ntswrl32.dll bi tehdit midir?

HPQ-User
06-02-2009, 02:08   |  #1  
OP CHIP Online
Teşekkür Sayısı: 29
30,996 mesaj
Kayıt Tarihi:Kayıt: Mar 2007

remzi ünüvar sormuş:
internetten alış veriş ve online işlemler yapıyorum.nod32 ntsrlw32.dll de truva atı diye uyarı veriyor.ayrıca log umuda gözden geçirirseniz memnun olurum.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:15:12, on 05.02.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\AirTies\ADSL Hizmet Programı\AirTies_util3.exe
C:\WINDOWS\system32\vssms32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
F2 - REG:system.ini: Shell=explorer.exe,
O1 - Hosts: >!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"<
O1 - Hosts: >html<
O1 - Hosts: >head<
O1 - Hosts: >meta http-equiv="Content-Type" content="text/html; charset=utf8"<
O1 - Hosts: >title<Bu siteye eriÅŸim engellenmiÅŸtir.>/title<
O1 - Hosts: >style type="text/css"<
O1 - Hosts: .erisime_engellenmis {
O1 - Hosts: font-family: Arial, Helvetica, sans-serif;
O1 - Hosts: font-size: 32px;
O1 - Hosts: font-weight: bold;
O1 - Hosts: color: #0000FF;
O1 - Hosts: text-decoration: none;
O1 - Hosts: text-align: center;
O1 - Hosts: border-right-width: 1px;
O1 - Hosts: border-left-width: 1px;
O1 - Hosts: border-right-style: none;
O1 - Hosts: border-left-style: none;
O1 - Hosts: border-right-color: #0000FF;
O1 - Hosts: border-left-color: #0000FF;
O1 - Hosts: border-top-width: 1px;
O1 - Hosts: border-top-style: none;
O1 - Hosts: border-top-color: #0000FF;
O1 - Hosts: border-bottom-width: 1px;
O1 - Hosts: border-bottom-style: none;
O1 - Hosts: border-bottom-color: #0000FF;
O1 - Hosts: }
O1 - Hosts: .yazi1 {
O1 - Hosts: font-family: Georgia, "Times New Roman", Times, serif;
O1 - Hosts: font-size: 12px;
O1 - Hosts: line-height: 140%;
O1 - Hosts: font-weight: normal;
O1 - Hosts: color: #666666;
O1 - Hosts: text-decoration: none;
O1 - Hosts: }
O1 - Hosts: .yazi2 {
O1 - Hosts: font-family: Georgia, "Times New Roman", Times, serif;
O1 - Hosts: font-size: 12px;
O1 - Hosts: line-height: 140%;
O1 - Hosts: font-weight: normal;
O1 - Hosts: color: #6565FF;
O1 - Hosts: text-decoration: none;
O1 - Hosts: }
O1 - Hosts: .yazi3 {
O1 - Hosts: font-family: Georgia, "Times New Roman", Times, serif;
O1 - Hosts: font-size: 10px;
O1 - Hosts: line-height: 140%;
O1 - Hosts: font-weight: normal;
O1 - Hosts: color: #BB65FF;
O1 - Hosts: text-decoration: none;
O1 - Hosts: padding-bottom: 10px;
O1 - Hosts: }
O1 - Hosts: .yazi2_1 {
O1 - Hosts: font-family: Verdana, "Times New Roman", Times, serif;
O1 - Hosts: font-size: 12px;
O1 - Hosts: line-height: 140%;
O1 - Hosts: font-weight: normal;
O1 - Hosts: color: #6565FF;
O1 - Hosts: text-decoration: none;
O1 - Hosts: padding-bottom: 10px;
O1 - Hosts: }
O1 - Hosts: .yazi3_1 {
O1 - Hosts: font-family: Verdana, "Times New Roman", Times, serif;
O1 - Hosts: font-size: 10px;
O1 - Hosts: line-height: 140%;
O1 - Hosts: font-weight: normal;
O1 - Hosts: color: #BB65FF;
O1 - Hosts: text-decoration: none;
O1 - Hosts: padding-bottom: 10px;
O1 - Hosts: }
O1 - Hosts: a.link:link {
O1 - Hosts: font-family: Georgia, "Times New Roman", Times, serif;
O1 - Hosts: font-size: 11px;
O1 - Hosts: line-height: 140%;
O1 - Hosts: font-weight: normal;
O1 - Hosts: color: #0000FF;
O1 - Hosts: text-decoration: underline;
O1 - Hosts: }
O1 - Hosts: a.link:active {
O1 - Hosts: font-family: Georgia, "Times New Roman", Times, serif;
O1 - Hosts: font-size: 11px;
O1 - Hosts: line-height: 140%;
O1 - Hosts: font-weight: normal;
O1 - Hosts: color: #0000FF;
O1 - Hosts: text-decoration: underline;
O1 - Hosts: }
O1 - Hosts: a.link:visited {
O1 - Hosts: font-family: Georgia, "Times New Roman", Times, serif;
O1 - Hosts: font-size: 11px;
O1 - Hosts: line-height: 140%;
O1 - Hosts: font-weight: normal;
O1 - Hosts: color: #0000FF;
O1 - Hosts: text-decoration: underline;
O1 - Hosts: }
O1 - Hosts: a.link:hover {
O1 - Hosts: font-family: Georgia, "Times New Roman", Times, serif;
O1 - Hosts: font-size: 11px;
O1 - Hosts: line-height: 140%;
O1 - Hosts: font-weight: normal;
O1 - Hosts: color: #BB65FF;
O1 - Hosts: text-decoration: none;
O1 - Hosts: }
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [vssms32] C:\WINDOWS\system32\vssms32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AirTies ADSL Hizmet Programı.lnk = ?
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1229370664227
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 8400 bytes

Soru Türü: Yazılım
İşletim Sistemi: Windows XP
Sistem Özellikleri:
acer travel mate 5310.celeron 1.6 533 mhz inter graphic media accelarator 950 512 mb ddr2 80gb hdd

İnternet Tarayıcı: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Banned
06-02-2009, 02:21   |  #2  
Banlandı
Teşekkür Sayısı: 21
5,777 mesaj
Kayıt Tarihi:Kayıt: Oca 2008

http://www.hackhell.com/yeni-bas ... -nasil-silinir.html
Burda anlatılanları uygularsanız sanırım sıkıntılarınıdan kurtulabilirsiniz. Ayrıca aşağıdaki bho ve run anahtarları gereksiz. Bunlarıda kaldırmanız halinda özellikle açılış hızında ve ram kullanımında ciddi düşüşler olacaktır.

O4 - HKLM\..\Run: [vssms32] C:\WINDOWS\system32\vssms32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [vssms32] C:\WINDOWS\system32\vssms32.exe
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll