – 0000000050005000: c:\windows\system32\wuauserv.dll
(0000000050040000 – 000000005014b000: C:\WINDOWS\system32\wuaueng.dll
(0000000050640000 – 000000005064c000: C:\WINDOWS\system32\wups.dll
(0000000057de0000 – 0000000057e16000: C:\WINDOWS\System32\unimdm.tsp
(0000000057e40000 – 0000000057e50000: C:\WINDOWS\System32\ndptsp.tsp
(0000000057e60000 – 0000000057e6b000: C:\WINDOWS\System32\kmddsp.tsp
(0000000057e70000 – 0000000057e78000: C:\WINDOWS\System32\ipconf.tsp
(0000000057e80000 – 0000000057e8a000: C:\WINDOWS\System32\hidphone.tsp
(0000000057e90000 – 0000000057ed6000: C:\WINDOWS\System32\h323.tsp
(0000000058e60000 – 0000000058e66000: C:\WINDOWS\System32\wshirda.dll
(0000000059410000 – 00000000595da000: C:\WINDOWS\AppPatch\AcGenral.DLL
(0000000059930000 – 000000005999d000: C:\WINDOWS\System32\wbem\wmiprvsd.dll
(000000005a840000 – 000000005a868000: c:\windows\system32\wbem\wmisvc.dll
(000000005b1d0000 – 000000005b208000: C:\WINDOWS\System32\UxTheme.dll
(000000005cfe0000 – 000000005d006000: C:\WINDOWS\System32\ShimEng.dll
(000000005d520000 – 000000005d5ba000: C:\WINDOWS\system32\comctl32.dll
(000000005fbd0000 – 000000005fbde000: C:\WINDOWS\System32\wbem\ncprov.dll
(000000005fc00000 – 000000005fc0c000: C:\WINDOWS\system32\NCObjAPI.DLL
(0000000060530000 – 000000006053b000: C:\WINDOWS\System32\mspatcha.dll
(0000000066410000 – 000000006641c000: c:\windows\system32\irmon.dll
(0000000066780000 – 00000000667d8000: C:\WINDOWS\System32\hnetcfg.dll
(0000000066940000 – 0000000066995000: c:\windows\system32\ipnathlp.dll
(0000000068100000 – 0000000068124000: C:\WINDOWS\System32\dssenh.dll
(0000000068df0000 – 0000000068df9000: C:\WINDOWS\System32\HID.DLL
(000000006f8f0000 – 000000006fa00000: c:\windows\system32\ESENT.dll
(000000006ff40000 – 000000006ff94000: C:\WINDOWS\system32\NETAPI32.dll
(0000000070e00000 – 0000000070e0d000: c:\windows\system32\audiosrv.dll
(00000000719f0000 – 0000000071a30000: C:\WINDOWS\system32\mswsock.dll
(0000000071a30000 – 0000000071a38000: C:\WINDOWS\System32\wshtcpip.dll
(0000000071a40000 – 0000000071a48000: c:\windows\system32\WS2HELP.dll
(0000000071a50000 – 0000000071a67000: c:\windows\system32\WS2_32.dll
(0000000071a70000 – 0000000071a7a000: C:\WINDOWS\system32\WSOCK32.dll
(0000000071ba0000 – 0000000071bb3000: C:\WINDOWS\System32\SAMLIB.dll
(0000000071ca0000 – 0000000071ceb000: C:\WINDOWS\system32\kerberos.dll
(0000000071fb0000 – 0000000071fb7000: C:\WINDOWS\System32\uniplat.dll
(00000000721f0000 – 0000000072225000: C:\WINDOWS\System32\rasppp.dll
(0000000072260000 – 0000000072265000: C:\WINDOWS\System32\SensApi.dll
(0000000072280000 – 000000007228d000: c:\windows\system32\sens.dll
(0000000072380000 – 000000007239c000: C:\WINDOWS\System32\WinSCard.dll
(0000000072410000 – 0000000072440000: c:\windows\system32\rasmans.dll
(0000000072440000 – 0000000072446000: C:\WINDOWS\System32\ntlsapi.dll
(0000000072f90000 – 0000000072fb6000: C:\WINDOWS\System32\WINSPOOL.DRV
(0000000072fc0000 – 0000000072fd0000: C:\WINDOWS\System32\WZCSAPI.DLL
(0000000073370000 – 00000000733af000: c:\windows\system32\tapisrv.dll
(0000000073cb0000 – 0000000073cb8000: c:\windows\system32\seclogon.dll
(0000000074310000 – 000000007431b000: c:\windows\system32\WINIPSEC.DLL
(00000000745e0000 – 00000000748a6000: c:\windows\system32\msi.dll
(0000000074930000 – 0000000074a60000: C:\WINDOWS\system32\MSXML3.DLL
(0000000074a80000 – 0000000074a88000: c:\windows\system32\POWRPROF.dll
(0000000074e80000 – 0000000074e8e000: C:\WINDOWS\System32\wbem\wbemsvc.dll
(0000000074eb0000 – 0000000074ebc000: C:\WINDOWS\System32\SSDPAPI.dll
(0000000074ef0000 – 0000000074efc000: c:\windows\pchealth\helpctr\binaries\pchsvc.dll
(0000000074f00000 – 0000000074f05000: C:\WINDOWS\System32\MSIDLE.DLL
(0000000074f30000 – 0000000074f39000: c:\windows\system32\ersvc.dll
(0000000074f40000 – 0000000074f49000: c:\windows\system32\dmserver.dll
(0000000074fd0000 – 0000000074fec000: C:\WINDOWS\System32\wbem\wmiutils.dll
(0000000075020000 – 0000000075039000: c:\windows\system32\trkwks.dll
(0000000075040000 – 000000007505a000: c:\windows\system32\srvsvc.dll
(0000000075060000 – 0000000075072000: C:\WINDOWS\System32\RESUTILS.DLL
(00000000750a0000 – 00000000750b3000: C:\WINDOWS\system32\MTXCLU.DLL
(00000000750e0000 – 00000000750f4000: C:\WINDOWS\system32\colbact.DLL
(0000000075100000 – 0000000075114000: C:\WINDOWS\System32\Cabinet.dll
(0000000075150000 – 000000007517e000: c:\windows\system32\srsvc.dll
(00000000751b0000 – 00000000751de000: C:\WINDOWS\System32\wbem\repdrvfs.dll
(0000000075210000 – 0000000075239000: C:\WINDOWS\System32\ADVPACK.dll
(0000000075240000 – 0000000075277000: C:\WINDOWS\System32\wbem\wbemcomn.dll
(00000000752c0000 – 00000000752ff000: C:\WINDOWS\SYSTEM32\WBEM\esscli.dll
(0000000075300000 – 0000000075333000: c:\windows\system32\certcli.dll
(0000000075340000 – 0000000075386000: C:\WINDOWS\System32\wbem\wbemess.dll
(0000000075390000 – 00000000753fd000: C:\WINDOWS\system32\VSSAPI.DLL
(0000000075500000 – 00000000755a8000: C:\WINDOWS\System32\RASDLG.dll
(00000000755b0000 – 000000007564c000: C:\WINDOWS\System32\netcfgx.dll
(0000000075650000 – 00000000756c6000: C:\WINDOWS\SYSTEM32\WBEM\FastProx.dll
(0000000075d70000 – 0000000075e01000: C:\WINDOWS\System32\mlang.dll
(0000000075e60000 – 0000000075f10000: C:\WINDOWS\System32\SXS.DLL
(0000000075f10000 – 0000000075f21000: C:\WINDOWS\System32\rastapi.dll
(0000000076050000 – 00000000760b5000: C:\WINDOWS\System32\MSVCP60.dll
(00000000760c0000 – 00000000761fa000: C:\WINDOWS\system32\comsvcs.dll
(0000000076330000 – 0000000076340000: C:\WINDOWS\System32\WINSTA.dll
(00000000763d0000 – 0000000076578000: c:\windows\system32\netshell.dll
(00000000765b0000 – 00000000765c3000: C:\WINDOWS\System32\cryptnet.dll
(0000000076650000 – 00000000766d5000: C:\WINDOWS\SYSTEM32\WBEM\wbemcore.dll
(0000000076760000 – 0000000076769000: C:\WINDOWS\System32\SHFOLDER.dll
(0000000076770000 – 000000007677c000: C:\WINDOWS\System32\cryptdll.dll
(0000000076780000 – 0000000076793000: c:\windows\system32\NTDSAPI.dll
(00000000767a0000 – 00000000767cd000: c:\windows\system32\w32time.dll
(00000000767d0000 – 00000000767f7000: C:\WINDOWS\System32\SCHANNEL.dll
(00000000768b0000 – 0000000076932000: C:\WINDOWS\system32\CRYPTUI.dll
(00000000769a0000 – 0000000076a54000: C:\WINDOWS\system32\USERENV.dll
(0000000076b00000 – 0000000076b11000: c:\windows\system32\ATL.DLL
(0000000076b20000 – 0000000076b4e000: C:\WINDOWS\System32\WINMM.dll
(0000000076b50000 – 0000000076b83000: c:\windows\system32\schedsvc.dll
(0000000076b90000 – 0000000076b95000: C:\WINDOWS\System32\sfc.dll
(0000000076bb0000 – 0000000076bcf000: C:\WINDOWS\System32\rastls.dll
(0000000076be0000 – 0000000076beb000: c:\windows\system32\PSAPI.DLL
(0000000076bf0000 – 0000000076c1e000: c:\windows\system32\credui.dll
(0000000076c20000 – 0000000076c4e000: C:\WINDOWS\system32\WINTRUST.dll
(0000000076c50000 – 0000000076c7a000: C:\WINDOWS\System32\sfc_os.dll
(0000000076c80000 – 0000000076ca8000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076cd0000 – 0000000076ce4000: C:\WINDOWS\System32\raschap.dll
(0000000076d00000 – 0000000076d12000: c:\windows\system32\cryptsvc.dll
(0000000076d20000 – 0000000076d24000: c:\windows\system32\WMI.dll
(0000000076d30000 – 0000000076d48000: C:\WINDOWS\System32\MPRAPI.dll
(0000000076d50000 – 0000000076d69000: c:\windows\system32\iphlpapi.dll
(0000000076d70000 – 0000000076d8e000: c:\windows\system32\dhcpcsvc.dll
(0000000076d90000 – 0000000076da1000: C:\WINDOWS\System32\CLUSAPI.DLL
(0000000076dd0000 – 0000000076df3000: C:\WINDOWS\System32\upnp.dll
(0000000076e00000 – 0000000076e25000: C:\WINDOWS\System32\adsldpc.dll
(0000000076e30000 – 0000000076e53000: c:\windows\system32\wkssvc.dll
(0000000076e70000 – 0000000076e7e000: c:\windows\system32\rtutils.dll
(0000000076e80000 – 0000000076e92000: C:\WINDOWS\System32\rasman.dll
(0000000076ea0000 – 0000000076ecf000: C:\WINDOWS\System32\TAPI32.dll
(0000000076ed0000 – 0000000076f0c000: C:\WINDOWS\System32\RASAPI32.dll
(0000000076f10000 – 0000000076f37000: c:\windows\system32\DNSAPI.dll
(0000000076f40000 – 0000000076f48000: c:\windows\system32\WTSAPI32.dll
(0000000076f50000 – 0000000076f7d000: C:\WINDOWS\system32\WLDAP32.dll
(0000000076fa0000 – 0000000076fa8000: C:\WINDOWS\System32\winrnr.dll
(0000000076fb0000 – 0000000076fb6000: C:\WINDOWS\System32\rasadhlp.dll
(0000000076fc0000 – 000000007703f000: C:\WINDOWS\System32\CLBCATQ.DLL
(0000000077040000 – 000000007710d000: C:\WINDOWS\System32\COMRes.dll
(0000000077110000 – 000000007719c000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000771a0000 – 0000000077247000: C:\WINDOWS\system32\WININET.dll
(0000000077310000 – 0000000077325000: c:\windows\system32\browser.dll
(00000000773c0000 – 00000000774c3000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common–Controls_6595b64144ccf1df_6.0.2600.2527_x–ww_aa415c8a\comctl32.dll
(00000000774d0000 – 000000007760d000: C:\WINDOWS\system32\ole32.dll
(0000000077610000 – 000000007767e000: c:\windows\system32\wzcsvc.dll
(0000000077680000 – 00000000776a1000: C:\WINDOWS\System32\NTMARTA.DLL
(00000000776b0000 – 00000000776c1000: c:\windows\system32\AUTHZ.dll
(00000000776d0000 – 00000000776f4000: c:\windows\system32\shsvcs.dll
(0000000077700000 – 0000000077741000: c:\windows\system32\es.dll
(0000000077910000 – 0000000077a06000: C:\WINDOWS\System32\SETUPAPI.dll
(0000000077a70000 – 0000000077b05000: C:\WINDOWS\system32\CRYPT32.dll
(0000000077b10000 – 0000000077b22000: C:\WINDOWS\system32\MSASN1.dll
(0000000077b30000 – 0000000077b52000: C:\WINDOWS\system32\Apphelp.dll
(0000000077bd0000 – 0000000077be5000: C:\WINDOWS\System32\MSACM32.dll
(0000000077bf0000 – 0000000077bf8000: C:\WINDOWS\system32\VERSION.dll
(0000000077c00000 – 0000000077c58000: C:\WINDOWS\system32\msvcrt.dll
(0000000077c60000 – 0000000077c83000: C:\WINDOWS\system32\msv1_0.dll
(0000000077cb0000 – 0000000077ce2000: C:\WINDOWS\System32\ACTIVEDS.dll
(0000000077cf0000 – 0000000077d23000: c:\windows\system32\netman.dll
(0000000077d30000 – 0000000077dc0000: C:\WINDOWS\system32\USER32.dll
(0000000077dc0000 – 0000000077e6c000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e70000 – 0000000077f01000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077f10000 – 0000000077f56000: C:\WINDOWS\system32\GDI32.dll
(0000000077f60000 – 0000000077fd6000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000077fe0000 – 0000000077ff1000: c:\windows\system32\Secur32.dll
(000000007c800000 – 000000007c8fb000: C:\WINDOWS\system32\kernel32.dll
(000000007c900000 – 000000007c9b2000: C:\WINDOWS\system32\ntdll.dll
(000000007c9c0000 – 000000007d1db000: C:\WINDOWS\system32\SHELL32.dll

*––––> Zrzut stanu dla wątku o identyfikatorze 0x7c0

eax=00000000 ebx=00000000 ecx=0134fef8 edx=7c90eb94 esi=00000001 edi=00000000
eip=77fe4b05 esp=0134fee0 ebp=0134fee8 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

*** ERROR: Symbol file could not be found. Defaulted to export symbols for c:\windows\system32\Secur32.dll –
funkcja: Secur32!LsaRegisterPolicyChangeNotification
Error 0x80070057
BŁĄD –>77fe4b05 ff152c8d45fc call dword ptr [fc458d2c] ds:0023:fc458d2c=????????
Error 0x80070057

*––––> Wsteczne śledzenie stosu
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\NETAPI32.dll –
*** ERROR: Symbol file could not be found. Defaulted to export symbols for c:\windows\system32\srvsvc.dll –
*** ERROR: Module load completed but symbols could not be loaded for C:\WINDOWS\System32\svchost.exe
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ADVAPI32.dll –
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll –
ChildEBP RetAddr Args to Child
0134fee8 77fea1ea 00000000 00000000 000006d0 Secur32!LsaRegisterPolicyChangeNotification+0x30
0134ff00 6ff5e11c 00000004 000006d0 00000001 Secur32!LsaUnregisterPolicyChangeNotification+0x1f
0134ff14 75050633 000006d0 00000000 00000000 NETAPI32!NetUnregisterDomainNameChangeNotification+0x1b
0134ff28 7504ccbc 00099cd8 000de11c 00000000 srvsvc+0x10633
0134ff6c 010011cc 00000000 000de118 00000000 srvsvc+0xccbc
0134ffa0 77ddb48b 00000001 000de118 0007e898 svchost+0x11cc
0134ffb4 7c80b50b 000de110 00000000 0007e898 ADVAPI32!CryptVerifySignatureW+0x29
0134ffec 00000000 77ddb479 000de110 00000000 kernel32!GetModuleFileNameA+0x1b4

*––––> Zrzut stosu
000000000134fee0 00 00 00 00 ff ff ff ff – 00 ff 34 01 ea a1 fe 77 ..........4....w
000000000134fef0 00 00 00 00 00 00 00 00 – d0 06 00 00 04 00 00 00 ................
000000000134ff00 14 ff 34 01 1c e1 f5 6f – 04 00 00 00 d0 06 00 00 ..4....o........
000000000134ff10 01 00 00 00 28 ff 34 01 – 33 06 05 75 d0 06 00 00 ....(.4.3..u....
000000000134ff20 00 00 00 00 00 00 00 00 – 6c ff 34 01 bc cc 04 75 ........l.4....u
000000000134ff30 d8 9c 09 00 1c e1 0d 00 – 00 00 00 00 18 00 00 00 ................
000000000134ff40 00 00 00 00 54 ff 34 01 – 00 00 00 00 00 00 00 00 ....T.4.........
000000000134ff50 00 00 00 00 28 00 2a 00 – a0 58 04 75 80 2e 0f f7 ....(.*..X.u....
000000000134ff60 ff ff ff ff c8 06 00 00 – 6b 11 00 01 a0 ff 34 01 ........k.....4.
000000000134ff70 cc 11 00 01 00 00 00 00 – 18 e1 0d 00 00 00 00 00 ................
000000000134ff80 10 e1 0d 00 10 e1 0d 00 – 00 00 00 00 00 00 00 00 ................
000000000134ff90 00 00 00 00 18 01 00 00 – 59 56 04 75 6a a5 04 75 ........YV.uj..u
000000000134ffa0 b4 ff 34 01 8b b4 dd 77 – 01 00 00 00 18 e1 0d 00 ..4....w........
000000000134ffb0 98 e8 07 00 ec ff 34 01 – 0b b5 80 7c 10 e1 0d 00 ......4....|....
000000000134ffc0 00 00 00 00 98 e8 07 00 – 10 e1 0d 00 00 00 fa 7f ................
000000000134ffd0 05 00 00 c0 c0 ff 34 01 – 04 fb 34 01 ff ff ff ff ......4...4.....
000000000134ffe0 f3 99 83 7c 18 b5 80 7c – 00 00 00 00 00 00 00 00 ...|...|........
000000000134fff0 00 00 00 00 79 b4 dd 77 – 10 e1 0d 00 00 00 00 00 ....y..w........
0000000001350000 00 08 00 00 01 00 00 00 – 00 00 00 00 08 00 00 00 ................
0000000001350010 00 00 00 00 00 00 00 00 – 00 00 00 00 00 00 00 00 ................

Czas się zgadza. Dostęp do internetu mam drogą radiową. Moźe ma to jakiś związek?
sebastian16
Dodano
02.05.2005 19:55:43
Jesli nie uzywasz karty wi–fi, mozesz smialo wylaczyc dostep dla NDIS User mode I/O Driver. Natomiast Generic Host Process for Win32 Services dopusc.
EL NINO
Dodano
02.05.2005 19:45:12
przepuść obydwa
update
coś jeśli chodzi o ten drugi to chyba nie jest to konieczne,wiec moźesz spróbować najpierw bez niego
maq123
Dodano
02.05.2005 16:42:40
sebastian16
Dodano:
02.05.2005 16:18:23
Komentarzy:
5
Strona 1 / 1