problem z mdms.exe
Mam problem z paskiem zadan. Co jakis czas znika na chwile. Przepatrzylem kilka forow i podejrzewam, ze to przez mdms.exe. Jednak stosowanie sie do podanych tam zalecen nic nie dalo :(
Oto moj log z HiJacka:
Logfile of HijackThis v1.99.1
Scan saved at 19:25:41, on 2005–11–24
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett–Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Hewlett–Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\GFI\LANguard Network Security Scanner 3\sscansvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
g:\Overnet\overnet.exe
g:\Opera\Opera.exe
C:\WINDOWS\System32\mdms.exe
C:\WINDOWS\explorer.exe
D:\programy\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – G:\FlashGet\jccatch.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – G:\FlashGet\fgiebar.dll
O4 – HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett–Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 – HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett–Packard\Toolbox2.0\hpbpsttp.exe
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 – HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 – Extra context menu item: Add to &Teleport – C:\Program Files\Teleport Pro\teleport.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://G:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – g:\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – g:\FlashGet\jc_all.htm
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – G:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – G:\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – G:\FlashGet\flashget.exe
O16 – DPF: {92ECE6FA–AC2E–4042–BFAE–0C8608E52A43} (SignActivX Control) – https://www.bph.pl/pi/components/SignActivX.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: GFI LANguard N.S.S. Scheduled Scans Service (lnss_sscans) – GFI Software Ltd. – C:\Program Files\GFI\LANguard Network Security Scanner 3\sscansvc.exe
O23 – Service: O&O Defrag – O&O Software GmbH – C:\WINDOWS\System32\oodag.exe
Pomozecie?
Oto moj log z HiJacka:
Logfile of HijackThis v1.99.1
Scan saved at 19:25:41, on 2005–11–24
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett–Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Hewlett–Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\GFI\LANguard Network Security Scanner 3\sscansvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
g:\Overnet\overnet.exe
g:\Opera\Opera.exe
C:\WINDOWS\System32\mdms.exe
C:\WINDOWS\explorer.exe
D:\programy\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – G:\FlashGet\jccatch.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – G:\FlashGet\fgiebar.dll
O4 – HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett–Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 – HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett–Packard\Toolbox2.0\hpbpsttp.exe
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 – HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 – Extra context menu item: Add to &Teleport – C:\Program Files\Teleport Pro\teleport.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://G:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – g:\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – g:\FlashGet\jc_all.htm
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – G:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – G:\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – G:\FlashGet\flashget.exe
O16 – DPF: {92ECE6FA–AC2E–4042–BFAE–0C8608E52A43} (SignActivX Control) – https://www.bph.pl/pi/components/SignActivX.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: GFI LANguard N.S.S. Scheduled Scans Service (lnss_sscans) – GFI Software Ltd. – C:\Program Files\GFI\LANguard Network Security Scanner 3\sscansvc.exe
O23 – Service: O&O Defrag – O&O Software GmbH – C:\WINDOWS\System32\oodag.exe
Pomozecie?
Odpowiedzi: 3
Jest jeszcze plik winacpi.dll oraz wejscia w rejestrze m.i. w *\shellex\ContextMenuHandlers
Fix znajdziesz na forum.
Tak w ogóle to temat do bezpieczeństwa leci.
Fix znajdziesz na forum.
Tak w ogóle to temat do bezpieczeństwa leci.
Jak tak zrobie, to pomaga tylko na kilka godzin. Jak skasuje mdms.exe killboxem to tez :/
Zabijasz proces C:\WINDOWS\System32\mdms.exe za pomocą Menadźera zadań, Plik odnajdujesz na dysku i usuwasz go. Wpis
zaznaczasz w Hijacku i dajesz Fix.O4 – HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
Strona 1 / 1