bu trojan nasıl silinir?

[saureus]

kaspersky iki gün önce makinada 2 trojan buldu birini temizledi ancak diğerini "bilgisayar yeniden başlatıldıktan sonra silinecek" demesine rağmen restartdan sonra bi türlü silmiyor,sabit başlıkta flecthin anlattıklarıyla da olmadı,daha doğrusu onun bahsettikleri bende çıkmadı aşağıya ayrıntıları yazıcam yardımcı olabilirseniz sevinirim.

Truva Atı Programı Traojan.Win32.Patched.hp C:\Windows\System32\scf_os.dll

 

[chino13]

internetden combofix indir. onla tarattır büyük ihtimalle siler.

 

[pastella82]

işletim sistemin orjinal ise microsoft security essentials i indir bi dene ..

 

[#karizma#]

avira veya g data antivirüs programları ile işletim sistemini tarat.sonucu buraya yaz.

 

[Otium]

ComboFix ile taratın, raporu buraya yapıştırıp gönderin, yardımcı olacağım.

 

[saureus]

ComboFix 09-10-28.08 - Administrator 30.10.2009 1:08.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1254.90.1055.18.511.185 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\install\install.exe
c:\program files\KolayBAR\tbHElper.dll
c:\windows\system32\ieuinit.inf
c:\windows\system32\msconfig.exe
c:\windows\system32\scrrntr.dll
.
---- Previous Run -------
.
c:\install\install.exe
c:\program files\KolayBAR\tbHElper.dll
c:\windows\system32\ieuinit.inf
c:\windows\system32\msconfig.exe
c:\windows\system32\scrrntr.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-29 )))))))))))))))))))))))))))))))
.

2009-10-29 22:50 . 2009-10-29 22:50 -------- d-----w- c:\windows\system32\xircom
2009-10-29 22:50 . 2009-10-29 22:50 -------- d-----w- c:\windows\system32\wbem\snmp
2009-10-29 22:50 . 2009-10-29 22:50 -------- d-----w- c:\windows\system32\oobe
2009-10-29 22:50 . 2009-10-29 22:50 -------- d-----w- c:\windows\srchasst
2009-10-29 22:50 . 2009-10-29 22:50 -------- d-----w- c:\program files\microsoft frontpage
2009-10-29 22:49 . 2009-10-29 22:49 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-29 22:49 . 2009-10-29 22:53 -------- d-----w- c:\windows\LastGood
2009-10-29 22:33 . 2009-10-29 22:49 -------- d-----w- C:\ComboFix(2)
2009-10-28 16:17 . 2009-10-28 16:17 -------- d-----w- c:\program files\Pikatel Test ve Surum Araci
2009-10-28 15:39 . 2009-10-28 15:39 -------- d-----w- c:\program files\Pikatel KKP ComboMax
2009-10-17 14:30 . 2009-10-17 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-10-08 03:58 . 2004-08-03 20:00 149376 ----a-w- c:\windows\system32\drivers\tffsport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-29 23:16 . 2009-05-30 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-10-29 23:14 . 2009-08-05 12:27 3659296 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-29 23:14 . 2009-08-05 12:27 33860 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-29 23:14 . 2009-08-05 12:27 3024 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-10-29 23:14 . 2009-08-05 12:27 262176 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-29 23:13 . 2009-06-10 15:31 -------- d-----w- c:\program files\KolayBAR
2009-10-29 23:00 . 2009-10-29 23:00 2066 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-10-29 23:00 . 2001-11-22 14:00 59860 ----a-w- c:\windows\system32\perfc01F.dat
2009-10-29 23:00 . 2001-11-22 14:00 366656 ----a-w- c:\windows\system32\perfh01F.dat
2009-10-29 22:59 . 2008-01-29 14:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-10-29 22:59 . 2009-08-05 12:27 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-29 22:59 . 2009-08-05 12:27 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-29 22:46 . 2006-11-06 14:00 139264 ----a-w- c:\windows\system32\sfc_os.dll
2009-10-17 14:41 . 2009-07-23 18:40 -------- d-----w- c:\program files\Philips Intelligent Agent
2009-10-17 14:36 . 2009-07-23 18:32 -------- d-----w- c:\program files\Common Files\Ahead
2009-10-17 12:12 . 2009-06-02 17:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWire
2009-09-26 09:52 . 2009-05-30 20:03 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-09-01 22:14 . 2009-05-31 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-09-01 22:12 . 2009-06-28 10:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Canon
2009-09-01 20:21 . 2009-05-30 20:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\BSplayer PRO
2009-08-05 11:14 . 2009-06-03 18:51 19064 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

[-] 2006-11-06 . C7BE59B07C6EB74BEA6FD67C1B164015 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys

[-] 2006-11-06 . 39128B5A743545BAEDD3984C210F00A8 . 77824 . . [5.1.2600.2586] . . c:\windows\system32\browser.dll

[-] 2006-11-06 . 3D626F93DA9AC10D0304E9FB11FDB0C9 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll

[-] 2006-11-06 . DE4635BDCC0E9F35A8ECD442DED48D15 . 398848 . . [5.1.2600.2846] . . c:\windows\system32\rpcss.dll

[-] 2006-11-06 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe

[-] 2006-11-06 . D26B1F1B7CC58EB15A0852B368741AE9 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2006-11-06 . 87F3E2D2A3231F820F9248DB90090F42 . 62464 . . [5.1.2600.2845] . . c:\windows\system32\cryptsvc.dll

[-] 2006-11-06 13:36 . B4E857FB69E5280A120ACB0090563DAC . 243200 . . [2001.12.4414.310] . . c:\windows\system32\es.dll

[-] 2006-11-06 . 9554BA931E01B093C3826425B30DB36C . 958976 . . [5.1.2600.2991] . . c:\windows\system32\kernel32.dll

[-] 2006-11-06 . 6BE2A0944E868D8C9E72E0F327C524AC . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll

[-] 2006-11-16 . 02E67CAB6E6681F37991F05A6F419179 . 3079680 . . [6.00.2900.2995] . . c:\windows\system32\mshtml.dll

[-] 2006-11-06 . 18CEAAD277D62D4B9841E7886AC1799C . 2138112 . . [5.1.2600.2774] . . c:\windows\system32\ntoskrnl.exe

[-] 2006-11-06 . AD49666CC284E2F546747D527E7B34CB . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll

[-] 2006-11-06 . 5EAA22B4862D42DD073D2E437FE07272 . 577536 . . [5.1.2600.2622] . . c:\windows\system32\user32.dll

[-] 2006-11-16 . 9B6829715631F1890D14AF045730ABBB . 664064 . . [6.00.2900.2995] . . c:\windows\system32\wininet.dll

[-] 2006-11-06 . 882084AF9070B05B67F08855858CAB31 . 1183232 . . [6.00.2900.2649] . . c:\windows\explorer.exe


[-] 2006-07-24 01:27 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\LastGood\system32\drivers\aec.sys
[-] 2006-07-23 22:27 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys

[-] 2006-11-06 13:49 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\mspmsnsv.dll

[-] 2006-11-25 . 1C176A013DB646402B74AB804F037569 . 2017280 . . [5.1.2600.2774] . . c:\windows\system32\ntkrnlpa.exe

c:\windows\system32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1625E45B-2FFC-4882-980A-C2AC7EEFACC8}]
2009-01-31 23:45 2586624 ----a-w- c:\program files\KolayBAR\kolaybar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0557E456-054D-4C3A-B501-2CC437256230}"= "c:\program files\KolayBAR\kolaybar.dll" [2009-01-31 2586624]

[HKEY_CLASSES_ROOT\clsid\{0557e456-054d-4c3a-b501-2cc437256230}]
[HKEY_CLASSES_ROOT\TBSB01537.TBSB01537.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB01537.TBSB01537]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{0557E456-054D-4C3A-B501-2CC437256230}"= "c:\program files\KolayBAR\kolaybar.dll" [2009-01-31 2586624]

[HKEY_CLASSES_ROOT\clsid\{0557e456-054d-4c3a-b501-2cc437256230}]
[HKEY_CLASSES_ROOT\TBSB01537.TBSB01537.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB01537.TBSB01537]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Philips Intelligent Agent"="NOT_IN_USE_DUMMY_PATH" [X]
"Active Desktop Calendar"="c:\program files\XemiComputers\Active Desktop Calendar\ADC.exe" [2008-12-09 4479488]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-22 149040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-03 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-03 86016]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-08-05 208616]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-15 153136]
"CARPService"="carpserv.exe" - c:\windows\system32\carpserv.exe [2003-03-19 4608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Set Visual Effects"="SetVisualEffects.exe" - c:\windows\system32\SETVISUALEFFECTS.EXE [2004-10-16 77824]

c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29.01.2008 16:29 33808]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [08.10.2009 05:58 149376]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13.03.2008 17:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30.04.2008 17:06 24592]
S2 InstallShield;InstallShield;c:\windows\system32\setupreg.exe [26.11.2006 13:38 36864]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - HELPSVC
*NewlyCreated* - MBR
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Banner Ad Blocker’a ekle - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pr35fsf7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.tr/
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-10-30 01:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\cscui.dll

- - - - - - - > 'explorer.exe'(1200)
c:\windows\System32\cscui.dll
c:\program files\XemiComputers\Active Desktop Calendar\MouseHook.dll
c:\windows\system32\NETSHELL.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2009-10-29 1:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-29 23:19

Pre-Run: 13.459.042.304 bayt boş
Post-Run: 13.445.177.344 bayt boş

- - End Of File - - 28DD56ECBCE5D9D1A1DFFE3A0C6C5B28