نادي الهلال السعودي - شبكة الزعيم - الموقع الرسمي

أشكركم حبايبي جميعا .. وماقصرتوا .. توني الان جربتها ..
واخص بالشكر ( هلالي ومين يدري و الشنيفي )

والتقارير هي

الأول :
ComboFix 08-09-15.01 - ANAS 09/16/2008 13:32:41.2 - NTFSx86
Running from: C:\********s and Settings\ANAS\سطح المكتب\ComboFix.exe
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-16 to 2008-09-16 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-14 12:10 --------- d-----w C:\Program Files\Common Files\xing shared
2008-09-14 12:10 --------- d-----w C:\Program Files\Common Files\Real
2008-09-14 12:10 --------- d-----w C:\Program Files\AutorunRemover
2008-09-12 20:06 92,053 --sh--r C:\vxl.exe
2008-09-11 14:34 --------- d-----w C:\********s and Settings\ANAS\Application Data\U3
2008-09-11 14:18 --------- d-----w C:\Program Files\Real
2008-09-11 14:17 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-09-11 14:17 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-09-09 14:56 --------- d-----w C:\Program Files\SweetIM
2008-09-09 14:56 --------- d-----w C:\Program Files\Macrogaming
2008-09-09 14:56 --------- d-----w C:\********s and Settings\All Users\Application Data\SweetIM
2008-09-09 14:22 --------- d-----w C:\Program Files\Wireless WEP Key Password Spy
2008-09-09 14:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-19 12:34 --------- d-----w C:\Program Files\Dell
2008-08-10 19:19 --------- d-----w C:\Program Files\ESET
2008-08-10 19:19 --------- d-----w C:\********s and Settings\All Users\Application Data\ESET
2008-07-07 20:30 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:22 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 15:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-23 15:40 1,217,536 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:39 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-01-27 08:01 81,920 ----a-w C:\********s and Settings\ANAS\Application Data\ezpinst.exe
2008-01-27 08:01 47,360 ----a-w C:\********s and Settings\ANAS\Application Data\pcouffin.sys
.

------- Sigcheck -------

12/07/2007 03:46 AM 664576 c008430a0e29daf3242487b4df316151 C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll
02/16/2008 12:30 PM 664576 3dee02d98e6729a99e510e50bca91051 C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
04/21/2008 09:56 AM 665088 5e6599f286dca71723cae03c388770c5 C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll
04/21/2008 09:42 AM 664576 908b749bc0864b68b5be77bc530b63bd C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
04/21/2008 09:24 AM 665088 5d9314f5fad444882b68d49b23429d75 C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
06/23/2008 07:13 PM 665600 6d51ccbaa2000ab8ae57039b032f40cb C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\wininet.dll
06/23/2008 06:10 PM 664576 e8d6a238ff6a49ea3d70616334989646 C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\wininet.dll
06/23/2008 05:54 PM 665088 201b198b2fcfa87849cb19e0ed53e22a C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll
08/04/2004 12:55 AM 1214464 92b93b5d7ab948f818cc5f9eee6ed0da C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
12/07/2007 04:06 AM 1217536 a118c13990ee81890cdb986985509131 C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
02/16/2008 12:00 PM 657920 51c2baeb7bcd903d402b7d21c0000205 C:\WINDOWS\$NtUninstallKB950759$\wininet.dll
04/21/2008 10:01 AM 657920 087391c34ae510d222ea2b4753bb8f5d C:\WINDOWS\$NtUninstallKB953838$\wininet.dll
06/23/2008 06:40 PM 1217536 1dbadfa0ca5420d5d94d0dae9f36cd4a C:\WINDOWS\system32\wininet.dll
06/23/2008 06:40 PM 657920 3e201a6b2afee8d24c7d7d3fdf459df2 C:\WINDOWS\system32\dllcache\wininet.dll

06/13/2007 04:22 PM 1880576 26540a4df9b4ff5541ac67cc71ec1988 C:\WINDOWS\explorer.exe
06/13/2007 04:10 PM 1030656 d0dc9258122f39129966649085f45880 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
08/04/2004 12:56 AM 1879552 9e56b655a1f305a63ed105ac5f094a0b C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
06/13/2007 04:22 PM 1030656 4e877303248a09847fb303ee173fbd70 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [07/06/2008 12:44 PM 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
07/06/2008 12:44 PM 1164600 --a------ C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [07/06/2008 12:44 PM 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [07/06/2008 12:44 PM 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/03/2008 10:49 PM 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowLOMControl"="1 (0x1)" [X]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/13/2005 05:44 PM 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/13/2005 05:41 PM 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [12/13/2005 05:45 PM 118784]
"Sun****UpdateSched"="C:\Program Files\****\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 05:48 PM 32881]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/07/2005 10:57 PM 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [04/13/2006 11:09 AM 49152]
"pdfFactory Pro Dispatcher v2"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [05/31/2005 10:31 PM 483328]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [02/07/2005 05:04 AM 94037]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [07/01/2008 09:01 AM 1447168]
"SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [07/06/2008 12:32 PM 111928]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/11/2008 05:17 PM 185896]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 12:56 AM 110592 C:\WINDOWS\system32\bthprops.cpl]
"SigmatelSysTrayApp"="stsystra.exe" [11/16/2005 03:35 PM 397312 C:\WINDOWS\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.vp31"= vp31vfw.dll
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^********s and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^WinZip Quick Pick.lnk]
path=C:\********s and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^********s and Settings^ANAS^قائمة ابدأ^البرامج^بدء التشغيل^UberIcon.lnk]
path=C:\********s and Settings\ANAS\قائمة ابدأ\البرامج\بدء التشغيل\UberIcon.lnk
backup=C:\WINDOWS\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^********s and Settings^ANAS^قائمة ابدأ^البرامج^بدء التشغيل^Y'z Shadow.lnk]
path=C:\********s and Settings\ANAS\قائمة ابدأ\البرامج\بدء التشغيل\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKLM\~\startupfolder\C:^********s and Settings^ANAS^قائمة ابدأ^البرامج^بدء التشغيل^Y'z ToolBar.lnk]
path=C:\********s and Settings\ANAS\قائمة ابدأ\البرامج\بدء التشغيل\Y'z Toolbar.lnk
backup=C:\WINDOWS\pss\Y'z Toolbar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 12/06/2005 10:45 AM 839680 C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 10/13/2004 07:24 PM 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 01/19/2007 12:55 PM 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 07/09/2001 10:50 AM 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 11/29/2005 12:56 PM 761947 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"E:\\فلاشات\\ألعاب فلاشية\\كرت طائرة\\volley.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=

S1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [07/01/2008 09:04 AM]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://home.sweetim.com
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &إنزال الجميع باستعمال ماس دونلوودر - C:\Program Files\Mass Downloader\Add_All.htm
O8 -: &إنزال الكل باستعمال ماس دونلوودر - C:\Program Files\Mass Downloader\Add_All.htm
O8 -: &إنزال باستعمال ماس دونلوودر - C:\Program Files\Mass Downloader\Add_Url.htm
O8 -: &تصدير إلى Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: + &Mass Downloader: download this file - C:\********s and Settings\ANAS\سطح المكتب\Add_Url.htm
O8 -: + Mass Downloader: download &All files - C:\********s and Settings\ANAS\سطح المكتب\Add_All.htm
O9 -: {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 13:33:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 09/16/2008 13:34:53
ComboFix-quarantined-files.txt 2008-09-16 10:34:47
ComboFix2.txt 2008-09-16 10:30:05

Pre-Run: 13,217,755,136 bytes free
Post-Run: 13,207,879,680 bytes free

166 --- E O F --- 2008-09-10 11:19:05

الثاني :

Logfile of HijackThis v1.99.1
Scan saved at 01:36:15 م, on 16/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\****\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\DOCUME~1\ANAS\LOCALS~1\Temp\الدليل المؤقت 1 لـ hijackthis_199.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Sun****UpdateSched] C:\Program Files\****\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra con**** menu item: &إنزال الجميع باستعمال ماس دونلوودر - C:\Program Files\Mass Downloader\Add_All.htm
O8 - Extra con**** menu item: &إنزال الكل باستعمال ماس دونلوودر - C:\Program Files\Mass Downloader\Add_All.htm
O8 - Extra con**** menu item: &إنزال باستعمال ماس دونلوودر - C:\Program Files\Mass Downloader\Add_Url.htm
O8 - Extra con**** menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra con**** menu item: + &Mass Downloader: download this file - C:\********s and Settings\ANAS\سطح المكتب\Add_Url.htm
O8 - Extra con**** menu item: + Mass Downloader: download &All files - C:\********s and Settings\ANAS\سطح المكتب\Add_All.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\****\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun **** Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\****\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe