[]

combofix

bir şey indirmediğim halde kotaya baktığımda 1 gb'dan fazla artış gördüm. daha ay başında format attırmıştım. dedim bu sefer combofix kurayım. bu arada nod32 var daimi olarak. neyse, çalıştırdım ve sonuçta bir log verdi. ama sonra nod32'yi açınca "treat protection modulea" ve "update" açılmıyor. acaba combofix mi engelledi onları? nasıl geri getirebilirim ki?

bir de nod32'nin daha önce bulup karantiya aldığı virüsler şunlar:
eicar test file (bu temp klasöründe)
HTML/Scrlnject.B.Gen Virus
HTML/TrojanDownloader.FraudLoad.NAC trojan (bu ikisi herhangi bir dosyaya bulaştı mı bilmiyorum. ayrıca terminate etti nod bunları)

combofix'in verdiği log aşağıdaki gibi. sonra tekrar bakacağım kotaya. ama inşallah olmuştur bu sefer. zırt pırt format atmak istemiyorum artık.

ComboFix 10-07-29.01 - migelo 29.07.2010 21:44:35.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.1014.688 [GMT 3:00]
Running from: c:\documents and settings\migelo\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin4.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin5.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin6.dll
c:\program files\QuickTime\Plugins\npqtplugin2.dll
c:\program files\QuickTime\Plugins\npqtplugin3.dll
c:\program files\QuickTime\Plugins\npqtplugin4.dll
c:\program files\QuickTime\Plugins\npqtplugin5.dll
c:\program files\QuickTime\Plugins\npqtplugin6.dll
c:\windows\system32\msconfig.exe
c:\windows\system32\scrrntr.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-29 )))))))))))))))))))))))))))))))
.

2010-07-22 14:19 . 2010-07-22 14:19 -------- d-----w- c:\program files\Championship Manager 2001
2010-07-18 13:46 . 2010-07-18 13:46 -------- d-----w- c:\windows\Sun
2010-07-16 21:14 . 2010-07-16 21:14 -------- d-----w- C:\downloads
2010-07-16 21:14 . 2010-07-16 21:14 -------- d-----w- c:\documents and settings\migelo\Application Data\GrabPro
2010-07-16 21:14 . 2010-07-29 18:48 -------- d-----w- c:\documents and settings\migelo\Application Data\Orbit
2010-07-16 21:14 . 2010-07-16 21:14 -------- d-----w- c:\program files\Orbitdownloader
2010-07-07 14:37 . 1999-12-17 07:13 86016 ----a-w- c:\windows\unvise32.exe
2010-07-07 14:37 . 2010-07-07 14:37 -------- d-----w- c:\windows\system32\QuickTime
2010-07-07 14:37 . 2010-07-07 14:37 -------- d-----w- c:\program files\QuickTime
2010-07-04 20:36 . 2010-07-04 20:36 503808 ----a-w- c:\documents and settings\migelo\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6564b5b5-n\msvcp71.dll
2010-07-04 20:36 . 2010-07-04 20:36 499712 ----a-w- c:\documents and settings\migelo\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6564b5b5-n\jmc.dll
2010-07-04 20:36 . 2010-07-04 20:36 348160 ----a-w- c:\documents and settings\migelo\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6564b5b5-n\msvcr71.dll
2010-07-04 20:36 . 2010-07-04 20:36 61440 ----a-w- c:\documents and settings\migelo\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1a69c850-n\decora-sse.dll
2010-07-04 20:36 . 2010-07-04 20:36 12800 ----a-w- c:\documents and settings\migelo\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1a69c850-n\decora-d3d.dll
2010-07-03 21:32 . 2010-07-03 21:32 -------- d-----w- c:\documents and settings\migelo\Local Settings\Application Data\Identities
2010-07-02 18:33 . 2010-07-29 17:35 1 ----a-w- c:\documents and settings\migelo\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-02 18:33 . 2010-07-02 18:33 -------- d-----w- c:\documents and settings\migelo\Application Data\OpenOffice.org
2010-07-02 18:32 . 2010-07-02 18:32 7424000 ----a-r- c:\documents and settings\migelo\Application Data\Microsoft\Installer\{AB3DA83F-3DFA-4434-9DCC-ABC1FF6DDBE1}\soffice.exe
2010-07-02 18:30 . 2010-07-02 18:30 -------- d-----w- c:\program files\JRE
2010-07-02 18:30 . 2010-07-02 18:30 -------- d-----w- c:\program files\OpenOffice.org 3
2010-07-02 18:30 . 2010-07-02 18:30 -------- d-----w- c:\program files\Common Files\Java
2010-07-02 18:29 . 2010-07-02 18:29 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-07-02 18:29 . 2010-07-02 18:29 -------- d-----w- c:\program files\Java
2010-06-30 11:34 . 2010-06-30 13:02 -------- d-----w- c:\documents and settings\migelo\Application Data\Nitro PDF
2010-06-30 11:28 . 2010-06-24 08:06 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2010-06-30 11:28 . 2010-06-24 08:06 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2010-06-30 11:28 . 2010-06-30 11:28 -------- d-----w- c:\program files\Common Files\Nitro PDF
2010-06-30 11:28 . 2010-06-30 11:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Nitro PDF
2010-06-30 11:28 . 2010-06-30 11:28 -------- d-----w- c:\program files\Nitro PDF
2010-06-30 11:27 . 2010-06-30 11:27 -------- d-----w- c:\documents and settings\migelo\Application Data\Downloaded Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-26 19:46 . 2010-06-13 21:03 -------- d-----w- c:\documents and settings\migelo\Application Data\AIMP
2010-07-22 14:09 . 2010-06-15 15:12 -------- d-----w- c:\documents and settings\migelo\Application Data\vlc
2010-07-16 14:02 . 2008-04-15 12:00 79958 ----a-w- c:\windows\system32\perfc01F.dat
2010-07-16 14:02 . 2008-04-15 12:00 425516 ----a-w- c:\windows\system32\perfh01F.dat
2010-07-08 15:44 . 2010-06-14 14:11 18432 ----a-w- c:\documents and settings\migelo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-07 14:36 . 2010-06-28 23:23 -------- d-----w- c:\program files\Longman iBT
2010-06-29 11:51 . 2010-06-29 11:51 106838 ----a-r- c:\documents and settings\migelo\Application Data\Microsoft\Installer\{023ECEBF-34E7-48DC-8D08-233ADD4EDA99}\_75500A15F16764E919FD55.exe
2010-06-29 11:51 . 2010-06-29 11:51 106838 ----a-r- c:\documents and settings\migelo\Application Data\Microsoft\Installer\{023ECEBF-34E7-48DC-8D08-233ADD4EDA99}\_6FEFF9B68218417F98F549.exe
2010-06-29 11:51 . 2010-06-29 11:51 106838 ----a-r- c:\documents and settings\migelo\Application Data\Microsoft\Installer\{023ECEBF-34E7-48DC-8D08-233ADD4EDA99}\_3D6DE1789409EED25CEE1D.exe
2010-06-29 11:51 . 2010-06-29 11:51 106838 ----a-r- c:\documents and settings\migelo\Application Data\Microsoft\Installer\{023ECEBF-34E7-48DC-8D08-233ADD4EDA99}\_21F3885A18D238E15AAE81.exe
2010-06-29 09:47 . 2010-06-28 14:22 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-06-28 23:24 . 2010-06-28 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2010-06-28 14:15 . 2010-06-28 14:15 -------- d-----w- c:\documents and settings\migelo\Application Data\DAEMON Tools Pro
2010-06-28 14:15 . 2010-06-28 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2010-06-28 13:11 . 2010-06-28 13:11 -------- d-----w- c:\program files\Cambridge TOEFL(R) Prep
2010-06-28 13:11 . 2010-06-28 13:11 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-06-28 13:06 . 2010-06-28 13:05 -------- d-----w- c:\program files\MagicISO
2010-06-28 12:22 . 2010-06-28 12:22 -------- d-----w- c:\program files\Alcohol Soft
2010-06-28 10:09 . 2010-06-28 09:54 -------- d-----w- c:\documents and settings\migelo\Application Data\DAEMON Tools Lite
2010-06-28 09:54 . 2010-06-28 09:54 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-28 09:54 . 2010-06-28 09:54 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-06-27 23:52 . 2010-06-27 23:52 -------- d-----w- c:\program files\Kap.TOEFL
2010-06-25 21:22 . 2010-06-17 21:11 -------- d-----w- c:\documents and settings\migelo\Application Data\dvdcss
2010-06-25 20:36 . 2010-06-25 20:36 -------- d-----w- c:\documents and settings\migelo\Application Data\Lingoes
2010-06-25 20:36 . 2010-06-25 20:36 -------- d-----w- c:\program files\Lingoes
2010-06-25 20:36 . 2010-06-25 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Lingoes
2010-06-25 14:58 . 2010-06-25 14:58 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-24 08:09 . 2010-06-24 08:09 65856 ----a-w- c:\windows\system32\NLSSRV32.EXE
2010-06-19 11:24 . 2010-06-19 11:24 -------- d-----w- c:\program files\Opera
2010-06-15 17:04 . 2010-06-13 10:51 2352 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-06-15 15:11 . 2010-06-15 15:11 -------- d-----w- c:\program files\VideoLAN
2010-06-15 14:33 . 2010-06-15 14:33 -------- d-----w- c:\documents and settings\migelo\Application Data\GRETECH
2010-06-14 21:02 . 2010-06-14 21:02 -------- d-----w- c:\documents and settings\migelo\Application Data\AdobeUM
2010-06-14 20:51 . 2010-06-14 20:26 -------- d-----w- c:\program files\DivX
2010-06-14 20:26 . 2010-06-14 20:25 -------- d-----w- c:\program files\Virtual VCR
2010-06-14 20:24 . 2010-06-14 20:24 -------- d-----w- c:\program files\Common Files\snp2std
2010-06-14 20:24 . 2010-06-13 11:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-14 16:00 . 2010-06-13 11:08 -------- d-----w- c:\program files\Dell
2010-06-14 15:59 . 2010-06-14 15:59 -------- d-----w- c:\documents and settings\migelo\Application Data\InstallShield
2010-06-14 14:35 . 2010-06-14 14:33 -------- d-----w- c:\program files\Windows Live
2010-06-14 14:35 . 2010-06-14 14:35 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-06-14 14:34 . 2010-06-14 14:34 -------- d-----w- c:\program files\Microsoft
2010-06-14 14:33 . 2010-06-14 14:33 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-06-14 14:11 . 2010-06-14 14:11 -------- d-----w- c:\program files\Common Files\Windows Live
2010-06-13 21:50 . 2010-06-13 20:30 -------- d-----w- c:\program files\ESET
2010-06-13 21:03 . 2010-06-13 21:02 -------- d-----w- c:\program files\aimp2
2010-06-13 20:44 . 2010-06-13 20:45 299392 ----a-w- c:\windows\system32\imon.dll
2010-06-13 20:44 . 2010-06-13 20:45 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2010-06-13 20:44 . 2010-06-13 20:45 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2010-06-13 19:27 . 2010-06-13 19:27 0 ----a-w- c:\windows\nsreg.dat
2010-06-13 11:45 . 2010-06-13 11:24 -------- d-----w- c:\program files\Intel
2010-06-13 11:45 . 2010-06-13 11:39 319488 ----a-w- c:\windows\system32\AegisI5Installer.exe
2010-06-13 11:37 . 2010-06-13 11:37 -------- d-----w- c:\program files\Synaptics
2010-06-13 11:21 . 2010-06-13 11:21 -------- d-----w- c:\program files\CONEXANT
2010-06-13 11:20 . 2010-06-13 11:20 -------- d-----w- c:\program files\SigmaTel
2010-06-13 11:20 . 2010-06-13 11:15 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-13 11:19 . 2010-06-13 11:19 -------- d-----w- c:\program files\WIDCOMM
2010-06-13 11:17 . 2010-06-13 11:17 -------- d-----w- c:\program files\Broadcom
2010-06-13 11:08 . 2010-06-13 11:08 45056 ----a-r- c:\documents and settings\migelo\Application Data\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2010-06-13 11:08 . 2010-06-13 11:08 10134 ----a-r- c:\documents and settings\migelo\Application Data\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\ARPPRODUCTICON.exe
2010-06-13 10:53 . 2010-06-13 10:53 -------- d-----w- c:\program files\microsoft frontpage
2010-06-13 10:51 . 2010-06-13 10:51 -------- d-----w- c:\program files\MSBuild
2010-06-13 10:51 . 2010-06-13 10:51 -------- d-----w- c:\program files\Reference Assemblies
2010-06-13 10:48 . 2010-06-13 10:48 -------- d-----w- c:\program files\XPlus Live! 2009
2010-06-13 10:46 . 2010-06-13 10:46 2 ----a-w- c:\windows\HFSLIP.TMP
2010-06-13 10:42 . 2010-06-13 10:42 21736 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-13 10:41 . 2010-06-13 10:41 -------- d-----w- c:\program files\Windows Media Connect 2
.

------- Sigcheck -------


[-] 2009-05-20 . B2E1FB56EEFAF0E7C56EF0CAA02BBFDB . 579072 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2009-05-20 . 2E1BE2B73E406E85211B0CC306BB1E56 . 662528 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2009-05-20 . 56C4C80F65C9421C3742EB167F13A25E . 2308096 . . [5.1.2600.5755] . . c:\windows\system32\ntoskrnl.exe

[-] 2009-05-20 . AB34BB59934558EC629C03591BE60286 . 648192 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2009-05-29 . 9854A6BC2EF8F5FC7FDF36666A8D2097 . 3460608 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2009-05-19 . 6473F78C553431BC2A4B70375A8A57BB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[-] 2009-05-20 . CBC8C36E4610EE06EBEBBEC153364B52 . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe


c:\windows\System32\drivers\beep.sys ... is missing !!
c:\windows\System32\regsvc.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TransBar"="c:\program files\XPlus Live! 2009\TransBar\TransBar.exe" [2007-11-05 163328]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Lingoes"="c:\program files\Lingoes\Translator2\Lingoes.exe" [2010-02-27 2244608]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"EasyWords"="c:\documents and settings\migelo\Belgelerim\EasyWords 1.0\EasyWordsBase.exe" [2010-05-15 493056]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-05-20 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Visual Task"="c:\windows\Eklentiler\VisualTask\VisualTask.exe" [2006-05-28 36864]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-06-13 950664]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]
"tsnp2std"="c:\windows\tsnp2std.exe" [2008-12-16 339968]
"snp2std"="c:\windows\vsnp2std.exe" [2007-09-28 344064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-07-07 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-05-20 40960]
"TransBar"="c:\program files\XPlus Live! 2009\TransBar\TransBar.exe" [2007-11-05 163328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]

c:\documents and settings\migelo\Start Menu\Programlar\BaŸlang‡\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2010-7-17 1809680]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [13.06.2010 23:45 15424]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [24.06.2010 11:08 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [24.06.2010 11:09 65856]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.06.2010 12:54 691696]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - HELPSVC
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.tr
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\migelo\Application Data\Mozilla\Firefox\Profiles\kyhpxi3c.default\
FF - plugin: c:\program files\Opera\program\plugins\nporbit.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net
Rootkit scan 2010-07-29 21:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\cscui.dll
c:\windows\system32\COMRes.dll

- - - - - - - > 'lsass.exe'(960)
c:\windows\system32\setupapi.dll
c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(1096)
c:\windows\Eklentiler\VisualTask\VttHooks.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\msi.dll
c:\windows\system32\ntshrui.dll
c:\program files\Lingoes\Translator2\opentext2.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\stsystra.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2010-07-29 21:50:33 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-29 18:50

Pre-Run: 5.852.307.456 bayt boş
Post-Run: 5.940.346.880 bayt boş

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 3B85CC494ED640194709BA980B5D403F

 
combofix sadece işlem yaparken diğer virüs programlarını engelliyor diye biliyorum ben o yüzden virüs veya trojan olma olasılığı yüksek. kotanız 1 gb ın üstünde ise bu girdiğiniz internet siteleri, videolardan falan kaynaklanıyor da olabilir, internet artık hızlandığı için websitelerindeki zibilyon tane flash animasyonları, yüksek kblı resimleri farketmiyoruz o kadar. tey tey eskiden 56k vardı bir resim yüklenene kadar kahve içerdik peh. daha iyi anlayan arkadaşlar cevaplayacaklardır tabii ki.


  • SideWindeR  (29.07.10 22:25:19) 
ayrıca kotalı kullanıcılar bence adblock tarzı şeyler kullanmalı. herifler hayvan gibi bannerlar flash reklamlar yapıyor. bunlar da bindiriyor kotaya.


  • wampex  (29.07.10 23:23:15) 
bu arada combofix'le tarattıktan sonra şimdi ağ bağlantılarımdan alınan/gönderilen paketlere bakıyorum: 19859-alınan, 17480-gönderilen. ve yeni bir linke, siteye tıklamazsam artmıyor. yani temizlendi diye düşünüyorum. bir de bu 19000 az bir rakamdır değil mi?


  • migelo  (29.07.10 23:35:47) 
1
buraya yazılanların hakları Sir Anthony Hopkins'e aittir.
yazan eden compumaster, ilgilenen eden fader
modere edenler angelus, Artibir, aychovsky, baba jo, basond, compumaster, deckard, duyulmasi gerektigi kadar, fader, fraise, groove salad, kahvegibi, kaymaktutmayansicaksut, kibritsuyu, monstro, pandispanya, robin, ron dennis
bu sitede yazılanların hiçbiri doğru değildir. site içeriği küçükler için sakıncalı olabilir. yazılardan yazarları sorumludur. kaynak göstermeden alıntılanamaz. devlet tarafından atanmış bir kurumun internet üzerinde kimin hangi bilgiye ulaşıp ulaşamayacağına karar vermesi insan haklarına aykırıdır. web siteleri kullanıcıların istekleri doğrultusunda bağlandıkları yerlerdir. kullanıcılar isterlerse bir web sitesine bağlanmayabilirler. bu güçleri ve imkanları mevcuttur. bir kullanıcı bir siteye bağlanmak istiyorsa bu onun tercihi ve hakkıdır. bağlanmak istemiyorsa bu yine onun tercihi ve hakkıdır. halkın kendisine hizmet etmesi için görevlendirdiği kurumlar hadlerini aşıp halka neye ulaşıp ulaşmayacağını bilmeyen cahil cühela muamelesi edemezler. ebeveynlerin çocuklarını sakıncalı içeriklerden koruması için çok sayıda bedava ve ücretli yazılım mevcuttur. bu yazılımlar bir web tarayıcısını kullanmaktan daha karmaşık teknik bilgi gerektirmemektedir. devletin milletini küçük düşürmesi ve ebleh yerine koyması yasaktır. Skimlinks ile linkler üzerinden yönlendirme payı alınmaktadır.