تبلیغات :
آکوستیک ، فوم شانه تخم مرغی، صداگیر ماینر ، یونولیت
دستگاه جوجه کشی حرفه ای
فروش آنلاین لباس کودک
خرید فالوور ایرانی
خرید فالوور اینستاگرام
خرید ممبر تلگرام

[ + افزودن آگهی متنی جدید ]




نمايش نتايج 1 به 6 از 6

نام تاپيک: آیا سیستمم پاک شده؟

  1. #1
    کاربر فعال انجمن های سخت افزار و لپ تاپ afshin b's Avatar
    تاريخ عضويت
    Aug 2009
    محل سكونت
    ساری
    پست ها
    3,878

    پيش فرض آیا سیستمم پاک شده؟

    سلام
    جناب دکتر فرمودن:
    ویروسی هستید ،

    مرجع رو بخونید ، موارد ضروری رو انجام بدید ، با لاگ و ریپورت های بدست امده تاپیک جدید در اورزانس بزنید

    [ برای مشاهده لینک ، با نام کاربری خود وارد شوید یا ثبت نام کنید ]
    مرجع رو خوندم و کارای ضروری رو انجام دادم.
    ویندوز: 7 هوم
    انتی ویروس: کسپرسکی اینترنت سکیوریتی 2012


      محتوای مخفی: لاگ rkill 
    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 08/19/2011 at 2103.
    Operating System: Windows 7 Home Premium


    Processes terminated by Rkill or while it was running:

    C:\Users\Afshin\AppData\Local\Temp\Rar$DI33.080\rk ill.com


    Rkill completed on 08/19/2011 at 2121.


      محتوای مخفی: Malwarebytes Anti-Malware 
    Malwarebytes' Anti-Malware 1.51.1.1800
    کد:
    برای مشاهده محتوا ، لطفا وارد شوید یا ثبت نام کنید
    Database version: 7035

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    8/19/2011 11:00:14 PM
    mbam-log-2011-08-19 (23-00-14).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 365434
    Time elapsed: 51 minute(s), 37 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 9

    Memory Processes Infected:
    c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> 2228 -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\Run\WinDefender (Trojan.Agent.Gen) -> Value: WinDefender -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\WinDefender (Trojan.Agent.Gen) -> Value: WinDefender -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
    c:\program files (x86)\Babylon\babylon-pro\Patch.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
    c:\program files (x86)\internet download manager\Keygen.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.
    c:\program files (x86)\internet download manager\Patch.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.
    c:\Users\a\AppData\Local\Mozilla\Profiles\55zvf0wb .default\cache.trash\Trash\Cache\1\76\5A374m01 (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\a\AppData\Local\Mozilla\Profiles\55zvf0wb .default\cache.trash\Trash\Cache\4\25\10547d01 (Backdoor.RBot) -> Quarantined and deleted successfully.
    c:\Users\a\AppData\Local\Mozilla\Profiles\55zvf0wb .default\cache.trash\Trash\Cache\F\8E\C8E4Ed01 (Malware.Gen) -> Quarantined and deleted successfully.
    d:\downloads\Programs\babylon.v9.0.0.r30.inc.persi an.glossaries.full_-----------.com\Patch\Patch.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
    d:\downloads\Programs\winrar 4.00 beta 7 (32bit – 64bit)-dm999\Keygen\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.


      محتوای مخفی: Hitman 

    و کلی Tracking Cookies
    اینم نتیجه:




      محتوای مخفی: DDS 

    .
    DDS (Ver_2011-06-23.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Afshin at 2350 on 2011-08-19
    Microsoft Windows 7 Home Premium 6.1.7601.1.1256.981.1033.18.4020.2284 [GMT 4.5:30]
    .
    AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
    SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\FBAgent.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
    C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
    C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceF orPowerDVD.exe
    C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMS MonitorService.exe
    C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMS Server.exe
    C:\Windows\SysWOW64\srvany.exe
    C:\Windows\KMService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
    C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\RunDll32.exe
    C:\Program Files\SRS Labs\SRS Control Panel\srspanel_64.exe
    C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\AsScrPro.exe
    C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\Pres entationFontCache.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\firefox.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe
    C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\plugin-container.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://asus.msn.com
    uDefault_Page_URL = hxxp://asus.msn.com
    uInternet Settings,ProxyOverride = local
    mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
    BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
    BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
    TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
    mRun: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [ressources] "C:\program files\steam\ressources\ressources"
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [avp] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    dRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
    dRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Sta rtup\BLUETO~1.LNK - C:\Program Files (x86)\Lenovo\Bluetooth Software\BTTray.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
    IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
    IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
    IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    TCP: DhcpNameServer = 85.15.1.12 85.15.1.10
    TCP: Interfaces\{DE3F753C-B51D-4DA6-AB3C-68AF7967CF54} : NameServer = 85.15.1.12,85.15.1.10
    TCP: Interfaces\{DE3F753C-B51D-4DA6-AB3C-68AF7967CF54} : DhcpNameServer = 85.15.1.12 85.15.1.10
    TCP: Interfaces\{F0F06C4D-D858-48E0-9C1D-096AAC149423} : NameServer = 80.84.58.27 80.84.58.28
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    mASetup: {ED4D839B-DAFC-FD6C-6DDA-FDE6FA28FC7E} - C:\Users\Afshin\AppData\Roaming\FILENAME.exe
    BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
    BHO-X64: IDM Helper - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
    BHO-X64: IEVkbdBHO - No File
    BHO-X64: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
    BHO-X64: Babylon IE plugin: {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
    BHO-X64: Babylon IE plugin - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask Toolbar BHO - No File
    BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
    BHO-X64: link filter bho - No File
    TB-X64: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
    TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    mRun-x64: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [ressources] "C:\program files\steam\ressources\ressources"
    mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [avp] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
    IE-X64: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Afshin\AppData\Roaming\Mozilla\Firefox\Pr ofiles\febeprof.Afshin\
    FF - prefs.js: browser.startup.homepage - hxxp://www.smartwebsearch.net/index.php?from=3
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
    FF - prefs.js: network.proxy.socks - 127.0.0.1
    FF - prefs.js: network.proxy.socks_port - 3000
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullab y.sys --> C:\Windows\system32\DRIVERS\lullaby.sys [?]
    R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/06/11 1241];C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fc l [2011-6-11 148976]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe " --> C:\Windows\system32\FBAgent.exe [?]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
    R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 202296]
    R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;C:\P rogram Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceF orPowerDVD.exe [2011-6-11 83240]
    R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMS MonitorService.exe [2011-6-11 70952]
    R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMS Server.exe [2011-6-11 312616]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-30 13592]
    R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.s ys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
    R2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-4-20 8192]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-19 366640]
    R2 ntk_PowerDVD;ntk_PowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD _64.sys [2011-6-11 75248]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-5-30 2314240]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atik mdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atik mpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwa mpfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system3 2\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
    S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
    S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\ DrvAgent64.SYS [2011-4-29 21712]
    S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-2-14 14216]
    S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-2-14 8456]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssflt r.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sy s --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
    S3 LUMDriver;LUMDriver;\??\C:\Windows\system32\driver s\LUMDriver.sys --> C:\Windows\system32\drivers\LUMDriver.sys [?]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-1-9 4925184]
    S3 PSSDK42;PSSDK42;\??\C:\Windows\system32\Drivers\ps sdk42.sys --> C:\Windows\system32\Drivers\pssdk42.sys [?]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsus bflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-7 118672]
    S3 UsbFltr;WayTech USB Filter Driver;C:\Windows\system32\Drivers\UsbFltr.sys --> C:\Windows\system32\Drivers\UsbFltr.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\BatteryCare\WinRing0x64.sys [2011-5-12 14544]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;"C:\Program Files\Zune\WMZuneComm.exe" --> C:\Program Files\Zune\WMZuneComm.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-08-19 18:48:23 12872 ----a-w- C:\Windows\System32\bootdelete.exe
    2011-08-19 1707 -------- d-----w- C:\Program Files\Hitman Pro 3.5
    2011-08-19 1747 -------- d-----w- C:\Users\Afshin\AppData\Roaming\Malwarebytes
    2011-08-19 1737 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-08-19 1731 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-08-19 14:48:12 -------- d-----w- C:\Users\Afshin\AppData\Local\VirtualStore
    2011-08-19 0614 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FA2B7193-C971-4DBC-97FA-E1271CA45F74}\mpengine.dll
    2011-08-18 0624 -------- d-----w- C:\Users\Afshin\AppData\Local\PunkBuster
    2011-08-17 19:57:34 -------- d-----w- C:\Users\Afshin\AppData\Local\Broadcom
    2011-08-17 19:00:20 -------- d-----w- C:\Users\Afshin\AppData\Local\Microsoft Games
    2011-08-17 1802 -------- d-----w- C:\Users\Afshin\AppData\Local\ASUS
    2011-08-17 17:04:21 -------- d-----w- C:\Users\Afshin\AppData\Roaming\COWON
    2011-08-17 13:56:57 -------- d-----w- C:\Users\Afshin\AppData\Local\Adobe
    2011-08-17 08:48:25 454952 ----a-w- C:\Windows\System32\mss32.dll
    2011-08-17 0850 -------- d-----w- C:\Program Files (x86)\Ask.com
    2011-08-17 0805 -------- d-----w- C:\Users\Afshin\AppData\Roaming\Intel Corporation
    2011-08-13 1813 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
    2011-08-13 1810 -------- d-----w- C:\Program Files (x86)\Steam
    2011-08-12 13:04:02 -------- d-----w- C:\FakeDir
    2011-08-10 0517 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-08-10 0516 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-08-10 0516 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-07-31 13:03:45 -------- d-----w- C:\Program Files (x86)\AMD APP
    2011-07-31 13:03:39 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
    2011-07-31 13:03:39 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
    2011-07-30 0523 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
    2011-07-30 05:43:19 557848 ----a-w- C:\Windows\System32\drivers\iaStor.sys
    2011-07-30 0516 -------- d-----w- C:\Windows\SysWow64\Atheros_L1e
    2011-07-30 0544 77936 ----a-w- C:\Windows\System32\drivers\L1C62x64.sys
    2011-07-30 0528 39464 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys
    2011-07-30 0528 349736 ----a-w- C:\Windows\System32\drivers\btwampfl.sys
    2011-07-30 0528 22056 ----a-w- C:\Windows\System32\btwcoins.dll
    2011-07-30 0528 21416 ----a-w- C:\Windows\System32\drivers\btwrchid.sys
    2011-07-30 0528 138280 ----a-w- C:\Windows\System32\drivers\btwavdt.sys
    2011-07-30 0528 106536 ----a-w- C:\Windows\System32\drivers\btwaudio.sys
    2011-07-30 0552 -------- d-----w- C:\Program Files\Lenovo
    2011-07-30 0552 443040 ----a-w- C:\Windows\System32\athihvs.dll
    2011-07-30 0550 -------- d-----w- C:\Program Files\SRS Labs
    2011-07-30 0519 -------- d-----w- C:\Windows\SysWow64\RTCOM
    2011-07-30 0535 2085440 ----a-w- C:\Windows\System32\FMAPO64.dll
    2011-07-30 0525 200800 ----a-w- C:\Windows\System32\AERTAC64.dll
    2011-07-30 0525 108960 ----a-w- C:\Windows\System32\AERTAR64.dll
    2011-07-30 0516 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\ISBEW64.exe
    2011-07-30 0515 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\iKernel.dll
    2011-07-30 0515 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\ctor.dll
    2011-07-30 0515 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\DotNetInstaller.exe
    2011-07-30 0515 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps. dll
    2011-07-30 0515 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\iscript.dll
    2011-07-30 0515 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\iuser.dll
    2011-07-30 0514 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\iGdi.dll
    2011-07-30 0513 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\setup.dll
    2011-07-25 06:30:18 -------- d-----w- C:\Program Files\Babylon
    2011-07-25 06:30:18 -------- d-----w- C:\Program Files (x86)\Babylon
    2011-07-25 0641 -------- d-----w- C:\ProgramData\Babylon
    2011-07-21 2052 64000 ----a-w- C:\Windows\System32\steam_api.dll
    .
    ==================== Find3M ====================
    .
    2011-08-19 1838 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
    2011-08-19 14:50:57 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2011-08-19 14:50:57 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2011-08-19 13:54:39 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2011-08-14 08:02:50 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2011-08-11 1634 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex1
    2011-07-22 0523 2303488 ----a-w- C:\Windows\System32\jscript9.dll
    2011-07-22 0516 1389056 ----a-w- C:\Windows\System32\wininet.dll
    2011-07-22 0540 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-07-22 0236 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-07-16 0550 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2011-07-16 0549 243200 ----a-w- C:\Windows\System32\wow64.dll
    2011-07-16 0549 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2011-07-16 0510 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2011-07-16 0512 421888 ----a-w- C:\Windows\System32\KernelBase.dll
    2011-07-16 0419 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2011-07-16 0400 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2011-07-16 0437 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2011-07-16 0423 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2011-07-16 0422 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2011-07-16 0244 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2011-07-16 0241 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2011-07-16 0219 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 0219 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 0219 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 0219 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-07-09 0228 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-07-08 0450 9884672 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2011-07-08 03:54:26 23385600 ----a-w- C:\Windows\System32\atio6axx.dll
    2011-07-08 0328 17940992 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2011-07-08 0354 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
    2011-07-08 0344 689152 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2011-07-08 0326 814592 ----a-w- C:\Windows\System32\aticfx64.dll
    2011-07-08 0348 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2011-07-08 0338 485376 ----a-w- C:\Windows\System32\atieclxx.exe
    2011-07-08 0302 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
    2011-07-08 0348 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2011-07-08 0332 423424 ----a-w- C:\Windows\System32\atipdl64.dll
    2011-07-08 0326 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
    2011-07-08 0314 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
    2011-07-08 0308 16384 ----a-w- C:\Windows\System32\atimuixx.dll
    2011-07-08 0304 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2011-07-08 0358 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2011-07-08 0350 4275712 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2011-07-08 0338 5072896 ----a-w- C:\Windows\System32\atidxx64.dll
    2011-07-08 03:06:10 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
    2011-07-08 03:05:46 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
    2011-07-08 03:05:34 3848704 ----a-w- C:\Windows\System32\atiumd6a.dll
    2011-07-08 03:02:08 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2011-07-08 03:02:06 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2011-07-08 03:01:58 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2011-07-08 03:01:58 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2011-07-08 03:01:46 8134656 ----a-w- C:\Windows\System32\aticaldd64.dll
    2011-07-08 03:00:34 4367360 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2011-07-08 02:58:52 6740480 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2011-07-08 02:55:56 4039680 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2011-07-08 02:54:30 58880 ----a-w- C:\Windows\System32\coinst.dll
    2011-07-08 02:54:22 5540864 ----a-w- C:\Windows\System32\atiumd64.dll
    2011-07-08 0242 375808 ----a-w- C:\Windows\System32\atiadlxx.dll
    2011-07-08 0234 266240 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2011-07-08 0224 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
    2011-07-08 0220 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2011-07-08 0220 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
    2011-07-08 0218 39936 ----a-w- C:\Windows\System32\atig6txx.dll
    2011-07-08 0210 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2011-07-08 0204 307712 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2011-07-08 0220 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
    2011-07-08 0214 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2011-07-08 0206 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
    2011-07-08 0258 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2011-07-08 0210 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2011-07-08 0202 53760 ----a-w- C:\Windows\System32\atimpc64.dll
    2011-07-08 0202 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
    2011-07-08 0248 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2011-07-08 0248 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2011-07-07 19:07:30 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
    2011-07-07 19:07:28 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2011-07-07 19:06:58 16907776 ----a-w- C:\Windows\System32\amdocl64.dll
    2011-07-07 19:06:46 13904896 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2011-07-06 1542 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-07-06 1542 145008 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
    2011-06-24 0553 214528 ----a-w- C:\Windows\System32\winsrv.dll
    2011-06-24 0549 338432 ----a-w- C:\Windows\System32\conhost.exe
    2011-06-21 0600 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-06-15 23:04:06 79872 ----a-w- C:\Windows\SysWow64\SlotMaximizerAg.dll
    2011-06-15 23:04:06 2971648 ----a-w- C:\Windows\System32\SlotMaximizerBe.dll
    2011-06-15 23:04:06 2117632 ----a-w- C:\Windows\SysWow64\SlotMaximizerBe.dll
    2011-06-15 23:04:06 105984 ----a-w- C:\Windows\System32\SlotMaximizerAg.dll
    2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
    2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
    2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
    2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
    2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
    2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
    2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
    2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
    2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
    2011-06-14 1246 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
    .
    ============= FINISH: 2311.40 ===============



      محتوای مخفی: Attach 
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/14/2010 8:09:35 PM
    System Uptime: 8/19/2011 11:02:43 PM (0 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc. | | N61Jq
    Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz | Socket 989 | 1600/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 47.397 GiB free.
    D: is FIXED (NTFS) - 431 GiB total, 51.031 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Bluetooth Device (Personal Area Network)
    Device ID: BTH\MS_BTHPAN\7&3437BCC6&0&2
    Manufacturer: Microsoft
    Name: Bluetooth Device (Personal Area Network)
    PNP Device ID: BTH\MS_BTHPAN\7&3437BCC6&0&2
    Service: BthPan
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&007C\8&1C86C5E3&0&0 01FDF849966_C00000001
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&007C\8&1C86C5E3&0&0 01FDF849966_C00000001
    Service:
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
    Device ID: PCI\VEN_1969&DEV_1063&SUBSYS_18201043&REV_C0\FF6CB 29D485B39FF00
    Manufacturer: Atheros
    Name: Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
    PNP Device ID: PCI\VEN_1969&DEV_1063&SUBSYS_18201043&REV_C0\FF6CB 29D485B39FF00
    Service: L1C
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&006E\8&1C86C5E3&0&0 025CF733991_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&006E\8&1C86C5E3&0&0 025CF733991_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&007C\8&1C86C5E3&0&0 01FDF849966_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&007C\8&1C86C5E3&0&0 01FDF849966_C00000000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP274: 8/13/2011 1127 PM - Installed Steam
    RP275: 8/14/2011 128 AM - Installed Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
    RP276: 8/14/2011 159 AM - Installed Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
    RP277: 8/14/2011 1:43:27 AM - Installed Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
    RP278: 8/14/2011 145 AM - Installed Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
    RP279: 8/14/2011 115 AM - Installed Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer;‏tai €B?ے^
    RP280: 8/14/2011 355 AM - Installed DirectX
    RP268: 8/15/2011 122 PM - Installed Call of Duty(R) - World at War(TM) 1.7 Patch
    RP269: 8/16/2011 1:04:44 AM - Removed WD SmartWare
    RP270: 8/19/2011 11:00:19 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.1.0)
    Alcor Micro USB Card Reader
    Angry Birds Rio
    Ashampoo Burning Studio 10.0.1
    Ask Toolbar
    ASUS AI Recovery
    ASUS AP Bank
    ASUS CopyProtect
    ASUS FancyStart
    ASUS LifeFrame3
    ASUS MultiFrame
    ASUS SmartLogon
    ASUS Splendid Video Enhancement Technology
    ASUS Virtual Camera
    ASUS WebStorage
    ASUS_N_Series_Screensaver
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Atheros Driver Installation Program
    ATK Package
    AVS4YOU Software Navigator 1.4
    Babylon
    BatteryCare 0.9.8.5
    Boingo Wi-Fi
    Call of Duty(R) - World at War(TM)
    Call of Duty(R) 4 - Modern Warfare(TM)
    Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
    Call of Duty: Black Ops
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help English
    Choice Guard
    ControlDeck
    COWON Media Center - jetAudio Plus VX
    CyberLink PowerDVD 11
    DVDVideoSoftTB Toolbar
    EASEUS Partition Master 7.0.1 Server Edition
    EVEREST Ultimate Edition v5.50
    Express Gate
    Fraps (remove only)
    Free Video to MP3 Converter version 4.2.14
    Gadget
    Google Toolbar for Internet Explorer
    Grand Theft Auto IV
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Internet Download Manager
    IRSpeedyDownloadManager
    Java Auto Updater
    Java(TM) 6 Update 23
    Junk Mail filter update
    Kaspersky Internet Security 2011
    Kaspersky Internet Security 2012
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office Live Add-in 1.3
    Microsoft Office Outlook Connector
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 6.0 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP3 Parser (KB973685)
    NVIDIA PhysX
    OpenAL
    Power Data Recovery 4.1.2
    Punkbuster Got Busted v1.5
    PunkBuster Services
    Rapture3D 2.4.4 Game
    Realtek High Definition Audio Driver
    Renesas Electronics USB 3.0 Host Controller Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Steam
    Subtitle Workshop 2.51
    The KMPlayer (remove only)
    Uninstall 1.0.0.1
    VBA (3821b)
    VirtualCloneDrive
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Player Firefox Plugin
    WinFlash
    Wireless Console 3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/19/2011 7:54:13 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={7AC66914-79B7-4232-B957-8AC2168BEE8A}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A socket operation was attempted to an unreachable network.
    8/19/2011 7:50:24 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={95AA1271-E9F3-4E27-BEE6-B917A5FEC18B}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A socket operation was attempted to an unreachable network.
    8/19/2011 11:05:20 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={57317CF4-EB10-4EDF-9C35-7CF7CB116489}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. The remote computer refused the network connection.
    8/19/2011 11:04:34 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={007D794F-78A9-4B70-80F2-8F3B95E9032D}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A socket operation was attempted to an unreachable network.
    8/19/2011 11:03:41 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={A53736E7-EFBC-413E-AD90-04A959479776}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. The remote computer refused the network connection.
    8/19/2011 11:03:03 PM, Error: Service Control Manager [7000] - The 6077757b service failed to start due to the following error: The system cannot find the file specified.
    8/19/2011 11:02:29 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={ACABEBE5-52C4-431C-B0FE-CDAA0AA4DA86}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A socket operation was attempted to an unreachable network.
    8/19/2011 10:52:14 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={CD4FFE0C-1219-471D-9B6C-43CEDDD950D2}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A socket operation was attempted to an unreachable network.
    8/19/2011 157 AM, Error: EventLog [6008] - The previous system shutdown at 117 AM on ‎8/‎19/‎2011 was unexpected.
    8/19/2011 138 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={1CBD90DC-B04C-40B8-9DFE-7437FD025B4A}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A socket operation was attempted to an unreachable network.
    8/19/2011 122 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={F92EB886-D151-4365-9859-081B81A32A39}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A socket operation was attempted to an unreachable network.
    8/19/2011 106 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={D038A5BF-7931-4612-86AD-E4052AC81DAE}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. The remote computer refused the network connection.
    8/18/2011 8:06:45 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={3BC708C8-8B68-43A4-96C5-2BC8C2992A7E}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A socket operation was attempted to an unreachable network.
    8/18/2011 10:54:33 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={7D83DCE8-8793-402D-8864-3EF335A15BBC}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. The remote computer refused the network connection.
    8/18/2011 10:53:19 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={74FBC7B8-DCE7-4B05-90FE-5B6867609FDC}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A socket operation was attempted to an unreachable network.
    8/17/2011 9:30:50 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
    8/17/2011 1012 AM, Error: EventLog [6008] - The previous system shutdown at 1054 AM on ‎8/‎17/‎2011 was unexpected.
    8/16/2011 234 AM, Error: EventLog [6008] - The previous system shutdown at 222 AM on ‎8/‎16/‎2011 was unexpected.
    8/16/2011 12:58:21 AM, Error: EventLog [6008] - The previous system shutdown at 12:54:11 AM on ‎8/‎16/‎2011 was unexpected.
    8/16/2011 1206 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WD File Management Shadow Engine service to connect.
    8/16/2011 1206 AM, Error: Service Control Manager [7000] - The WD File Management Shadow Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/16/2011 1206 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    8/16/2011 1250 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    8/16/2011 1250 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    8/16/2011 1247 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    8/16/2011 1247 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    8/16/2011 1246 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    8/16/2011 1240 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    8/16/2011 1211 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache ElbyCDIO kl2 KLIF KLIM6 NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
    8/16/2011 1210 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/16/2011 1210 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    8/16/2011 1210 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    8/16/2011 1210 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    8/16/2011 1210 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    8/16/2011 1210 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    8/16/2011 1210 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/16/2011 1210 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/16/2011 1210 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/16/2011 1210 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    8/16/2011 1208 AM, Error: EventLog [6008] - The previous system shutdown at 1252 AM on ‎8/‎16/‎2011 was unexpected.
    8/16/2011 1226 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Type with the following error: Access is denied.
    8/16/2011 12:30:32 AM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {995C996E-D918-4A8C-A302-45719A6F4EA7} as /. The error: "5" Happened while starting this command: C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
    8/16/2011 1202 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
    8/16/2011 1211 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
    8/16/2011 1240 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {DF390AA1-1E65-4825-B8E7-BE6B47BD56B8}. The error: "5" Happened while starting this command: "C:\Program Files (x86)\Babylon\Babylon-Pro\TC\BabylonTC.exe" -Embedding
    8/16/2011 12:08:30 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error: "5" Happened while starting this command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
    8/15/2011 5:56:29 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={D3028571-C8E2-4BBE-AFC4-631EA87E6333}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
    8/15/2011 2:04:29 PM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.
    8/15/2011 1234 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={1A32DE9F-1B2B-4A82-A5CC-D0AABF8040A5}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. No connection could be made because the target machine actively refused it.
    8/15/2011 1233 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={BE4F0FB4-C197-40B6-9DE2-730502DBEF0D}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. No connection could be made because the target machine actively refused it.
    8/14/2011 303 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={5418FC4D-1B84-4E16-B2EA-A9899593C731}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
    8/13/2011 846 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={1685B972-A391-41A1-9B36-83F602E475CB}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. No connection could be made because the target machine actively refused it.
    8/13/2011 4:50:27 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-2147416365
    8/13/2011 430 AM, Error: EventLog [6008] - The previous system shutdown at 217 AM on ‎8/‎13/‎2011 was unexpected.
    8/13/2011 1121 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={068F2C5D-F184-44B4-A278-7FB8862754D7}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. No connection could be made because the target machine actively refused it.
    8/13/2011 10:08:01 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={7FE051AC-0489-48B5-9805-CE424FC87DF2}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. No connection could be made because the target machine actively refused it.
    8/12/2011 7:08:20 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={6B8748F6-C2E1-4B40-BB5D-118127BD21D2}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A socket operation was attempted to an unreachable network.
    8/12/2011 516 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={5CA276DE-6F68-4C23-9CFA-3214DF7A1165}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A socket operation was attempted to an unreachable network.
    8/12/2011 513 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={7A0C9336-544B-4B4C-BD0C-9092952D09B3}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A socket operation was attempted to an unreachable network.
    8/12/2011 2:49:40 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={77FC117D-A6EC-42B5-87B6-B8FFEBEE16DA}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A socket operation was attempted to an unreachable network.
    8/12/2011 1137 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={01E9B02D-E694-4E12-9FC7-003C34F8FCD6}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A socket operation was attempted to an unreachable network.
    8/12/2011 1156 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WD File Management Engine service to connect.
    8/12/2011 1156 AM, Error: Service Control Manager [7000] - The WD File Management Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================


    خیلی ممنون از زحماتتون، دکتر عزیز.
    حالا سیستم من پاک هست یا بازم امکان آلودگی هست؟

    ادیت:
    امروز صبح با Malwarebytes' Anti-Malware یه فلش اسکن کردم، دوتا فایل آلوده پیدا کرد:
      محتوای مخفی: لاگ 
    Malwarebytes' Anti-Malware 1.51.1.1800
    کد:
    برای مشاهده محتوا ، لطفا وارد شوید یا ثبت نام کنید
    Database version: 7509

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    8/20/2011 11:01:41 AM
    mbam-log-2011-08-20 (11-01-41).txt

    Scan type: Flash scan
    Objects scanned: 161780
    Time elapsed: 29 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> 2256 -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
    Last edited by afshin b; 20-08-2011 at 10:07.

  2. #2
    حـــــرفـه ای Dr Hannibal's Avatar
    تاريخ عضويت
    Feb 2010
    محل سكونت
    Sandbox
    پست ها
    4,176

    پيش فرض

    سلام

    خیلی خوب انجام دادی مراحل رو ، کاشکی اکثر کاربرا این شکل رعایت کنند.

    100% نمیشه گفت هیچ فایل آلوده ای روی سیستم نباشه ، اما کاملا مشخصه حداقل بخش اعظم آلودگی رفع شده.

    سوال:

    1_ این اتفاق ( آلودگی ) برای کی بوده ، یعنی چند روز پیش اتفاق افتاده ؟

    2_ خودتون مورد مشکوکی مثل ، هنگ مروگرها ، سنگین شدن سیستم مشاهده نمیکنید ؟

  3. 2 کاربر از Dr Hannibal بخاطر این مطلب مفید تشکر کرده اند


  4. #3
    کاربر فعال انجمن های سخت افزار و لپ تاپ afshin b's Avatar
    تاريخ عضويت
    Aug 2009
    محل سكونت
    ساری
    پست ها
    3,878

    پيش فرض

    والله چون کسپر برنامه سنگینیه من معمولا میبستمش و هروقت بهش نیاز داشتم یا میخواستم آپدیتش کنم بازش میکردم. که میدونم کارم خیلی اشتباه بود و الان دیگه نمیبندمش. ویروسی شدنم هم برای همینه.
    فکر کنم حدودا یک هفته ای میشه.
    تسک منجرم رو از کار انداخته بود. یه مدتی توی هر سایتی میرفتم لاگین نبودم و باید لاگین میشدم. مثل یاهو و همین فروم و.. اما الان هیچ مشکلی نمی بینم.

  5. #4
    حـــــرفـه ای Dr Hannibal's Avatar
    تاريخ عضويت
    Feb 2010
    محل سكونت
    Sandbox
    پست ها
    4,176

    پيش فرض

    این فایل هایی که اینجا میذارم در صورت وجود توی ویروس توتال آپلود کنید. اگر پیامی داد که قبلا ارسال شده شما reanalysis کنید. دقت کنید شما کافیه توی پست بعدی این 4 url رو از نتیجه اسکن بذارید.

    کد:
    برای مشاهده محتوا ، لطفا وارد شوید یا ثبت نام کنید
    کد:
    برای مشاهده محتوا ، لطفا وارد شوید یا ثبت نام کنید
    موفق باشید

  6. این کاربر از Dr Hannibal بخاطر این مطلب مفید تشکر کرده است


  7. #5
    کاربر فعال انجمن های سخت افزار و لپ تاپ afshin b's Avatar
    تاريخ عضويت
    Aug 2009
    محل سكونت
    ساری
    پست ها
    3,878

    پيش فرض

    خدارو شکر همه Clean هستن.
    کد:
    برای مشاهده محتوا ، لطفا وارد شوید یا ثبت نام کنید
    راستی این برنامه Malwarebytes' Anti-Malware فایل ها رو قرنتینه کرده، بزارم باشن یا پاکشون کنم؟

  8. #6
    حـــــرفـه ای Dr Hannibal's Avatar
    تاريخ عضويت
    Feb 2010
    محل سكونت
    Sandbox
    پست ها
    4,176

    پيش فرض

    خدارو شکر همه Clean هستن.
    کد:
    برای مشاهده محتوا ، لطفا وارد شوید یا ثبت نام کنید
    راستی این برنامه Malwarebytes' Anti-Malware فایل ها رو قرنتینه کرده، بزارم باشن یا پاکشون کنم؟
    خوبه ،

    بله پاک کنید.

    اگه مورد مشکوکی بوجود اومد خبر بدید.

    موفق باشید

  9. این کاربر از Dr Hannibal بخاطر این مطلب مفید تشکر کرده است


Thread Information

Users Browsing this Thread

هم اکنون 1 کاربر در حال مشاهده این تاپیک میباشد. (0 کاربر عضو شده و 1 مهمان)

User Tag List

قوانين ايجاد تاپيک در انجمن

  • شما نمی توانید تاپیک ایحاد کنید
  • شما نمی توانید پاسخی ارسال کنید
  • شما نمی توانید فایل پیوست کنید
  • شما نمی توانید پاسخ خود را ویرایش کنید
  •