PC Ekspert Forum - Cudna pojava kod startup-a

PC Ekspert Forum (https://forum.pcekspert.com/index.php)

- Softverski problemi (https://forum.pcekspert.com/forumdisplay.php?f=42)

- - Cudna pojava kod startup-a (https://forum.pcekspert.com/showthread.php?t=131012)

VulcanRaven

19.12.2008. 16:09

Cudna pojava kod startup-a

Svaki put kad ukljucim komp pojavi mi su ovo dubre sa slike,izbaci error da mi komp ne moze naci taj dll, a neces ti dll-a. kguljsxd.dll

http://img.w3dizajn.net/images/debilanamzaw_thumb.jpg

Ja to uredno iskljucim i izbrisem u Tuneup-u,procesljam komp sa spybotom i nod-om i opet se dubre pojavljuje kod ponovnog startup-a,i opet ga mogu vidjet u tuneup-u kao da ga nisam uklonio uopce,a ocito nisam.Koliko vidim,a slika prikazuje to,on trazi taj neki dll koji uopce ne postoji u sistem32...

Inace,komp se normalno ponasa kad ja stisnem ok i nastavim rad,ali nervira cinjenica da mi je komp zarazen...pa da ne privuce jos gamadi na sebe...

hvala...:chears:

Joke	19.12.2008. 22:12

Provrti hijack this pa postaj log na forum ili ga tu chekiraj http://www.hijackthis.de/

VulcanRaven

20.12.2008. 13:58

StartupList report, 20.12.2008, 13:54:56
StartupList version: 1.52.2
Started from : C:\Documents and Settings\MediaCentar\Desktop\HiJackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.20583)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
E:\Program Files\CursorXP\CursorXP.exe
F:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
e:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Stardock\ObjectDock\ObjectDock.exe
E:\Program Files\Opera 9\Opera.exe
C:\Documents and Settings\MediaCentar\Desktop\HiJackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

RTHDCPL = RTHDCPL.EXE
Logitech Hardware Abstraction Layer = KHALMNPR.EXE
Kernel and Hardware Abstraction Layer = KHALMNPR.EXE
BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
Alcmtr = ALCMTR.EXE

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CursorXP = "e:\Program Files\CursorXP\CursorXP.exe" -s
AtiTrayTools = "f:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - (no file) - {0232AA50-B50A-496A-926D-350380FE010E}
(no name) - e:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll - {3049C3E9-B461-4BC5-8870-4C09146192CA}
(no name) - f:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre6\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - C:\WINDOWS\system32\rqRLdBuU.dll (file missing) - {8BAFF0E8-C9A9-46E4-8A0B-CFE2DC732A42}
(no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
JQSIEStartDetectorImpl - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

--------------------------------------------------

Enumerating Task Scheduler jobs:

1-Click Maintenance.job

--------------------------------------------------

Enumerating Download Program Files:

[DivXBrowserPlugin Object]
InProcServer32 = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CODEBASE = http://download.divx.com/player/DivXBrowserPlugin.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #4: C:\WINDOWS\system32\wshbth.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\system32\webcheck.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

NTSecurity = NTSecurity.exe

--------------------------------------------------

End of report, 5.578 bytes
Report generated in 0,015 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

pocele su mi se cudne stvari dogadat,sad mi je iz cista mira nestao spybot,ne pali se kod startup-u.nema ga ni na listi u tuneup-u za ukljucit.

Neo-ST

20.12.2008. 16:10

U zadnje vrijeme haraju neki čudni virusi...
Prijatelju se tako nedavno iz čista mira isto počeo rušit komp, sve dok nismo formatirali kompletni hard disk (a imao je dvije particije). Ni jedan antivir/antispyware nije pomogao....

VulcanRaven

20.12.2008. 16:22

ma smece odvratno,danas kad sam palio komp,nije mi se uopce pojavio a nista novo nisam napravio osim spybota i noda jucer.I nema ga u tuneup-u,al kao da mi je povukao i neke druge programe iz startup-a,nema mi noda i spybota...:hitthewal:

al ako se maknuo onda super,lako reinstalirat ova dva

Joke	20.12.2008. 20:11

Pogledaj svoj log http://www.hijackthis.de/ pola loga je pod upitnicima itd. pa to mozes rjesitmda sad sve ne pisem tu ;)

greenfly

20.12.2008. 21:11

Skini si Combofix i Smitfraudfix , preimenuj ih u bilošto.exe , pa ih pokreni u safemodu....,, ili makni sa HJT-om ono smeće iz startup-a, da se ne diže sa winsima, onda pokreni Combo,Smit,NOD, Malwarebytes,,,itd

Sva vremena su GMT +2. Sada je 00:45.