[تم حل المشكلة]اريد حل من هذا الملف linkinfo.dll

[الفهد الجريح]

السلام عليكم
يا اخوان اريد حل من هذا الفايروس الخبيث
linkinfo.dll

 

[ابـــو عــبــد الــلــه]

وعليكم السلام

​

حمل هذا الآداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
أتمنى منك الصبر حتى يتم تحليل التقرير​

 

[الفهد الجريح]

تفضل
Logfile of HijackThis v1.99.1
Scan saved at 01:02:31 ص, on 05/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AirLive WL-5480USB WLAN USB\AirLive WL-5480USB WLAN USB\WlanUtil.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\GUARDGUI.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\GUARDGUI.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Administrator\سطح المكتب\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Documents and Settings\Administrator\سطح المكتب\Portable Kaspersky Antivirus 7.0.0.120\Kaspersky 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: AirLive WL-5480USB WLAN USB Utility.lnk = C:\Program Files\AirLive WL-5480USB WLAN USB\AirLive WL-5480USB WLAN USB\WlanUtil.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: avp - Unknown owner - C:\Documents and Settings\Administrator\سطح المكتب\Portable Kaspersky Antivirus 7.0.0.120\Kaspersky 7.0\avp.exe" -r (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

 

[ابـــو عــبــد الــلــه]

اعمل التالي

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة​

 

[KoNaMi]

من بعد اذنك اخوي ابو ريما ابي اطمر :d:

يالغلا حمل هذا الملف

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

فك الضغط عنه وسوي نسخ ولصق في هذا المسار ووافق على التبديل

C:\WINDOWS

وشوف الرساله تتطلع ولا لا ؟؟
​

 

[ابـــو عــبــد الــلــه]

من بعد اذنك اخوي ابو ريما ابي اطمر :d:​

يالغلا حمل هذا الملف

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

فك الضغط عنه وسوي نسخ ولصق في هذا المسار ووافق على التبديل​

C:\WINDOWS​

وشوف الرساله تتطلع ولا لا ؟؟​

.. :hh: ..

انت تامر امر ... :bleh:​

 

[الفهد الجريح]

ComboFix 09-04-04.01 - Administrator 04/05/2009 1:22:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.1022.709 [GMT 3:00]
Running from: c:\documents and settings\Administrator\سطح المكتب\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Bifrost
c:\bifrost\server.exe
c:\windows\linkinfo.dll
c:\windows\system32\Cache
c:\windows\system32\drivers\cdralw.sys
c:\windows\system32\e1000msg.dll
c:\windows\system32\nmdfgds1.dll
c:\windows\system32\pthreadGC2.dll
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CDRALW
-------\Service_cdralw


((((((((((((((((((((((((( Files Created from 2009-03-04 to 2009-04-04 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-04 22:30 7,024,672 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-04 22:29 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype
2009-04-04 22:28 --------- d-----w c:\documents and settings\LocalService\Application Data\VMware
2009-04-04 22:28 --------- d-----w c:\documents and settings\All Users\Application Data\VMware
2009-04-04 22:26 97,172 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-04 22:26 83,488 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-04 22:26 10,988 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-04 16:37 --------- d-----w c:\documents and settings\Administrator\Application Data\VMware
2009-04-04 16:34 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent
2009-04-04 05:10 --------- d-----w c:\program files\K-Lite Codec Pack
2009-04-03 15:34 --------- d-----w c:\program files\Common Files\Adobe
2009-04-03 12:38 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-03 12:35 --------- d-----w c:\program files\Resource Tuner
2009-04-03 12:34 --------- d-----w c:\documents and settings\Administrator\Application Data\PE Explorer
2009-04-03 12:33 --------- d-----w c:\program files\PE Explorer
2009-04-02 15:56 --------- d-----w c:\program files\ActMon-Password-Recovery
2009-04-02 13:52 --------- d-----w c:\documents and settings\Administrator\Application Data\Subversion
2009-04-02 11:14 --------- d-----w c:\documents and settings\Administrator\Application Data\TeamViewer
2009-04-02 11:07 --------- d-----w c:\program files\TeamViewer
2009-04-01 20:03 --------- d-----w c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-04-01 19:47 --------- d-----w c:\documents and settings\Administrator\Application Data\CyberLink
2009-04-01 19:46 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-04-01 19:39 --------- d-----w c:\program files\CyberLink
2009-04-01 19:38 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-01 19:24 --------- d-----w c:\program files\Common Files\InstallShield
2009-04-01 10:04 --------- d-----w c:\program files\VMware
2009-04-01 10:04 --------- d-----w c:\program files\Common Files\VMware
2009-03-31 15:37 --------- d-----w c:\program files\SWiSH Max2
2009-03-30 22:40 --------- d-----w c:\documents and settings\Administrator\Application Data\Thinstall
2009-03-30 20:58 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-30 20:58 --------- d-----r c:\program files\Skype
2009-03-30 19:01 --------- d-----w c:\documents and settings\Administrator\Application Data\Bifrost
2009-03-30 18:21 --------- d-----w c:\program files\AirLive WL-5480USB WLAN USB
2009-03-30 14:47 203,776 ----a-w c:\windows\system32\clrviddc.dll
2009-03-30 12:22 --------- d-----w c:\program files\uTorrent
2009-03-30 11:38 --------- d-----w c:\documents and settings\Administrator\Application Data\bolt meow heck
2009-03-30 04:46 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-03-30 04:02 --------- d-----w c:\documents and settings\Administrator\Application Data\U3
2009-03-29 11:27 --------- d-----w c:\program files\Avira
2009-03-29 10:54 --------- d-----w c:\program files\IP-Tools
2009-03-28 11:38 --------- d-----w c:\documents and settings\Administrator\Application Data\Avira
2009-03-28 10:43 --------- d-----w c:\documents and settings\Administrator\Application Data\.msf3
2009-03-28 10:38 --------- d-----w c:\documents and settings\Administrator\Application Data\msf32
2009-03-28 10:37 --------- d-----w c:\program files\WinPcap
2009-03-28 10:37 --------- d-----w c:\program files\Nmap
2009-03-28 10:35 --------- d-----w c:\program files\Metasploit
2009-03-28 10:29 --------- d-----w c:\program files\No-IP
2009-03-27 20:06 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-27 20:06 --------- d-----w c:\program files\Java
2009-03-27 13:05 --------- d-----w c:\program files\Windows Media Connect 2
2009-03-27 13:04 --------- d-----w c:\program files\Google
2009-03-27 12:19 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-27 12:19 348,160 ----a-w c:\windows\system32\msvcr71.dll
2009-03-27 12:19 --------- d-----w c:\program files\Real
2009-03-27 12:19 --------- d-----w c:\program files\Common Files\xing shared
2009-03-27 12:19 --------- d-----w c:\program files\Common Files\Real
2009-03-27 12:03 --------- d-----w c:\program files\BreakPoint Software
2009-03-27 10:25 --------- d-----w c:\documents and settings\Administrator\Application Data\Resource Tuner
2009-03-26 22:41 --------- d-----w c:\documents and settings\All Users\Application Data\SWiSHMax2WorkFolder
2009-03-26 22:03 --------- d-----w c:\program files\Common Files\SWiSHzone.com
2009-03-26 09:28 --------- d-----w c:\documents and settings\All Users\Application Data\Mail For File Wave
2009-03-26 09:27 --------- d-----w c:\program files\bolt meow heck
2009-03-26 09:26 --------- d-----w c:\program files\Messenger Plus! Live
2009-03-26 09:26 --------- d-----w c:\program files\Circle Devlopement
2009-03-26 09:24 --------- d-----w c:\program files\Windows Live
2009-03-26 09:13 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-03-26 09:10 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2009-03-25 18:48 --------- d-----w c:\program files\Common Files\Adobe Systems Shared
2009-03-25 18:48 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2009-03-25 11:33 --------- d-----w c:\program files\Analog Devices
2009-03-25 11:31 --------- d-----w c:\program files\Dell
2009-03-25 11:21 --------- d-----w c:\program files\microsoft frontpage
2009-02-09 18:56 67,584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-09 14:04 1,846,656 ----a-w c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [04/14/2008 08:29 PM 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [10/18/2007 11:34 AM 5724184]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [03/26/2009 03:15 PM 133104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [03/11/2009 12:00 PM 24095528]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [04/14/2008 09:30 PM 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [10/19/2005 08:59 AM 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [10/19/2005 08:59 AM 126976]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [03/27/2009 03:19 PM 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [03/27/2009 11:07 PM 148888]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [06/12/2008 02:28 PM 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [04/14/2008 08:29 PM 15360]

c:\documents and settings\Administrator\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
No-IP DUC.lnk - c:\program files\No-IP\DUC20.exe [2009-03-28 1172992]

c:\documents and settings\All Users\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
AirLive WL-5480USB WLAN USB Utility.lnk - c:\program files\AirLive WL-5480USB WLAN USB\AirLive WL-5480USB WLAN USB\WlanUtil.exe [2009-03-30 479232]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2009-03-29 164097]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2009-03-29 258305]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;c:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2009-03-29 41217]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-06-01 34064]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2009-03-30 20608]
S3 ZD1211BU(AirLive);AirLive WL-5480USB WLAN USB Driver(AirLive);c:\windows\system32\drivers\ZD1211BU.sys [2009-03-30 402432]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac0de7e2-196d-11de-b03f-000874f705ae}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac0de7e3-196d-11de-b03f-000874f705ae}]
\Shell\AutoRun\command - I:\em8tqm.cmd
\Shell\open\Command - I:\em8tqm.cmd
.
Contents of the 'Scheduled Tasks' folder

2009-04-04 c:\windows\Tasks\AADC3A3E91C7AE9E.job
- c:\docume~1\admini~1\applic~1\boltme~1\CopyPlusAdmin.exe []

2009-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-115176313-1177238915-500.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [03/26/2009 03:15 PM]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
uInternet Settings,ProxyOverride = local
LSP: avsda.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\knx2eqee.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-04-05 01:30:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(876)
c:\windows\system32\avsda.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Premium\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Premium\avguard.exe
c:\documents and settings\Administrator\c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 04/05/2009 1:33:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-04 22:32:57

Pre-Run: 9,201,741,824 bytes free
Post-Run: 9,540,313,088 bytes free

194 --- E O F --- 2009-03-28 22:56:08

 

[KoNaMi]

.. :hh: ..

انت تامر امر ... :bleh:​

فديتك والله
​

 

[MAAX]

حسب التقرير الاخير تم حذف الفايروس
كيف الاوضاع عندك ؟

 

[الفهد الجريح]

تمااااااااااااام يسلمووووو والله ما قصر ابو ريما

 

[MAAX]

الله يعطيكم العافية جميعاا