مرحبا بك اخي الكااااااااسر هذه كل التقرير اللى طلع معي نسخته جزاك الله خير على هذه المساعدة
اشكرك مره ثانية اخي MAAX
وهذا تقرير الاداة
عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب
ComboFix 08-08-09.03 - Ali 08/10/2008 4:22:19.1 -
FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.317 [GMT 3:00]
Running from: C:\Documents and Settings\Ali\My Documents\Downloads\Programs\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-09 19:49 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-09 19:49 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-09 19:49 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-09 19:49 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-09 18:46 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-09 18:46 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-08-09 18:46 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-08-09 17:54 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-09 17:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-08 01:48 --------- d-----w C:\Program Files\Spyware Doctor
2008-08-08 01:48 --------- d-----w C:\Documents and Settings\Ali\Application Data\PC Tools
2008-08-01 16:35 --------- d-----w C:\Program Files\Apex
2008-07-30 21:09 --------- d-----w C:\Program Files\Windows Live
2008-07-30 18:20 --------- d-----w C:\Documents and Settings\Ali\Application Data\skypePM
2008-07-30 18:19 --------- d-----w C:\Program Files\Skype
2008-07-30 18:19 --------- d-----w C:\Program Files\Common Files\Skype
2008-07-30 18:19 --------- d-----w C:\Documents and Settings\Ali\Application Data\Skype
2008-07-30 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-07-29 10:52 81,920 ----a-w C:\Documents and Settings\Ali\Application Data\ezpinst.exe
2008-07-29 10:52 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-29 10:52 47,360 ----a-w C:\Documents and Settings\Ali\Application Data\pcouffin.sys
2008-07-29 10:52 --------- d-----w C:\Program Files\Video Convert Master
2008-07-29 10:52 --------- d-----w C:\Documents and Settings\Ali\Application Data\Vso
2008-07-29 10:34 --------- d-----w C:\Program Files\Moyea
2008-07-29 10:34 --------- d-----w C:\Documents and Settings\Ali\Application Data\Moyea
2008-07-29 10:29 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-07-28 11:55 --------- d-----w C:\Program Files\Goodvdsoft.com
2008-07-27 23:17 --------- d-----w C:\Program Files\PHP Expert Editor 4.2
2008-07-26 21:02 --------- d-----w C:\Documents and Settings\Ali\Application Data\CyberLink
2008-07-26 20:48 --------- d-----w C:\Program Files\Total Video Converter
2008-07-26 16:00 --------- d-----w C:\Program Files\MyDVDTools
2008-07-26 06:20 203,776 ----a-w C:\WINDOWS\system32\clrviddc.dll
2008-07-26 06:13 --------- d-----w C:\Program Files\Internet Download Manager
2008-07-26 06:13 --------- d-----w C:\Documents and Settings\Ali\Application Data\IDM
2008-07-26 06:13 --------- d-----w C:\Documents and Settings\Ali\Application Data\DMCache
2008-07-26 06:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-07-26 04:18 --------- d-----w C:\Program Files\Common Files\xing shared
2008-07-26 04:17 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-07-26 04:17 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-07-26 04:17 --------- d-----w C:\Program Files\Common Files\Real
2008-07-26 04:07 --------- d-----w C:\Program Files\Real
2008-07-26 04:03 --------- d-----w C:\Program Files\Any DVD Converter Professional
2008-07-26 04:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-26 04:03 --------- d-----w C:\Documents and Settings\Ali\Application Data\Any DVD Converter Professional
2008-07-26 02:57 --------- d-----w C:\Program Files\GlobalSCAPE
2008-07-26 02:57 --------- d-----w C:\Documents and Settings\Ali\Application Data\GlobalSCAPE
2008-07-24 22:49 --------- d-----w C:\Program Files\MSBuild
2008-07-24 22:49 --------- d-----w C:\Program Files\Microsoft Works
2008-07-24 22:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-24 22:00 --------- d-----w C:\Program Files\Realtek AC97
2008-07-24 22:00 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-24 21:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-24 21:59 --------- d-----w C:\Program Files\Realtek
2008-07-24 21:59 --------- d-----w C:\Documents and Settings\Ali\Application Data\InstallShield
2008-07-24 21:58 --------- d-----w C:\Program Files\Intel
2008-07-24 20:47 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-09 14:34 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 18:22 81,288 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:56 AM 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [07/23/2008 02:11 PM 21738792]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [11/07/2007 03:34 PM 3739672]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/15/2008 08:39 AM 931248]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 01:06 AM 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 10:35 AM 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 10:32 AM 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 10:36 AM 114688]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM 31016]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/26/2008 07:17 AM 185896]
"SoundMan"="SOUNDMAN.EXE" [03/02/2006 07:22 AM 577536 C:\WINDOWS\soundman.exe]
"SMSERIAL"="sm56hlpr.exe" [12/29/2004 01:01 AM 544768 C:\WINDOWS\sm56hlpr.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [03/16/2005 09:23 AM]
S3 ICAM3NT5;Intel USB Video Camera III;C:\WINDOWS\system32\Drivers\Icam3.sys [08/17/2001 02:05 PM]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 -: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 -: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-08-10 04:25:23
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 08/10/2008 4:26:25
ComboFix-quarantined-files.txt 2008-08-10 01:26:20
Pre-Run: 662,142,976 bytes free
Post-Run: 757,465,088 bytes free
140 --- E O F --- 2008-07-28 00:02:29
ثم
حمل الاداة التالية
شغلها بدبل كلك ،، ثواني يظهر المفكرة وفيها تقرير ،، اعمل تحديد الكل وانسخه والصقه بمشاركتك القادمة
وهذه تقريرها
.
--------------------------\\\ Start Report Of HijackThis ---------------
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:31:18 ص, on 10/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\cuteftppro.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\Ali\LOCALS~1\Temp\bntoz\runn.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\Ali\LOCALS~1\Temp\bntoz\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 5516 bytes
.
.
--------------------------\\\ End Report Of Of HijackThis ---------------
.
.
.
.
--------------------------\\\ Start Report Of Running Processes ---------------
.
==================================================
Process Name : smss.exe
ProcessID : 484
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Session Manager
Company : Microsoft Corporation
Window Title :
File Size : 50,688
File Created Date : 18/06/1425 01:56:58 ص
File Modified Date : 18/06/1425 01:56:58 ص
Filename : C:\WINDOWS\System32\smss.exe
Base Address : 0x48580000
Created On : 07/08/1429 10:50:19 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 44 K
Mem Usage Peak : 676 K
Page Faults : 313
Pagefile Usage : 164 K
Pagefile Peak Usage : 1672 K
File Attributes : A
==================================================
==================================================
Process Name : csrss.exe
ProcessID : 560
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Client Server Runtime Process
Company : Microsoft Corporation
Window Title :
File Size : 6,144
File Created Date : 18/06/1425 01:56:50 ص
File Modified Date : 18/06/1425 01:56:50 ص
Filename : C:\WINDOWS\system32\csrss.exe
Base Address : 0x4A680000
Created On : 07/08/1429 10:50:21 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3472 K
Mem Usage Peak : 8352 K
Page Faults : 22738
Pagefile Usage : 5108 K
Pagefile Peak Usage : 5236 K
File Attributes : A
==================================================
==================================================
Process Name : winlogon.exe
ProcessID : 584
Priority : High
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Logon Application
Company : Microsoft Corporation
Window Title :
File Size : 502,272
File Created Date : 18/06/1425 01:56:58 ص
File Modified Date : 18/06/1425 01:56:58 ص
Filename : C:\WINDOWS\system32\winlogon.exe
Base Address : 0x01000000
Created On : 07/08/1429 10:50:22 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2372 K
Mem Usage Peak : 13968 K
Page Faults : 14021
Pagefile Usage : 14064 K
Pagefile Peak Usage : 14792 K
File Attributes : A
==================================================
==================================================
Process Name : services.exe
ProcessID : 628
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Services and Controller app
Company : Microsoft Corporation
Window Title :
File Size : 108,032
File Created Date : 18/06/1425 01:56:56 ص
File Modified Date : 18/06/1425 01:56:56 ص
Filename : C:\WINDOWS\system32\services.exe
Base Address : 0x01000000
Created On : 07/08/1429 10:50:22 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2252 K
Mem Usage Peak : 5424 K
Page Faults : 4889
Pagefile Usage : 5000 K
Pagefile Peak Usage : 5228 K
File Attributes : A
==================================================
==================================================
Process Name : lsass.exe
ProcessID : 640
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : LSA Shell (Export Version)
Company : Microsoft Corporation
Window Title :
File Size : 13,312
File Created Date : 18/06/1425 01:56:52 ص
File Modified Date : 18/06/1425 01:56:52 ص
Filename : C:\WINDOWS\system32\lsass.exe
Base Address : 0x01000000
Created On : 07/08/1429 10:50:22 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1516 K
Mem Usage Peak : 8956 K
Page Faults : 7077
Pagefile Usage : 6984 K
Pagefile Peak Usage : 7088 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 784
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 01:56:58 ص
File Modified Date : 18/06/1425 01:56:58 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 07/08/1429 10:50:23 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1932 K
Mem Usage Peak : 5844 K
Page Faults : 5791
Pagefile Usage : 6328 K
Pagefile Peak Usage : 26620 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 832
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 01:56:58 ص
File Modified Date : 18/06/1425 01:56:58 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 07/08/1429 10:50:23 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 1680 K
Mem Usage Peak : 5316 K
Page Faults : 4846
Pagefile Usage : 5076 K
Pagefile Peak Usage : 5148 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 908
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 01:56:58 ص
File Modified Date : 18/06/1425 01:56:58 ص
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 07/08/1429 10:50:23 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 15400 K
Mem Usage Peak : 29564 K
Page Faults : 56653
Pagefile Usage : 20052 K
Pagefile Peak Usage : 23176 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 976
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 01:56:58 ص
File Modified Date : 18/06/1425 01:56:58 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 07/08/1429 10:50:23 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 1372 K
Mem Usage Peak : 4460 K
Page Faults : 3732
Pagefile Usage : 4532 K
Pagefile Peak Usage : 4572 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1168
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 01:56:58 ص
File Modified Date : 18/06/1425 01:56:58 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 07/08/1429 10:50:24 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 1468 K
Mem Usage Peak : 5304 K
Page Faults : 2545
Pagefile Usage : 4836 K
Pagefile Peak Usage : 4884 K
File Attributes : A
==================================================
==================================================
Process Name : spoolsv.exe
ProcessID : 1416
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Spooler SubSystem App
Company : Microsoft Corporation
Window Title :
File Size : 57,856
File Created Date : 18/06/1425 01:56:58 ص
File Modified Date : 18/06/1425 01:56:58 ص
Filename : C:\WINDOWS\system32\spoolsv.exe
Base Address : 0x01000000
Created On : 07/08/1429 10:50:26 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 508 K
Mem Usage Peak : 5560 K
Page Faults : 2717
Pagefile Usage : 6088 K
Pagefile Peak Usage : 6328 K
File Attributes : A
==================================================
==================================================
Process Name : igfxtray.exe
ProcessID : 1572
Priority : Normal
Product Name : Intel(R) Common User Interface
Version : 3.0.0.4396
Description : igfxTray Module
Company : Intel Corporation
Window Title :
File Size : 94,208
File Created Date : 17/08/1426 07:35:40 ص
File Modified Date : 17/08/1426 07:35:40 ص
Filename : C:\WINDOWS\system32\igfxtray.exe
Base Address : 0x00400000
Created On : 07/08/1429 10:50:28 م
Visible Windows : 0
Hidden Windows : 1
User Name : USER-32CCB750DE\Ali
Mem Usage : 1576 K
Mem Usage Peak : 4188 K
Page Faults : 2095
Pagefile Usage : 6708 K
Pagefile Peak Usage : 6756 K
File Attributes : A
==================================================
==================================================
Process Name : hkcmd.exe
ProcessID : 1580
Priority : Normal
Product Name : Intel(R) Common User Interface
Version : 3.0.0.4396
Description : hkcmd Module
Company : Intel Corporation
Window Title :
File Size : 77,824
File Created Date : 17/08/1426 07:32:24 ص
File Modified Date : 17/08/1426 07:32:24 ص
Filename : C:\WINDOWS\system32\hkcmd.exe
Base Address : 0x00400000
Created On : 07/08/1429 10:50:29 م
Visible Windows : 0
Hidden Windows : 11
User Name : USER-32CCB750DE\Ali
Mem Usage : 284 K
Mem Usage Peak : 3536 K
Page Faults : 1545
Pagefile Usage : 6460 K
Pagefile Peak Usage : 6524 K
File Attributes : A
==================================================
==================================================
Process Name : igfxpers.exe
ProcessID : 1588
Priority : Normal
Product Name : Intel(R) Common User Interface
Version : 3.0.0.4396
Description : persistence Module
Company : Intel Corporation
Window Title :
File Size : 114,688
File Created Date : 17/08/1426 07:36:20 ص
File Modified Date : 17/08/1426 07:36:20 ص
Filename : C:\WINDOWS\system32\igfxpers.exe
Base Address : 0x00400000
Created On : 07/08/1429 10:50:29 م
Visible Windows : 0
Hidden Windows : 1
User Name : USER-32CCB750DE\Ali
Mem Usage : 260 K
Mem Usage Peak : 3544 K
Page Faults : 1507
Pagefile Usage : 6436 K
Pagefile Peak Usage : 6488 K
File Attributes : A
==================================================
==================================================
Process Name : SOUNDMAN.EXE
ProcessID : 1596
Priority : Normal
Product Name : Realtek Sound Manager
Version : 5, 1, 0, 52
Description : Realtek Sound Manager
Company : Realtek Semiconductor Corp.
Window Title :
File Size : 577,536
File Created Date : 21/07/1429 10:00:19 م
File Modified Date : 02/02/1427 04:22:04 ص
Filename : C:\WINDOWS\SOUNDMAN.EXE
Base Address : 0x00400000
Created On : 07/08/1429 10:50:29 م
Visible Windows : 0
Hidden Windows : 1
User Name : USER-32CCB750DE\Ali
Mem Usage : 752 K
Mem Usage Peak : 3604 K
Page Faults : 2469
Pagefile Usage : 5264 K
Pagefile Peak Usage : 5272 K
File Attributes : A
==================================================
==================================================
Process Name : GrooveMonitor.exe
ProcessID : 1604
Priority : Normal
Product Name : GrooveMonitor Utility
Version : 12.0.4518.1014
Description : GrooveMonitor Utility
Company : Microsoft Corporation
Window Title :
File Size : 31,016
File Created Date : 04/10/1427 09:47:42 م
File Modified Date : 04/10/1427 09:47:42 م
Filename : C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
Base Address : 0x00400000
Created On : 07/08/1429 10:50:29 م
Visible Windows : 0
Hidden Windows : 1
User Name : USER-32CCB750DE\Ali
Mem Usage : 1976 K
Mem Usage Peak : 5268 K
Page Faults : 4673
Pagefile Usage : 6520 K
Pagefile Peak Usage : 6520 K
File Attributes : A
==================================================
==================================================
Process Name : sm56hlpr.exe
ProcessID : 1612
Priority : Normal
Product Name : Motorola SM56 Tray Application
Version : 6.09.07
Description : Motorola SM56 Win32 Utility
Company : Motorola Inc.
Window Title :
File Size : 544,768
File Created Date : 22/07/1429 12:00:02 ص
File Modified Date : 17/11/1425 10:01:00 م
Filename : C:\WINDOWS\sm56hlpr.exe
Base Address : 0x00400000
Created On : 07/08/1429 10:50:29 م
Visible Windows : 0
Hidden Windows : 3
User Name : USER-32CCB750DE\Ali
Mem Usage : 1100 K
Mem Usage Peak : 4108 K
Page Faults : 2576
Pagefile Usage : 4216 K
Pagefile Peak Usage : 4244 K
File Attributes : AR
==================================================
==================================================
Process Name : realsched.exe
ProcessID : 1620
Priority : Normal
Product Name : RealPlayer (32-bit)
Version : 0.1.1.45
Description : RealNetworks Scheduler
Company : RealNetworks, Inc.
Window Title :
File Size : 185,896
File Created Date : 23/07/1429 04:17:53 ص
File Modified Date : 23/07/1429 04:17:54 ص
Filename : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Base Address : 0x00400000
Created On : 07/08/1429 10:50:29 م
Visible Windows : 0
Hidden Windows : 1
User Name : USER-32CCB750DE\Ali
Mem Usage : 208 K
Mem Usage Peak : 2760 K
Page Faults : 20395
Pagefile Usage : 7084 K
Pagefile Peak Usage : 7100 K
File Attributes : A
==================================================
==================================================
Process Name : ctfmon.exe
ProcessID : 1648
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : CTF Loader
Company : Microsoft Corporation
Window Title :
File Size : 15,360
File Created Date : 18/06/1425 01:56:50 ص
File Modified Date : 18/06/1425 01:56:50 ص
Filename : C:\WINDOWS\system32\ctfmon.exe
Base Address : 0x00400000
Created On : 07/08/1429 10:50:29 م
Visible Windows : 0
Hidden Windows : 4
User Name : USER-32CCB750DE\Ali
Mem Usage : 908 K
Mem Usage Peak : 4000 K
Page Faults : 2045
Pagefile Usage : 4272 K
Pagefile Peak Usage : 4300 K
File Attributes : A
==================================================
==================================================
Process Name : Skype.exe
ProcessID : 1660
Priority : Normal
Product Name : Skype
Version : 3.8.0.144
Description : Skype
Company : Skype Technologies S.A.
Window Title :
File Size : 21,738,792
File Created Date : 20/07/1429 11:11:34 ص
File Modified Date : 20/07/1429 11:11:34 ص
Filename : C:\Program Files\Skype\Phone\Skype.exe
Base Address : 0x00400000
Created On : 07/08/1429 10:50:29 م
Visible Windows : 0
Hidden Windows : 39
User Name : USER-32CCB750DE\Ali
Mem Usage : 10332 K
Mem Usage Peak : 51456 K
Page Faults : 214590
Pagefile Usage : 38300 K
Pagefile Peak Usage : 39980 K
File Attributes : AR
==================================================
==================================================
Process Name : MsnMsgr.Exe
ProcessID : 1668
Priority : Normal
Product Name : Messenger
Version : 9.0.1407.1107_next-working.client.messenger
Description : Windows Live Messenger
Company : Microsoft Corporation
Window Title :
File Size : 3,739,672
File Created Date : 27/10/1428 12:34:30 م
File Modified Date : 27/10/1428 12:34:30 م
Filename : C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
Base Address : 0x00400000
Created On : 07/08/1429 10:50:29 م
Visible Windows : 1
Hidden Windows : 18
User Name : USER-32CCB750DE\Ali
Mem Usage : 3452 K
Mem Usage Peak : 27148 K
Page Faults : 26288
Pagefile Usage : 22192 K
Pagefile Peak Usage : 22780 K
File Attributes : A
==================================================
==================================================
Process Name : IDMan.exe
ProcessID : 1680
Priority : Normal
Product Name : Internet Download Manager (IDM)
Version : 5.14.1.0
Description : Internet Download Manager (IDM)
Company : Tonec Inc.
Window Title :
File Size : 931,248
File Created Date : 11/07/1429 02:37:43 م
File Modified Date : 12/07/1429 05:39:04 ص
Filename : C:\Program Files\Internet Download Manager\IDMan.exe
Base Address : 0x00400000
Created On : 07/08/1429 10:50:29 م
Visible Windows : 0
Hidden Windows : 5
User Name : USER-32CCB750DE\Ali
Mem Usage : 9532 K
Mem Usage Peak : 12732 K
Page Faults : 11968
Pagefile Usage : 24464 K
Pagefile Peak Usage : 24996 K
File Attributes : A
==================================================
==================================================
Process Name : msmsgs.exe
ProcessID : 1696
Priority : Normal
Product Name : Messenger
Version : 4.7.3000
Description : Windows Messenger
Company : Microsoft Corporation
Window Title :
File Size : 1,667,584
File Created Date : 21/07/1429 08:42:42 م
File Modified Date : 17/06/1425 10:06:34 م
Filename : C:\Program Files\Messenger\msmsgs.exe
Base Address : 0x01000000
Created On : 07/08/1429 10:50:29 م
Visible Windows : 0
Hidden Windows : 6
User Name : USER-32CCB750DE\Ali
Mem Usage : 528 K
Mem Usage Peak : 5716 K
Page Faults : 3801
Pagefile Usage : 7428 K
Pagefile Peak Usage : 7456 K
File Attributes :
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 532
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 01:56:58 ص
File Modified Date : 18/06/1425 01:56:58 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 07/08/1429 10:50:40 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1512 K
Mem Usage Peak : 4800 K
Page Faults : 3492
Pagefile Usage : 5408 K
Pagefile Peak Usage : 5460 K
File Attributes : A
==================================================
==================================================
Process Name : skypePM.exe
ProcessID : 2428
Priority : Normal
Product Name :
Version : 2.0.0.58
Description : Skype Extras Manager
Company : Skype Technologies
Window Title :
File Size : 76,744
File Created Date : 20/07/1429 11:11:34 ص
File Modified Date : 20/07/1429 11:11:34 ص
Filename : C:\Program Files\Skype\Plugin Manager\skypePM.exe
Base Address : 0x00400000
Created On : 07/08/1429 10:51:01 م
Visible Windows : 0
Hidden Windows : 181
User Name : USER-32CCB750DE\Ali
Mem Usage : 3444 K
Mem Usage Peak : 21300 K
Page Faults : 64641
Pagefile Usage : 23116 K
Pagefile Peak Usage : 23116 K
File Attributes : AR
==================================================
==================================================
Process Name : alg.exe
ProcessID : 3404
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Application Layer Gateway Service
Company : Microsoft Corporation
Window Title :
File Size : 44,544
File Created Date : 18/06/1425 01:56:48 ص
File Modified Date : 18/06/1425 01:56:48 ص
Filename : C:\WINDOWS\System32\alg.exe
Base Address : 0x01000000
Created On : 07/08/1429 10:54:17 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 264 K
Mem Usage Peak : 3800 K
Page Faults : 1381
Pagefile Usage : 3988 K
Pagefile Peak Usage : 4000 K
File Attributes : A
==================================================
==================================================
Process Name : wuauclt.exe
ProcessID : 508
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 7.0.6000.381 (winmain(wmbla).070730-1740)
Description : Windows Update Automatic Updates
Company : Microsoft Corporation
Window Title :
File Size : 53,080
File Created Date : 21/07/1429 08:44:19 م
File Modified Date : 16/07/1428 04:19:16 م
Filename : C:\WINDOWS\system32\wuauclt.exe
Base Address : 0x00400000
Created On : 07/08/1429 10:55:14 م
Visible Windows : 0
Hidden Windows : 0
User Name : USER-32CCB750DE\Ali
Mem Usage : 48 K
Mem Usage Peak : 4716 K
Page Faults : 1986
Pagefile Usage : 8016 K
Pagefile Peak Usage : 8052 K
File Attributes : A
==================================================
==================================================
Process Name : cuteftppro.exe
ProcessID : 1984
Priority : Normal
Product Name : CuteFTP Professional
Version : 8,0,7,0
Description : CuteFTP File Transfer Application
Company : GlobalSCAPE Texas, LP.
Window Title : GlobalSCAPE - CuteFTP 8.0 Professional - [
, Status: Offline, browsing cached site dated 09/08/2008 11:05:41 م]
File Size : 2,498,560
File Created Date : 23/07/1429 02:57:35 ص
File Modified Date : 23/07/1429 02:59:02 ص
Filename : C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\cuteftppro.exe
Base Address : 0x00400000
Created On : 07/08/1429 11:02:12 م
Visible Windows : 1
Hidden Windows : 15
User Name : USER-32CCB750DE\Ali
Mem Usage : 5356 K
Mem Usage Peak : 16636 K
Page Faults : 17809
Pagefile Usage : 23316 K
Pagefile Peak Usage : 24008 K
File Attributes : A
==================================================
==================================================
Process Name : wscntfy.exe
ProcessID : 272
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Security Center Notification App
Company : Microsoft Corporation
Window Title :
File Size : 13,824
File Created Date : 18/06/1425 01:56:58 ص
File Modified Date : 18/06/1425 01:56:58 ص
Filename : C:\WINDOWS\system32\wscntfy.exe
Base Address : 0x01000000
Created On : 08/08/1429 04:19:16 ص
Visible Windows : 0
Hidden Windows : 1
User Name : USER-32CCB750DE\Ali
Mem Usage : 3088 K
Mem Usage Peak : 3092 K
Page Faults : 856
Pagefile Usage : 6320 K
Pagefile Peak Usage : 6324 K
File Attributes : A
==================================================
==================================================
Process Name : explorer.exe
ProcessID : 3152
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Explorer
Company : Microsoft Corporation
Window Title : Program Manager
File Size : 1,032,192
File Created Date : 18/06/1425 01:56:50 ص
File Modified Date : 18/06/1425 01:56:50 ص
Filename : C:\WINDOWS\explorer.exe
Base Address : 0x01000000
Created On : 08/08/1429 04:26:23 ص
Visible Windows : 2
Hidden Windows : 24
User Name : USER-32CCB750DE\Ali
Mem Usage : 33568 K
Mem Usage Peak : 33616 K
Page Faults : 13105
Pagefile Usage : 39144 K
Pagefile Peak Usage : 40480 K
File Attributes : A
==================================================
==================================================
Process Name : notepad.exe
ProcessID : 724
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Notepad
Company : Microsoft Corporation
Window Title : log - المفكرة
File Size : 69,120
File Created Date : 18/06/1425 01:56:56 ص
File Modified Date : 18/06/1425 01:56:56 ص
Filename : C:\WINDOWS\system32\notepad.exe
Base Address : 0x01000000
Created On : 08/08/1429 04:26:27 ص
Visible Windows : 1
Hidden Windows : 0
User Name : USER-32CCB750DE\Ali
Mem Usage : 1532 K
Mem Usage Peak : 12804 K
Page Faults : 5201
Pagefile Usage : 19808 K
Pagefile Peak Usage : 22024 K
File Attributes : A
==================================================
==================================================
Process Name : wuauclt.exe
ProcessID : 2812
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 7.0.6000.381 (winmain(wmbla).070730-1740)
Description : Windows Update Automatic Updates
Company : Microsoft Corporation
Window Title :
File Size : 53,080
File Created Date : 21/07/1429 08:44:19 م
File Modified Date : 16/07/1428 04:19:16 م
Filename : C:\WINDOWS\system32\wuauclt.exe
Base Address : 0x00400000
Created On : 08/08/1429 04:27:40 ص
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 7136 K
Mem Usage Peak : 7148 K
Page Faults : 1938
Pagefile Usage : 9160 K
Pagefile Peak Usage : 9180 K
File Attributes : A
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 360
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title : بعد تركيب الكاسبر 6 اكتشف هذا الملف (بالصور) - زيزوووم للأمن والحمايه - Microsoft Internet Explorer
File Size : 93,184
File Created Date : 21/07/1429 08:43:46 م
File Modified Date : 18/06/1425 04:56:52 ص
Filename : C:\Program Files\internet explorer\iexplore.exe
Base Address : 0x00400000
Created On : 08/08/1429 04:28:11 ص
Visible Windows : 1
Hidden Windows : 25
User Name : USER-32CCB750DE\Ali
Mem Usage : 24488 K
Mem Usage Peak : 31992 K
Page Faults : 19509
Pagefile Usage : 41272 K
Pagefile Peak Usage : 42004 K
File Attributes : A
==================================================
==================================================
Process Name : runn.exe
ProcessID : 4052
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 71,680
File Created Date : 08/08/1429 01:31:15 ص
File Modified Date : 23/01/1429 10:24:26 م
Filename : C:\DOCUME~1\Ali\LOCALS~1\Temp\bntoz\runn.exe
Base Address : 0x00400000
Created On : 08/08/1429 04:31:15 ص
Visible Windows : 0
Hidden Windows : 0
User Name : USER-32CCB750DE\Ali
Mem Usage : 2672 K
Mem Usage Peak : 2676 K
Page Faults : 770
Pagefile Usage : 3576 K
Pagefile Peak Usage : 3580 K
File Attributes : A
==================================================
==================================================
Process Name : cmd.exe
ProcessID : 2200
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Command Processor
Company : Microsoft Corporation
Window Title :
File Size : 388,608
File Created Date : 18/06/1425 01:56:50 ص
File Modified Date : 18/06/1425 01:56:50 ص
Filename : C:\WINDOWS\system32\cmd.exe
Base Address : 0x4AD00000
Created On : 08/08/1429 04:31:15 ص
Visible Windows : 0
Hidden Windows : 1
User Name : USER-32CCB750DE\Ali
Mem Usage : 3476 K
Mem Usage Peak : 3544 K
Page Faults : 987
Pagefile Usage : 4852 K
Pagefile Peak Usage : 4928 K
File Attributes : A
==================================================
==================================================
Process Name : wmiprvse.exe
ProcessID : 356
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 218,112
File Created Date : 21/07/1429 08:41:54 م
File Modified Date : 18/06/1425 04:56:58 ص
Filename : C:\WINDOWS\system32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 08/08/1429 04:31:16 ص
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 6584 K
Mem Usage Peak : 6584 K
Page Faults : 1702
Pagefile Usage : 6768 K
Pagefile Peak Usage : 6808 K
File Attributes : A
==================================================
==================================================
Process Name : CProcess.exe
ProcessID : 1212
Priority : Normal
Product Name : CurrProcess
Version : 1.11
Description : CurrProcess
Company : NirSoft
Window Title :
File Size : 35,840
File Created Date : 08/08/1429 01:31:14 ص
File Modified Date : 08/06/1426 04:46:34 ص
Filename : C:\DOCUME~1\Ali\LOCALS~1\Temp\bntoz\CProcess.exe
Base Address : 0x00400000
Created On : 08/08/1429 04:31:18 ص
Visible Windows : 0
Hidden Windows : 0
User Name : USER-32CCB750DE\Ali
Mem Usage : 2712 K
Mem Usage Peak : 2764 K
Page Faults : 1103
Pagefile Usage : 3664 K
Pagefile Peak Usage : 4368 K
File Attributes : A
==================================================
.
.
--------------------------\\\ End Report Of Running Processes ---------------
.
.
.
.
--------------------------\\\ Windows XP Startup List ---------------
.
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
autocheck autochk *
Auto Check Utility
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\autochk.exe
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
rdpclip
rdpclip
RDP Clip Monitor
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\rdpclip.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
Userinit Logon Application
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Explorer.exe
Explorer.exe
Windows Explorer
Microsoft Corporation
6.00.2900.2180
c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
igfxtray
C:\WINDOWS\system32\igfxtray.exe
igfxTray Module
Intel Corporation
3.00.0000.4396
c:\windows\system32\igfxtray.exe
igfxhkcmd
C:\WINDOWS\system32\hkcmd.exe
hkcmd Module
Intel Corporation
3.00.0000.4396
c:\windows\system32\hkcmd.exe
igfxpers
C:\WINDOWS\system32\igfxpers.exe
persistence Module
Intel Corporation
3.00.0000.4396
c:\windows\system32\igfxpers.exe
SoundMan
SOUNDMAN.EXE
Realtek Sound Manager
Realtek Semiconductor Corp.
5.01.0000.0052
c:\windows\soundman.exe
GrooveMonitor
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
GrooveMonitor Utility
Microsoft Corporation
12.00.4518.1014
c:\program files\microsoft office\office12\groovemonitor.exe
SMSERIAL
sm56hlpr.exe
Motorola SM56 Win32 Utility
Motorola Inc.
6.09.0007.0000
c:\windows\sm56hlpr.exe
TkBellExe
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
RealNetworks Scheduler
RealNetworks, Inc.
0.01.0001.0045
c:\program files\common files\real\update_ob\realsched.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
CTF Loader
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\ctfmon.exe
Skype
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
Skype
Skype Technologies S.A.
3.08.0000.0144
c:\program files\skype\phone\skype.exe
MsnMsgr
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
Windows Live Messenger
Microsoft Corporation
9.00.1407.1107
c:\program files\windows live\messenger\msnmsgr.exe
IDMan
C:\Program Files\Internet Download Manager\IDMan.exe /onboot
Internet Download Manager (IDM)
Tonec Inc.
5.14.0001.0000
c:\program files\internet download manager\idman.exe
MSMSGS
"C:\Program Files\Messenger\msmsgs.exe" /background
Windows Messenger
Microsoft Corporation
4.07.0000.3000
c:\program files\messenger\msmsgs.exe
.
.
----------- End Report ---------------
بارك الله فيكم جميعا
