Combofix log paylaşıyorum yol gösterin ;)

[lhiog4]

Merhaba arkadaşlar foruma da yeni üye oldum ilk konum combofix logumu değerlendirmenizi bekliyorum ne yapmam gerek

ComboFix 13-06-13.01 - win 7 15.06.2013  15:18:52.2.4 - x86Microsoft Windows 7 Ultimate   6.1.7600.0.1254.90.1055.18.3063.2199 [GMT 3:00]
Running from: c:\users\win 7\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\IB Updater\ExTEnsion32.dll
c:\program files\sXe Injected
c:\program files\sXe Injected\chrome-extension_icpgjfneehieebagbmdbhnlpiopdcmna_0.localstorage
c:\program files\sXe Injected\Chrome\chrome-extension_icpgjfneehieebagbmdbhnlpiopdcmna_0.localstorage
c:\program files\sXe Injected\chromechange.exe
c:\program files\sXe Injected\ddsxei.sys
c:\program files\sXe Injected\default.reg
c:\program files\sXe Injected\firechange.exe
c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\background.html
c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\background.js
c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\example.html
c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\icon128.png
c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\icon19.png
c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\icon200.png
c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\manifest.json
c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\options.css
c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\options.html
c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\options.js
c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\README.md
c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\redirect.html
c:\program files\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\redirect.js
c:\program files\sXe Injected\localstrike-search.xml
c:\program files\sXe Injected\newtaburl_local.xpi
c:\program files\sXe Injected\Preferences
c:\program files\sXe Injected\search.ini
c:\program files\sXe Injected\speeddial.ini
c:\program files\sXe Injected\sXe-I EULA.txt
c:\program files\sXe Injected\sXe Injected.exe
c:\program files\sXe Injected\sXe Injected.txt
c:\program files\sXe Injected\sXe.dll
c:\program files\sXe Injected\TopSites.plist
c:\program files\sXe Injected\uninstall.exe
c:\program files\sXe Injected\uninstall.ini
c:\program files\sXe Injected\Web Data
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\A997217123.exe
c:\users\win 7\AppData\Local\.#
c:\users\win 7\AppData\Local\.#\MBX@1014@D7DA40.###
c:\users\win 7\AppData\Local\.#\MBX@1014@D7DA50.###
c:\users\win 7\AppData\Local\.#\MBX@1014@D7DA70.###
c:\users\win 7\AppData\Local\.#\MBX@1014@D7DA80.###
c:\users\win 7\AppData\Local\.#\MBX@1014@D7DAC0.###
c:\users\win 7\AppData\Local\.#\MBX@1014@D7DAD0.###
c:\users\win 7\AppData\Local\.#\MBX@10A4@1FEDA40.###
c:\users\win 7\AppData\Local\.#\MBX@10A4@1FEDA50.###
c:\users\win 7\AppData\Local\.#\MBX@10A4@1FEDA70.###
c:\users\win 7\AppData\Local\.#\MBX@10A4@1FEDA80.###
c:\users\win 7\AppData\Local\.#\MBX@10A4@1FEDAC0.###
c:\users\win 7\AppData\Local\.#\MBX@10A4@1FEDAD0.###
c:\users\win 7\AppData\Local\.#\MBX@1148@B3DA40.###
c:\users\win 7\AppData\Local\.#\MBX@1148@B3DA50.###
c:\users\win 7\AppData\Local\.#\MBX@1148@B3DA70.###
c:\users\win 7\AppData\Local\.#\MBX@1148@B3DA80.###
c:\users\win 7\AppData\Local\.#\MBX@1148@B3DAC0.###
c:\users\win 7\AppData\Local\.#\MBX@1148@B3DAD0.###
c:\users\win 7\AppData\Local\.#\MBX@1184@1F9DAF0.###
c:\users\win 7\AppData\Local\.#\MBX@1184@1F9DB00.###
c:\users\win 7\AppData\Local\.#\MBX@1184@1F9DB40.###
c:\users\win 7\AppData\Local\.#\MBX@11D8@20DDA40.###
c:\users\win 7\AppData\Local\.#\MBX@11D8@20DDA50.###
c:\users\win 7\AppData\Local\.#\MBX@11D8@20DDA70.###
c:\users\win 7\AppData\Local\.#\MBX@11D8@20DDA80.###
c:\users\win 7\AppData\Local\.#\MBX@11D8@20DDAC0.###
c:\users\win 7\AppData\Local\.#\MBX@11D8@20DDAD0.###
c:\users\win 7\AppData\Local\.#\MBX@1274@1FCDA40.###
c:\users\win 7\AppData\Local\.#\MBX@1274@1FCDA50.###
c:\users\win 7\AppData\Local\.#\MBX@1274@1FCDA90.###
c:\users\win 7\AppData\Local\.#\MBX@1274@1FCDAA0.###
c:\users\win 7\AppData\Local\.#\MBX@12DC@208DA40.###
c:\users\win 7\AppData\Local\.#\MBX@12DC@208DA50.###
c:\users\win 7\AppData\Local\.#\MBX@12DC@208DA70.###
c:\users\win 7\AppData\Local\.#\MBX@12DC@208DA80.###
c:\users\win 7\AppData\Local\.#\MBX@12DC@208DAC0.###
c:\users\win 7\AppData\Local\.#\MBX@12DC@208DAD0.###
c:\users\win 7\AppData\Local\.#\MBX@1318@20C2060.###
c:\users\win 7\AppData\Local\.#\MBX@1318@20C2070.###
c:\users\win 7\AppData\Local\.#\MBX@1318@20C20B0.###
c:\users\win 7\AppData\Local\.#\MBX@1318@20C20C0.###
c:\users\win 7\AppData\Local\.#\MBX@1374@2016D80.###
c:\users\win 7\AppData\Local\.#\MBX@1374@2016D90.###
c:\users\win 7\AppData\Local\.#\MBX@1374@2016DD0.###
c:\users\win 7\AppData\Local\.#\MBX@1438@906610.###
c:\users\win 7\AppData\Local\.#\MBX@1438@906620.###
c:\users\win 7\AppData\Local\.#\MBX@1438@906660.###
c:\users\win 7\AppData\Local\.#\MBX@143C@1F8DA40.###
c:\users\win 7\AppData\Local\.#\MBX@143C@1F8DA50.###
c:\users\win 7\AppData\Local\.#\MBX@143C@1F8DA70.###
c:\users\win 7\AppData\Local\.#\MBX@143C@1F8DA80.###
c:\users\win 7\AppData\Local\.#\MBX@143C@1F8DAC0.###
c:\users\win 7\AppData\Local\.#\MBX@143C@1F8DAD0.###
c:\users\win 7\AppData\Local\.#\MBX@15E4@1DADA40.###
c:\users\win 7\AppData\Local\.#\MBX@15E4@1DADA50.###
c:\users\win 7\AppData\Local\.#\MBX@15E4@1DADA70.###
c:\users\win 7\AppData\Local\.#\MBX@15E4@1DADA80.###
c:\users\win 7\AppData\Local\.#\MBX@15E4@1DADAC0.###
c:\users\win 7\AppData\Local\.#\MBX@15E4@1DADAD0.###
c:\users\win 7\AppData\Local\.#\MBX@1664@1E6DA40.###
c:\users\win 7\AppData\Local\.#\MBX@1664@1E6DA50.###
c:\users\win 7\AppData\Local\.#\MBX@1664@1E6DA70.###
c:\users\win 7\AppData\Local\.#\MBX@1664@1E6DA80.###
c:\users\win 7\AppData\Local\.#\MBX@1664@1E6DAC0.###
c:\users\win 7\AppData\Local\.#\MBX@1664@1E6DAD0.###
c:\users\win 7\AppData\Local\.#\MBX@16A4@1F96D80.###
c:\users\win 7\AppData\Local\.#\MBX@16A4@1F96D90.###
c:\users\win 7\AppData\Local\.#\MBX@16A4@1F96DD0.###
c:\users\win 7\AppData\Local\.#\MBX@16A4@1F96DE0.###
c:\users\win 7\AppData\Local\.#\MBX@1720@2012060.###
c:\users\win 7\AppData\Local\.#\MBX@1720@2012070.###
c:\users\win 7\AppData\Local\.#\MBX@1720@20120B0.###
c:\users\win 7\AppData\Local\.#\MBX@1720@20120C0.###
c:\users\win 7\AppData\Local\.#\MBX@1724@1EBD9C8.###
c:\users\win 7\AppData\Local\.#\MBX@1724@1EBD9D8.###
c:\users\win 7\AppData\Local\.#\MBX@1724@1EBDA18.###
c:\users\win 7\AppData\Local\.#\MBX@1730@BB6D80.###
c:\users\win 7\AppData\Local\.#\MBX@1730@BB6D90.###
c:\users\win 7\AppData\Local\.#\MBX@1730@BB6DD0.###
c:\users\win 7\AppData\Local\.#\MBX@1730@BB6DE0.###
c:\users\win 7\AppData\Local\.#\MBX@1750@1E8DAF0.###
c:\users\win 7\AppData\Local\.#\MBX@1750@1E8DB00.###
c:\users\win 7\AppData\Local\.#\MBX@1750@1E8DB40.###
c:\users\win 7\AppData\Local\.#\MBX@1784@1EFDA40.###
c:\users\win 7\AppData\Local\.#\MBX@1784@1EFDA50.###
c:\users\win 7\AppData\Local\.#\MBX@1784@1EFDA70.###
c:\users\win 7\AppData\Local\.#\MBX@1784@1EFDA80.###
c:\users\win 7\AppData\Local\.#\MBX@1784@1EFDAC0.###
c:\users\win 7\AppData\Local\.#\MBX@1784@1EFDAD0.###
c:\users\win 7\AppData\Local\.#\MBX@17A8@1F7DA40.###
c:\users\win 7\AppData\Local\.#\MBX@17A8@1F7DA50.###
c:\users\win 7\AppData\Local\.#\MBX@17A8@1F7DA90.###
c:\users\win 7\AppData\Local\.#\MBX@2D0@1A1DA40.###
c:\users\win 7\AppData\Local\.#\MBX@2D0@1A1DA50.###
c:\users\win 7\AppData\Local\.#\MBX@2D0@1A1DA70.###
c:\users\win 7\AppData\Local\.#\MBX@2D0@1A1DA80.###
c:\users\win 7\AppData\Local\.#\MBX@2D0@1A1DAC0.###
c:\users\win 7\AppData\Local\.#\MBX@2D0@1A1DAD0.###
c:\users\win 7\AppData\Local\.#\MBX@2E4@174D9D8.###
c:\users\win 7\AppData\Local\.#\MBX@2E4@174D9E8.###
c:\users\win 7\AppData\Local\.#\MBX@2E4@174DA28.###
c:\users\win 7\AppData\Local\.#\MBX@2E4@174DA38.###
c:\users\win 7\AppData\Local\.#\MBX@384@1F4DA40.###
c:\users\win 7\AppData\Local\.#\MBX@384@1F4DA50.###
c:\users\win 7\AppData\Local\.#\MBX@384@1F4DA70.###
c:\users\win 7\AppData\Local\.#\MBX@384@1F4DA80.###
c:\users\win 7\AppData\Local\.#\MBX@384@1F4DAC0.###
c:\users\win 7\AppData\Local\.#\MBX@384@1F4DAD0.###
c:\users\win 7\AppData\Local\.#\MBX@3C8@B62060.###
c:\users\win 7\AppData\Local\.#\MBX@3C8@B62070.###
c:\users\win 7\AppData\Local\.#\MBX@3C8@B620B0.###
c:\users\win 7\AppData\Local\.#\MBX@3F8@1EE2010.###
c:\users\win 7\AppData\Local\.#\MBX@430@2046D80.###
c:\users\win 7\AppData\Local\.#\MBX@430@2046D90.###
c:\users\win 7\AppData\Local\.#\MBX@430@2046DD0.###
c:\users\win 7\AppData\Local\.#\MBX@51C@3A6D80.###
c:\users\win 7\AppData\Local\.#\MBX@51C@3A6D90.###
c:\users\win 7\AppData\Local\.#\MBX@51C@3A6DD0.###
c:\users\win 7\AppData\Local\.#\MBX@51C@3A6DE0.###
c:\users\win 7\AppData\Local\.#\MBX@570@161D9D8.###
c:\users\win 7\AppData\Local\.#\MBX@570@161D9E8.###
c:\users\win 7\AppData\Local\.#\MBX@570@161DA28.###
c:\users\win 7\AppData\Local\.#\MBX@76C@1F7DA40.###
c:\users\win 7\AppData\Local\.#\MBX@76C@1F7DA50.###
c:\users\win 7\AppData\Local\.#\MBX@76C@1F7DA70.###
c:\users\win 7\AppData\Local\.#\MBX@76C@1F7DA80.###
c:\users\win 7\AppData\Local\.#\MBX@76C@1F7DAC0.###
c:\users\win 7\AppData\Local\.#\MBX@76C@1F7DAD0.###
c:\users\win 7\AppData\Local\.#\MBX@784@256D80.###
c:\users\win 7\AppData\Local\.#\MBX@784@256D90.###
c:\users\win 7\AppData\Local\.#\MBX@784@256DD0.###
c:\users\win 7\AppData\Local\.#\MBX@784@256DE0.###
c:\users\win 7\AppData\Local\.#\MBX@7B8@9F6610.###
c:\users\win 7\AppData\Local\.#\MBX@7B8@9F6620.###
c:\users\win 7\AppData\Local\.#\MBX@7B8@9F6660.###
c:\users\win 7\AppData\Local\.#\MBX@810@20F6D80.###
c:\users\win 7\AppData\Local\.#\MBX@810@20F6D90.###
c:\users\win 7\AppData\Local\.#\MBX@810@20F6DD0.###
c:\users\win 7\AppData\Local\.#\MBX@810@20F6DE0.###
c:\users\win 7\AppData\Local\.#\MBX@884@1F4DA40.###
c:\users\win 7\AppData\Local\.#\MBX@884@1F4DA50.###
c:\users\win 7\AppData\Local\.#\MBX@884@1F4DA70.###
c:\users\win 7\AppData\Local\.#\MBX@884@1F4DA80.###
c:\users\win 7\AppData\Local\.#\MBX@884@1F4DAC0.###
c:\users\win 7\AppData\Local\.#\MBX@884@1F4DAD0.###
c:\users\win 7\AppData\Local\.#\MBX@A64@171DA40.###
c:\users\win 7\AppData\Local\.#\MBX@A64@171DA50.###
c:\users\win 7\AppData\Local\.#\MBX@A64@171DA70.###
c:\users\win 7\AppData\Local\.#\MBX@A64@171DA80.###
c:\users\win 7\AppData\Local\.#\MBX@A64@171DAC0.###
c:\users\win 7\AppData\Local\.#\MBX@A64@171DAD0.###
c:\users\win 7\AppData\Local\.#\MBX@A6C@2026D80.###
c:\users\win 7\AppData\Local\.#\MBX@A6C@2026D90.###
c:\users\win 7\AppData\Local\.#\MBX@A6C@2026DD0.###
c:\users\win 7\AppData\Local\.#\MBX@A6C@2026DE0.###
c:\users\win 7\AppData\Local\.#\MBX@BC4@1DCDA40.###
c:\users\win 7\AppData\Local\.#\MBX@BC4@1DCDA50.###
c:\users\win 7\AppData\Local\.#\MBX@BC4@1DCDA70.###
c:\users\win 7\AppData\Local\.#\MBX@BC4@1DCDA80.###
c:\users\win 7\AppData\Local\.#\MBX@BC4@1DCDAC0.###
c:\users\win 7\AppData\Local\.#\MBX@BC4@1DCDAD0.###
c:\users\win 7\AppData\Local\.#\MBX@C40@1DC2060.###
c:\users\win 7\AppData\Local\.#\MBX@C40@1DC2070.###
c:\users\win 7\AppData\Local\.#\MBX@C40@1DC20B0.###
c:\users\win 7\AppData\Local\.#\MBX@C64@1E8DA40.###
c:\users\win 7\AppData\Local\.#\MBX@C64@1E8DA50.###
c:\users\win 7\AppData\Local\.#\MBX@C64@1E8DA90.###
c:\users\win 7\AppData\Local\.#\MBX@C98@1E6DAF0.###
c:\users\win 7\AppData\Local\.#\MBX@C98@1E6DB00.###
c:\users\win 7\AppData\Local\.#\MBX@C98@1E6DB40.###
c:\users\win 7\AppData\Local\.#\MBX@E34@A4D9D8.###
c:\users\win 7\AppData\Local\.#\MBX@E34@A4D9E8.###
c:\users\win 7\AppData\Local\.#\MBX@E34@A4DA28.###
c:\users\win 7\AppData\Local\.#\MBX@E54@362010.###
c:\users\win 7\AppData\Local\.#\MBX@F84@1DCDA40.###
c:\users\win 7\AppData\Local\.#\MBX@F84@1DCDA50.###
c:\users\win 7\AppData\Local\.#\MBX@F84@1DCDA90.###
c:\users\win 7\AppData\Local\.#\MBX@F84@1DCDAA0.###
c:\users\win 7\AppData\Local\.#\MBX@FA8@E02010.###
c:\users\win 7\AppData\Local\.#\MBX@FD0@B62028.###
c:\users\win 7\AppData\Local\pagefile.sys
c:\users\win 7\AppData\Local\usnscv.exe
c:\users\win 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A997217123.exe
c:\users\win 7\Desktop\mage okcu\Data\Desktop_.ini
c:\users\win 7\Favorites\icfscript.html
c:\windows\QMDispatch.dll
c:\windows\scvhost.exe
c:\windows\system32\28463
c:\windows\system32\DEBUG.log
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\frapsvid.dll
c:\windows\system32\InstallDir
c:\windows\system32\setting.ini
c:\windows\system32\setup.ini
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ddsxeiservice
-------\Service_ddsxeiservice
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-15 to 2013-06-15  )))))))))))))))))))))))))))))))
.
.
2013-06-15 09:43 . 2013-06-15 09:43    --------    d-----w-    c:\program files\IObit Apps Toolbar
2013-06-15 09:43 . 2013-06-15 09:43    --------    d-----w-    c:\program files\Application Updater
2013-06-10 12:54 . 2013-06-10 12:55    --------    d-----w-    c:\program files\TeamSpeak 3 Client
2013-06-10 11:31 . 2013-06-10 11:31    --------    d-----w-    c:\program files\Ventrilo
2013-06-06 16:56 . 2013-06-06 16:56    --------    d-----w-    c:\users\win 7\AppData\Roaming\Fast Hide IP
2013-06-06 08:23 . 2013-06-06 08:23    --------    d-----w-    C:\Temp
2013-06-02 18:17 . 2013-06-02 18:17    --------    d-----w-    c:\windows\system32\jmdp
2013-05-21 15:34 . 2013-05-21 15:34    --------    d-----w-    c:\program files\Skillbrains
2013-05-21 15:34 . 2013-05-21 15:34    --------    d-----w-    c:\users\win 7\AppData\Local\Programs
2013-05-18 12:50 . 2012-12-03 11:49    670120    ----a-w-    c:\windows\system32\WibuCm32.dll
2013-05-18 12:50 . 2013-05-18 12:50    --------    d-----w-    c:\program files\CodeMeter
2013-05-18 12:50 . 2013-05-18 12:50    --------    d-----w-    c:\program files\GetData
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-18 18:44 . 2011-03-28 15:36    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-07 08:54 . 2012-12-02 15:33    1156400    ----a-w-    c:\windows\system32\dmwu.exe
2013-04-07 08:52 . 2012-12-02 15:33    27136    ----a-w-    c:\windows\system32\ImHttpComm.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"= "c:\program files\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll" [2013-06-07 1353536]
.
[HKEY_CLASSES_ROOT\clsid\{03eb0e9c-7a91-4381-a220-9b52b641cdb1}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
2013-06-07 15:28    1353536    ----a-w-    c:\program files\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"= "c:\program files\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll" [2013-06-07 1353536]
.
[HKEY_CLASSES_ROOT\clsid\{03eb0e9c-7a91-4381-a220-9b52b641cdb1}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 10:12    121528    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\win 7\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-01-15 491840]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 6\Suo10_SmartRAM.exe" [2013-01-15 547648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2009-12-20 487992]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-20 1594664]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-12-20 501640]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-12-17 4114368]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-12-17 6223808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"Adobe ARM"="c:\program files\common files\adobe\arm\1.0\adobearm.exe" [2013-04-04 958576]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2013-06-07 1302336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^zzzzzzzzzzzzzzzzcs5405.lnk]
backup=c:\windows\pss\zzzzzzzzzzzzzzzzcs5405.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Corporation.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightShot
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Msn Messsenger
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sXe Injected
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 4]
2011-05-28 11:46    412560    ----a-w-    c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe
.
R2 hshld;Hotspot Shield Service; [x]
R2 HssWd;Hotspot Shield Monitoring Service; [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys [x]
R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys [x]
R3 CnxTgNP;ZTE ZXDSL852 WAN PPPoE Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNP.sys [x]
R3 dump_wmimmc;dump_wmimmc; [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-12-30 102784]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-12-31 352768]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2010-09-08 101120]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-01-13 3963248]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-12-20 182304]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-12-20 189440]
R3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-03 1343400]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
R3 XDva385;XDva385; [x]
R3 XDva386;XDva386; [x]
R3 XDva387;XDva387; [x]
R3 XDva388;XDva388; [x]
R3 XDva396;XDva396; [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-07-13 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [2013-02-25 528192]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2013-06-07 806776]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 58680]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-08-21 133912]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2012-12-03 2571704]
S2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe [2013-04-07 1156400]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-18 9216]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-09-03 21256]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-12-20 119296]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-12-30 72832]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [2009-10-26 171776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai    REG_MULTI_SZ       Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-17 10:16]
.
2013-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3504503129-1973808351-1074768016-1000Core.job
- c:\users\win 7\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-29 17:24]
.
2013-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3504503129-1973808351-1074768016-1000UA.job
- c:\users\win 7\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-29 17:24]
.
2013-06-15 c:\windows\Tasks\update-S-1-5-21-3504503129-1973808351-1074768016-1000.job
- c:\program files\Skillbrains\Updater\Updater.exe [2013-05-21 21:26]
.
2013-06-14 c:\windows\Tasks\update-sys.job
- c:\program files\Skillbrains\Updater\Updater.exe [2013-05-21 21:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://find.localstrike.net/
mStart Page = hxxp://find.localstrike.net/
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube Download - c:\users\win 7\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Microsoft Excel'e &Ver - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\users\win 7\AppData\Roaming\Fast Hide IP\FastHideIP\FastIPLib.dll
TCP: DhcpNameServer = 192.168.43.1
TCP: Interfaces\{4B17DD2C-4172-40A5-A5B3-A7CBED52BBDA}: NameServer = 4.2.2.4
TCP: Interfaces\{B907F3E9-237D-433A-B027-7F68B7C03431}: NameServer = 208.67.220.220,208.67.222.222
TCP: Interfaces\{CEC3FE34-7FBF-441C-B0F1-3E8913ABB3E0}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{F439DB34-6F2D-4F55-A3EA-365640683D92}: NameServer = 208.67.220.220,208.67.222.222
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
BHO-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
HKLM-Run-sXe Injected - c:\program files\sXe Injected\sXe Injected.exe
MSConfigStartUp-usnscv - c:\users\win 7\AppData\Local\usnscv.exe
AddRemove-sXe Injected - c:\program files\sXe Injected\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ca0e279.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] [MENTION=83344]Deni[/MENTION]ed: (A) (Users) [MENTION=83344]Deni[/MENTION]ed: (A) (Everyone) [MENTION=53985]allo[/MENTION]wed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] [MENTION=83344]Deni[/MENTION]ed: (A) (Users) [MENTION=83344]Deni[/MENTION]ed: (A) (Everyone) [MENTION=53985]allo[/MENTION]wed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] [MENTION=83344]Deni[/MENTION]ed: (A) (Users) [MENTION=83344]Deni[/MENTION]ed: (A) (Everyone) [MENTION=53985]allo[/MENTION]wed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] [MENTION=83344]Deni[/MENTION]ed: (A) (Users) [MENTION=83344]Deni[/MENTION]ed: (A) (Everyone) [MENTION=53985]allo[/MENTION]wed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] [MENTION=83344]Deni[/MENTION]ed: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2013-06-15  15:41:10 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-15 12:41
ComboFix2.txt  2012-03-04 21:23
.
Pre-Run: 140.056.014.848 bayt boş
Post-Run: 139.605.790.720 bayt boş
.
- - End Of File - - 4C49D16A2E3DDEED51E6086D86B00F01
A36C5E4F47E84449FF07ED3517B43A31

 

[evowinds]

1- AVAST ı kaldır en azından AVIRA kur.
2- Uygunsuz sitelere girme.
3- Hile programlarını kurma.

 

[RedDevil]

Bilgisayarın gereksiz yüklü. Çoğu çerez olarak adlandırılan cookie dolu. Birde "c:\windows\scvhost.exe" trojen bulaşmış veya değiştirilmiş gibi duruyor. Birde bunlara dikkat et. Bozulmuş yada sistemle çakışmaya başlamış gibi hal almışlar.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon overlayidentifiers\00avast]
SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2013-06-07 1302336]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]

[MENTION=47793]evowinds[/MENTION] katılıyorum. Avast kaldır. Avira veya son günlerde atağa kalkan bitdefender kur.Ben kis'ciyim ama herkes sevmez Hotspot vb. ip programlarını kaldır boşuna ve gereksiz sistemi kasar. firefox için proxy eklentisi olan "Anonymox" tavsiye ederim. Asc'yi güncelleştir. Toolbarı kurma. Başlangıçta çalıştırma (sanırım laptop kullanıyorsun) zaten açılışta fazla yazılım açılıyor. Sık sık çerezleri sil. Eğer gencim ald** sitelere girerim diyorsan adblock plus kur listeleri ekle.Sonra chrome'dan "Yeni gizli pencere" modundan gir. En iyi gizlilik silen yol.

 

[giskur11]

Sxe injected counter strike için güvenlik yazılımı o toolbar gibi davranıyor anasayfa ve arama motorunu değiştiriyor açılırken chrome falan açabilir web sitesi o yüzden combofixte çıkmış.