Problem z firewallem i dostępem do netu


(Bionicman) #1

Zainstalowałem dzisiaj outpost firewall. Ustawiłem przeglądarki na regułę browser. Wszystko działało tylko przez kilka minut bo potem outpost zablokował mi całkowicie dostęp do netu. Ustawiłem więc aby przepuszczał wszystko ale to nic nie dało. Wyłączyłem outposta całkowicie ale było bez zmian, dopiero usunięcie go pomogło. To samo jest z sygate. Proszę o pomoc bo nie znam się na tym a bez żadnej ochrony niebezpiecznie jest surfować.


(Ideolog) #2

Zamiast outpost firewall proponuje Zone Alarm, jest znacznie lepszy od tego twojego i nie ma tam takich problemów

Pozdrawiam :smiley:


(Bionicman) #3

Spróbuje więc Zone Alarm ale chciałbym wiedzieć co jest powodem problemów z tym blokowaniem netu.


(kwasior) #4

Zamiast outposta proponuje zainstalować Kerio Personal Firewall, którego można pobrać np.stąd:http://www.dobreprogramy.pl/index.php?dz=2&t=84&id=611.Jest on za free, a dotego łatwy w obsłudze! :slight_smile:

Pozdrawiam


(Bionicman) #5

Dzięki :slight_smile: Spróbuje obydwa. Mam jeszcze inne pytanie. Sygate ciągle komunikował mi, że zablokował próbę dostępu jądra do netu. Co to oznacza? I jeszcze jedno, w dokładnym widoku procesów sygate pokazywał mi pełno procesów mozilli ff 2.0 o nazwach td-postman, cma-cobra, optima-vivet i podobne. Wyczytałem tylko, że są to porty ale czy nie powinny być zamknietę?


(Joan Sunshine) #6

Użyj narzędzia WWDC, zmień znaczki z Disable na Enable i zresetuj sysa > zamknie porty przed robakami.

Wklej dla pewności logi według tego: http://forum.dobreprogramy.pl/viewtopic.php?t=36654 :slight_smile:


(Bionicman) #7

Pozamykałem, zresetowałem, zainstalowałem F-Secure z dobreprogramy i ten wbudowany firewall chodzi nieźle(jak narazie). A oto logi:

HijackThis:

Logfile of HijackThis v1.99.1

Scan saved at 12:57:43, on 2006-12-16

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\CTHELPER.EXE

D:\DAP\DAP.EXE

D:\F-Secure\Common\FSM32.EXE

C:\WINDOWS\system32\ctfmon.exe

D:\Spybot - Search & Destroy\TeaTimer.exe

D:\Tlen.pl\tlen.exe

D:\F-Secure\Anti-Virus\fsgk32st.exe

D:\F-Secure\Common\FSMA32.EXE

D:\F-Secure\Anti-Virus\FSGK32.EXE

C:\WINDOWS\system32\nvsvc32.exe

D:\F-Secure\Common\FSMB32.EXE

D:\F-Secure\Common\FCH32.EXE

D:\F-Secure\Anti-Virus\fssm32.exe

D:\F-Secure\Anti-Virus\fsqh.exe

D:\F-Secure\Common\FAMEH32.EXE

D:\F-Secure\FSAUA\program\fsaua.exe

D:\F-Secure\FWES\Program\fsdfwd.exe

D:\F-Secure\Anti-Virus\fsav32.exe

D:\F-Secure\FSGUI\fsguidll.exe

C:\Program Files\Mozilla Firefox\firefox.exe

D:\download\narzedzia\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\DAP\dapbho.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BitComet\tools\BitCometBHO.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [DownloadAccelerator] "D:\DAP\DAP.EXE" /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [F-Secure Manager] "D:\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "D:\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Komunikator] D:\Tlen.pl\tlen.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Clean Traces - D:\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - D:\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - D:\DAP\dapextie2.htm

O8 - Extra context menu item: Download all links using BitComet - res://D:\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://D:\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://D:\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: d:\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: d:\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: d:\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: d:\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: d:\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: d:\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: d:\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: d:\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: d:\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: d:\f-secure\fsps\program\fslsp.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163684421883

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\F-Secure\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\F-Secure\Common\FSMA32.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

SilentRunners:

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"SpybotSD TeaTimer" = "D:\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]

"Komunikator" = "D:\Tlen.pl\tlen.exe" ["o2.pl Sp. z o.o."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]

"WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"]

"Jet Detection" = ""C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"" [empty string]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"DownloadAccelerator" = ""D:\DAP\DAP.EXE" /STARTUP" ["Speedbit Ltd."]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"F-Secure Manager" = ""D:\F-Secure\Common\FSM32.EXE" /splash" ["F-Secure Corporation"]

"F-Secure TNB" = ""D:\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW" ["F-Secure Corporation"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{0000CC75-ACF3-4cac-A0A9-DD3868E06852}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "DAPHelper Class"

                   \InProcServer32\(Default) = "D:\DAP\dapbho.dll" ["Speedbit Ltd."]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "D:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"

  -> {HKLM...CLSID} = "BitComet Helper"

                   \InProcServer32\(Default) = "D:\BitComet\tools\BitCometBHO.dll" ["BitComet"]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "D:\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {HKLM...CLSID} = "DesktopContext Class"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {HKLM...CLSID} = "NVIDIA CPL Extension"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {HKLM...CLSID} = "Desktop Explorer"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {HKLM...CLSID} = "nView Desktop Context Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{780BCB64-0CAF-473c-A9FC-E08C03D75515}" = "Matroska Shell Extension, Properties Page CLSID"

  -> {HKLM...CLSID} = "The Matroska Shell Extension, Prop Page CLSID"

                   \InProcServer32\(Default) = "C:\Matroska Pack\MSE\MatroskaProp.dll" [" "]

"{78DC191E-EFC1-4532-9A71-224577A86A7D}" = "Matroska Shell Extension, Thumbnail Handler CLSID"

  -> {HKLM...CLSID} = "The Matroska Shell Extension, Thumbnail Handler CLSID"

                   \InProcServer32\(Default) = "C:\Matroska Pack\MSE\MatroskaProp.dll" [" "]

"{794D04CA-70AC-4020-80EB-FFD59DEF8027}" = "Matroska Shell Extension, Tooltip Provider CLSID"

  -> {HKLM...CLSID} = "The Matroska Shell Extension, Tooltip Provider CLSID"

                   \InProcServer32\(Default) = "C:\Matroska Pack\MSE\MatroskaProp.dll" [" "]

"{789111D8-68A3-46a3-9663-145A3FF4C9C9}" = "Matroska Shell Extension, ContextMenu CLSID"

  -> {HKLM...CLSID} = "The Matroska Shell Extension, Context Menu CLSID"

                   \InProcServer32\(Default) = "C:\Matroska Pack\MSE\MatroskaProp.dll" [" "]

"{781395AF-A127-469f-A06F-59B482AF4F3F}" = "Matroska Shell Extension, Column Provider CLSID"

  -> {HKLM...CLSID} = "The Matroska Shell Extension, Column Provider CLSID"

                   \InProcServer32\(Default) = "C:\Matroska Pack\MSE\MatroskaProp.dll" [" "]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\WinRAR\rarext.dll" [null data]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

  -> {HKLM...CLSID} = "Microsoft Office Outlook"

                   \InProcServer32\(Default) = "D:\MICROS~1\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

                   \InProcServer32\(Default) = "D:\MICROS~1\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "D:\Microsoft Office\OFFICE11\msohev.dll" [MS]


HKLM\Software\Classes\PROTOCOLS\Filter\

<> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{781395AF-A127-469f-A06F-59B482AF4F3F}\(Default) = "The Matroska Shell Extension, Column Provider CLSID"

  -> {HKLM...CLSID} = "The Matroska Shell Extension, Column Provider CLSID"

                   \InProcServer32\(Default) = "C:\Matroska Pack\MSE\MatroskaProp.dll" [" "]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

  -> {HKLM...CLSID} = "PDF Shell Extension"

                   \InProcServer32\(Default) = "D:\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

DAP_Menu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"

  -> {HKLM...CLSID} = "DAPMenuShellExt Class"

                   \InProcServer32\(Default) = "D:\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]

DAP_ShredMenu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"

  -> {HKLM...CLSID} = "DAPMenuShellExt Class"

                   \InProcServer32\(Default) = "D:\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]

MatroskaContextMenu\(Default) = "{789111D8-68A3-46a3-9663-145A3FF4C9C9}"

  -> {HKLM...CLSID} = "The Matroska Shell Extension, Context Menu CLSID"

                   \InProcServer32\(Default) = "C:\Matroska Pack\MSE\MatroskaProp.dll" [" "]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

DAP_ShredMenu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"

  -> {HKLM...CLSID} = "DAPMenuShellExt Class"

                   \InProcServer32\(Default) = "D:\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\WinRAR\rarext.dll" [null data]



Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------


Note: detected settings may not have any effect.


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Daedalus\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Startup items in "Daedalus" & "All Users" startup folders:

----------------------------------------------------------


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Adobe Reader Speed Launch" -> shortcut to: "D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

D:\F-Secure\FSPS\program\FSLSP.DLL ["F-Secure Corporation"], 01 - 09, 21

%SystemRoot%\system32\mswsock.dll [MS], 10 - 12, 15 - 20

%SystemRoot%\system32\rsvpsp.dll [MS], 13 - 14



Toolbars, Explorer Bars, Extensions:

------------------------------------


Explorer Bars


HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\


HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "D:\MICROS~1\OFFICE11\REFIEBAR.DLL" [MS]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in 1.5.0_09"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_09"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."]


{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Badanie"


{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


F-Secure Anti-Virus Firewall Daemon, FSDFWD, ""D:\F-Secure\FWES\Program\fsdfwd.exe"" ["F-Secure Corporation"]

F-Secure Automatic Update Agent, FSAUA, ""D:\F-Secure\FSAUA\program\fsaua.exe"" ["F-Secure Corporation"]

F-Secure Management Agent, FSMA, ""D:\F-Secure\Common\FSMA32.EXE"" ["F-Secure Corporation"]

FSGKHS, F-Secure Gatekeeper Handler Starter, ""D:\F-Secure\Anti-Virus\fsgk32st.exe"" ["F-Secure Corporation"]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]



----------

<>: Suspicious data at a malware launch point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 74 seconds.

---------- (total run time: 320 seconds)

Jak na moje oko wszystko jest w porządku, ale jak już mówiłem nie znam się. Poza tym zauważyłem, że wysypuje mi się Generic Host Process for Win32 Servisec :? .

Pozdrawiam :slight_smile: .


(Joan Sunshine) #8

Logi ok, poczytaj tutaj > http://forum.dobreprogramy.pl/viewtopic.php?t=93075 :slight_smile:

Przeczyść rejestr – użyj do tego jv16 PowerTools 2006 1.5.2.344.

Pozatym przejrzyj: Lista zbędników w autostarcie oraz Optymalizacja XP.

Wejdź: Start > uruchom > msconfig i w zakładce „Uruchamianie” odznacz, niepotrzebne według Ciebie, programy w autostarcie. :slight_smile:


(Bionicman) #9

Dzięki, teraz chodzi dobrze :smiley: .

Pozdrawiam i dziękuje za pomoc :slight_smile: .