هذا التقرير..
.
--------------------------\\\ Start Report Of HijackThis ---------------
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:16:36 ص, on 02/02/08
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Users\ssc1\AppData\Local\Temp\bntoz\runn.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Users\ssc1\AppData\Local\Temp\bntoz\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [cdrom bash] "C:\ProgramData\Mix Send Send.u2ynzh2"
O4 - HKLM\..\Run: [bone thunk axis copy] "C:\ProgramData\Gpl Bind Option.jm03wpw"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: delvista.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Monitor.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\Windows\SYSTEM32\crypserv.exe
--
End of file - 4748 bytes
.
.
--------------------------\\\ End Report Of Of HijackThis ---------------
.
.
.
.
--------------------------\\\ Start Report Of Running Processes ---------------
.
==================================================
Process Name : smss.exe
ProcessID : 436
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : Windows Session Manager
Company : Microsoft Corporation
Window Title :
File Size : 62,976
File Created Date : 10/10/27 08:33:05 ص
File Modified Date : 10/10/27 09:45:45 ص
Filename : C:\Windows\System32\smss.exe
Base Address : 0x47930000
Created On : 23/01/29 10:54:36 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1024 K
Mem Usage Peak : 1024 K
Page Faults : 380
Pagefile Usage : 280 K
Pagefile Peak Usage : 312 K
File Attributes : A
==================================================
==================================================
Process Name : csrss.exe
ProcessID : 568
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : Client Server Runtime Process
Company : Microsoft Corporation
Window Title :
File Size : 7,680
File Created Date : 10/10/27 08:33:03 ص
File Modified Date : 10/10/27 09:45:00 ص
Filename : C:\Windows\system32\csrss.exe
Base Address : 0x49930000
Created On : 23/01/29 10:54:38 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 7916 K
Mem Usage Peak : 8144 K
Page Faults : 4358
Pagefile Usage : 1592 K
Pagefile Peak Usage : 1604 K
File Attributes : A
==================================================
==================================================
Process Name : wininit.exe
ProcessID : 616
Priority : High
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : تطبيق بدء تشغيل Windows
Company : Microsoft Corporation
Window Title :
File Size : 95,744
File Created Date : 10/10/27 08:44:42 ص
File Modified Date : 10/10/27 09:45:57 ص
Filename : C:\Windows\system32\wininit.exe
Base Address : 0x00770000
Created On : 23/01/29 10:54:40 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 10100 K
Mem Usage Peak : 10352 K
Page Faults : 3451
Pagefile Usage : 1552 K
Pagefile Peak Usage : 1700 K
File Attributes : A
==================================================
==================================================
Process Name : csrss.exe
ProcessID : 628
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : Client Server Runtime Process
Company : Microsoft Corporation
Window Title :
File Size : 7,680
File Created Date : 10/10/27 08:33:03 ص
File Modified Date : 10/10/27 09:45:00 ص
Filename : C:\Windows\system32\csrss.exe
Base Address : 0x49930000
Created On : 23/01/29 10:54:40 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 12528 K
Mem Usage Peak : 14824 K
Page Faults : 40923
Pagefile Usage : 2060 K
Pagefile Peak Usage : 11820 K
File Attributes : A
==================================================
==================================================
Process Name : services.exe
ProcessID : 660
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : تطبيق الخدمات ووحدات التحكم
Company : Microsoft Corporation
Window Title :
File Size : 279,552
File Created Date : 10/10/27 08:35:31 ص
File Modified Date : 10/10/27 09:45:40 ص
Filename : C:\Windows\system32\services.exe
Base Address : 0x00E30000
Created On : 23/01/29 10:54:40 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 13980 K
Mem Usage Peak : 14680 K
Page Faults : 8360
Pagefile Usage : 2628 K
Pagefile Peak Usage : 2840 K
File Attributes : A
==================================================
==================================================
Process Name : lsass.exe
ProcessID : 672
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : Local Security Authority Process
Company : Microsoft Corporation
Window Title :
File Size : 7,680
File Created Date : 10/10/27 08:43:42 ص
File Modified Date : 10/10/27 09:45:21 ص
Filename : C:\Windows\system32\lsass.exe
Base Address : 0x00D70000
Created On : 23/01/29 10:54:40 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2016 K
Mem Usage Peak : 17336 K
Page Faults : 26062
Pagefile Usage : 3776 K
Pagefile Peak Usage : 3776 K
File Attributes : A
==================================================
==================================================
Process Name : lsm.exe
ProcessID : 680
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : خدمة إدارة جلسات العمل المحلية
Company : Microsoft Corporation
Window Title :
File Size : 210,944
File Created Date : 10/10/27 09:02:48 ص
File Modified Date : 10/10/27 09:45:21 ص
Filename : C:\Windows\system32\lsm.exe
Base Address : 0x000B0000
Created On : 23/01/29 10:54:40 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 11064 K
Mem Usage Peak : 11088 K
Page Faults : 3431
Pagefile Usage : 2744 K
Pagefile Peak Usage : 2832 K
File Attributes : A
==================================================
==================================================
Process Name : winlogon.exe
ProcessID : 760
Priority : High
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : تطبيق تسجيل دخول Windows
Company : Microsoft Corporation
Window Title :
File Size : 308,224
File Created Date : 10/10/27 08:44:42 ص
File Modified Date : 10/10/27 09:45:57 ص
Filename : C:\Windows\system32\winlogon.exe
Base Address : 0x00C70000
Created On : 23/01/29 10:54:40 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 12088 K
Mem Usage Peak : 12620 K
Page Faults : 4793
Pagefile Usage : 2116 K
Pagefile Peak Usage : 3092 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 884
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : عملية مضيفة لخدمات Windows
Company : Microsoft Corporation
Window Title :
File Size : 22,016
File Created Date : 10/10/27 08:35:16 ص
File Modified Date : 10/10/27 09:45:47 ص
Filename : C:\Windows\system32\svchost.exe
Base Address : 0x00670000
Created On : 23/01/29 10:54:43 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 16376 K
Mem Usage Peak : 16932 K
Page Faults : 143240
Pagefile Usage : 3100 K
Pagefile Peak Usage : 3176 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 944
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : عملية مضيفة لخدمات Windows
Company : Microsoft Corporation
Window Title :
File Size : 22,016
File Created Date : 10/10/27 08:35:16 ص
File Modified Date : 10/10/27 09:45:47 ص
Filename : C:\Windows\system32\svchost.exe
Base Address : 0x00670000
Created On : 23/01/29 10:54:44 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\NETWORK SERVICE
Mem Usage : 15348 K
Mem Usage Peak : 15852 K
Page Faults : 5701
Pagefile Usage : 3788 K
Pagefile Peak Usage : 3800 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 976
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : عملية مضيفة لخدمات Windows
Company : Microsoft Corporation
Window Title :
File Size : 22,016
File Created Date : 10/10/27 08:35:16 ص
File Modified Date : 10/10/27 09:45:47 ص
Filename : C:\Windows\System32\svchost.exe
Base Address : 0x00670000
Created On : 23/01/29 10:54:44 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 27124 K
Mem Usage Peak : 38392 K
Page Faults : 85155
Pagefile Usage : 21212 K
Pagefile Peak Usage : 62852 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1064
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : عملية مضيفة لخدمات Windows
Company : Microsoft Corporation
Window Title :
File Size : 22,016
File Created Date : 10/10/27 08:35:16 ص
File Modified Date : 10/10/27 09:45:47 ص
Filename : C:\Windows\System32\svchost.exe
Base Address : 0x00670000
Created On : 23/01/29 10:54:45 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\LOCAL SERVICE
Mem Usage : 23728 K
Mem Usage Peak : 24656 K
Page Faults : 10546
Pagefile Usage : 15268 K
Pagefile Peak Usage : 15456 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1116
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : عملية مضيفة لخدمات Windows
Company : Microsoft Corporation
Window Title :
File Size : 22,016
File Created Date : 10/10/27 08:35:16 ص
File Modified Date : 10/10/27 09:45:47 ص
Filename : C:\Windows\System32\svchost.exe
Base Address : 0x00670000
Created On : 23/01/29 10:54:45 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 69164 K
Mem Usage Peak : 81000 K
Page Faults : 82315
Pagefile Usage : 48504 K
Pagefile Peak Usage : 60376 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1148
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : عملية مضيفة لخدمات Windows
Company : Microsoft Corporation
Window Title :
File Size : 22,016
File Created Date : 10/10/27 08:35:16 ص
File Modified Date : 10/10/27 09:45:47 ص
Filename : C:\Windows\system32\svchost.exe
Base Address : 0x00670000
Created On : 23/01/29 10:54:45 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 46668 K
Mem Usage Peak : 49280 K
Page Faults : 44207
Pagefile Usage : 22048 K
Pagefile Peak Usage : 25608 K
File Attributes : A
==================================================
==================================================
Process Name : SLsvc.exe
ProcessID : 1300
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16509 (vista_gdr.070620-1500)
Description : خدمة ترخيص البرامج لـ Microsoft
Company : Microsoft Corporation
Window Title :
File Size : 2,605,568
File Created Date : 22/09/28 10:45:33 م
File Modified Date : 22/09/28 10:45:33 م
Filename : C:\Windows\system32\SLsvc.exe
Base Address : 0x00B70000
Created On : 23/01/29 10:54:47 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\NETWORK SERVICE
Mem Usage : 12000 K
Mem Usage Peak : 12092 K
Page Faults : 6526
Pagefile Usage : 4472 K
Pagefile Peak Usage : 4560 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1356
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : عملية مضيفة لخدمات Windows
Company : Microsoft Corporation
Window Title :
File Size : 22,016
File Created Date : 10/10/27 08:35:16 ص
File Modified Date : 10/10/27 09:45:47 ص
Filename : C:\Windows\system32\svchost.exe
Base Address : 0x00670000
Created On : 23/01/29 10:54:47 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\LOCAL SERVICE
Mem Usage : 26016 K
Mem Usage Peak : 27068 K
Page Faults : 14280
Pagefile Usage : 8788 K
Pagefile Peak Usage : 9044 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1556
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : عملية مضيفة لخدمات Windows
Company : Microsoft Corporation
Window Title :
File Size : 22,016
File Created Date : 10/10/27 08:35:16 ص
File Modified Date : 10/10/27 09:45:47 ص
Filename : C:\Windows\system32\svchost.exe
Base Address : 0x00670000
Created On : 23/01/29 10:54:49 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\NETWORK SERVICE
Mem Usage : 25992 K
Mem Usage Peak : 26780 K
Page Faults : 9563
Pagefile Usage : 16508 K
Pagefile Peak Usage : 16860 K
File Attributes : A
==================================================
==================================================
Process Name : aswUpdSv.exe
ProcessID : 1680
Priority : Normal
Product Name : avast! Antivirus
Version : 4, 7, 1043, 0
Description : avast! Antivirus updating service
Company : ALWIL Software
Window Title :
File Size : 16,248
File Created Date : 24/08/28 04:27:58 م
File Modified Date : 23/08/28 09:54:57 ص
Filename : C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
Base Address : 0x00400000
Created On : 23/01/29 10:54:50 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 7628 K
Mem Usage Peak : 7752 K
Page Faults : 2777
Pagefile Usage : 952 K
Pagefile Peak Usage : 968 K
File Attributes : A
==================================================
==================================================
Process Name : spoolsv.exe
ProcessID : 1752
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : تطبيق النظام الفرعي للمخزن المؤقت
Company : Microsoft Corporation
Window Title :
File Size : 124,928
File Created Date : 10/10/27 09:15:34 ص
File Modified Date : 10/10/27 09:45:46 ص
Filename : C:\Windows\System32\spoolsv.exe
Base Address : 0x00A70000
Created On : 23/01/29 10:54:51 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 22024 K
Mem Usage Peak : 22488 K
Page Faults : 9903
Pagefile Usage : 6032 K
Pagefile Peak Usage : 6440 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1780
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : عملية مضيفة لخدمات Windows
Company : Microsoft Corporation
Window Title :
File Size : 22,016
File Created Date : 10/10/27 08:35:16 ص
File Modified Date : 10/10/27 09:45:47 ص
Filename : C:\Windows\system32\svchost.exe
Base Address : 0x00670000
Created On : 23/01/29 10:54:52 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\LOCAL SERVICE
Mem Usage : 23424 K
Mem Usage Peak : 44840 K
Page Faults : 39445
Pagefile Usage : 13320 K
Pagefile Peak Usage : 49460 K
File Attributes : A
==================================================
==================================================
Process Name : avp.exe
ProcessID : 1944
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 7.0.0.125
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 218,376
File Created Date : 12/06/28 09:51:38 ص
File Modified Date : 12/06/28 09:51:38 ص
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
Base Address : 0x00400000
Created On : 23/01/29 10:54:52 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 26640 K
Mem Usage Peak : 86364 K
Page Faults : 931357
Pagefile Usage : 54704 K
Pagefile Peak Usage : 119072 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1988
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : عملية مضيفة لخدمات Windows
Company : Microsoft Corporation
Window Title :
File Size : 22,016
File Created Date : 10/10/27 08:35:16 ص
File Modified Date : 10/10/27 09:45:47 ص
Filename : C:\Windows\system32\svchost.exe
Base Address : 0x00670000
Created On : 23/01/29 10:54:53 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\LOCAL SERVICE
Mem Usage : 13244 K
Mem Usage Peak : 13328 K
Page Faults : 3567
Pagefile Usage : 2284 K
Pagefile Peak Usage : 2348 K
File Attributes : A
==================================================
==================================================
Process Name : crypserv.exe
ProcessID : 2000
Priority : High
Product Name : CrypKey Software Licensing System
Version : 5.2
Description : CrypKey NT Service
Company : Kenonic Controls Ltd.
Window Title :
File Size : 65,536
File Created Date : 25/10/28 12:22:59 ص
File Modified Date : 18/08/23 02:17:54 ص
Filename : C:\Windows\system32\crypserv.exe
Base Address : 0x00400000
Created On : 23/01/29 10:54:53 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 8028 K
Mem Usage Peak : 8032 K
Page Faults : 2183
Pagefile Usage : 1084 K
Pagefile Peak Usage : 1100 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 256
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : عملية مضيفة لخدمات Windows
Company : Microsoft Corporation
Window Title :
File Size : 22,016
File Created Date : 10/10/27 08:35:16 ص
File Modified Date : 10/10/27 09:45:47 ص
Filename : C:\Windows\system32\svchost.exe
Base Address : 0x00670000
Created On : 23/01/29 10:54:53 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\NETWORK SERVICE
Mem Usage : 14516 K
Mem Usage Peak : 14848 K
Page Faults : 4823
Pagefile Usage : 2332 K
Pagefile Peak Usage : 2368 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 332
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : عملية مضيفة لخدمات Windows
Company : Microsoft Corporation
Window Title :
File Size : 22,016
File Created Date : 10/10/27 08:35:16 ص
File Modified Date : 10/10/27 09:45:47 ص
Filename : C:\Windows\system32\svchost.exe
Base Address : 0x00670000
Created On : 23/01/29 10:54:53 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\LOCAL SERVICE
Mem Usage : 16548 K
Mem Usage Peak : 16848 K
Page Faults : 4802
Pagefile Usage : 3468 K
Pagefile Peak Usage : 3544 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 548
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : عملية مضيفة لخدمات Windows
Company : Microsoft Corporation
Window Title :
File Size : 22,016
File Created Date : 10/10/27 08:35:16 ص
File Modified Date : 10/10/27 09:45:47 ص
Filename : C:\Windows\System32\svchost.exe
Base Address : 0x00670000
Created On : 23/01/29 10:54:53 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4632 K
Mem Usage Peak : 4644 K
Page Faults : 1265
Pagefile Usage : 560 K
Pagefile Peak Usage : 588 K
File Attributes : A
==================================================
==================================================
Process Name : SearchIndexer.exe
ProcessID : 872
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : Microsoft Windows Search Indexer
Company : Microsoft Corporation
Window Title :
File Size : 287,744
File Created Date : 10/10/27 12:32:39 م
File Modified Date : 10/10/27 12:32:39 م
Filename : C:\Windows\system32\SearchIndexer.exe
Base Address : 0x00CF0000
Created On : 23/01/29 10:54:53 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 34692 K
Mem Usage Peak : 37192 K
Page Faults : 23785
Pagefile Usage : 41472 K
Pagefile Peak Usage : 46500 K
File Attributes : A
==================================================
==================================================
Process Name : taskeng.exe
ProcessID : 2896
Priority : Below Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : مشغل خدمة جدولة المهام
Company : Microsoft Corporation
Window Title :
File Size : 166,400
File Created Date : 10/10/27 08:41:14 ص
File Modified Date : 10/10/27 09:45:48 ص
Filename : C:\Windows\system32\taskeng.exe
Base Address : 0x00BF0000
Created On : 23/01/29 10:55:02 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 16728 K
Mem Usage Peak : 16908 K
Page Faults : 4796
Pagefile Usage : 2216 K
Pagefile Peak Usage : 2264 K
File Attributes : A
==================================================
==================================================
Process Name : Dwm.exe
ProcessID : 3020
Priority : High
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : Desktop Window Manager
Company : Microsoft Corporation
Window Title :
File Size : 83,456
File Created Date : 10/10/27 08:39:46 ص
File Modified Date : 10/10/27 09:45:04 ص
Filename : C:\Windows\system32\Dwm.exe
Base Address : 0x006F0000
Created On : 23/01/29 10:55:03 م
Visible Windows : 0
Hidden Windows : 1
User Name : UMHASSAN-PC\ssc1
Mem Usage : 85096 K
Mem Usage Peak : 109472 K
Page Faults : 233980
Pagefile Usage : 86896 K
Pagefile Peak Usage : 101180 K
File Attributes : A
==================================================
==================================================
Process Name : Explorer.EXE
ProcessID : 3076
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : مستكشف Windows
Company : Microsoft Corporation
Window Title : ابدأ
File Size : 2,923,520
File Created Date : 04/11/28 11:14:40 ص
File Modified Date : 04/11/28 11:14:40 ص
Filename : C:\Windows\Explorer.EXE
Base Address : 0x006F0000
Created On : 23/01/29 10:55:03 م
Visible Windows : 3
Hidden Windows : 62
User Name : UMHASSAN-PC\ssc1
Mem Usage : 92064 K
Mem Usage Peak : 141880 K
Page Faults : 250433
Pagefile Usage : 66412 K
Pagefile Peak Usage : 133796 K
File Attributes : A
==================================================
==================================================
Process Name : taskeng.exe
ProcessID : 3160
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : مشغل خدمة جدولة المهام
Company : Microsoft Corporation
Window Title :
File Size : 166,400
File Created Date : 10/10/27 08:41:14 ص
File Modified Date : 10/10/27 09:45:48 ص
Filename : C:\Windows\system32\taskeng.exe
Base Address : 0x00BF0000
Created On : 23/01/29 10:55:04 م
Visible Windows : 0
Hidden Windows : 14
User Name : UMHASSAN-PC\ssc1
Mem Usage : 26508 K
Mem Usage Peak : 26576 K
Page Faults : 9470
Pagefile Usage : 12884 K
Pagefile Peak Usage : 13024 K
File Attributes : A
==================================================
==================================================
Process Name : alg.exe
ProcessID : 3324
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : Application Layer Gateway Service
Company : Microsoft Corporation
Window Title :
File Size : 58,880
File Created Date : 10/10/27 08:56:46 ص
File Modified Date : 10/10/27 09:44:49 ص
Filename : C:\Windows\System32\alg.exe
Base Address : 0x00170000
Created On : 23/01/29 10:55:08 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\LOCAL SERVICE
Mem Usage : 12656 K
Mem Usage Peak : 13020 K
Page Faults : 3743
Pagefile Usage : 1584 K
Pagefile Peak Usage : 1652 K
File Attributes : A
==================================================
==================================================
Process Name : MSASCui.exe
ProcessID : 3636
Priority : Normal
Product Name : Windows Defender
Version : 1.1.1505.0
Description : Windows Defender User Interface
Company : Microsoft Corporation
Window Title :
File Size : 1,006,264
File Created Date : 03/09/28 11:58:59 م
File Modified Date : 03/09/28 11:58:59 م
Filename : C:\Program Files\Windows Defender\MSASCui.exe
Base Address : 0x009F0000
Created On : 23/01/29 10:55:17 م
Visible Windows : 0
Hidden Windows : 7
User Name : UMHASSAN-PC\ssc1
Mem Usage : 21684 K
Mem Usage Peak : 21684 K
Page Faults : 8972
Pagefile Usage : 6484 K
Pagefile Peak Usage : 6500 K
File Attributes : A
==================================================
==================================================
Process Name : GrooveMonitor.exe
ProcessID : 3676
Priority : Normal
Product Name : GrooveMonitor Utility
Version : 12.0.4518.1014
Description : GrooveMonitor Utility
Company : Microsoft Corporation
Window Title :
File Size : 31,016
File Created Date : 03/10/27 09:47:42 م
File Modified Date : 03/10/27 09:47:42 م
Filename : C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
Base Address : 0x00400000
Created On : 23/01/29 10:55:18 م
Visible Windows : 0
Hidden Windows : 2
User Name : UMHASSAN-PC\ssc1
Mem Usage : 16760 K
Mem Usage Peak : 17236 K
Page Faults : 4770
Pagefile Usage : 1936 K
Pagefile Peak Usage : 1936 K
File Attributes : A
==================================================
==================================================
Process Name : realsched.exe
ProcessID : 3692
Priority : Normal
Product Name : RealPlayer (32-bit)
Version : 0.1.0.3018
Description : RealNetworks Scheduler
Company : RealNetworks, Inc.
Window Title :
File Size : 180,269
File Created Date : 14/08/28 05:34:52 م
File Modified Date : 14/08/28 05:34:52 م
Filename : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Base Address : 0x00400000
Created On : 23/01/29 10:55:18 م
Visible Windows : 0
Hidden Windows : 2
User Name : UMHASSAN-PC\ssc1
Mem Usage : 244 K
Mem Usage Peak : 12380 K
Page Faults : 15476
Pagefile Usage : 1860 K
Pagefile Peak Usage : 2392 K
File Attributes : A
==================================================
==================================================
Process Name : avp.exe
ProcessID : 3708
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 7.0.0.125
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 218,376
File Created Date : 12/06/28 09:51:38 ص
File Modified Date : 12/06/28 09:51:38 ص
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
Base Address : 0x00400000
Created On : 23/01/29 10:55:18 م
Visible Windows : 0
Hidden Windows : 6
User Name : UMHASSAN-PC\ssc1
Mem Usage : 3732 K
Mem Usage Peak : 20860 K
Page Faults : 178325
Pagefile Usage : 12828 K
Pagefile Peak Usage : 13748 K
File Attributes : A
==================================================
==================================================
Process Name : sidebar.exe
ProcessID : 3744
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16615 (vista_gdr.071215-2230)
Description : الشريط الجانبي لـ Windows
Company : Microsoft Corporation
Window Title : الساعة
File Size : 1,232,896
File Created Date : 20/01/29 09:46:42 م
File Modified Date : 20/01/29 09:46:42 م
Filename : C:\Program Files\Windows Sidebar\sidebar.exe
Base Address : 0x00130000
Created On : 23/01/29 10:55:20 م
Visible Windows : 6
Hidden Windows : 13
User Name : UMHASSAN-PC\ssc1
Mem Usage : 40532 K
Mem Usage Peak : 41836 K
Page Faults : 391222
Pagefile Usage : 31520 K
Pagefile Peak Usage : 32364 K
File Attributes : A
==================================================
==================================================
Process Name : ehtray.exe
ProcessID : 3788
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : Media Center Tray Applet
Company : Microsoft Corporation
Window Title :
File Size : 125,440
File Created Date : 10/10/27 12:34:20 م
File Modified Date : 10/10/27 12:34:20 م
Filename : C:\Windows\ehome\ehtray.exe
Base Address : 0x01150000
Created On : 23/01/29 10:55:22 م
Visible Windows : 0
Hidden Windows : 2
User Name : UMHASSAN-PC\ssc1
Mem Usage : 11668 K
Mem Usage Peak : 11924 K
Page Faults : 4452
Pagefile Usage : 1436 K
Pagefile Peak Usage : 1496 K
File Attributes : A
==================================================
==================================================
Process Name : msnmsgr.exe
ProcessID : 3796
Priority : Normal
Product Name : Messenger
Version : 8.1.0178.00
Description : Messenger
Company : Microsoft Corporation
Window Title :
File Size : 5,674,352
File Created Date : 29/12/27 09:55:14 ص
File Modified Date : 29/12/27 09:55:14 ص
Filename : C:\Program Files\MSN Messenger\msnmsgr.exe
Base Address : 0x00400000
Created On : 23/01/29 10:55:23 م
Visible Windows : 1
Hidden Windows : 37
User Name : UMHASSAN-PC\ssc1
Mem Usage : 11772 K
Mem Usage Peak : 69804 K
Page Faults : 175657
Pagefile Usage : 42332 K
Pagefile Peak Usage : 47928 K
File Attributes : A
==================================================
==================================================
Process Name : wmpnscfg.exe
ProcessID : 3836
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 11.0.6000.6324 (vista_rtm.061101-2205)
Description : تطبيق تكوين خدمة مشاركة الشبكة لـ Windows Media Player
Company : Microsoft Corporation
Window Title :
File Size : 201,728
File Created Date : 10/10/27 12:33:45 م
File Modified Date : 10/10/27 12:33:45 م
Filename : C:\Program Files\Windows Media Player\wmpnscfg.exe
Base Address : 0x000B0000
Created On : 23/01/29 10:55:24 م
Visible Windows : 0
Hidden Windows : 4
User Name : UMHASSAN-PC\ssc1
Mem Usage : 13668 K
Mem Usage Peak : 14256 K
Page Faults : 3980
Pagefile Usage : 1660 K
Pagefile Peak Usage : 1720 K
File Attributes : A
==================================================
==================================================
Process Name : WZQKPICK.EXE
ProcessID : 4052
Priority : Normal
Product Name : WinZip
Version : 1.0 (32-bit)
Description : WinZip Executable
Company : WinZip Computing LP
Window Title :
File Size : 122,880
File Created Date : 14/08/28 05:36:29 م
File Modified Date : 25/09/26 07:00:00 ص
Filename : C:\Program Files\WinZip\WZQKPICK.EXE
Base Address : 0x00400000
Created On : 23/01/29 10:55:27 م
Visible Windows : 0
Hidden Windows : 3
User Name : UMHASSAN-PC\ssc1
Mem Usage : 12004 K
Mem Usage Peak : 12080 K
Page Faults : 3329
Pagefile Usage : 1252 K
Pagefile Peak Usage : 1272 K
File Attributes : A
==================================================
==================================================
Process Name : unsecapp.exe
ProcessID : 2036
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : Sink to receive asynchronous callbacks for WMI client application
Company : Microsoft Corporation
Window Title :
File Size : 37,376
File Created Date : 10/10/27 08:41:26 ص
File Modified Date : 10/10/27 09:45:50 ص
Filename : C:\Windows\system32\wbem\unsecapp.exe
Base Address : 0x000F0000
Created On : 23/01/29 10:55:29 م
Visible Windows : 0
Hidden Windows : 0
User Name : UMHASSAN-PC\ssc1
Mem Usage : 13940 K
Mem Usage Peak : 13956 K
Page Faults : 4553
Pagefile Usage : 2568 K
Pagefile Peak Usage : 2600 K
File Attributes : A
==================================================
==================================================
Process Name : wmiprvse.exe
ProcessID : 784
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : WMI Provider Host
Company : Microsoft Corporation
Window Title :
File Size : 245,248
File Created Date : 10/10/27 08:41:43 ص
File Modified Date : 10/10/27 09:46:00 ص
Filename : C:\Windows\system32\wbem\wmiprvse.exe
Base Address : 0x00CF0000
Created On : 23/01/29 10:55:30 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 13852 K
Mem Usage Peak : 14196 K
Page Faults : 5544
Pagefile Usage : 3488 K
Pagefile Peak Usage : 5040 K
File Attributes : A
==================================================
==================================================
Process Name : ehmsas.exe
ProcessID : 2724
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : Media Center Media Status Aggregator Service
Company : Microsoft Corporation
Window Title :
File Size : 37,376
File Created Date : 10/10/27 12:34:20 م
File Modified Date : 10/10/27 12:34:20 م
Filename : C:\Windows\ehome\ehmsas.exe
Base Address : 0x00F90000
Created On : 23/01/29 10:55:46 م
Visible Windows : 0
Hidden Windows : 0
User Name : UMHASSAN-PC\ssc1
Mem Usage : 11592 K
Mem Usage Peak : 11696 K
Page Faults : 3054
Pagefile Usage : 1184 K
Pagefile Peak Usage : 1224 K
File Attributes : A
==================================================
==================================================
Process Name : wmpnetwk.exe
ProcessID : 1048
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 11.0.6000.6324 (vista_rtm.061101-2205)
Description : خدمة مشاركة الشبكة لـ Windows Media Player
Company : Microsoft Corporation
Window Title :
File Size : 895,488
File Created Date : 10/10/27 12:33:45 م
File Modified Date : 10/10/27 12:33:45 م
Filename : C:\Program Files\Windows Media Player\wmpnetwk.exe
Base Address : 0x006F0000
Created On : 23/01/29 10:55:49 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\NETWORK SERVICE
Mem Usage : 35904 K
Mem Usage Peak : 37684 K
Page Faults : 10945
Pagefile Usage : 6304 K
Pagefile Peak Usage : 6368 K
File Attributes : A
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 1536
Priority : Normal
Product Name : Windows® Internet Explorer
Version : 7.00.6000.16386 (vista_rtm.061101-2205)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title :
- Microsoft Internet Explorer
File Size : 625,152
File Created Date : 02/12/28 03:52:45 م
File Modified Date : 02/12/28 03:52:45 م
Filename : C:\Program Files\Internet Explorer\iexplore.exe
Base Address : 0x00C50000
Created On : 23/01/29 11:53:07 م
Visible Windows : 2
Hidden Windows : 59
User Name : UMHASSAN-PC\ssc1
Mem Usage : 133488 K
Mem Usage Peak : 365192 K
Page Faults : 1101813
Pagefile Usage : 98060 K
Pagefile Peak Usage : 345944 K
File Attributes : A
==================================================
==================================================
Process Name : YAHOOM~1.EXE
ProcessID : 3012
Priority : Normal
Product Name : Yahoo! Messenger
Version : 8,1,0,402
Description : Yahoo! Messenger
Company : Yahoo! Inc.
Window Title :
File Size : 4,670,968
File Created Date : 20/01/29 09:05:34 م
File Modified Date : 25/05/28 03:16:12 م
Filename : C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
Base Address : 0x00400000
Created On : 24/01/29 12:05:07 ص
Visible Windows : 0
Hidden Windows : 40
User Name : UMHASSAN-PC\ssc1
Mem Usage : 44388 K
Mem Usage Peak : 48372 K
Page Faults : 24039
Pagefile Usage : 30616 K
Pagefile Peak Usage : 33212 K
File Attributes : A
==================================================
==================================================
Process Name : runn.exe
ProcessID : 3624
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 71,680
File Created Date : 23/01/29 10:16:26 م
File Modified Date : 22/01/29 10:24:25 م
Filename : C:\Users\ssc1\AppData\Local\Temp\bntoz\runn.exe
Base Address : 0x00400000
Created On : 24/01/29 01:16:27 ص
Visible Windows : 0
Hidden Windows : 0
User Name : UMHASSAN-PC\ssc1
Mem Usage : 3136 K
Mem Usage Peak : 3196 K
Page Faults : 841
Pagefile Usage : 952 K
Pagefile Peak Usage : 964 K
File Attributes : A
==================================================
==================================================
Process Name : cmd.exe
ProcessID : 3432
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : Windows Command Processor
Company : Microsoft Corporation
Window Title :
File Size : 320,000
File Created Date : 10/10/27 08:36:47 ص
File Modified Date : 10/10/27 09:44:59 ص
Filename : C:\Windows\system32\cmd.exe
Base Address : 0x4A230000
Created On : 24/01/29 01:16:27 ص
Visible Windows : 0
Hidden Windows : 1
User Name : UMHASSAN-PC\ssc1
Mem Usage : 2536 K
Mem Usage Peak : 2776 K
Page Faults : 984
Pagefile Usage : 2036 K
Pagefile Peak Usage : 3068 K
File Attributes : A
==================================================
==================================================
Process Name : conime.exe
ProcessID : 388
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : Console IME
Company : Microsoft Corporation
Window Title :
File Size : 68,608
File Created Date : 10/10/27 08:38:16 ص
File Modified Date : 10/10/27 09:44:59 ص
Filename : C:\Windows\system32\conime.exe
Base Address : 0x00B30000
Created On : 24/01/29 01:16:27 ص
Visible Windows : 0
Hidden Windows : 2
User Name : UMHASSAN-PC\ssc1
Mem Usage : 3440 K
Mem Usage Peak : 3440 K
Page Faults : 905
Pagefile Usage : 904 K
Pagefile Peak Usage : 908 K
File Attributes : A
==================================================
==================================================
Process Name : wmiprvse.exe
ProcessID : 3384
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Description : WMI Provider Host
Company : Microsoft Corporation
Window Title :
File Size : 245,248
File Created Date : 10/10/27 08:41:43 ص
File Modified Date : 10/10/27 09:46:00 ص
Filename : C:\Windows\system32\wbem\wmiprvse.exe
Base Address : 0x00CF0000
Created On : 24/01/29 01:16:28 ص
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\NETWORK SERVICE
Mem Usage : 5880 K
Mem Usage Peak : 5880 K
Page Faults : 1592
Pagefile Usage : 3340 K
Pagefile Peak Usage : 3340 K
File Attributes : A
==================================================
==================================================
Process Name : CProcess.exe
ProcessID : 2508
Priority : Normal
Product Name : CurrProcess
Version : 1.11
Description : CurrProcess
Company : NirSoft
Window Title :
File Size : 35,840
File Created Date : 23/01/29 10:16:26 م
File Modified Date : 07/06/26 04:46:34 ص
Filename : C:\Users\ssc1\AppData\Local\Temp\bntoz\CProcess.exe
Base Address : 0x00400000
Created On : 24/01/29 01:16:37 ص
Visible Windows : 0
Hidden Windows : 0
User Name : UMHASSAN-PC\ssc1
Mem Usage : 4060 K
Mem Usage Peak : 4108 K
Page Faults : 1478
Pagefile Usage : 1436 K
Pagefile Peak Usage : 1884 K
File Attributes : A
==================================================
.
.
--------------------------\\\ End Report Of Running Processes ---------------
.
.
.
.
--------------------------\\\ Windows XP Startup List ---------------
.
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
autocheck autochk *
Auto Check Utility
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\autochk.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
C:\Windows\system32\userinit.exe
C:\Windows\system32\userinit.exe
تطبيق تسجيل دخول Userinit
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
explorer.exe
explorer.exe
مستكشف Windows
Microsoft Corporation
6.00.6000.16549
c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Windows Defender
%ProgramFiles%\Windows Defender\MSASCui.exe -hide
Windows Defender User Interface
Microsoft Corporation
1.01.1505.0000
c:\program files\windows defender\msascui.exe
GrooveMonitor
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
GrooveMonitor Utility
Microsoft Corporation
12.00.4518.1014
c:\program files\microsoft office\office12\groovemonitor.exe
TkBellExe
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
RealNetworks Scheduler
RealNetworks, Inc.
0.01.0000.3018
c:\program files\common files\real\update_ob\realsched.exe
AVP
"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
Kaspersky Anti-Virus
Kaspersky Lab
7.00.0000.0125
c:\program files\kaspersky lab\kaspersky internet security 7.0\avp.exe
cdrom bash
"C:\ProgramData\Mix Send Send.u2ynzh2"
c:\programdata\mix send send.u2ynzh2
bone thunk axis copy
"C:\ProgramData\Gpl Bind Option.jm03wpw"
c:\programdata\gpl bind option.jm03wpw
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
Adobe Gamma Loader
Adobe Systems, Inc.
1.00.0000.0001
c:\program files\common files\adobe\calibration\adobe gamma loader.exe
Bluetooth Monitor.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Monitor.lnk
Bluetooth Monitor 2.0
TOSHIBA
2.00.0000.0001
c:\program files\toshiba\bluetooth monitor\btmon2.exe
WinZip Quick Pick.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
WinZip Executable
WinZip Computing LP
1.00.6595.0000
c:\program files\winzip\wzqkpick.exe
C:\Users\ssc1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
delvista.exe
C:\Users\ssc1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\delvista.exe
0.00.0000.0000
c:\users\ssc1\appdata\roaming\microsoft\windows\start menu\programs\startup\delvista.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Sidebar
C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
الشريط الجانبي لـ Windows
Microsoft Corporation
6.00.6000.16615
c:\program files\windows sidebar\sidebar.exe
ehTray.exe
C:\Windows\ehome\ehTray.exe
Media Center Tray Applet
Microsoft Corporation
6.00.6000.16386
c:\windows\ehome\ehtray.exe
MsnMsgr
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
Messenger
Microsoft Corporation
8.01.0178.0000
c:\program files\msn messenger\msnmsgr.exe
WMPNSCFG
C:\Program Files\Windows Media Player\WMPNSCFG.exe
تطبيق تكوين خدمة مشاركة الشبكة لـ Windows Media Player
Microsoft Corporation
11.00.6000.6324
c:\program files\windows media player\wmpnscfg.exe
Yahoo! Pager
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
Yahoo! Messenger
Yahoo! Inc.
8.01.0000.0402
c:\program files\yahoo!\messenger\yahoomessenger.exe
Task Scheduler
\{5BEF18B6-4CF8-4F15-B984-9681CFE6D86C}
C:\Windows\system32\pcalua.exe -a "C:\Program Files\IE7Pro\unins000.exe"
Program Compatibility Assistant
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\pcalua.exe
\{6D525F8C-27B4-4A3D-8476-E43BA32A6B6A}
C:\Windows\system32\pcalua.exe -a C:\Windows\IsUninst.exe -c -f"c:\program files\adobe\adobe photoshop cs2\plug-ins\filters\KPT6\KPT6Unin.isu"
Program Compatibility Assistant
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\pcalua.exe
\Microsoft\Windows\Bluetooth\UninstallDeviceTask
BthUdTask.exe $(Arg0)
Bluetooth Uninstall Device Task
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\bthudtask.exe
\Microsoft\Windows\CertificateServicesClient\SystemTask
HKCR\CLSID\{58FB76B9-AC85-4E55-AC04-427593B1D060}
مكتبة الارتباط الديناميكي لمهمة DIMS
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\dimsjob.dll
\Microsoft\Windows\CertificateServicesClient\UserTask
HKCR\CLSID\{58FB76B9-AC85-4E55-AC04-427593B1D060}
مكتبة الارتباط الديناميكي لمهمة DIMS
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\dimsjob.dll
\Microsoft\Windows\CertificateServicesClient\UserTask-Roam
HKCR\CLSID\{58FB76B9-AC85-4E55-AC04-427593B1D060}
مكتبة الارتباط الديناميكي لمهمة DIMS
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\dimsjob.dll
\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
%SystemRoot%\System32\wsqmcons.exe
أداة دمج SQM لـ Windows
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\wsqmcons.exe
\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification
%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0
أداة دمج SQM لـ Windows
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\wsqmcons.exe
\Microsoft\Windows\Defrag\ScheduledDefrag
%windir%\system32\defrag.exe -c -i
Disk Defragmenter Module
Microsoft Corp.
6.00.6000.16386
c:\windows\system32\defrag.exe
\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
%windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
Windows Disk Failure Diagnostic Module
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\dfdts.dll
\Microsoft\Windows\Media Center\ehDRMInit
%SystemRoot%\ehome\ehPrivJob.exe /DRMInit
تطبيق تسجيل جهاز الكبل الرقمي.
Microsoft Corporation
6.00.6000.16386
c:\windows\ehome\ehprivjob.exe
\Microsoft\Windows\Media Center\mcupdate
%SystemRoot%\ehome\mcupdate $(Arg0) -gc
Windows Media Center Store Update Manager
Microsoft Corporation
6.00.6000.16386
c:\windows\ehome\mcupdate.exe
\Microsoft\Windows\Media Center\OCURActivate
%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
تطبيق تسجيل جهاز الكبل الرقمي.
Microsoft Corporation
6.00.6000.16386
c:\windows\ehome\ehprivjob.exe
\Microsoft\Windows\Media Center\OCURDiscovery
%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery
تطبيق تسجيل جهاز الكبل الرقمي.
Microsoft Corporation
6.00.6000.16386
c:\windows\ehome\ehprivjob.exe
\Microsoft\Windows\Media Center\UpdateRecordPath
%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
تطبيق تسجيل جهاز الكبل الرقمي.
Microsoft Corporation
6.00.6000.16386
c:\windows\ehome\ehprivjob.exe
\Microsoft\Windows\MobilePC\HotStart
HKCR\CLSID\{06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Microsoft Windows HotStart User Agent
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\hotstartuseragent.dll
\Microsoft\Windows\MobilePC\TMM
HKCR\CLSID\{35EF4182-F900-4632-B072-8639E4478A61}
إدارة شاشات العرض المتعددة المؤقتة لـ Microsoft
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\tmm.dll
\Microsoft\Windows\MUI\LPRemove
%windir%\system32\lpremove.exe
MUI pack cleanup
Microsoft Corporation
6.00.6000.16515
c:\windows\system32\lpremove.exe
\Microsoft\Windows\MUI\Mcbuilder
C:\Windows\System32\mcbuilder.exe
Resource cache builder tool
Microsoft Corporation
6.00.6000.16509
c:\windows\system32\mcbuilder.exe
\Microsoft\Windows\Multimedia\SystemSoundsService
HKCR\CLSID\{2DEA658F-54C1-4227-AF9B-260AB5FC3543}
خدمة تشغيل الصوت
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\playsndsrv.dll
\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
HKCR\CLSID\{F09878A1-4652-4292-AA63-8C7D4FD7648F}
Quarantine Agent Proxy
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\qagent.dll
\Microsoft\Windows\PLA\System\ConvertLogEntries
%windir%\system32\rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
تنبيهات وسجلات الأداء
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\pla.dll
\Microsoft\Windows\RAC\RACAgent
%windir%\system32\RacAgent.exe
Reliability analysis metrics calculation executable
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\racagent.exe
\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
%windir%\system32\RAServer.exe /offerraupdate
خادم COM الخاص بالمساعدة عن بُعد لـ Windows
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\raserver.exe
\Microsoft\Windows\Shell\CrawlStartPages
HKCR\CLSID\{51653423-E62D-4FF7-894A-DABB2B8E21E2}
خيارات الفهرسة
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\srchadmin.dll
[DISABLED] \Microsoft\Windows\SideShow\AutoWake
HKCR\CLSID\{E51DFD48-AA36-4B45-BB52-E831F02E8316}
خدمات Microsoft Windows SideShow
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\auxiliarydisplayservices.dll
\Microsoft\Windows\SideShow\GadgetManager
HKCR\CLSID\{FF87090D-4A9A-4F47-879B-29A80C355D61}
خدمات Microsoft Windows SideShow
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\auxiliarydisplayservices.dll
[DISABLED] \Microsoft\Windows\SideShow\SessionAgent
HKCR\CLSID\{45F26E9E-6199-477F-85DA-AF1EDFE067B1}
خدمات Microsoft Windows SideShow
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\auxiliarydisplayservices.dll
[DISABLED] \Microsoft\Windows\SideShow\SystemDataProviders
HKCR\CLSID\{7CCA6768-8373-4D28-8876-83E8B4E3A969}
خدمات Microsoft Windows SideShow
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\auxiliarydisplayservices.dll
\Microsoft\Windows\SystemRestore\SR
%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
Microsoft® Windows System Protection Configuration Library
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\srrstr.dll
\Microsoft\Windows\Tcpip\IpAddressConflict1
rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
واجهة تطبيقات البرامج لعميل إطار تشخيص الشبكة
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\ndfapi.dll
\Microsoft\Windows\Tcpip\IpAddressConflict2
rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
واجهة تطبيقات البرامج لعميل إطار تشخيص الشبكة
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\ndfapi.dll
\Microsoft\Windows\TextServicesFramework\MsCtfMonitor
HKCR\CLSID\{01575CFE-9A55-4003-A5E1-F38D1EBDCBE1}
MsCtfMonitor DLL
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\msctfmonitor.dll
\Microsoft\Windows\UPnP\UPnPHostConfig
sc.exe config upnphost start= auto
A tool to aid in developing services for WindowsNT
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\sc.exe
\Microsoft\Windows\WDI\ResolutionHost
HKCR\CLSID\{900BE39D-6BE8-461A-BC4D-B0FA71F5ECB1}
بنية التشخيص الأساسية لـ Windows
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\wdi.dll
\Microsoft\Windows\Windows Error Reporting\QueueReporting
%windir%\system32\wermgr.exe -queuereporting
Windows Problem Reporting
Microsoft Corporation
6.00.6000.16386
c:\windows\system32\wermgr.exe
\Microsoft\Windows\Wired\GatherWiredInfo
%windir%\system32\gatherWiredInfo.vbs
c:\windows\system32\gatherwiredinfo.vbs
\Microsoft\Windows\Wireless\GatherWirelessInfo
%windir%\system32\gatherWirelessInfo.vbs
c:\windows\system32\gatherwirelessinfo.vbs
\Microsoft\Windows Defender\MP Scheduled Scan
c:\program files\windows defender\MpCmdRun.exe Scan -RestrictPrivileges
Windows Defender Command Line Utility
Microsoft Corporation
1.01.1505.0000
c:\program files\windows defender\mpcmdrun.exe
.
.
----------- End Report ---------------
