Ess Durmadan Bu Hatayı Verior

[aponhero]

Arkadaslar benim soundmaxp arkadaşımızın yapmıs olduğun se7en editionu kullanıorum bunda bişey yok programlarıda güzel ben eset smart security kullanmaktayım ve sistemimi her açtığımda böyle bir hata ile karşı karşıya geliriorum java ile ilgili olabilir die javayı kaldırıp kendi sitesinden kurdum yine aynı sorun var sorunum böyle :

lütfen yardım edin sorun neyde olabilir ?

[ULUMANITU_]

Sorun javada değil bir virüs onu kullanmaya çalışıyor sanırım sil seçeneğini kullanarak temizlenmiyormu

Combo fix ile temizleyebilirsin

Burada da kullanımı anlatılıyor

Please register to see this content.

[aponhero]

hemen deniyiyip tekrar dönücem

combofix yarım ingilicem ile system file infected yani system dosyasına bulaşmıs dior logu aynen böyle

ComboFix 10-02-01.03 - Administrator 03.02.2010  18:13:47.1.4 - x86

Microsoft Windows XP Professional  5.1.2600.3.1254.90.1055.18.3327.2953 [GMT 4,5:30]

Running from: c:\documents and settings\Administrator\Belgelerim\Downloads\Programs\ComboFix.exe

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Kişisel güvenlik duvarı *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

 * Resident AV is active


.


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.


c:\documents and settings\Administrator\Application Data\Desktopicon

c:\windows\system32\1.bat

c:\windows\system32\2.reg

c:\windows\system32\hidden.reg

c:\windows\system32\scrrntr.dll


c:\windows\system32\termsrv.dll . . . is infected!!


.

(((((((((((((((((((((((((   Files Created from 2010-01-03 to 2010-02-03  )))))))))))))))))))))))))))))))

.


2010-02-03 13:43 . 2010-02-03 13:43    --------    d-----w-    c:\documents and settings\Administrator\Local Settings\Application Data\ESET

2010-02-03 12:30 . 2010-02-03 12:30    --------    d-----w-    c:\documents and settings\Administrator\Application Data\My Battle for Middle-earth(tm) II Files

2010-02-03 12:19 . 2010-02-03 12:19    --------    d-----w-    c:\program files\Common Files\Java

2010-02-03 12:19 . 2010-02-03 12:19    503808    ----a-w-    c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1c10ae20-n\msvcp71.dll

2010-02-03 12:19 . 2010-02-03 12:19    499712    ----a-w-    c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1c10ae20-n\jmc.dll

2010-02-03 12:19 . 2010-02-03 12:19    348160    ----a-w-    c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1c10ae20-n\msvcr71.dll

2010-02-03 12:19 . 2010-02-03 12:19    61440    ----a-w-    c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-30370f0c-n\decora-sse.dll

2010-02-03 12:19 . 2010-02-03 12:19    12800    ----a-w-    c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-30370f0c-n\decora-d3d.dll

2010-02-03 12:19 . 2010-02-03 12:19    --------    d-----w-    c:\program files\Java

2010-02-03 11:04 . 2010-02-03 11:04    --------    d-----w-    c:\documents and settings\LocalService\Local Settings\Application Data\ESET

2010-02-02 21:33 . 2009-10-25 21:48    11136    ----a-w-    c:\windows\system32\drivers\SLIP.sys

2010-02-02 21:25 . 2010-02-02 21:25    --------    d-----w-    c:\documents and settings\All Users\Application Data\Messenger Plus!


.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-03 13:41 . 2010-02-02 18:08    --------    d-----w-    c:\documents and settings\Administrator\Application Data\uTorrent

2010-02-03 13:14 . 2010-02-02 18:59    --------    d-----w-    c:\documents and settings\Administrator\Application Data\DMCache

2010-02-03 12:19 . 2010-02-02 17:50    411368    ----a-w-    c:\windows\system32\deploytk.dll

2010-02-03 12:17 . 2008-04-15 06:00    79760    ----a-w-    c:\windows\system32\perfc01F.dat

2010-02-03 12:17 . 2008-04-15 06:00    425278    ----a-w-    c:\windows\system32\perfh01F.dat

2010-02-03 11:36 . 2010-02-02 18:59    --------    d-----w-    c:\documents and settings\Administrator\Application Data\IDM

2010-02-02 19:30 . 2010-02-02 19:30    --------    d-----w-    c:\documents and settings\All Users\Application Data\KONAMI

2010-02-02 19:24 . 2010-02-02 18:02    --------    d--h--w-    c:\program files\InstallShield Installation Information

2010-02-02 19:17 . 2010-02-02 19:17    177024    ----a-w-    c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4j7w56cw.default\FlashGot.exe

2010-02-02 19:00 . 2010-02-02 18:59    --------    d-----w-    c:\program files\Internet Download Manager

2010-02-02 19:00 . 2010-02-02 19:00    198064    ----a-w-    c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll

2010-02-02 18:45 . 2010-02-02 17:42    68456    ----a-w-    c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-02-02 18:39 . 2010-02-02 18:24    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help

2010-02-02 18:34 . 2010-02-02 17:54    --------    d-----w-    c:\program files\Microsoft Works

2010-02-02 18:28 . 2010-02-02 17:45    --------    d-----w-    c:\program files\MSBuild

2010-02-02 18:25 . 2010-02-02 18:25    --------    d-----w-    c:\program files\Microsoft Visual Studio 8

2010-02-02 18:23 . 2010-02-02 18:02    --------    d-----w-    c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite

2010-02-02 18:21 . 2010-02-02 18:21    0    ----a-w-    c:\windows\nsreg.dat

2010-02-02 18:21 . 2010-02-02 18:21    152576    ----a-w-    c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2010-02-02 18:21 . 2010-02-02 18:21    79488    ----a-w-    c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2010-02-02 18:15 . 2010-02-02 18:02    --------    d-----w-    c:\program files\DAEMON Tools Lite

2010-02-02 18:13 . 2010-02-02 18:13    --------    d-----w-    c:\program files\Vimicro

2010-02-02 18:12 . 2010-02-02 18:12    --------    d-----w-    c:\documents and settings\Administrator\Application Data\ESET

2010-02-02 18:11 . 2010-02-02 18:11    --------    d-----w-    c:\documents and settings\Administrator\Application Data\InstallShield

2010-02-02 18:11 . 2010-02-02 18:11    --------    d-----w-    c:\program files\ESET

2010-02-02 18:11 . 2010-02-02 18:11    --------    d-----w-    c:\documents and settings\All Users\Application Data\ESET

2010-02-02 18:11 . 2010-02-02 18:10    --------    d-----w-    c:\program files\epson

2010-02-02 18:11 . 2010-02-02 18:10    --------    d-----w-    c:\documents and settings\All Users\Application Data\EPSON

2010-02-02 18:10 . 2010-02-02 18:10    --------    d-----w-    c:\program files\UltraISO

2010-02-02 18:10 . 2010-02-02 18:10    --------    d-----w-    c:\program files\Common Files\EZB Systems

2010-02-02 18:09 . 2010-02-02 18:09    --------    d-----w-    c:\program files\AGEIA Technologies

2010-02-02 18:09 . 2010-02-02 18:09    --------    d-----w-    c:\program files\uTorrent

2010-02-02 18:08 . 2010-02-02 18:08    --------    d-----w-    c:\program files\CCleaner

2010-02-02 18:07 . 2010-02-02 18:07    --------    d-----w-    c:\program files\Common Files\Wise Installation Wizard

2010-02-02 18:06 . 2010-02-02 18:06    552    ----a-w-    c:\windows\system32\d3d8caps.dat

2010-02-02 18:06 . 2010-02-02 18:06    --------    d-----w-    c:\documents and settings\Administrator\Application Data\TeamViewer

2010-02-02 18:05 . 2010-02-02 18:05    --------    d-----w-    c:\program files\Sun

2010-02-02 18:05 . 2010-02-02 18:05    --------    d-----w-    c:\program files\TeamViewer

2010-02-02 18:04 . 2010-02-02 18:03    --------    d-----w-    c:\program files\VIA

2010-02-02 18:03 . 2010-02-02 18:02    --------    d-----w-    c:\program files\Common Files\InstallShield

2010-02-02 18:02 . 2010-02-02 18:02    691696    ----a-w-    c:\windows\system32\drivers\sptd.sys

2010-02-02 18:02 . 2010-02-02 18:02    --------    d-----w-    c:\documents and settings\All Users\Application Data\DAEMON Tools Lite

2010-02-02 18:01 . 2010-02-02 17:56    --------    d-----w-    c:\program files\Unlocker

2010-02-02 18:01 . 2010-02-02 18:01    --------    d-----w-    c:\program files\Intel

2010-02-02 17:59 . 2010-02-02 17:59    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Conceptworld

2010-02-02 17:57 . 2010-02-02 17:57    295    ----a-w-    c:\windows\system32\Find_Target.vbs

2010-02-02 17:56 . 2010-02-02 17:56    --------    d-----w-    c:\program files\Oyunlar

2010-02-02 17:56 . 2010-02-02 17:56    --------    d-----w-    c:\program files\System

2010-02-02 17:56 . 2010-02-02 17:56    --------    d-----w-    c:\program files\Nero

2010-02-02 17:56 . 2010-02-02 17:56    --------    d-----w-    c:\program files\Common Files\Nero

2010-02-02 17:56 . 2010-02-02 17:56    --------    d-----w-    c:\documents and settings\All Users\Application Data\Nero

2010-02-02 17:54 . 2010-02-02 17:54    --------    d-----w-    c:\program files\Microsoft.NET

2010-02-02 17:53 . 2010-02-02 17:53    --------    d-----w-    c:\program files\Common Files\Adobe

2010-02-02 17:52 . 2010-02-02 17:52    --------    d-----w-    c:\program files\Messenger Plus! Live

2010-02-02 17:52 . 2010-02-02 17:52    --------    d-----w-    c:\program files\Windows Live SkyDrive

2010-02-02 17:52 . 2010-02-02 17:52    --------    d-----w-    c:\program files\Microsoft

2010-02-02 17:52 . 2010-02-02 17:52    --------    d-----w-    c:\program files\Windows Live

2010-02-02 17:50 . 2010-02-02 17:50    --------    d-----w-    c:\program files\Microsoft Silverlight

2010-02-02 17:49 . 2010-02-02 17:49    --------    d-----w-    c:\program files\MSXML 6.0

2010-02-02 17:49 . 2010-02-02 17:49    --------    d-----w-    c:\program files\MSXML 4.0

2010-02-02 17:45 . 2010-02-02 17:45    65800    ----a-w-    c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-02-02 17:45 . 2010-02-02 17:45    --------    d-----w-    c:\program files\Reference Assemblies

2010-02-02 17:40 . 2010-02-02 17:40    --------    d-----w-    c:\program files\HighMAT CD Writing Wizard

2010-02-02 17:40 . 2010-02-02 17:42    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Xentient

2010-02-02 17:40 . 2010-02-02 17:40    --------    d-----w-    c:\documents and settings\Default User\Application Data\Xentient

2010-02-02 17:40 . 2010-02-02 17:40    --------    d-----w-    c:\program files\[Ekstralar]

2010-02-02 17:38 . 2010-02-02 17:38    86327    ----a-w-    c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-02-02 17:35 . 2010-02-02 17:35    21736    ----a-w-    c:\windows\system32\emptyregdb.dat

2010-02-02 17:35 . 2010-02-02 17:35    --------    d-----w-    c:\program files\Windows Media Connect 2

2009-12-17 10:32 . 2010-02-02 18:05    123280    ----a-w-    c:\windows\system32\drivers\VBoxDrv.sys

2009-12-17 10:32 . 2010-02-02 18:05    41616    ----a-w-    c:\windows\system32\drivers\VBoxUSBMon.sys

2009-12-17 10:32 . 2009-12-17 10:32    99152    ----a-w-    c:\windows\system32\drivers\VBoxNetAdp.sys

2009-12-17 10:32 . 2009-12-17 10:32    133648    ----a-w-    c:\windows\system32\VBoxNetFltNotify.dll

2009-12-17 10:32 . 2009-12-17 10:32    110096    ----a-w-    c:\windows\system32\drivers\VBoxNetFlt.sys

.


------- Sigcheck -------


[-] 2006-12-29 . BB4D3A8E6F7EB1D370BC4AD27AB23368 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys


[-] 2005-09-02 . D27BFD8B2F85A6BBF2644FCED9E1038F . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe


[-] 2009-10-26 . 2E1BE2B73E406E85211B0CC306BB1E56 . 662528 . . [5.82] . . c:\windows\system32\comctl32.dll


[-] 2009-10-26 . 56C4C80F65C9421C3742EB167F13A25E . 2308096 . . [5.1.2600.5755] . . c:\windows\system32\ntoskrnl.exe


[-] 2009-10-26 . B3A28AB23450EBFEAB3CEE207B97EAA5 . 639488 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll


[-] 2009-10-25 . 7D5D3E0EF30B3EF5F437E1661FEED941 . 2521600 . . [6.00.2900.5512] . . c:\windows\explorer.exe


[-] 2009-10-26 . 6AFD1B2F984D9E4788314855284CD515 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll


[-] 2009-10-26 . CBC8C36E4610EE06EBEBBEC153364B52 . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe


[-] 2005-10-27 21:37 . !HASH: COULD NOT OPEN FILE !!!!! . 295424 . . [------] . . c:\windows\system32\termsrv.dll


[-] 2009-10-26 . C755598BFA7A8A989FC416D246DA9540 . 2186752 . . [5.1.2600.5755] . . c:\windows\system32\ntkrnlpa.exe

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-02-02 289584]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-10-05 3883856]

"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-02-02 3179952]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-09-25 33517568]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]

"nwiz"="nwiz.exe" [2008-12-25 1657376]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]

"VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]

"Domino"="c:\windows\Domino.EXE" [2006-06-28 49152]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-10-26 40960]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2007-08-13 123904]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMConfigurePrograms"= 1 (0x1)

"DesktopProcess"= 1 (0x1)


[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMConfigurePrograms"= 1 (0x1)

"DesktopProcess"= 1 (0x1)


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"d:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=

"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=


R0 aaatimeo;aaatimeo;c:\windows\system32\drivers\aaatimeo.sys [26.02.2006 20:51 4928]

R0 afamgt;afamgt;c:\windows\system32\drivers\afamgt.sys [28.03.2006 15:13 91707]

R0 siwinacc;siwinacc;c:\windows\system32\drivers\siwinacc.sys [01.11.2004 15:51 10368]

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [02.02.2010 22:35 123280]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [02.02.2010 22:35 41616]

R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 8:21 468224]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [17.12.2009 15:02 99152]

R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [17.12.2009 15:02 110096]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [02.02.2010 22:34 874880]

R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [02.02.2010 22:44 428160]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02.02.2010 22:32 691696]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: Bütün linkleri IDM ile indir - c:\program files\Internet Download Manager\IEGetAll.htm

IE: FLV video içeriğini IDM ile indir - c:\program files\Internet Download Manager\IEGetVL.htm

IE: IDM ile indir - c:\program files\Internet Download Manager\IEExt.htm

IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

TCP: {CF50EB28-92DF-4C91-8E8C-4997E9D7C88D} = 8.8.8.8,8.8.4.4

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4j7w56cw.default\

FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll


---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - ORPHANS REMOVED - - - -


HKLM-Run-BigDog303 - c:\windows\VM303_STI.EXE




**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-03 18:18

Windows 5.1.2600 Service Pack 3 NTFS


scanning hidden processes ...  


scanning hidden autostart entries ... 


HKLM\Software\Microsoft\Windows\CurrentVersion\Run

  HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? 

  BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@?????????????? 


scanning hidden files ...  


scan completed successfully

hidden files: 0


**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------


- - - - - - - > 'winlogon.exe'(1484)

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\antiwpa.dll

c:\windows\system32\cscui.dll


- - - - - - - > 'winlogon.exe'(348)

c:\windows\system32\SETUPAPI.dll


- - - - - - - > 'lsass.exe'(1540)

c:\windows\system32\setupapi.dll

.

Completion time: 2010-02-03  18:19:07

ComboFix-quarantined-files.txt  2010-02-03 13:49


Pre-Run: 95.443.202.048 bayt boş

Post-Run: 95.500.894.208 bayt boş


WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect


- - End Of File - - 7461C0C0E1724DAB381CA63030A5C39B[/CODE]

[aponhero]

artık hata yok teşşekür ederim

[ULUMANITU_]

Buradaki eset i kullan alt versiyonlar sorunluymuş bu konuda biraz araştırınca gördüm

 http://www.tnctr.com/index.php?showtopic=98484&st=0&p=531194entry531194[/CODE]

Nedemek ben teşekkür ederim yardımcı olduysak ne mutlu

[aponhero]

Sorun javada değil bir virüs onu kullanmaya çalışıyor sanırım sil seçeneğini kullanarak temizlenmiyormu

Combo fix ile temizleyebilirsin

Burada da kullanımı anlatılıyor

Buradaki eset i kullan alt versiyonlar sorunluymuş bu konuda biraz araştırınca gördüm

 http://www.tnctr.com/index.php?showtopic=98484&st=0&p=531194entry531194[/CODE]

Nedemek ben teşekkür ederim yardımcı olduysak ne mutlu

tekrar aynı sorun gelmeye başladı :S artık tertemiz format atıcam harici disklerimide sıfırlıcam :S

eğer buda aynı sorunu verirse

[ULUMANITU_]

Buradaki programı kur başlat hdd yi ilk aldığın hale boş ve bölümsüz hale getirir hdd satarken ve çıkmayan inatçı virüsler içinde kullanılıyorum tüm diskin üzerine yazar diske göre ortalama 30 dk falan sürer daha sonra pc yi elektrikten çek ve ramları çıkar 5 dakka sonra tak ve kur cd ile sistemi kur bazı virüsler direk bunları yapmadan kur a geçtiğinde ram ve kur dosyalarında bir şekilde yeniden hayat bulabiliyorlar aklında olsun kolay gelsin

At formatı kafan rahat etsin ozaman

http://hddguru.com/content/en/software/2006.04.12-HDD-Low-Level-Format-Tool/[/CODE]

NOT; Bu yukardaki benim uyguladğım yerine normal format da yapabilirsin sana kalmış daha önce gizli dosyaları görmemi engelleyen format attığım halde gene benim peşimi bırakmayan kendi şahsına münasır adını şimdi unuttuğum bir virüs için çözüm olmuştu aklında olsun saygılarımla

[aponhero]

Buradaki programı kur başlat hdd yi ilk aldığın hale boş ve bölümsüz hale getirir hdd satarken ve çıkmayan inatçı virüsler içinde kullanılıyorum tüm diskin üzerine yazar diske göre ortalama 30 dk falan sürer daha sonra pc yi elektrikten çek ve ramları çıkar 5 dakka sonra tak ve kur cd ile sistemi kur bazı virüsler direk bunları yapmadan kur a geçtiğinde ram ve kur dosyalarında bir şekilde yeniden hayat bulabiliyorlar aklında olsun kolay gelsin

At formatı kafan rahat etsin ozaman

http://hddguru.com/content/en/software/2006.04.12-HDD-Low-Level-Format-Tool/[/CODE]

NOT; Bu yukardaki benim uyguladğım yerine normal format da yapabilirsin sana kalmış daha önce gizli dosyaları görmemi engelleyen format attığım halde gene benim peşimi bırakmayan kendi şahsına münasır adını şimdi unuttuğum bir virüs için çözüm olmuştu aklında olsun saygılarımla

yardımların için teşekürler sounmaxp se7en edition virüslü :S

[ULUMANITU_]

Zaten virüsün adında snif geçince şüphelenmiştimde yinede konduramamıştım nalet olsun içimdeki insan sevgisine