elikkä tuollainen error message tulee kun yritän mennä johonkin ohjauspaneeliin kuvakkeeseen. Koneen asensin uudelleen eilen joten tämä johtunee jotenkin siitä. windows xp sp1 on käyttis, tietoturva on kunnossa ja sen verran voin vielä sanoa, että ainakun koneen käynnistää aukeaa cmd ikkuna joka on pelkkää tyhjää, mutta ikkunan nimi on tuo win32. apua tarvittaisiin ja en löytänyt tähän aiheeseen sopivaa vastausta vaikka noita .dll juttuja löytyikin.
Jos olet asentanut winukan uusiksi nettipiuha kiinni koneessa, niin todennäköisesti jokin virus. Eli formatointi>asennus>palomuuri&virustorjunta> ja sen jälkeen nettipiuha kiinni.
eli eli..se nyt voi olla vaikka mikä virus,,,mut tuossa mun veikkaus google: "rundll32.exe is not valid win32 application" google: "Win32 Rundll Loader Rundll32.exe" ------------------------------------------------------------------ Process Name : Win32 Rundll Loader File Name : Rundll32.exe Description: Added by the SDBOT.A TROJAN! Note: Rundll32.exe is a valid Windows application called "Run a DLL as an App" and stored in the C:Windows directory. The version created by this virus is saved in the C:WindowsSystem directory ------------------------------------------------------------------ google: "remove SDBOT.A TROJAN" Puhdistuisohjeita: http://www.norton.com/avcenter/venc/data/backdoor.sdbot.al.html ehkä noista on apua..idis on se että virus on RESTORE FILUISSAKIN-tekee hommast vähän vaikeamman //muita vaihtoehtoja mm. http://www.3davenue.com/startup/rundll32.exe.php mutta toi "valid app"..se viitaisi tuohon jota veikkaan...
Mm.eScanilla lähtee virukset pois järjestelmän palautuksesta -> http://koti.mbnet.fi/pattaya1/escanmwav.htm @kaller: Laita HjT-loki, ohjelman saat täältä -> http://koti.mbnet.fi/pattaya1/HijackThis.exe . Tallenna hakemistoon c:\hjt, käynnistä, klikkaa do a system scan and save a logfile ja lähetä loki tänne.
en nyt ole aivan varma onko se tämä, mutta tällainen sieltä ainakin pukkasi: Logfile of HijackThis v1.99.1 Scan saved at 21:14:59, on 6.12.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTHELPER.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE C:\WINDOWS\System32\ctfmon.exe C:\PROGRA~1\F-SECU~1\backweb\7681197\Program\SERVIC~1.EXE C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure Internet Security\backweb\7681197\program\fsbwsys.exe C:\Program Files\F-Secure Internet Security\backweb\7681197\Program\F-Secure Automatic Update.exe C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe C:\Program Files\F-Secure Internet Security\Common\FNRB32.EXE C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure Internet Security\Common\FIH32.EXE C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\mIRC\mirc.exe C:\Program Files\The All-Seeing Eye\eye.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Documents and Settings\kalle\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [WinGuard Pro] C:\WINDOWS\System32\wgp.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Configuration Loader] scvhost.exe O4 - HKLM\..\Run: [ms ownage] winPE.exe O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe O4 - HKLM\..\Run: [adtech2006] C:\windows\adtech2006.exe O4 - HKLM\..\Run: [noC=] C:\windows\mrjj.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\RunServices: [ms ownage] winPE.exe O4 - HKLM\..\RunServices: [Configuration Loader] scvhost.exe O4 - HKLM\..\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [zuko] C:\PROGRA~1\COMMON~1\zuko\zukom.exe O4 - HKCU\..\Run: [vwievt] C:\WINDOWS\System32\vwievt.exe O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000120.exe O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure Internet Security\backweb\7681197\program\F-Secure Automatic Update.exe O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file) O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.popuppers.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133706078862 O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-SECU~1\backweb\7681197\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FNRB32.EXE O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\7681197\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
nopeasti katsottuna ainakin: -winPE.exe http://www.tasklist.org/task_winPE_exe_8931.html -mrjj.exe http://www.processlibrary.com/directory/files/mrjj/ tuhoat ne ja tarkista rekisteristä (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run) et niitä ei ole siellä... loput "ongelmat - kemisti tietää varmaan paremmin
Mulla siis vaivas sama homma ja kävin lataamassa pienen metsästyksen jälkeen ton tiedoston Merjin.org -sivulta http://www.spywareinfo.com/~merijn/winfiles.html#rundll32
@microbi: Kiitos luottamuksesta @kaller: Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked): O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing) O4 - HKLM\..\Run: [WinGuard Pro] C:\WINDOWS\System32\wgp.exe O4 - HKLM\..\Run: [Configuration Loader] scvhost.exe O4 - HKLM\..\Run: [ms ownage] winPE.exe O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe O4 - HKLM\..\Run: [adtech2006] C:\windows\adtech2006.exe O4 - HKLM\..\Run: [noC=] C:\windows\mrjj.exe O4 - HKLM\..\RunServices: [ms ownage] winPE.exe O4 - HKLM\..\RunServices: [Configuration Loader] scvhost.exe O4 - HKLM\..\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps O4 - HKCU\..\Run: [zuko] C:\PROGRA~1\COMMON~1\zuko\zukom.exe O4 - HKCU\..\Run: [vwievt] C:\WINDOWS\System32\vwievt.exe O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000120.exe O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file) O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file) O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.popuppers.com O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab Käynnistä uudelleen. Hae ewido -> http://www.ewido.net/en/download Asenna, päivitä, skannaa. Anna poistaa, mitä löytää ja tallenna raportti. Lähetä uusi HjT-loki ja ewidon raportti tänne. Ja tuon rundll32.exen saat tuolta Sean_:in antamasta linkistä
kiitoksia paljon avusta. evido raporttia näytti, että kaikki on ok ja kun tuon tiedoston latasin niin johan lähti toimimaan. kiitos vielä. tästä oli todella paljon apua.