السلام عليكم فى فيروس مجننىمش مخلينى اعرف اشتغل على الجهاز وهذا تقرير الهايجاك
.
--------------------------\\\ Start Report Of HijackThis ---------------
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:14:24 م, on 16/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\DOCUME~1\Mohamed\LOCALS~1\Temp\bntoz\runn.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\Mohamed\LOCALS~1\Temp\bntoz\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
--
End of file - 5180 bytes
.
.
--------------------------\\\ End Report Of Of HijackThis ---------------
.
.
.
.
--------------------------\\\ Start Report Of Running Processes ---------------
.
==================================================
Process Name : smss.exe
ProcessID : 1256
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Session Manager
Company : Microsoft Corporation
Window Title :
File Size : 50,688
File Created Date : 03/08/2004 10:56:58 م
File Modified Date : 03/08/2004 10:56:58 م
Filename : C:\WINDOWS\System32\smss.exe
Base Address : 0x48580000
Created On : 16/09/2008 07:09:30 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 76 K
Mem Usage Peak : 1192 K
Page Faults : 448
Pagefile Usage : 168 K
Pagefile Peak Usage : 1676 K
File Attributes : A
==================================================
==================================================
Process Name : csrss.exe
ProcessID : 1368
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Client Server Runtime Process
Company : Microsoft Corporation
Window Title :
File Size : 6,144
File Created Date : 03/08/2004 10:56:50 م
File Modified Date : 03/08/2004 10:56:50 م
Filename : C:\WINDOWS\system32\csrss.exe
Base Address : 0x4A680000
Created On : 16/09/2008 07:09:32 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2616 K
Mem Usage Peak : 6172 K
Page Faults : 9571
Pagefile Usage : 1964 K
Pagefile Peak Usage : 2660 K
File Attributes : A
==================================================
==================================================
Process Name : winlogon.exe
ProcessID : 1392
Priority : High
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Logon Application
Company : Microsoft Corporation
Window Title :
File Size : 502,272
File Created Date : 03/08/2004 10:56:58 م
File Modified Date : 03/08/2004 10:56:58 م
Filename : C:\WINDOWS\system32\winlogon.exe
Base Address : 0x01000000
Created On : 16/09/2008 07:09:33 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1008 K
Mem Usage Peak : 20228 K
Page Faults : 31302
Pagefile Usage : 12064 K
Pagefile Peak Usage : 17348 K
File Attributes : A
==================================================
==================================================
Process Name : services.exe
ProcessID : 1436
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Services and Controller app
Company : Microsoft Corporation
Window Title :
File Size : 108,032
File Created Date : 03/08/2004 10:56:56 م
File Modified Date : 03/08/2004 10:56:56 م
Filename : C:\WINDOWS\system32\services.exe
Base Address : 0x01000000
Created On : 16/09/2008 07:09:34 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 920 K
Mem Usage Peak : 9648 K
Page Faults : 4292
Pagefile Usage : 3268 K
Pagefile Peak Usage : 3408 K
File Attributes : A
==================================================
==================================================
Process Name : lsass.exe
ProcessID : 1448
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : LSA Shell (Export Version)
Company : Microsoft Corporation
Window Title :
File Size : 13,312
File Created Date : 03/08/2004 10:56:52 م
File Modified Date : 03/08/2004 10:56:52 م
Filename : C:\WINDOWS\system32\lsass.exe
Base Address : 0x01000000
Created On : 16/09/2008 07:09:34 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1712 K
Mem Usage Peak : 13940 K
Page Faults : 9789
Pagefile Usage : 4140 K
Pagefile Peak Usage : 4944 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1596
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 03/08/2004 10:56:58 م
File Modified Date : 03/08/2004 10:56:58 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 16/09/2008 07:09:34 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1500 K
Mem Usage Peak : 11532 K
Page Faults : 3965
Pagefile Usage : 3220 K
Pagefile Peak Usage : 23580 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1696
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 03/08/2004 10:56:58 م
File Modified Date : 03/08/2004 10:56:58 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 16/09/2008 07:09:34 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 1448 K
Mem Usage Peak : 9812 K
Page Faults : 3537
Pagefile Usage : 2072 K
Pagefile Peak Usage : 2192 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1736
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 03/08/2004 10:56:58 م
File Modified Date : 03/08/2004 10:56:58 م
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 16/09/2008 07:09:34 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 7592 K
Mem Usage Peak : 37484 K
Page Faults : 29837
Pagefile Usage : 17804 K
Pagefile Peak Usage : 19968 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1892
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 03/08/2004 10:56:58 م
File Modified Date : 03/08/2004 10:56:58 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 16/09/2008 07:09:35 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 144 K
Mem Usage Peak : 10664 K
Page Faults : 2847
Pagefile Usage : 1996 K
Pagefile Peak Usage : 2020 K
File Attributes : A
==================================================
==================================================
Process Name : spoolsv.exe
ProcessID : 388
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Spooler SubSystem App
Company : Microsoft Corporation
Window Title :
File Size : 57,856
File Created Date : 03/08/2004 10:56:58 م
File Modified Date : 03/08/2004 10:56:58 م
Filename : C:\WINDOWS\system32\spoolsv.exe
Base Address : 0x01000000
Created On : 16/09/2008 07:09:35 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 192 K
Mem Usage Peak : 14384 K
Page Faults : 4249
Pagefile Usage : 5132 K
Pagefile Peak Usage : 5352 K
File Attributes : A
==================================================
==================================================
Process Name : Explorer.EXE
ProcessID : 620
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Explorer
Company : Microsoft Corporation
Window Title : زيزوووم للأمن والحمايه - Powered by vBulletin
File Size : 1,032,192
File Created Date : 03/08/2004 10:56:50 م
File Modified Date : 03/08/2004 10:56:50 م
Filename : C:\WINDOWS\Explorer.EXE
Base Address : 0x01000000
Created On : 16/09/2008 07:09:36 م
Visible Windows : 3
Hidden Windows : 31
User Name : SHALABY\Mohamed
Mem Usage : 9300 K
Mem Usage Peak : 31404 K
Page Faults : 93594
Pagefile Usage : 35012 K
Pagefile Peak Usage : 37740 K
File Attributes : A
==================================================
==================================================
Process Name : igfxtray.exe
ProcessID : 692
Priority : Normal
Product Name : Intel(R) Common User Interface
Version : 6.14.10.4864
Description : igfxTray Module
Company : Intel Corporation
Window Title :
File Size : 141,848
File Created Date : 15/09/2008 11:26:35 م
File Modified Date : 14/09/2007 06:32:58 ص
Filename : C:\WINDOWS\system32\igfxtray.exe
Base Address : 0x00400000
Created On : 16/09/2008 07:09:37 م
Visible Windows : 0
Hidden Windows : 1
User Name : SHALABY\Mohamed
Mem Usage : 268 K
Mem Usage Peak : 8940 K
Page Faults : 2571
Pagefile Usage : 1952 K
Pagefile Peak Usage : 4316 K
File Attributes : A
==================================================
==================================================
Process Name : hkcmd.exe
ProcessID : 424
Priority : Normal
Product Name : Intel(R) Common User Interface
Version : 6.14.10.4864
Description : hkcmd Module
Company : Intel Corporation
Window Title :
File Size : 166,424
File Created Date : 15/09/2008 11:26:35 م
File Modified Date : 14/09/2007 06:32:44 ص
Filename : C:\WINDOWS\system32\hkcmd.exe
Base Address : 0x00400000
Created On : 16/09/2008 07:09:37 م
Visible Windows : 0
Hidden Windows : 12
User Name : SHALABY\Mohamed
Mem Usage : 288 K
Mem Usage Peak : 8832 K
Page Faults : 2556
Pagefile Usage : 1948 K
Pagefile Peak Usage : 3024 K
File Attributes : A
==================================================
==================================================
Process Name : igfxpers.exe
ProcessID : 720
Priority : Normal
Product Name : Intel(R) Common User Interface
Version : 6.14.10.4864
Description : persistence Module
Company : Intel Corporation
Window Title :
File Size : 137,752
File Created Date : 15/09/2008 11:26:35 م
File Modified Date : 14/09/2007 06:32:52 ص
Filename : C:\WINDOWS\system32\igfxpers.exe
Base Address : 0x00400000
Created On : 16/09/2008 07:09:37 م
Visible Windows : 0
Hidden Windows : 1
User Name : SHALABY\Mohamed
Mem Usage : 240 K
Mem Usage Peak : 7740 K
Page Faults : 2365
Pagefile Usage : 1684 K
Pagefile Peak Usage : 2764 K
File Attributes : A
==================================================
==================================================
Process Name : igfxsrvc.exe
ProcessID : 772
Priority : Normal
Product Name : Intel(R) Common User Interface
Version : 6.14.10.4864
Description : igfxsrvc Module
Company : Intel Corporation
Window Title :
File Size : 252,440
File Created Date : 15/09/2008 11:26:35 م
File Modified Date : 14/09/2007 06:32:54 ص
Filename : C:\WINDOWS\system32\igfxsrvc.exe
Base Address : 0x00400000
Created On : 16/09/2008 07:09:37 م
Visible Windows : 0
Hidden Windows : 0
User Name : SHALABY\Mohamed
Mem Usage : 1540 K
Mem Usage Peak : 6844 K
Page Faults : 2314
Pagefile Usage : 1652 K
Pagefile Peak Usage : 1656 K
File Attributes : A
==================================================
==================================================
Process Name : HPWAMain.exe
ProcessID : 780
Priority : Normal
Product Name : HP Wireless Assistant
Version : 3, 0, 9, 1
Description : HPWAMain Module
Company : Hewlett-Packard Development Company, L.P.
Window Title :
File Size : 488,752
File Created Date : 20/11/2007 04:44:58 ص
File Modified Date : 20/11/2007 04:44:58 ص
Filename : C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
Base Address : 0x00400000
Created On : 16/09/2008 07:09:37 م
Visible Windows : 0
Hidden Windows : 1
User Name : SHALABY\Mohamed
Mem Usage : 344 K
Mem Usage Peak : 10572 K
Page Faults : 3147
Pagefile Usage : 3072 K
Pagefile Peak Usage : 4168 K
File Attributes : A
==================================================
==================================================
Process Name : avp.exe
ProcessID : 856
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 8.0.0.454
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 206,088
File Created Date : 29/07/2008 05:20:28 م
File Modified Date : 29/07/2008 05:20:28 م
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
Base Address : 0x00400000
Created On : 16/09/2008 07:09:37 م
Visible Windows : 1
Hidden Windows : 5
User Name : SHALABY\Mohamed
Mem Usage : 6532 K
Mem Usage Peak : 19084 K
Page Faults : 46940
Pagefile Usage : 6708 K
Pagefile Peak Usage : 8660 K
File Attributes : A
==================================================
==================================================
Process Name : ctfmon.exe
ProcessID : 884
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : CTF Loader
Company : Microsoft Corporation
Window Title :
File Size : 15,360
File Created Date : 03/08/2004 10:56:50 م
File Modified Date : 03/08/2004 10:56:50 م
Filename : C:\WINDOWS\system32\ctfmon.exe
Base Address : 0x00400000
Created On : 16/09/2008 07:09:37 م
Visible Windows : 0
Hidden Windows : 4
User Name : SHALABY\Mohamed
Mem Usage : 376 K
Mem Usage Peak : 8520 K
Page Faults : 2601
Pagefile Usage : 1868 K
Pagefile Peak Usage : 2944 K
File Attributes : A
==================================================
==================================================
Process Name : BTTray.exe
ProcessID : 988
Priority : Normal
Product Name : Bluetooth Software 4.0.1.3301
Version : 4.0.1.3301
Description : Bluetooth Tray Application
Company : Broadcom Corporation.
Window Title :
File Size : 581,693
File Created Date : 15/02/2006 01:16:02 م
File Modified Date : 15/02/2006 01:16:02 م
Filename : C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Base Address : 0x00400000
Created On : 16/09/2008 07:09:38 م
Visible Windows : 0
Hidden Windows : 2
User Name : SHALABY\Mohamed
Mem Usage : 812 K
Mem Usage Peak : 15328 K
Page Faults : 5556
Pagefile Usage : 4472 K
Pagefile Peak Usage : 5060 K
File Attributes : A
==================================================
==================================================
Process Name : BTSTAC~1.EXE
ProcessID : 1276
Priority : Normal
Product Name : Bluetooth Software 4.0.1.3301
Version : 4.0.1.3301
Description : Bluetooth Stack COM Server
Company : Broadcom Corporation.
Window Title :
File Size : 1,265,748
File Created Date : 15/02/2006 01:14:44 م
File Modified Date : 15/02/2006 01:14:44 م
Filename : C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
Base Address : 0x00400000
Created On : 16/09/2008 07:09:40 م
Visible Windows : 0
Hidden Windows : 1
User Name : SHALABY\Mohamed
Mem Usage : 380 K
Mem Usage Peak : 16260 K
Page Faults : 4854
Pagefile Usage : 6312 K
Pagefile Peak Usage : 7464 K
File Attributes : A
==================================================
==================================================
Process Name : avp.exe
ProcessID : 1932
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 8.0.0.454
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 206,088
File Created Date : 29/07/2008 05:20:28 م
File Modified Date : 29/07/2008 05:20:28 م
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
Base Address : 0x00400000
Created On : 16/09/2008 07:09:49 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 33984 K
Mem Usage Peak : 171496 K
Page Faults : 11165753
Pagefile Usage : 56688 K
Pagefile Peak Usage : 237224 K
File Attributes : A
==================================================
==================================================
Process Name : btwdins.exe
ProcessID : 1940
Priority : Normal
Product Name : Bluetooth Software 4.0.1.3301
Version : 4.0.1.3301
Description : Bluetooth Support Server
Company : Broadcom Corporation.
Window Title :
File Size : 258,103
File Created Date : 15/02/2006 01:09:20 م
File Modified Date : 15/02/2006 01:09:20 م
Filename : C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
Base Address : 0x00400000
Created On : 16/09/2008 07:09:49 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 160 K
Mem Usage Peak : 5864 K
Page Faults : 2127
Pagefile Usage : 2028 K
Pagefile Peak Usage : 2120 K
File Attributes : A
==================================================
==================================================
Process Name : hpqwmiex.exe
ProcessID : 1760
Priority : Normal
Product Name : hpqwmiex Module
Version : 2, 00, 2, 3
Description : hpqwmiex Module
Company : Hewlett-Packard Development Company, L.P.
Window Title :
File Size : 144,688
File Created Date : 29/11/2007 03:01:00 م
File Modified Date : 29/11/2007 03:01:00 م
Filename : C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
Base Address : 0x00400000
Created On : 16/09/2008 07:09:55 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 80 K
Mem Usage Peak : 9828 K
Page Faults : 2484
Pagefile Usage : 1876 K
Pagefile Peak Usage : 2396 K
File Attributes : A
==================================================
==================================================
Process Name : alg.exe
ProcessID : 2608
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Application Layer Gateway Service
Company : Microsoft Corporation
Window Title :
File Size : 44,544
File Created Date : 03/08/2004 10:56:48 م
File Modified Date : 03/08/2004 10:56:48 م
Filename : C:\WINDOWS\System32\alg.exe
Base Address : 0x01000000
Created On : 16/09/2008 07:09:56 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 116 K
Mem Usage Peak : 8700 K
Page Faults : 2229
Pagefile Usage : 1332 K
Pagefile Peak Usage : 1340 K
File Attributes : A
==================================================
==================================================
Process Name : wmiprvse.exe
ProcessID : 2704
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 218,112
File Created Date : 15/09/2008 11:57:07 م
File Modified Date : 03/08/2004 10:56:58 م
Filename : C:\WINDOWS\system32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 16/09/2008 07:09:56 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 680 K
Mem Usage Peak : 11216 K
Page Faults : 4149
Pagefile Usage : 2032 K
Pagefile Peak Usage : 2872 K
File Attributes : A
==================================================
==================================================
Process Name : HpqToaster.exe
ProcessID : 3680
Priority : Normal
Product Name : HpqToaster Module
Version : 1, 10, 1, 3
Description : HpqToaster Module
Company :
Window Title :
File Size : 677,432
File Created Date : 20/11/2007 11:32:20 ص
File Modified Date : 20/11/2007 11:32:20 ص
Filename : C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
Base Address : 0x00400000
Created On : 16/09/2008 07:10:02 م
Visible Windows : 0
Hidden Windows : 1
User Name : SHALABY\Mohamed
Mem Usage : 428 K
Mem Usage Peak : 10792 K
Page Faults : 3120
Pagefile Usage : 2236 K
Pagefile Peak Usage : 2976 K
File Attributes : A
==================================================
==================================================
Process Name : wmiprvse.exe
ProcessID : 1428
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 218,112
File Created Date : 15/09/2008 11:57:07 م
File Modified Date : 03/08/2004 10:56:58 م
Filename : C:\WINDOWS\system32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 16/09/2008 08:13:01 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 5776 K
Mem Usage Peak : 5776 K
Page Faults : 1472
Pagefile Usage : 2552 K
Pagefile Peak Usage : 3040 K
File Attributes : A
==================================================
==================================================
Process Name : runn.exe
ProcessID : 2496
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 71,680
File Created Date : 16/09/2008 05:12:54 م
File Modified Date : 31/01/2008 10:24:25 م
Filename : C:\DOCUME~1\Mohamed\LOCALS~1\Temp\bntoz\runn.exe
Base Address : 0x00400000
Created On : 16/09/2008 08:14:22 م
Visible Windows : 0
Hidden Windows : 0
User Name : SHALABY\Mohamed
Mem Usage : 2216 K
Mem Usage Peak : 2236 K
Page Faults : 642
Pagefile Usage : 772 K
Pagefile Peak Usage : 848 K
File Attributes : A
==================================================
==================================================
Process Name : cmd.exe
ProcessID : 3096
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Command Processor
Company : Microsoft Corporation
Window Title :
File Size : 388,608
File Created Date : 03/08/2004 10:56:50 م
File Modified Date : 03/08/2004 10:56:50 م
Filename : C:\WINDOWS\system32\cmd.exe
Base Address : 0x4AD00000
Created On : 16/09/2008 08:14:22 م
Visible Windows : 0
Hidden Windows : 1
User Name : SHALABY\Mohamed
Mem Usage : 3024 K
Mem Usage Peak : 3088 K
Page Faults : 846
Pagefile Usage : 2172 K
Pagefile Peak Usage : 2248 K
File Attributes : A
==================================================
==================================================
Process Name : CProcess.exe
ProcessID : 3556
Priority : Normal
Product Name : CurrProcess
Version : 1.11
Description : CurrProcess
Company : NirSoft
Window Title :
File Size : 35,840
File Created Date : 16/09/2008 05:12:53 م
File Modified Date : 14/07/2005 04:46:34 ص
Filename : C:\DOCUME~1\Mohamed\LOCALS~1\Temp\bntoz\CProcess.exe
Base Address : 0x00400000
Created On : 16/09/2008 08:14:24 م
Visible Windows : 0
Hidden Windows : 0
User Name : SHALABY\Mohamed
Mem Usage : 2304 K
Mem Usage Peak : 2356 K
Page Faults : 820
Pagefile Usage : 984 K
Pagefile Peak Usage : 1048 K
File Attributes : A
==================================================
.
.
--------------------------\\\ End Report Of Running Processes ---------------
.
.
.
.
--------------------------\\\ Windows XP Startup List ---------------
.
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
autocheck autochk *
Auto Check Utility
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\autochk.exe
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
rdpclip
rdpclip
RDP Clip Monitor
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\rdpclip.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
Userinit Logon Application
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Explorer.exe
Explorer.exe
Windows Explorer
Microsoft Corporation
6.00.2900.2180
c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IgfxTray
C:\WINDOWS\system32\igfxtray.exe
igfxTray Module
Intel Corporation
6.14.0010.4864
c:\windows\system32\igfxtray.exe
HotKeysCmds
C:\WINDOWS\system32\hkcmd.exe
hkcmd Module
Intel Corporation
6.14.0010.4864
c:\windows\system32\hkcmd.exe
Persistence
C:\WINDOWS\system32\igfxpers.exe
persistence Module
Intel Corporation
6.14.0010.4864
c:\windows\system32\igfxpers.exe
hpWirelessAssistant
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HPWAMain Module
Hewlett-Packard Development Company, L.P.
3.00.0009.0001
c:\program files\hewlett-packard\hp wireless assistant\hpwamain.exe
AVP
"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
Kaspersky Anti-Virus
Kaspersky Lab
8.00.0000.0454
c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
Bluetooth Tray Application
Broadcom Corporation.
4.00.0001.3301
c:\program files\widcomm\bluetooth software\bttray.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE
C:\WINDOWS\system32\ctfmon.exe
CTF Loader
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\ctfmon.exe
Messenger (Yahoo!)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
Yahoo! Messenger
Yahoo! Inc.
9.00.0000.1389
c:\program files\yahoo!\messenger\yahoomessenger.exe
amva
C:\WINDOWS\system32\amvo.exe
c:\windows\system32\amvo.exe
MSMSGS
"C:\Program Files\Messenger\msmsgs.exe" /background
Windows Messenger
Microsoft Corporation
4.07.0000.3000
c:\program files\messenger\msmsgs.exe
.
.
----------- End Report ---------------
.
--------------------------\\\ Start Report Of HijackThis ---------------
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:14:24 م, on 16/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\DOCUME~1\Mohamed\LOCALS~1\Temp\bntoz\runn.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\Mohamed\LOCALS~1\Temp\bntoz\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
--
End of file - 5180 bytes
.
.
--------------------------\\\ End Report Of Of HijackThis ---------------
.
.
.
.
--------------------------\\\ Start Report Of Running Processes ---------------
.
==================================================
Process Name : smss.exe
ProcessID : 1256
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Session Manager
Company : Microsoft Corporation
Window Title :
File Size : 50,688
File Created Date : 03/08/2004 10:56:58 م
File Modified Date : 03/08/2004 10:56:58 م
Filename : C:\WINDOWS\System32\smss.exe
Base Address : 0x48580000
Created On : 16/09/2008 07:09:30 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 76 K
Mem Usage Peak : 1192 K
Page Faults : 448
Pagefile Usage : 168 K
Pagefile Peak Usage : 1676 K
File Attributes : A
==================================================
==================================================
Process Name : csrss.exe
ProcessID : 1368
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Client Server Runtime Process
Company : Microsoft Corporation
Window Title :
File Size : 6,144
File Created Date : 03/08/2004 10:56:50 م
File Modified Date : 03/08/2004 10:56:50 م
Filename : C:\WINDOWS\system32\csrss.exe
Base Address : 0x4A680000
Created On : 16/09/2008 07:09:32 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2616 K
Mem Usage Peak : 6172 K
Page Faults : 9571
Pagefile Usage : 1964 K
Pagefile Peak Usage : 2660 K
File Attributes : A
==================================================
==================================================
Process Name : winlogon.exe
ProcessID : 1392
Priority : High
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Logon Application
Company : Microsoft Corporation
Window Title :
File Size : 502,272
File Created Date : 03/08/2004 10:56:58 م
File Modified Date : 03/08/2004 10:56:58 م
Filename : C:\WINDOWS\system32\winlogon.exe
Base Address : 0x01000000
Created On : 16/09/2008 07:09:33 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1008 K
Mem Usage Peak : 20228 K
Page Faults : 31302
Pagefile Usage : 12064 K
Pagefile Peak Usage : 17348 K
File Attributes : A
==================================================
==================================================
Process Name : services.exe
ProcessID : 1436
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Services and Controller app
Company : Microsoft Corporation
Window Title :
File Size : 108,032
File Created Date : 03/08/2004 10:56:56 م
File Modified Date : 03/08/2004 10:56:56 م
Filename : C:\WINDOWS\system32\services.exe
Base Address : 0x01000000
Created On : 16/09/2008 07:09:34 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 920 K
Mem Usage Peak : 9648 K
Page Faults : 4292
Pagefile Usage : 3268 K
Pagefile Peak Usage : 3408 K
File Attributes : A
==================================================
==================================================
Process Name : lsass.exe
ProcessID : 1448
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : LSA Shell (Export Version)
Company : Microsoft Corporation
Window Title :
File Size : 13,312
File Created Date : 03/08/2004 10:56:52 م
File Modified Date : 03/08/2004 10:56:52 م
Filename : C:\WINDOWS\system32\lsass.exe
Base Address : 0x01000000
Created On : 16/09/2008 07:09:34 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1712 K
Mem Usage Peak : 13940 K
Page Faults : 9789
Pagefile Usage : 4140 K
Pagefile Peak Usage : 4944 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1596
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 03/08/2004 10:56:58 م
File Modified Date : 03/08/2004 10:56:58 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 16/09/2008 07:09:34 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1500 K
Mem Usage Peak : 11532 K
Page Faults : 3965
Pagefile Usage : 3220 K
Pagefile Peak Usage : 23580 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1696
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 03/08/2004 10:56:58 م
File Modified Date : 03/08/2004 10:56:58 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 16/09/2008 07:09:34 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 1448 K
Mem Usage Peak : 9812 K
Page Faults : 3537
Pagefile Usage : 2072 K
Pagefile Peak Usage : 2192 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1736
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 03/08/2004 10:56:58 م
File Modified Date : 03/08/2004 10:56:58 م
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 16/09/2008 07:09:34 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 7592 K
Mem Usage Peak : 37484 K
Page Faults : 29837
Pagefile Usage : 17804 K
Pagefile Peak Usage : 19968 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1892
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 03/08/2004 10:56:58 م
File Modified Date : 03/08/2004 10:56:58 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 16/09/2008 07:09:35 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 144 K
Mem Usage Peak : 10664 K
Page Faults : 2847
Pagefile Usage : 1996 K
Pagefile Peak Usage : 2020 K
File Attributes : A
==================================================
==================================================
Process Name : spoolsv.exe
ProcessID : 388
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Spooler SubSystem App
Company : Microsoft Corporation
Window Title :
File Size : 57,856
File Created Date : 03/08/2004 10:56:58 م
File Modified Date : 03/08/2004 10:56:58 م
Filename : C:\WINDOWS\system32\spoolsv.exe
Base Address : 0x01000000
Created On : 16/09/2008 07:09:35 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 192 K
Mem Usage Peak : 14384 K
Page Faults : 4249
Pagefile Usage : 5132 K
Pagefile Peak Usage : 5352 K
File Attributes : A
==================================================
==================================================
Process Name : Explorer.EXE
ProcessID : 620
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Explorer
Company : Microsoft Corporation
Window Title : زيزوووم للأمن والحمايه - Powered by vBulletin
File Size : 1,032,192
File Created Date : 03/08/2004 10:56:50 م
File Modified Date : 03/08/2004 10:56:50 م
Filename : C:\WINDOWS\Explorer.EXE
Base Address : 0x01000000
Created On : 16/09/2008 07:09:36 م
Visible Windows : 3
Hidden Windows : 31
User Name : SHALABY\Mohamed
Mem Usage : 9300 K
Mem Usage Peak : 31404 K
Page Faults : 93594
Pagefile Usage : 35012 K
Pagefile Peak Usage : 37740 K
File Attributes : A
==================================================
==================================================
Process Name : igfxtray.exe
ProcessID : 692
Priority : Normal
Product Name : Intel(R) Common User Interface
Version : 6.14.10.4864
Description : igfxTray Module
Company : Intel Corporation
Window Title :
File Size : 141,848
File Created Date : 15/09/2008 11:26:35 م
File Modified Date : 14/09/2007 06:32:58 ص
Filename : C:\WINDOWS\system32\igfxtray.exe
Base Address : 0x00400000
Created On : 16/09/2008 07:09:37 م
Visible Windows : 0
Hidden Windows : 1
User Name : SHALABY\Mohamed
Mem Usage : 268 K
Mem Usage Peak : 8940 K
Page Faults : 2571
Pagefile Usage : 1952 K
Pagefile Peak Usage : 4316 K
File Attributes : A
==================================================
==================================================
Process Name : hkcmd.exe
ProcessID : 424
Priority : Normal
Product Name : Intel(R) Common User Interface
Version : 6.14.10.4864
Description : hkcmd Module
Company : Intel Corporation
Window Title :
File Size : 166,424
File Created Date : 15/09/2008 11:26:35 م
File Modified Date : 14/09/2007 06:32:44 ص
Filename : C:\WINDOWS\system32\hkcmd.exe
Base Address : 0x00400000
Created On : 16/09/2008 07:09:37 م
Visible Windows : 0
Hidden Windows : 12
User Name : SHALABY\Mohamed
Mem Usage : 288 K
Mem Usage Peak : 8832 K
Page Faults : 2556
Pagefile Usage : 1948 K
Pagefile Peak Usage : 3024 K
File Attributes : A
==================================================
==================================================
Process Name : igfxpers.exe
ProcessID : 720
Priority : Normal
Product Name : Intel(R) Common User Interface
Version : 6.14.10.4864
Description : persistence Module
Company : Intel Corporation
Window Title :
File Size : 137,752
File Created Date : 15/09/2008 11:26:35 م
File Modified Date : 14/09/2007 06:32:52 ص
Filename : C:\WINDOWS\system32\igfxpers.exe
Base Address : 0x00400000
Created On : 16/09/2008 07:09:37 م
Visible Windows : 0
Hidden Windows : 1
User Name : SHALABY\Mohamed
Mem Usage : 240 K
Mem Usage Peak : 7740 K
Page Faults : 2365
Pagefile Usage : 1684 K
Pagefile Peak Usage : 2764 K
File Attributes : A
==================================================
==================================================
Process Name : igfxsrvc.exe
ProcessID : 772
Priority : Normal
Product Name : Intel(R) Common User Interface
Version : 6.14.10.4864
Description : igfxsrvc Module
Company : Intel Corporation
Window Title :
File Size : 252,440
File Created Date : 15/09/2008 11:26:35 م
File Modified Date : 14/09/2007 06:32:54 ص
Filename : C:\WINDOWS\system32\igfxsrvc.exe
Base Address : 0x00400000
Created On : 16/09/2008 07:09:37 م
Visible Windows : 0
Hidden Windows : 0
User Name : SHALABY\Mohamed
Mem Usage : 1540 K
Mem Usage Peak : 6844 K
Page Faults : 2314
Pagefile Usage : 1652 K
Pagefile Peak Usage : 1656 K
File Attributes : A
==================================================
==================================================
Process Name : HPWAMain.exe
ProcessID : 780
Priority : Normal
Product Name : HP Wireless Assistant
Version : 3, 0, 9, 1
Description : HPWAMain Module
Company : Hewlett-Packard Development Company, L.P.
Window Title :
File Size : 488,752
File Created Date : 20/11/2007 04:44:58 ص
File Modified Date : 20/11/2007 04:44:58 ص
Filename : C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
Base Address : 0x00400000
Created On : 16/09/2008 07:09:37 م
Visible Windows : 0
Hidden Windows : 1
User Name : SHALABY\Mohamed
Mem Usage : 344 K
Mem Usage Peak : 10572 K
Page Faults : 3147
Pagefile Usage : 3072 K
Pagefile Peak Usage : 4168 K
File Attributes : A
==================================================
==================================================
Process Name : avp.exe
ProcessID : 856
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 8.0.0.454
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 206,088
File Created Date : 29/07/2008 05:20:28 م
File Modified Date : 29/07/2008 05:20:28 م
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
Base Address : 0x00400000
Created On : 16/09/2008 07:09:37 م
Visible Windows : 1
Hidden Windows : 5
User Name : SHALABY\Mohamed
Mem Usage : 6532 K
Mem Usage Peak : 19084 K
Page Faults : 46940
Pagefile Usage : 6708 K
Pagefile Peak Usage : 8660 K
File Attributes : A
==================================================
==================================================
Process Name : ctfmon.exe
ProcessID : 884
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : CTF Loader
Company : Microsoft Corporation
Window Title :
File Size : 15,360
File Created Date : 03/08/2004 10:56:50 م
File Modified Date : 03/08/2004 10:56:50 م
Filename : C:\WINDOWS\system32\ctfmon.exe
Base Address : 0x00400000
Created On : 16/09/2008 07:09:37 م
Visible Windows : 0
Hidden Windows : 4
User Name : SHALABY\Mohamed
Mem Usage : 376 K
Mem Usage Peak : 8520 K
Page Faults : 2601
Pagefile Usage : 1868 K
Pagefile Peak Usage : 2944 K
File Attributes : A
==================================================
==================================================
Process Name : BTTray.exe
ProcessID : 988
Priority : Normal
Product Name : Bluetooth Software 4.0.1.3301
Version : 4.0.1.3301
Description : Bluetooth Tray Application
Company : Broadcom Corporation.
Window Title :
File Size : 581,693
File Created Date : 15/02/2006 01:16:02 م
File Modified Date : 15/02/2006 01:16:02 م
Filename : C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Base Address : 0x00400000
Created On : 16/09/2008 07:09:38 م
Visible Windows : 0
Hidden Windows : 2
User Name : SHALABY\Mohamed
Mem Usage : 812 K
Mem Usage Peak : 15328 K
Page Faults : 5556
Pagefile Usage : 4472 K
Pagefile Peak Usage : 5060 K
File Attributes : A
==================================================
==================================================
Process Name : BTSTAC~1.EXE
ProcessID : 1276
Priority : Normal
Product Name : Bluetooth Software 4.0.1.3301
Version : 4.0.1.3301
Description : Bluetooth Stack COM Server
Company : Broadcom Corporation.
Window Title :
File Size : 1,265,748
File Created Date : 15/02/2006 01:14:44 م
File Modified Date : 15/02/2006 01:14:44 م
Filename : C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
Base Address : 0x00400000
Created On : 16/09/2008 07:09:40 م
Visible Windows : 0
Hidden Windows : 1
User Name : SHALABY\Mohamed
Mem Usage : 380 K
Mem Usage Peak : 16260 K
Page Faults : 4854
Pagefile Usage : 6312 K
Pagefile Peak Usage : 7464 K
File Attributes : A
==================================================
==================================================
Process Name : avp.exe
ProcessID : 1932
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 8.0.0.454
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 206,088
File Created Date : 29/07/2008 05:20:28 م
File Modified Date : 29/07/2008 05:20:28 م
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
Base Address : 0x00400000
Created On : 16/09/2008 07:09:49 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 33984 K
Mem Usage Peak : 171496 K
Page Faults : 11165753
Pagefile Usage : 56688 K
Pagefile Peak Usage : 237224 K
File Attributes : A
==================================================
==================================================
Process Name : btwdins.exe
ProcessID : 1940
Priority : Normal
Product Name : Bluetooth Software 4.0.1.3301
Version : 4.0.1.3301
Description : Bluetooth Support Server
Company : Broadcom Corporation.
Window Title :
File Size : 258,103
File Created Date : 15/02/2006 01:09:20 م
File Modified Date : 15/02/2006 01:09:20 م
Filename : C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
Base Address : 0x00400000
Created On : 16/09/2008 07:09:49 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 160 K
Mem Usage Peak : 5864 K
Page Faults : 2127
Pagefile Usage : 2028 K
Pagefile Peak Usage : 2120 K
File Attributes : A
==================================================
==================================================
Process Name : hpqwmiex.exe
ProcessID : 1760
Priority : Normal
Product Name : hpqwmiex Module
Version : 2, 00, 2, 3
Description : hpqwmiex Module
Company : Hewlett-Packard Development Company, L.P.
Window Title :
File Size : 144,688
File Created Date : 29/11/2007 03:01:00 م
File Modified Date : 29/11/2007 03:01:00 م
Filename : C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
Base Address : 0x00400000
Created On : 16/09/2008 07:09:55 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 80 K
Mem Usage Peak : 9828 K
Page Faults : 2484
Pagefile Usage : 1876 K
Pagefile Peak Usage : 2396 K
File Attributes : A
==================================================
==================================================
Process Name : alg.exe
ProcessID : 2608
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Application Layer Gateway Service
Company : Microsoft Corporation
Window Title :
File Size : 44,544
File Created Date : 03/08/2004 10:56:48 م
File Modified Date : 03/08/2004 10:56:48 م
Filename : C:\WINDOWS\System32\alg.exe
Base Address : 0x01000000
Created On : 16/09/2008 07:09:56 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 116 K
Mem Usage Peak : 8700 K
Page Faults : 2229
Pagefile Usage : 1332 K
Pagefile Peak Usage : 1340 K
File Attributes : A
==================================================
==================================================
Process Name : wmiprvse.exe
ProcessID : 2704
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 218,112
File Created Date : 15/09/2008 11:57:07 م
File Modified Date : 03/08/2004 10:56:58 م
Filename : C:\WINDOWS\system32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 16/09/2008 07:09:56 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 680 K
Mem Usage Peak : 11216 K
Page Faults : 4149
Pagefile Usage : 2032 K
Pagefile Peak Usage : 2872 K
File Attributes : A
==================================================
==================================================
Process Name : HpqToaster.exe
ProcessID : 3680
Priority : Normal
Product Name : HpqToaster Module
Version : 1, 10, 1, 3
Description : HpqToaster Module
Company :
Window Title :
File Size : 677,432
File Created Date : 20/11/2007 11:32:20 ص
File Modified Date : 20/11/2007 11:32:20 ص
Filename : C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
Base Address : 0x00400000
Created On : 16/09/2008 07:10:02 م
Visible Windows : 0
Hidden Windows : 1
User Name : SHALABY\Mohamed
Mem Usage : 428 K
Mem Usage Peak : 10792 K
Page Faults : 3120
Pagefile Usage : 2236 K
Pagefile Peak Usage : 2976 K
File Attributes : A
==================================================
==================================================
Process Name : wmiprvse.exe
ProcessID : 1428
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 218,112
File Created Date : 15/09/2008 11:57:07 م
File Modified Date : 03/08/2004 10:56:58 م
Filename : C:\WINDOWS\system32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 16/09/2008 08:13:01 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 5776 K
Mem Usage Peak : 5776 K
Page Faults : 1472
Pagefile Usage : 2552 K
Pagefile Peak Usage : 3040 K
File Attributes : A
==================================================
==================================================
Process Name : runn.exe
ProcessID : 2496
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 71,680
File Created Date : 16/09/2008 05:12:54 م
File Modified Date : 31/01/2008 10:24:25 م
Filename : C:\DOCUME~1\Mohamed\LOCALS~1\Temp\bntoz\runn.exe
Base Address : 0x00400000
Created On : 16/09/2008 08:14:22 م
Visible Windows : 0
Hidden Windows : 0
User Name : SHALABY\Mohamed
Mem Usage : 2216 K
Mem Usage Peak : 2236 K
Page Faults : 642
Pagefile Usage : 772 K
Pagefile Peak Usage : 848 K
File Attributes : A
==================================================
==================================================
Process Name : cmd.exe
ProcessID : 3096
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Command Processor
Company : Microsoft Corporation
Window Title :
File Size : 388,608
File Created Date : 03/08/2004 10:56:50 م
File Modified Date : 03/08/2004 10:56:50 م
Filename : C:\WINDOWS\system32\cmd.exe
Base Address : 0x4AD00000
Created On : 16/09/2008 08:14:22 م
Visible Windows : 0
Hidden Windows : 1
User Name : SHALABY\Mohamed
Mem Usage : 3024 K
Mem Usage Peak : 3088 K
Page Faults : 846
Pagefile Usage : 2172 K
Pagefile Peak Usage : 2248 K
File Attributes : A
==================================================
==================================================
Process Name : CProcess.exe
ProcessID : 3556
Priority : Normal
Product Name : CurrProcess
Version : 1.11
Description : CurrProcess
Company : NirSoft
Window Title :
File Size : 35,840
File Created Date : 16/09/2008 05:12:53 م
File Modified Date : 14/07/2005 04:46:34 ص
Filename : C:\DOCUME~1\Mohamed\LOCALS~1\Temp\bntoz\CProcess.exe
Base Address : 0x00400000
Created On : 16/09/2008 08:14:24 م
Visible Windows : 0
Hidden Windows : 0
User Name : SHALABY\Mohamed
Mem Usage : 2304 K
Mem Usage Peak : 2356 K
Page Faults : 820
Pagefile Usage : 984 K
Pagefile Peak Usage : 1048 K
File Attributes : A
==================================================
.
.
--------------------------\\\ End Report Of Running Processes ---------------
.
.
.
.
--------------------------\\\ Windows XP Startup List ---------------
.
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
autocheck autochk *
Auto Check Utility
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\autochk.exe
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
rdpclip
rdpclip
RDP Clip Monitor
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\rdpclip.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
Userinit Logon Application
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Explorer.exe
Explorer.exe
Windows Explorer
Microsoft Corporation
6.00.2900.2180
c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IgfxTray
C:\WINDOWS\system32\igfxtray.exe
igfxTray Module
Intel Corporation
6.14.0010.4864
c:\windows\system32\igfxtray.exe
HotKeysCmds
C:\WINDOWS\system32\hkcmd.exe
hkcmd Module
Intel Corporation
6.14.0010.4864
c:\windows\system32\hkcmd.exe
Persistence
C:\WINDOWS\system32\igfxpers.exe
persistence Module
Intel Corporation
6.14.0010.4864
c:\windows\system32\igfxpers.exe
hpWirelessAssistant
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HPWAMain Module
Hewlett-Packard Development Company, L.P.
3.00.0009.0001
c:\program files\hewlett-packard\hp wireless assistant\hpwamain.exe
AVP
"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
Kaspersky Anti-Virus
Kaspersky Lab
8.00.0000.0454
c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
Bluetooth Tray Application
Broadcom Corporation.
4.00.0001.3301
c:\program files\widcomm\bluetooth software\bttray.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE
C:\WINDOWS\system32\ctfmon.exe
CTF Loader
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\ctfmon.exe
Messenger (Yahoo!)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
Yahoo! Messenger
Yahoo! Inc.
9.00.0000.1389
c:\program files\yahoo!\messenger\yahoomessenger.exe
amva
C:\WINDOWS\system32\amvo.exe
c:\windows\system32\amvo.exe
MSMSGS
"C:\Program Files\Messenger\msmsgs.exe" /background
Windows Messenger
Microsoft Corporation
4.07.0000.3000
c:\program files\messenger\msmsgs.exe
.
.
----------- End Report ---------------
