السلام عليكم هذا تقرير جهازي ابي تحليل دقيق وش اشيل واي الي اخليه يبقى شاكر التعاون
.
--------------------------\\\ Start Report Of HijackThis ---------------
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:35:06 م, on 05/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\start\LOCALS~1\Temp\bntoz\runn.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\start\LOCALS~1\Temp\bntoz\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.118.133.133:8080
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7560 bytes
.
.
--------------------------\\\ End Report Of Of HijackThis ---------------
.
.
.
.
--------------------------\\\ Start Report Of Running Processes ---------------
.
==================================================
Process Name : smss.exe
ProcessID : 1692
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Session Manager
Company : Microsoft Corporation
Window Title :
File Size : 50,688
File Created Date : 18/06/1425 09:56:30 ص
File Modified Date : 18/06/1425 09:56:30 ص
Filename : C:\WINDOWS\System32\smss.exe
Base Address : 0x48580000
Created On : 28/01/1429 02:50:59 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 48 K
Mem Usage Peak : 708 K
Page Faults : 297
Pagefile Usage : 164 K
Pagefile Peak Usage : 1640 K
File Attributes : A
==================================================
==================================================
Process Name : csrss.exe
ProcessID : 1744
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Client Server Runtime Process
Company : Microsoft Corporation
Window Title :
File Size : 6,144
File Created Date : 18/06/1425 09:56:08 ص
File Modified Date : 18/06/1425 09:56:08 ص
Filename : C:\WINDOWS\system32\csrss.exe
Base Address : 0x4A680000
Created On : 28/01/1429 02:51:01 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2920 K
Mem Usage Peak : 7836 K
Page Faults : 11949
Pagefile Usage : 1920 K
Pagefile Peak Usage : 1920 K
File Attributes : A
==================================================
==================================================
Process Name : winlogon.exe
ProcessID : 1772
Priority : High
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Logon Application
Company : Microsoft Corporation
Window Title :
File Size : 501,248
File Created Date : 18/06/1425 09:56:36 ص
File Modified Date : 18/06/1425 09:56:36 ص
Filename : C:\WINDOWS\system32\winlogon.exe
Base Address : 0x01000000
Created On : 28/01/1429 02:51:01 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3096 K
Mem Usage Peak : 16148 K
Page Faults : 13973
Pagefile Usage : 8284 K
Pagefile Peak Usage : 8572 K
File Attributes : A
==================================================
==================================================
Process Name : services.exe
ProcessID : 1816
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Services and Controller app
Company : Microsoft Corporation
Window Title :
File Size : 108,032
File Created Date : 18/06/1425 09:56:30 ص
File Modified Date : 18/06/1425 09:56:30 ص
Filename : C:\WINDOWS\system32\services.exe
Base Address : 0x01000000
Created On : 28/01/1429 02:51:02 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1184 K
Mem Usage Peak : 5068 K
Page Faults : 2055
Pagefile Usage : 2140 K
Pagefile Peak Usage : 2272 K
File Attributes : A
==================================================
==================================================
Process Name : lsass.exe
ProcessID : 1828
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : LSA Shell (Export Version)
Company : Microsoft Corporation
Window Title :
File Size : 13,312
File Created Date : 18/06/1425 09:56:18 ص
File Modified Date : 18/06/1425 09:56:18 ص
Filename : C:\WINDOWS\system32\lsass.exe
Base Address : 0x01000000
Created On : 28/01/1429 02:51:02 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1424 K
Mem Usage Peak : 8760 K
Page Faults : 19685
Pagefile Usage : 4160 K
Pagefile Peak Usage : 4328 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1976
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 09:56:32 ص
File Modified Date : 18/06/1425 09:56:32 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 28/01/1429 02:51:03 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1512 K
Mem Usage Peak : 5788 K
Page Faults : 2173
Pagefile Usage : 3284 K
Pagefile Peak Usage : 23308 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 2036
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 09:56:32 ص
File Modified Date : 18/06/1425 09:56:32 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 28/01/1429 02:51:04 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 1408 K
Mem Usage Peak : 4640 K
Page Faults : 1785
Pagefile Usage : 1996 K
Pagefile Peak Usage : 2316 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 212
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 09:56:32 ص
File Modified Date : 18/06/1425 09:56:32 ص
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 28/01/1429 02:51:04 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 6800 K
Mem Usage Peak : 34528 K
Page Faults : 29170
Pagefile Usage : 18328 K
Pagefile Peak Usage : 21620 K
File Attributes : A
==================================================
==================================================
Process Name : EvtEng.exe
ProcessID : 252
Priority : Normal
Product Name : EvtEng Module
Version : 9, 0, 0, 12
Description : EvtEng Module
Company : Intel Corporation
Window Title :
File Size : 86,016
File Created Date : 20/06/1425 01:43:12 م
File Modified Date : 20/06/1425 01:43:12 م
Filename : C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:04 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 380 K
Mem Usage Peak : 9860 K
Page Faults : 2678
Pagefile Usage : 3848 K
Pagefile Peak Usage : 3972 K
File Attributes : A
==================================================
==================================================
Process Name : S24EvMon.exe
ProcessID : 376
Priority : Normal
Product Name : Mobile Unit Support Service
Version : 9, 0, 0, 38
Description : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.
Company : Intel Corporation
Window Title :
File Size : 360,521
File Created Date : 20/06/1425 01:45:44 م
File Modified Date : 20/06/1425 01:45:44 م
Filename : C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:04 م
Visible Windows : 0
Hidden Windows : 1
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 720 K
Mem Usage Peak : 5036 K
Page Faults : 1352
Pagefile Usage : 2768 K
Pagefile Peak Usage : 2784 K
File Attributes : A
==================================================
==================================================
Process Name : ZcfgSvc.exe
ProcessID : 452
Priority : Normal
Product Name : ZeroCfgSvc Application
Version : 9, 0, 0, 42
Description : ZeroCfgSvc MFC Application
Company : Intel Corporation
Window Title :
File Size : 389,120
File Created Date : 20/06/1425 01:48:34 م
File Modified Date : 20/06/1425 01:48:34 م
Filename : C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:06 م
Visible Windows : 0
Hidden Windows : 3
User Name : START-9A057AE73\start
Mem Usage : 612 K
Mem Usage Peak : 8904 K
Page Faults : 59043
Pagefile Usage : 3344 K
Pagefile Peak Usage : 3380 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 552
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 09:56:32 ص
File Modified Date : 18/06/1425 09:56:32 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 28/01/1429 02:51:06 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 1052 K
Mem Usage Peak : 3508 K
Page Faults : 1621
Pagefile Usage : 1548 K
Pagefile Peak Usage : 1588 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 764
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 09:56:32 ص
File Modified Date : 18/06/1425 09:56:32 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 28/01/1429 02:51:06 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 1716 K
Mem Usage Peak : 7580 K
Page Faults : 6697
Pagefile Usage : 6356 K
Pagefile Peak Usage : 6452 K
File Attributes : A
==================================================
==================================================
Process Name : Explorer.EXE
ProcessID : 1128
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Explorer
Company : Microsoft Corporation
Window Title : برامج زيزوم
File Size : 1,655,296
File Created Date : 18/06/1425 09:56:12 ص
File Modified Date : 30/11/1428 10:13:09 م
Filename : C:\WINDOWS\Explorer.EXE
Base Address : 0x01000000
Created On : 28/01/1429 02:51:07 م
Visible Windows : 3
Hidden Windows : 32
User Name : START-9A057AE73\start
Mem Usage : 20424 K
Mem Usage Peak : 41344 K
Page Faults : 237563
Pagefile Usage : 26872 K
Pagefile Peak Usage : 41484 K
File Attributes : A
==================================================
==================================================
Process Name : spoolsv.exe
ProcessID : 1252
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Spooler SubSystem App
Company : Microsoft Corporation
Window Title :
File Size : 57,856
File Created Date : 18/06/1425 09:56:32 ص
File Modified Date : 18/06/1425 09:56:32 ص
Filename : C:\WINDOWS\system32\spoolsv.exe
Base Address : 0x01000000
Created On : 28/01/1429 02:51:07 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 680 K
Mem Usage Peak : 9956 K
Page Faults : 3189
Pagefile Usage : 6876 K
Pagefile Peak Usage : 7196 K
File Attributes : A
==================================================
==================================================
Process Name : guard.exe
ProcessID : 1332
Priority : Normal
Product Name : AVG Anti-Spyware
Version : 7, 5, 1, 22
Description : AVG Anti-Spyware guard
Company : GRISOFT s.r.o.
Window Title :
File Size : 312,880
File Created Date : 14/05/1428 12:31:10 م
File Modified Date : 14/05/1428 12:31:10 م
Filename : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:07 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 12232 K
Mem Usage Peak : 49288 K
Page Faults : 150385
Pagefile Usage : 34048 K
Pagefile Peak Usage : 57056 K
File Attributes : A
==================================================
==================================================
Process Name : avp.exe
ProcessID : 1344
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 6.0.2.621
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 200,768
File Created Date : 20/02/1428 04:50:58 م
File Modified Date : 20/02/1428 04:50:58 م
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:07 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 23628 K
Mem Usage Peak : 90428 K
Page Faults : 1142590
Pagefile Usage : 51588 K
Pagefile Peak Usage : 126688 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1388
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 09:56:32 ص
File Modified Date : 18/06/1425 09:56:32 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 28/01/1429 02:51:07 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 152 K
Mem Usage Peak : 3328 K
Page Faults : 930
Pagefile Usage : 2264 K
Pagefile Peak Usage : 2288 K
File Attributes : A
==================================================
==================================================
Process Name : btwdins.exe
ProcessID : 1400
Priority : Normal
Product Name : Bluetooth Software 3.0.1.904
Version : 3.0.1.904
Description : Bluetooth Support Server
Company : WIDCOMM, Inc.
Window Title :
File Size : 163,840
File Created Date : 06/04/1425 12:27:08 م
File Modified Date : 06/04/1425 12:27:08 م
Filename : C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:07 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 184 K
Mem Usage Peak : 3212 K
Page Faults : 1467
Pagefile Usage : 1020 K
Pagefile Peak Usage : 1140 K
File Attributes : A
==================================================
==================================================
Process Name : OProtSvc.exe
ProcessID : 1476
Priority : Normal
Product Name : Intel PROSet/Wireless
Version : 9, 0, 0, 3
Description : Ownership protocol service
Company : Intel Corporation
Window Title :
File Size : 98,304
File Created Date : 20/06/1425 01:51:54 م
File Modified Date : 20/06/1425 01:51:54 م
Filename : C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:08 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 148 K
Mem Usage Peak : 4852 K
Page Faults : 1386
Pagefile Usage : 1492 K
Pagefile Peak Usage : 1584 K
File Attributes : A
==================================================
==================================================
Process Name : RegSrvc.exe
ProcessID : 1536
Priority : Normal
Product Name : RegSrvc Module
Version : 9, 0, 0, 10
Description : RegSrvc Module
Company : Intel Corporation
Window Title :
File Size : 139,264
File Created Date : 20/06/1425 01:42:36 م
File Modified Date : 20/06/1425 01:42:36 م
Filename : C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:08 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 52 K
Mem Usage Peak : 2648 K
Page Faults : 717
Pagefile Usage : 764 K
Pagefile Peak Usage : 784 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 392
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 09:56:32 ص
File Modified Date : 18/06/1425 09:56:32 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 28/01/1429 02:51:11 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1384 K
Mem Usage Peak : 4536 K
Page Faults : 1804
Pagefile Usage : 2556 K
Pagefile Peak Usage : 2616 K
File Attributes : A
==================================================
==================================================
Process Name : 1XConfig.exe
ProcessID : 960
Priority : Normal
Product Name : 8021XConfig Module
Version : 9, 0, 0, 30
Description : 8021XConfig Module
Company : Intel
Window Title :
File Size : 241,664
File Created Date : 20/06/1425 01:44:12 م
File Modified Date : 20/06/1425 01:44:12 م
Filename : C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:13 م
Visible Windows : 0
Hidden Windows : 0
User Name : START-9A057AE73\start
Mem Usage : 1368 K
Mem Usage Peak : 6232 K
Page Faults : 8164
Pagefile Usage : 2324 K
Pagefile Peak Usage : 2336 K
File Attributes : A
==================================================
==================================================
Process Name : igfxtray.exe
ProcessID : 1044
Priority : Normal
Product Name : Intel(R) Common User Interface
Version : 3.0.0.3762
Description : igfxTray Module
Company : Intel Corporation
Window Title :
File Size : 155,648
File Created Date : 29/08/1428 01:53:41 م
File Modified Date : 19/12/1424 05:55:32 م
Filename : C:\WINDOWS\system32\igfxtray.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:15 م
Visible Windows : 0
Hidden Windows : 1
User Name : START-9A057AE73\start
Mem Usage : 228 K
Mem Usage Peak : 4072 K
Page Faults : 1104
Pagefile Usage : 1868 K
Pagefile Peak Usage : 2648 K
File Attributes : A
==================================================
==================================================
Process Name : hkcmd.exe
ProcessID : 808
Priority : Normal
Product Name : Intel(R) Common User Interface
Version : 3.0.0.3762
Description : hkcmd Module
Company : Intel Corporation
Window Title :
File Size : 118,784
File Created Date : 29/08/1428 01:53:37 م
File Modified Date : 19/12/1424 05:51:30 م
Filename : C:\WINDOWS\system32\hkcmd.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:18 م
Visible Windows : 0
Hidden Windows : 17
User Name : START-9A057AE73\start
Mem Usage : 256 K
Mem Usage Peak : 3996 K
Page Faults : 1118
Pagefile Usage : 2004 K
Pagefile Peak Usage : 2004 K
File Attributes : A
==================================================
==================================================
Process Name : SynTPLpr.exe
ProcessID : 788
Priority : Normal
Product Name : Progressive Touch
Version : 7.10.12 20May04
Description : TouchPad Driver Helper Application
Company : Synaptics, Inc.
Window Title :
File Size : 98,304
File Created Date : 29/08/1428 02:21:16 م
File Modified Date : 01/04/1425 11:57:30 ص
Filename : C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:22 م
Visible Windows : 0
Hidden Windows : 2
User Name : START-9A057AE73\start
Mem Usage : 304 K
Mem Usage Peak : 2836 K
Page Faults : 837
Pagefile Usage : 980 K
Pagefile Peak Usage : 1080 K
File Attributes : A
==================================================
==================================================
Process Name : SynTPEnh.exe
ProcessID : 324
Priority : Normal
Product Name : Progressive Touch
Version : 7.10.12 20May04
Description : Synaptics TouchPad Enhancements
Company : Synaptics, Inc.
Window Title :
File Size : 532,480
File Created Date : 29/08/1428 02:21:16 م
File Modified Date : 01/04/1425 11:57:04 ص
Filename : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:24 م
Visible Windows : 0
Hidden Windows : 5
User Name : START-9A057AE73\start
Mem Usage : 1700 K
Mem Usage Peak : 5136 K
Page Faults : 2029
Pagefile Usage : 1708 K
Pagefile Peak Usage : 1808 K
File Attributes : A
==================================================
==================================================
Process Name : realsched.exe
ProcessID : 1460
Priority : Normal
Product Name : RealPlayer (32-bit)
Version : 0.1.0.4076
Description : RealNetworks Scheduler
Company : RealNetworks, Inc.
Window Title :
File Size : 185,632
File Created Date : 13/09/1428 09:39:37 م
File Modified Date : 13/09/1428 09:39:37 م
Filename : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:25 م
Visible Windows : 0
Hidden Windows : 1
User Name : START-9A057AE73\start
Mem Usage : 140 K
Mem Usage Peak : 2560 K
Page Faults : 167185
Pagefile Usage : 980 K
Pagefile Peak Usage : 1008 K
File Attributes : A
==================================================
==================================================
Process Name : avp.exe
ProcessID : 1636
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 6.0.2.621
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 200,768
File Created Date : 20/02/1428 04:50:58 م
File Modified Date : 20/02/1428 04:50:58 م
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:27 م
Visible Windows : 0
Hidden Windows : 4
User Name : START-9A057AE73\start
Mem Usage : 2604 K
Mem Usage Peak : 8308 K
Page Faults : 33206
Pagefile Usage : 6164 K
Pagefile Peak Usage : 6280 K
File Attributes : A
==================================================
==================================================
Process Name : ifrmewrk.exe
ProcessID : 1676
Priority : Normal
Product Name : Intel PROSet/Wireless
Version : 9, 0, 0, 18
Description : Intel Framework MFC Application
Company : Intel Corporation
Window Title :
File Size : 385,024
File Created Date : 20/06/1425 01:48:52 م
File Modified Date : 20/06/1425 01:48:52 م
Filename : C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:28 م
Visible Windows : 0
Hidden Windows : 1
User Name : START-9A057AE73\start
Mem Usage : 1548 K
Mem Usage Peak : 8064 K
Page Faults : 88522
Pagefile Usage : 4664 K
Pagefile Peak Usage : 4684 K
File Attributes : A
==================================================
==================================================
Process Name : EOUWiz.exe
ProcessID : 292
Priority : Normal
Product Name : Intel PROSet/Wireless
Version : 9, 0, 0, 21
Description : Ease Of Use Wizard Application
Company : Intel Corporation
Window Title :
File Size : 356,352
File Created Date : 20/06/1425 01:52:32 م
File Modified Date : 20/06/1425 01:52:32 م
Filename : C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:32 م
Visible Windows : 0
Hidden Windows : 2
User Name : START-9A057AE73\start
Mem Usage : 344 K
Mem Usage Peak : 8792 K
Page Faults : 2379
Pagefile Usage : 4860 K
Pagefile Peak Usage : 5656 K
File Attributes : A
==================================================
==================================================
Process Name : QtZgAcer.EXE
ProcessID : 304
Priority : Normal
Product Name : Dritek System Inc. Launch Manager 01.10.2002 ( VC60 )
Version : 1, 1, 0, 0
Description : Launch Manager
Company : Dritek System Inc.
Window Title :
File Size : 319,488
File Created Date : 13/06/1425 03:30:06 ص
File Modified Date : 13/06/1425 03:30:06 ص
Filename : C:\Program Files\Launch Manager\QtZgAcer.EXE
Base Address : 0x00400000
Created On : 28/01/1429 02:51:34 م
Visible Windows : 0
Hidden Windows : 10
User Name : START-9A057AE73\start
Mem Usage : 432 K
Mem Usage Peak : 6736 K
Page Faults : 2412
Pagefile Usage : 3252 K
Pagefile Peak Usage : 3260 K
File Attributes : A
==================================================
==================================================
Process Name : zyzoom.exe
ProcessID : 2108
Priority : Normal
Product Name : AVG Anti-Spyware
Version : 7, 5, 1, 43
Description : AVG Anti-Spyware
Company : GRISOFT s.r.o.
Window Title :
File Size : 6,731,312
File Created Date : 25/12/1428 10:56:52 م
File Modified Date : 23/10/1428 01:50:41 ص
Filename : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:59 م
Visible Windows : 0
Hidden Windows : 23
User Name : START-9A057AE73\start
Mem Usage : 1536 K
Mem Usage Peak : 54588 K
Page Faults : 64621
Pagefile Usage : 44960 K
Pagefile Peak Usage : 68724 K
File Attributes : A
==================================================
==================================================
Process Name : ctfmon.exe
ProcessID : 2116
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : CTF Loader
Company : Microsoft Corporation
Window Title :
File Size : 15,360
File Created Date : 18/06/1425 09:56:08 ص
File Modified Date : 18/06/1425 09:56:08 ص
Filename : C:\WINDOWS\system32\ctfmon.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:59 م
Visible Windows : 0
Hidden Windows : 4
User Name : START-9A057AE73\start
Mem Usage : 372 K
Mem Usage Peak : 3304 K
Page Faults : 991
Pagefile Usage : 1040 K
Pagefile Peak Usage : 1044 K
File Attributes : A
==================================================
==================================================
Process Name : CursorXP.exe
ProcessID : 3336
Priority : High
Product Name : Stardock CursorXP
Version : 1, 3, 0, 0
Description : CursorXP
Company :
Window Title :
File Size : 128,000
File Created Date : 29/11/1428 07:11:15 م
File Modified Date : 09/12/1425 01:34:16 م
Filename : C:\Program Files\CursorXP\CursorXP.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:52:01 م
Visible Windows : 1
Hidden Windows : 0
User Name : START-9A057AE73\start
Mem Usage : 1572 K
Mem Usage Peak : 3432 K
Page Faults : 2461
Pagefile Usage : 1640 K
Pagefile Peak Usage : 1708 K
File Attributes : A
==================================================
==================================================
Process Name : IDMan.exe
ProcessID : 2428
Priority : Normal
Product Name : Internet Download Manager (IDM)
Version : 5.11.10
Description : Internet Download Manager (IDM)
Company : Tonec Inc.
Window Title :
File Size : 2,566,656
File Created Date : 02/12/1428 09:12:53 ص
File Modified Date : 04/12/1428 12:50:17 م
Filename : C:\Program Files\Internet Download Manager\IDMan.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:52:08 م
Visible Windows : 0
Hidden Windows : 5
User Name : START-9A057AE73\start
Mem Usage : 9316 K
Mem Usage Peak : 15536 K
Page Faults : 27810
Pagefile Usage : 12704 K
Pagefile Peak Usage : 15096 K
File Attributes : A
==================================================
==================================================
Process Name : USBSafelyRemove.exe
ProcessID : 3356
Priority : Normal
Product Name : USBSafelyRemove
Version : 3.1.4.478
Description : Safely Remove A Device In One Click
Company :
Window Title :
File Size : 2,447,360
File Created Date : 19/12/1428 11:15:44 م
File Modified Date : 10/10/1428 04:53:26 م
Filename : C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:52:15 م
Visible Windows : 0
Hidden Windows : 10
User Name : START-9A057AE73\start
Mem Usage : 768 K
Mem Usage Peak : 8248 K
Page Faults : 3042
Pagefile Usage : 5648 K
Pagefile Peak Usage : 5684 K
File Attributes : A
==================================================
==================================================
Process Name : BTTray.exe
ProcessID : 2276
Priority : Normal
Product Name : Bluetooth Software 3.0.1.904
Version : 3.0.1.904
Description : Bluetooth Tray Application
Company : WIDCOMM, Inc.
Window Title :
File Size : 565,309
File Created Date : 06/04/1425 12:38:42 م
File Modified Date : 06/04/1425 12:38:42 م
Filename : C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:52:19 م
Visible Windows : 0
Hidden Windows : 2
User Name : START-9A057AE73\start
Mem Usage : 492 K
Mem Usage Peak : 7628 K
Page Faults : 2160
Pagefile Usage : 4240 K
Pagefile Peak Usage : 12084 K
File Attributes : A
==================================================
==================================================
Process Name : IEMonitor.exe
ProcessID : 2284
Priority : Normal
Product Name : IEMonitor Application
Version : 3, 0, 0, 1
Description : Internet Download Manager agent for click monitoring in IE-based browsers
Company : Tonec Inc.
Window Title :
File Size : 251,576
File Created Date : 01/12/1428 04:18:10 م
File Modified Date : 02/02/1428 02:53:52 م
Filename : C:\Program Files\Internet Download Manager\IEMonitor.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:52:19 م
Visible Windows : 0
Hidden Windows : 1
User Name : START-9A057AE73\start
Mem Usage : 2348 K
Mem Usage Peak : 7028 K
Page Faults : 4807
Pagefile Usage : 4432 K
Pagefile Peak Usage : 5432 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 2696
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 09:56:32 ص
File Modified Date : 18/06/1425 09:56:32 ص
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 28/01/1429 02:53:35 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 184 K
Mem Usage Peak : 3528 K
Page Faults : 978
Pagefile Usage : 1664 K
Pagefile Peak Usage : 1688 K
File Attributes : A
==================================================
==================================================
Process Name : usnsvc.exe
ProcessID : 3320
Priority : Normal
Product Name : Messenger
Version : 8.1.0178.00
Description : Messenger Sharing USN Journal Reader Service
Company : Microsoft Corporation
Window Title :
File Size : 97,136
File Created Date : 01/01/1428 09:54:14 ص
File Modified Date : 01/01/1428 09:54:14 ص
Filename : C:\Program Files\MSN Messenger\usnsvc.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:54:49 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 60 K
Mem Usage Peak : 2604 K
Page Faults : 781
Pagefile Usage : 828 K
Pagefile Peak Usage : 876 K
File Attributes : A
==================================================
==================================================
Process Name : ServiceLayer.exe
ProcessID : 2784
Priority : Normal
Product Name : PC Connectivity Solution
Version : 6, 83, 78, 3
Description : ServiceLayer Module
Company : Nokia.
Window Title :
File Size : 292,864
File Created Date : 08/03/1428 10:06:24 ص
File Modified Date : 08/03/1428 10:06:24 ص
Filename : C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Base Address : 0x00400000
Created On : 28/01/1429 03:08:24 م
Visible Windows : 0
Hidden Windows : 2
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 844 K
Mem Usage Peak : 7660 K
Page Faults : 2912
Pagefile Usage : 4648 K
Pagefile Peak Usage : 5348 K
File Attributes : A
==================================================
==================================================
Process Name : msnmsgr.exe
ProcessID : 2124
Priority : Normal
Product Name : Messenger
Version : 8.1.0178.00
Description : Messenger
Company : Microsoft Corporation
Window Title :
File Size : 5,674,352
File Created Date : 01/01/1428 09:55:14 ص
File Modified Date : 01/01/1428 09:55:14 ص
Filename : C:\Program Files\MSN Messenger\msnmsgr.exe
Base Address : 0x00400000
Created On : 28/01/1429 03:34:11 م
Visible Windows : 1
Hidden Windows : 31
User Name : START-9A057AE73\start
Mem Usage : 2836 K
Mem Usage Peak : 60584 K
Page Faults : 143581
Pagefile Usage : 36204 K
Pagefile Peak Usage : 45776 K
File Attributes : A
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 3740
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title : Microsoft Internet Explorer
File Size : 465,920
File Created Date : 29/08/1428 01:28:54 م
File Modified Date : 30/11/1428 10:17:45 م
Filename : C:\Program Files\Internet Explorer\iexplore.exe
Base Address : 0x00400000
Created On : 28/01/1429 05:43:09 م
Visible Windows : 3
Hidden Windows : 55
User Name : START-9A057AE73\start
Mem Usage : 31364 K
Mem Usage Peak : 57752 K
Page Faults : 199200
Pagefile Usage : 38528 K
Pagefile Peak Usage : 60520 K
File Attributes : A
==================================================
==================================================
Process Name : runn.exe
ProcessID : 2072
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 71,680
File Created Date : 28/01/1429 06:34:40 م
File Modified Date : 23/01/1429 10:24:25 م
Filename : C:\DOCUME~1\start\LOCALS~1\Temp\bntoz\runn.exe
Base Address : 0x00400000
Created On : 28/01/1429 09:34:41 م
Visible Windows : 0
Hidden Windows : 0
User Name : START-9A057AE73\start
Mem Usage : 2024 K
Mem Usage Peak : 2040 K
Page Faults : 599
Pagefile Usage : 700 K
Pagefile Peak Usage : 772 K
File Attributes : A
==================================================
==================================================
Process Name : cmd.exe
ProcessID : 3312
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Command Processor
Company : Microsoft Corporation
Window Title :
File Size : 391,680
File Created Date : 18/06/1425 09:56:06 ص
File Modified Date : 30/11/1428 10:13:32 م
Filename : C:\WINDOWS\system32\cmd.exe
Base Address : 0x4AD00000
Created On : 28/01/1429 09:34:42 م
Visible Windows : 0
Hidden Windows : 1
User Name : START-9A057AE73\start
Mem Usage : 2956 K
Mem Usage Peak : 3020 K
Page Faults : 859
Pagefile Usage : 2080 K
Pagefile Peak Usage : 2156 K
File Attributes : A
==================================================
==================================================
Process Name : wmiprvse.exe
ProcessID : 2300
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 218,112
File Created Date : 29/08/1428 01:25:26 م
File Modified Date : 18/06/1425 09:56:36 ص
Filename : C:\WINDOWS\system32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 28/01/1429 09:34:51 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 5536 K
Mem Usage Peak : 5536 K
Page Faults : 1440
Pagefile Usage : 2932 K
Pagefile Peak Usage : 2932 K
File Attributes : A
==================================================
==================================================
Process Name : CProcess.exe
ProcessID : 3684
Priority : Normal
Product Name : CurrProcess
Version : 1.11
Description : CurrProcess
Company : NirSoft
Window Title :
File Size : 35,840
File Created Date : 28/01/1429 06:34:40 م
File Modified Date : 08/06/1426 04:46:34 ص
Filename : C:\DOCUME~1\start\LOCALS~1\Temp\bntoz\CProcess.exe
Base Address : 0x00400000
Created On : 28/01/1429 09:35:06 م
Visible Windows : 0
Hidden Windows : 0
User Name : START-9A057AE73\start
Mem Usage : 2068 K
Mem Usage Peak : 2128 K
Page Faults : 971
Pagefile Usage : 924 K
Pagefile Peak Usage : 1004 K
File Attributes : A
==================================================
.
.
--------------------------\\\ End Report Of Running Processes ---------------
.
.
.
.
--------------------------\\\ Windows XP Startup List ---------------
.
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
autocheck autochk *
Auto Check Utility
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\autochk.exe
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
rdpclip
rdpclip
RDP Clip Monitor
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\rdpclip.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
userinit.exe
userinit.exe
Userinit Logon Application
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\userinit.exe
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Explorer.exe
Explorer.exe
Windows Explorer
Microsoft Corporation
6.00.2900.2180
c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
explorer.exe
explorer.exe
Windows Explorer
Microsoft Corporation
6.00.2900.2180
c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IgfxTray
C:\WINDOWS\system32\igfxtray.exe
igfxTray Module
Intel Corporation
3.00.0000.3762
c:\windows\system32\igfxtray.exe
HotKeysCmds
C:\WINDOWS\system32\hkcmd.exe
hkcmd Module
Intel Corporation
3.00.0000.3762
c:\windows\system32\hkcmd.exe
SynTPLpr
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
TouchPad Driver Helper Application
Synaptics, Inc.
7.10.0012.0000
c:\program files\synaptics\syntp\syntplpr.exe
SynTPEnh
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Synaptics TouchPad Enhancements
Synaptics, Inc.
7.10.0012.0000
c:\program files\synaptics\syntp\syntpenh.exe
TkBellExe
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
RealNetworks Scheduler
RealNetworks, Inc.
0.01.0000.4076
c:\program files\common files\real\update_ob\realsched.exe
AVP
"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
Kaspersky Anti-Virus
Kaspersky Lab
6.00.0002.0621
c:\program files\kaspersky lab\kaspersky internet security 6.0\avp.exe
IntelWireless
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
Intel Framework MFC Application
Intel Corporation
9.00.0000.0018
c:\program files\intel\wireless\bin\ifrmewrk.exe
EOUApp
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
Ease Of Use Wizard Application
Intel Corporation
9.00.0000.0021
c:\program files\intel\wireless\bin\eouwiz.exe
LManager
C:\Program Files\Launch Manager\QtZgAcer.EXE
Launch Manager
Dritek System Inc.
1.01.0000.0000
c:\program files\launch manager\qtzgacer.exe
!AVG Anti-Spyware
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
AVG Anti-Spyware
GRISOFT s.r.o.
7.05.0001.0043
c:\program files\grisoft\avg anti-spyware 7.5\zyzoom.exe
C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل
BTTray.lnk
C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\BTTray.lnk
Bluetooth Tray Application
WIDCOMM, Inc.
3.00.0001.0904
c:\program files\widcomm\bluetooth software\bttray.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE
C:\WINDOWS\system32\ctfmon.exe
CTF Loader
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\ctfmon.exe
CursorXP
C:\Program Files\CursorXP\CursorXP.exe
CursorXP
1.00.0000.0001
c:\program files\cursorxp\cursorxp.exe
IDMan
C:\Program Files\Internet Download Manager\IDMan.exe /onboot
Internet Download Manager (IDM)
Tonec Inc.
5.00.0011.0010
c:\program files\internet download manager\idman.exe
USB Safely Remove
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
Safely Remove A Device In One Click
3.01.0004.0478
c:\program files\usb safely remove\usbsafelyremove.exe
Task Scheduler
1-Click Maintenance.job
C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart
File not found: C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
.
----------- End Report ---------------
.
--------------------------\\\ Start Report Of HijackThis ---------------
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:35:06 م, on 05/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\start\LOCALS~1\Temp\bntoz\runn.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\start\LOCALS~1\Temp\bntoz\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.118.133.133:8080
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7560 bytes
.
.
--------------------------\\\ End Report Of Of HijackThis ---------------
.
.
.
.
--------------------------\\\ Start Report Of Running Processes ---------------
.
==================================================
Process Name : smss.exe
ProcessID : 1692
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Session Manager
Company : Microsoft Corporation
Window Title :
File Size : 50,688
File Created Date : 18/06/1425 09:56:30 ص
File Modified Date : 18/06/1425 09:56:30 ص
Filename : C:\WINDOWS\System32\smss.exe
Base Address : 0x48580000
Created On : 28/01/1429 02:50:59 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 48 K
Mem Usage Peak : 708 K
Page Faults : 297
Pagefile Usage : 164 K
Pagefile Peak Usage : 1640 K
File Attributes : A
==================================================
==================================================
Process Name : csrss.exe
ProcessID : 1744
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Client Server Runtime Process
Company : Microsoft Corporation
Window Title :
File Size : 6,144
File Created Date : 18/06/1425 09:56:08 ص
File Modified Date : 18/06/1425 09:56:08 ص
Filename : C:\WINDOWS\system32\csrss.exe
Base Address : 0x4A680000
Created On : 28/01/1429 02:51:01 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2920 K
Mem Usage Peak : 7836 K
Page Faults : 11949
Pagefile Usage : 1920 K
Pagefile Peak Usage : 1920 K
File Attributes : A
==================================================
==================================================
Process Name : winlogon.exe
ProcessID : 1772
Priority : High
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Logon Application
Company : Microsoft Corporation
Window Title :
File Size : 501,248
File Created Date : 18/06/1425 09:56:36 ص
File Modified Date : 18/06/1425 09:56:36 ص
Filename : C:\WINDOWS\system32\winlogon.exe
Base Address : 0x01000000
Created On : 28/01/1429 02:51:01 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3096 K
Mem Usage Peak : 16148 K
Page Faults : 13973
Pagefile Usage : 8284 K
Pagefile Peak Usage : 8572 K
File Attributes : A
==================================================
==================================================
Process Name : services.exe
ProcessID : 1816
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Services and Controller app
Company : Microsoft Corporation
Window Title :
File Size : 108,032
File Created Date : 18/06/1425 09:56:30 ص
File Modified Date : 18/06/1425 09:56:30 ص
Filename : C:\WINDOWS\system32\services.exe
Base Address : 0x01000000
Created On : 28/01/1429 02:51:02 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1184 K
Mem Usage Peak : 5068 K
Page Faults : 2055
Pagefile Usage : 2140 K
Pagefile Peak Usage : 2272 K
File Attributes : A
==================================================
==================================================
Process Name : lsass.exe
ProcessID : 1828
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : LSA Shell (Export Version)
Company : Microsoft Corporation
Window Title :
File Size : 13,312
File Created Date : 18/06/1425 09:56:18 ص
File Modified Date : 18/06/1425 09:56:18 ص
Filename : C:\WINDOWS\system32\lsass.exe
Base Address : 0x01000000
Created On : 28/01/1429 02:51:02 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1424 K
Mem Usage Peak : 8760 K
Page Faults : 19685
Pagefile Usage : 4160 K
Pagefile Peak Usage : 4328 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1976
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 09:56:32 ص
File Modified Date : 18/06/1425 09:56:32 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 28/01/1429 02:51:03 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1512 K
Mem Usage Peak : 5788 K
Page Faults : 2173
Pagefile Usage : 3284 K
Pagefile Peak Usage : 23308 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 2036
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 09:56:32 ص
File Modified Date : 18/06/1425 09:56:32 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 28/01/1429 02:51:04 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 1408 K
Mem Usage Peak : 4640 K
Page Faults : 1785
Pagefile Usage : 1996 K
Pagefile Peak Usage : 2316 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 212
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 09:56:32 ص
File Modified Date : 18/06/1425 09:56:32 ص
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 28/01/1429 02:51:04 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 6800 K
Mem Usage Peak : 34528 K
Page Faults : 29170
Pagefile Usage : 18328 K
Pagefile Peak Usage : 21620 K
File Attributes : A
==================================================
==================================================
Process Name : EvtEng.exe
ProcessID : 252
Priority : Normal
Product Name : EvtEng Module
Version : 9, 0, 0, 12
Description : EvtEng Module
Company : Intel Corporation
Window Title :
File Size : 86,016
File Created Date : 20/06/1425 01:43:12 م
File Modified Date : 20/06/1425 01:43:12 م
Filename : C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:04 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 380 K
Mem Usage Peak : 9860 K
Page Faults : 2678
Pagefile Usage : 3848 K
Pagefile Peak Usage : 3972 K
File Attributes : A
==================================================
==================================================
Process Name : S24EvMon.exe
ProcessID : 376
Priority : Normal
Product Name : Mobile Unit Support Service
Version : 9, 0, 0, 38
Description : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.
Company : Intel Corporation
Window Title :
File Size : 360,521
File Created Date : 20/06/1425 01:45:44 م
File Modified Date : 20/06/1425 01:45:44 م
Filename : C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:04 م
Visible Windows : 0
Hidden Windows : 1
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 720 K
Mem Usage Peak : 5036 K
Page Faults : 1352
Pagefile Usage : 2768 K
Pagefile Peak Usage : 2784 K
File Attributes : A
==================================================
==================================================
Process Name : ZcfgSvc.exe
ProcessID : 452
Priority : Normal
Product Name : ZeroCfgSvc Application
Version : 9, 0, 0, 42
Description : ZeroCfgSvc MFC Application
Company : Intel Corporation
Window Title :
File Size : 389,120
File Created Date : 20/06/1425 01:48:34 م
File Modified Date : 20/06/1425 01:48:34 م
Filename : C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:06 م
Visible Windows : 0
Hidden Windows : 3
User Name : START-9A057AE73\start
Mem Usage : 612 K
Mem Usage Peak : 8904 K
Page Faults : 59043
Pagefile Usage : 3344 K
Pagefile Peak Usage : 3380 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 552
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 09:56:32 ص
File Modified Date : 18/06/1425 09:56:32 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 28/01/1429 02:51:06 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 1052 K
Mem Usage Peak : 3508 K
Page Faults : 1621
Pagefile Usage : 1548 K
Pagefile Peak Usage : 1588 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 764
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 09:56:32 ص
File Modified Date : 18/06/1425 09:56:32 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 28/01/1429 02:51:06 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 1716 K
Mem Usage Peak : 7580 K
Page Faults : 6697
Pagefile Usage : 6356 K
Pagefile Peak Usage : 6452 K
File Attributes : A
==================================================
==================================================
Process Name : Explorer.EXE
ProcessID : 1128
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Explorer
Company : Microsoft Corporation
Window Title : برامج زيزوم
File Size : 1,655,296
File Created Date : 18/06/1425 09:56:12 ص
File Modified Date : 30/11/1428 10:13:09 م
Filename : C:\WINDOWS\Explorer.EXE
Base Address : 0x01000000
Created On : 28/01/1429 02:51:07 م
Visible Windows : 3
Hidden Windows : 32
User Name : START-9A057AE73\start
Mem Usage : 20424 K
Mem Usage Peak : 41344 K
Page Faults : 237563
Pagefile Usage : 26872 K
Pagefile Peak Usage : 41484 K
File Attributes : A
==================================================
==================================================
Process Name : spoolsv.exe
ProcessID : 1252
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Spooler SubSystem App
Company : Microsoft Corporation
Window Title :
File Size : 57,856
File Created Date : 18/06/1425 09:56:32 ص
File Modified Date : 18/06/1425 09:56:32 ص
Filename : C:\WINDOWS\system32\spoolsv.exe
Base Address : 0x01000000
Created On : 28/01/1429 02:51:07 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 680 K
Mem Usage Peak : 9956 K
Page Faults : 3189
Pagefile Usage : 6876 K
Pagefile Peak Usage : 7196 K
File Attributes : A
==================================================
==================================================
Process Name : guard.exe
ProcessID : 1332
Priority : Normal
Product Name : AVG Anti-Spyware
Version : 7, 5, 1, 22
Description : AVG Anti-Spyware guard
Company : GRISOFT s.r.o.
Window Title :
File Size : 312,880
File Created Date : 14/05/1428 12:31:10 م
File Modified Date : 14/05/1428 12:31:10 م
Filename : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:07 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 12232 K
Mem Usage Peak : 49288 K
Page Faults : 150385
Pagefile Usage : 34048 K
Pagefile Peak Usage : 57056 K
File Attributes : A
==================================================
==================================================
Process Name : avp.exe
ProcessID : 1344
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 6.0.2.621
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 200,768
File Created Date : 20/02/1428 04:50:58 م
File Modified Date : 20/02/1428 04:50:58 م
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:07 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 23628 K
Mem Usage Peak : 90428 K
Page Faults : 1142590
Pagefile Usage : 51588 K
Pagefile Peak Usage : 126688 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1388
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 09:56:32 ص
File Modified Date : 18/06/1425 09:56:32 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 28/01/1429 02:51:07 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 152 K
Mem Usage Peak : 3328 K
Page Faults : 930
Pagefile Usage : 2264 K
Pagefile Peak Usage : 2288 K
File Attributes : A
==================================================
==================================================
Process Name : btwdins.exe
ProcessID : 1400
Priority : Normal
Product Name : Bluetooth Software 3.0.1.904
Version : 3.0.1.904
Description : Bluetooth Support Server
Company : WIDCOMM, Inc.
Window Title :
File Size : 163,840
File Created Date : 06/04/1425 12:27:08 م
File Modified Date : 06/04/1425 12:27:08 م
Filename : C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:07 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 184 K
Mem Usage Peak : 3212 K
Page Faults : 1467
Pagefile Usage : 1020 K
Pagefile Peak Usage : 1140 K
File Attributes : A
==================================================
==================================================
Process Name : OProtSvc.exe
ProcessID : 1476
Priority : Normal
Product Name : Intel PROSet/Wireless
Version : 9, 0, 0, 3
Description : Ownership protocol service
Company : Intel Corporation
Window Title :
File Size : 98,304
File Created Date : 20/06/1425 01:51:54 م
File Modified Date : 20/06/1425 01:51:54 م
Filename : C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:08 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 148 K
Mem Usage Peak : 4852 K
Page Faults : 1386
Pagefile Usage : 1492 K
Pagefile Peak Usage : 1584 K
File Attributes : A
==================================================
==================================================
Process Name : RegSrvc.exe
ProcessID : 1536
Priority : Normal
Product Name : RegSrvc Module
Version : 9, 0, 0, 10
Description : RegSrvc Module
Company : Intel Corporation
Window Title :
File Size : 139,264
File Created Date : 20/06/1425 01:42:36 م
File Modified Date : 20/06/1425 01:42:36 م
Filename : C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:08 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 52 K
Mem Usage Peak : 2648 K
Page Faults : 717
Pagefile Usage : 764 K
Pagefile Peak Usage : 784 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 392
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 09:56:32 ص
File Modified Date : 18/06/1425 09:56:32 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 28/01/1429 02:51:11 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1384 K
Mem Usage Peak : 4536 K
Page Faults : 1804
Pagefile Usage : 2556 K
Pagefile Peak Usage : 2616 K
File Attributes : A
==================================================
==================================================
Process Name : 1XConfig.exe
ProcessID : 960
Priority : Normal
Product Name : 8021XConfig Module
Version : 9, 0, 0, 30
Description : 8021XConfig Module
Company : Intel
Window Title :
File Size : 241,664
File Created Date : 20/06/1425 01:44:12 م
File Modified Date : 20/06/1425 01:44:12 م
Filename : C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:13 م
Visible Windows : 0
Hidden Windows : 0
User Name : START-9A057AE73\start
Mem Usage : 1368 K
Mem Usage Peak : 6232 K
Page Faults : 8164
Pagefile Usage : 2324 K
Pagefile Peak Usage : 2336 K
File Attributes : A
==================================================
==================================================
Process Name : igfxtray.exe
ProcessID : 1044
Priority : Normal
Product Name : Intel(R) Common User Interface
Version : 3.0.0.3762
Description : igfxTray Module
Company : Intel Corporation
Window Title :
File Size : 155,648
File Created Date : 29/08/1428 01:53:41 م
File Modified Date : 19/12/1424 05:55:32 م
Filename : C:\WINDOWS\system32\igfxtray.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:15 م
Visible Windows : 0
Hidden Windows : 1
User Name : START-9A057AE73\start
Mem Usage : 228 K
Mem Usage Peak : 4072 K
Page Faults : 1104
Pagefile Usage : 1868 K
Pagefile Peak Usage : 2648 K
File Attributes : A
==================================================
==================================================
Process Name : hkcmd.exe
ProcessID : 808
Priority : Normal
Product Name : Intel(R) Common User Interface
Version : 3.0.0.3762
Description : hkcmd Module
Company : Intel Corporation
Window Title :
File Size : 118,784
File Created Date : 29/08/1428 01:53:37 م
File Modified Date : 19/12/1424 05:51:30 م
Filename : C:\WINDOWS\system32\hkcmd.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:18 م
Visible Windows : 0
Hidden Windows : 17
User Name : START-9A057AE73\start
Mem Usage : 256 K
Mem Usage Peak : 3996 K
Page Faults : 1118
Pagefile Usage : 2004 K
Pagefile Peak Usage : 2004 K
File Attributes : A
==================================================
==================================================
Process Name : SynTPLpr.exe
ProcessID : 788
Priority : Normal
Product Name : Progressive Touch
Version : 7.10.12 20May04
Description : TouchPad Driver Helper Application
Company : Synaptics, Inc.
Window Title :
File Size : 98,304
File Created Date : 29/08/1428 02:21:16 م
File Modified Date : 01/04/1425 11:57:30 ص
Filename : C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:22 م
Visible Windows : 0
Hidden Windows : 2
User Name : START-9A057AE73\start
Mem Usage : 304 K
Mem Usage Peak : 2836 K
Page Faults : 837
Pagefile Usage : 980 K
Pagefile Peak Usage : 1080 K
File Attributes : A
==================================================
==================================================
Process Name : SynTPEnh.exe
ProcessID : 324
Priority : Normal
Product Name : Progressive Touch
Version : 7.10.12 20May04
Description : Synaptics TouchPad Enhancements
Company : Synaptics, Inc.
Window Title :
File Size : 532,480
File Created Date : 29/08/1428 02:21:16 م
File Modified Date : 01/04/1425 11:57:04 ص
Filename : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:24 م
Visible Windows : 0
Hidden Windows : 5
User Name : START-9A057AE73\start
Mem Usage : 1700 K
Mem Usage Peak : 5136 K
Page Faults : 2029
Pagefile Usage : 1708 K
Pagefile Peak Usage : 1808 K
File Attributes : A
==================================================
==================================================
Process Name : realsched.exe
ProcessID : 1460
Priority : Normal
Product Name : RealPlayer (32-bit)
Version : 0.1.0.4076
Description : RealNetworks Scheduler
Company : RealNetworks, Inc.
Window Title :
File Size : 185,632
File Created Date : 13/09/1428 09:39:37 م
File Modified Date : 13/09/1428 09:39:37 م
Filename : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:25 م
Visible Windows : 0
Hidden Windows : 1
User Name : START-9A057AE73\start
Mem Usage : 140 K
Mem Usage Peak : 2560 K
Page Faults : 167185
Pagefile Usage : 980 K
Pagefile Peak Usage : 1008 K
File Attributes : A
==================================================
==================================================
Process Name : avp.exe
ProcessID : 1636
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 6.0.2.621
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 200,768
File Created Date : 20/02/1428 04:50:58 م
File Modified Date : 20/02/1428 04:50:58 م
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:27 م
Visible Windows : 0
Hidden Windows : 4
User Name : START-9A057AE73\start
Mem Usage : 2604 K
Mem Usage Peak : 8308 K
Page Faults : 33206
Pagefile Usage : 6164 K
Pagefile Peak Usage : 6280 K
File Attributes : A
==================================================
==================================================
Process Name : ifrmewrk.exe
ProcessID : 1676
Priority : Normal
Product Name : Intel PROSet/Wireless
Version : 9, 0, 0, 18
Description : Intel Framework MFC Application
Company : Intel Corporation
Window Title :
File Size : 385,024
File Created Date : 20/06/1425 01:48:52 م
File Modified Date : 20/06/1425 01:48:52 م
Filename : C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:28 م
Visible Windows : 0
Hidden Windows : 1
User Name : START-9A057AE73\start
Mem Usage : 1548 K
Mem Usage Peak : 8064 K
Page Faults : 88522
Pagefile Usage : 4664 K
Pagefile Peak Usage : 4684 K
File Attributes : A
==================================================
==================================================
Process Name : EOUWiz.exe
ProcessID : 292
Priority : Normal
Product Name : Intel PROSet/Wireless
Version : 9, 0, 0, 21
Description : Ease Of Use Wizard Application
Company : Intel Corporation
Window Title :
File Size : 356,352
File Created Date : 20/06/1425 01:52:32 م
File Modified Date : 20/06/1425 01:52:32 م
Filename : C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:32 م
Visible Windows : 0
Hidden Windows : 2
User Name : START-9A057AE73\start
Mem Usage : 344 K
Mem Usage Peak : 8792 K
Page Faults : 2379
Pagefile Usage : 4860 K
Pagefile Peak Usage : 5656 K
File Attributes : A
==================================================
==================================================
Process Name : QtZgAcer.EXE
ProcessID : 304
Priority : Normal
Product Name : Dritek System Inc. Launch Manager 01.10.2002 ( VC60 )
Version : 1, 1, 0, 0
Description : Launch Manager
Company : Dritek System Inc.
Window Title :
File Size : 319,488
File Created Date : 13/06/1425 03:30:06 ص
File Modified Date : 13/06/1425 03:30:06 ص
Filename : C:\Program Files\Launch Manager\QtZgAcer.EXE
Base Address : 0x00400000
Created On : 28/01/1429 02:51:34 م
Visible Windows : 0
Hidden Windows : 10
User Name : START-9A057AE73\start
Mem Usage : 432 K
Mem Usage Peak : 6736 K
Page Faults : 2412
Pagefile Usage : 3252 K
Pagefile Peak Usage : 3260 K
File Attributes : A
==================================================
==================================================
Process Name : zyzoom.exe
ProcessID : 2108
Priority : Normal
Product Name : AVG Anti-Spyware
Version : 7, 5, 1, 43
Description : AVG Anti-Spyware
Company : GRISOFT s.r.o.
Window Title :
File Size : 6,731,312
File Created Date : 25/12/1428 10:56:52 م
File Modified Date : 23/10/1428 01:50:41 ص
Filename : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:59 م
Visible Windows : 0
Hidden Windows : 23
User Name : START-9A057AE73\start
Mem Usage : 1536 K
Mem Usage Peak : 54588 K
Page Faults : 64621
Pagefile Usage : 44960 K
Pagefile Peak Usage : 68724 K
File Attributes : A
==================================================
==================================================
Process Name : ctfmon.exe
ProcessID : 2116
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : CTF Loader
Company : Microsoft Corporation
Window Title :
File Size : 15,360
File Created Date : 18/06/1425 09:56:08 ص
File Modified Date : 18/06/1425 09:56:08 ص
Filename : C:\WINDOWS\system32\ctfmon.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:51:59 م
Visible Windows : 0
Hidden Windows : 4
User Name : START-9A057AE73\start
Mem Usage : 372 K
Mem Usage Peak : 3304 K
Page Faults : 991
Pagefile Usage : 1040 K
Pagefile Peak Usage : 1044 K
File Attributes : A
==================================================
==================================================
Process Name : CursorXP.exe
ProcessID : 3336
Priority : High
Product Name : Stardock CursorXP
Version : 1, 3, 0, 0
Description : CursorXP
Company :
Window Title :
File Size : 128,000
File Created Date : 29/11/1428 07:11:15 م
File Modified Date : 09/12/1425 01:34:16 م
Filename : C:\Program Files\CursorXP\CursorXP.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:52:01 م
Visible Windows : 1
Hidden Windows : 0
User Name : START-9A057AE73\start
Mem Usage : 1572 K
Mem Usage Peak : 3432 K
Page Faults : 2461
Pagefile Usage : 1640 K
Pagefile Peak Usage : 1708 K
File Attributes : A
==================================================
==================================================
Process Name : IDMan.exe
ProcessID : 2428
Priority : Normal
Product Name : Internet Download Manager (IDM)
Version : 5.11.10
Description : Internet Download Manager (IDM)
Company : Tonec Inc.
Window Title :
File Size : 2,566,656
File Created Date : 02/12/1428 09:12:53 ص
File Modified Date : 04/12/1428 12:50:17 م
Filename : C:\Program Files\Internet Download Manager\IDMan.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:52:08 م
Visible Windows : 0
Hidden Windows : 5
User Name : START-9A057AE73\start
Mem Usage : 9316 K
Mem Usage Peak : 15536 K
Page Faults : 27810
Pagefile Usage : 12704 K
Pagefile Peak Usage : 15096 K
File Attributes : A
==================================================
==================================================
Process Name : USBSafelyRemove.exe
ProcessID : 3356
Priority : Normal
Product Name : USBSafelyRemove
Version : 3.1.4.478
Description : Safely Remove A Device In One Click
Company :
Window Title :
File Size : 2,447,360
File Created Date : 19/12/1428 11:15:44 م
File Modified Date : 10/10/1428 04:53:26 م
Filename : C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:52:15 م
Visible Windows : 0
Hidden Windows : 10
User Name : START-9A057AE73\start
Mem Usage : 768 K
Mem Usage Peak : 8248 K
Page Faults : 3042
Pagefile Usage : 5648 K
Pagefile Peak Usage : 5684 K
File Attributes : A
==================================================
==================================================
Process Name : BTTray.exe
ProcessID : 2276
Priority : Normal
Product Name : Bluetooth Software 3.0.1.904
Version : 3.0.1.904
Description : Bluetooth Tray Application
Company : WIDCOMM, Inc.
Window Title :
File Size : 565,309
File Created Date : 06/04/1425 12:38:42 م
File Modified Date : 06/04/1425 12:38:42 م
Filename : C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:52:19 م
Visible Windows : 0
Hidden Windows : 2
User Name : START-9A057AE73\start
Mem Usage : 492 K
Mem Usage Peak : 7628 K
Page Faults : 2160
Pagefile Usage : 4240 K
Pagefile Peak Usage : 12084 K
File Attributes : A
==================================================
==================================================
Process Name : IEMonitor.exe
ProcessID : 2284
Priority : Normal
Product Name : IEMonitor Application
Version : 3, 0, 0, 1
Description : Internet Download Manager agent for click monitoring in IE-based browsers
Company : Tonec Inc.
Window Title :
File Size : 251,576
File Created Date : 01/12/1428 04:18:10 م
File Modified Date : 02/02/1428 02:53:52 م
Filename : C:\Program Files\Internet Download Manager\IEMonitor.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:52:19 م
Visible Windows : 0
Hidden Windows : 1
User Name : START-9A057AE73\start
Mem Usage : 2348 K
Mem Usage Peak : 7028 K
Page Faults : 4807
Pagefile Usage : 4432 K
Pagefile Peak Usage : 5432 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 2696
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 09:56:32 ص
File Modified Date : 18/06/1425 09:56:32 ص
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 28/01/1429 02:53:35 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 184 K
Mem Usage Peak : 3528 K
Page Faults : 978
Pagefile Usage : 1664 K
Pagefile Peak Usage : 1688 K
File Attributes : A
==================================================
==================================================
Process Name : usnsvc.exe
ProcessID : 3320
Priority : Normal
Product Name : Messenger
Version : 8.1.0178.00
Description : Messenger Sharing USN Journal Reader Service
Company : Microsoft Corporation
Window Title :
File Size : 97,136
File Created Date : 01/01/1428 09:54:14 ص
File Modified Date : 01/01/1428 09:54:14 ص
Filename : C:\Program Files\MSN Messenger\usnsvc.exe
Base Address : 0x00400000
Created On : 28/01/1429 02:54:49 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 60 K
Mem Usage Peak : 2604 K
Page Faults : 781
Pagefile Usage : 828 K
Pagefile Peak Usage : 876 K
File Attributes : A
==================================================
==================================================
Process Name : ServiceLayer.exe
ProcessID : 2784
Priority : Normal
Product Name : PC Connectivity Solution
Version : 6, 83, 78, 3
Description : ServiceLayer Module
Company : Nokia.
Window Title :
File Size : 292,864
File Created Date : 08/03/1428 10:06:24 ص
File Modified Date : 08/03/1428 10:06:24 ص
Filename : C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Base Address : 0x00400000
Created On : 28/01/1429 03:08:24 م
Visible Windows : 0
Hidden Windows : 2
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 844 K
Mem Usage Peak : 7660 K
Page Faults : 2912
Pagefile Usage : 4648 K
Pagefile Peak Usage : 5348 K
File Attributes : A
==================================================
==================================================
Process Name : msnmsgr.exe
ProcessID : 2124
Priority : Normal
Product Name : Messenger
Version : 8.1.0178.00
Description : Messenger
Company : Microsoft Corporation
Window Title :
File Size : 5,674,352
File Created Date : 01/01/1428 09:55:14 ص
File Modified Date : 01/01/1428 09:55:14 ص
Filename : C:\Program Files\MSN Messenger\msnmsgr.exe
Base Address : 0x00400000
Created On : 28/01/1429 03:34:11 م
Visible Windows : 1
Hidden Windows : 31
User Name : START-9A057AE73\start
Mem Usage : 2836 K
Mem Usage Peak : 60584 K
Page Faults : 143581
Pagefile Usage : 36204 K
Pagefile Peak Usage : 45776 K
File Attributes : A
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 3740
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title : Microsoft Internet Explorer
File Size : 465,920
File Created Date : 29/08/1428 01:28:54 م
File Modified Date : 30/11/1428 10:17:45 م
Filename : C:\Program Files\Internet Explorer\iexplore.exe
Base Address : 0x00400000
Created On : 28/01/1429 05:43:09 م
Visible Windows : 3
Hidden Windows : 55
User Name : START-9A057AE73\start
Mem Usage : 31364 K
Mem Usage Peak : 57752 K
Page Faults : 199200
Pagefile Usage : 38528 K
Pagefile Peak Usage : 60520 K
File Attributes : A
==================================================
==================================================
Process Name : runn.exe
ProcessID : 2072
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 71,680
File Created Date : 28/01/1429 06:34:40 م
File Modified Date : 23/01/1429 10:24:25 م
Filename : C:\DOCUME~1\start\LOCALS~1\Temp\bntoz\runn.exe
Base Address : 0x00400000
Created On : 28/01/1429 09:34:41 م
Visible Windows : 0
Hidden Windows : 0
User Name : START-9A057AE73\start
Mem Usage : 2024 K
Mem Usage Peak : 2040 K
Page Faults : 599
Pagefile Usage : 700 K
Pagefile Peak Usage : 772 K
File Attributes : A
==================================================
==================================================
Process Name : cmd.exe
ProcessID : 3312
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Command Processor
Company : Microsoft Corporation
Window Title :
File Size : 391,680
File Created Date : 18/06/1425 09:56:06 ص
File Modified Date : 30/11/1428 10:13:32 م
Filename : C:\WINDOWS\system32\cmd.exe
Base Address : 0x4AD00000
Created On : 28/01/1429 09:34:42 م
Visible Windows : 0
Hidden Windows : 1
User Name : START-9A057AE73\start
Mem Usage : 2956 K
Mem Usage Peak : 3020 K
Page Faults : 859
Pagefile Usage : 2080 K
Pagefile Peak Usage : 2156 K
File Attributes : A
==================================================
==================================================
Process Name : wmiprvse.exe
ProcessID : 2300
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 218,112
File Created Date : 29/08/1428 01:25:26 م
File Modified Date : 18/06/1425 09:56:36 ص
Filename : C:\WINDOWS\system32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 28/01/1429 09:34:51 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 5536 K
Mem Usage Peak : 5536 K
Page Faults : 1440
Pagefile Usage : 2932 K
Pagefile Peak Usage : 2932 K
File Attributes : A
==================================================
==================================================
Process Name : CProcess.exe
ProcessID : 3684
Priority : Normal
Product Name : CurrProcess
Version : 1.11
Description : CurrProcess
Company : NirSoft
Window Title :
File Size : 35,840
File Created Date : 28/01/1429 06:34:40 م
File Modified Date : 08/06/1426 04:46:34 ص
Filename : C:\DOCUME~1\start\LOCALS~1\Temp\bntoz\CProcess.exe
Base Address : 0x00400000
Created On : 28/01/1429 09:35:06 م
Visible Windows : 0
Hidden Windows : 0
User Name : START-9A057AE73\start
Mem Usage : 2068 K
Mem Usage Peak : 2128 K
Page Faults : 971
Pagefile Usage : 924 K
Pagefile Peak Usage : 1004 K
File Attributes : A
==================================================
.
.
--------------------------\\\ End Report Of Running Processes ---------------
.
.
.
.
--------------------------\\\ Windows XP Startup List ---------------
.
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
autocheck autochk *
Auto Check Utility
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\autochk.exe
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
rdpclip
rdpclip
RDP Clip Monitor
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\rdpclip.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
userinit.exe
userinit.exe
Userinit Logon Application
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\userinit.exe
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Explorer.exe
Explorer.exe
Windows Explorer
Microsoft Corporation
6.00.2900.2180
c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
explorer.exe
explorer.exe
Windows Explorer
Microsoft Corporation
6.00.2900.2180
c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IgfxTray
C:\WINDOWS\system32\igfxtray.exe
igfxTray Module
Intel Corporation
3.00.0000.3762
c:\windows\system32\igfxtray.exe
HotKeysCmds
C:\WINDOWS\system32\hkcmd.exe
hkcmd Module
Intel Corporation
3.00.0000.3762
c:\windows\system32\hkcmd.exe
SynTPLpr
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
TouchPad Driver Helper Application
Synaptics, Inc.
7.10.0012.0000
c:\program files\synaptics\syntp\syntplpr.exe
SynTPEnh
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Synaptics TouchPad Enhancements
Synaptics, Inc.
7.10.0012.0000
c:\program files\synaptics\syntp\syntpenh.exe
TkBellExe
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
RealNetworks Scheduler
RealNetworks, Inc.
0.01.0000.4076
c:\program files\common files\real\update_ob\realsched.exe
AVP
"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
Kaspersky Anti-Virus
Kaspersky Lab
6.00.0002.0621
c:\program files\kaspersky lab\kaspersky internet security 6.0\avp.exe
IntelWireless
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
Intel Framework MFC Application
Intel Corporation
9.00.0000.0018
c:\program files\intel\wireless\bin\ifrmewrk.exe
EOUApp
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
Ease Of Use Wizard Application
Intel Corporation
9.00.0000.0021
c:\program files\intel\wireless\bin\eouwiz.exe
LManager
C:\Program Files\Launch Manager\QtZgAcer.EXE
Launch Manager
Dritek System Inc.
1.01.0000.0000
c:\program files\launch manager\qtzgacer.exe
!AVG Anti-Spyware
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
AVG Anti-Spyware
GRISOFT s.r.o.
7.05.0001.0043
c:\program files\grisoft\avg anti-spyware 7.5\zyzoom.exe
C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل
BTTray.lnk
C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\BTTray.lnk
Bluetooth Tray Application
WIDCOMM, Inc.
3.00.0001.0904
c:\program files\widcomm\bluetooth software\bttray.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE
C:\WINDOWS\system32\ctfmon.exe
CTF Loader
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\ctfmon.exe
CursorXP
C:\Program Files\CursorXP\CursorXP.exe
CursorXP
1.00.0000.0001
c:\program files\cursorxp\cursorxp.exe
IDMan
C:\Program Files\Internet Download Manager\IDMan.exe /onboot
Internet Download Manager (IDM)
Tonec Inc.
5.00.0011.0010
c:\program files\internet download manager\idman.exe
USB Safely Remove
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
Safely Remove A Device In One Click
3.01.0004.0478
c:\program files\usb safely remove\usbsafelyremove.exe
Task Scheduler
1-Click Maintenance.job
C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart
File not found: C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
.
----------- End Report ---------------
