تقرير الهايجاك .الكمبيوتر يعمل رستار عند الامر turn off

assem_ade · 7 أبريل 2009

--------------------------\\\ Start Report Of HijackThis ---------------
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:39 م, on 30/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Steganos Privacy Suite 2008\PasswordManagerFFAutoFill.exe
C:\Program Files\Steganos Privacy Suite 2008\SteganosHotKeyService.exe
C:\Program Files\Steganos Privacy Suite 2008\fredirstarter.exe
F:\برامج كمبيوتر\IDM_5.14\IDM_5.14\Cracked EXE\IDMan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfx update.exe
C:\WINDOWS\system32\SatSrv.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen. exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msiexec.exe
F:\برامج كمبيوتر\IDM_5.14\IDM_5.14\Cracked EXE\IEMonitor.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\WINDOWS\Integrator.exe
C:\DOCUME~1\ASSEMA~1\LOCALS~1\Temp\bntoz\runn.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\ASSEMA~1\LOCALS~1\Temp\bntoz\HijackThi s.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - F:\برامج كمبيوتر\IDM_5.14\IDM_5.14\Cracked EXE\IDMIECC.dll
O2 - BHO: Steganos Password Manager AutoFill - {1427A821-7B93-4F08-9A34-9FA03A3D93DB} - C:\Program Files\Steganos Privacy Suite 2008\PasswordManagerBHO.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SSS2008 PasswordManagerFFAutoFill] "C:\Program Files\Steganos Privacy Suite 2008\PasswordManagerFFAutoFill.exe"
O4 - HKLM\..\Run: [SSS2008 HotKeys] "C:\Program Files\Steganos Privacy Suite 2008\SteganosHotKeyService.exe"
O4 - HKLM\..\Run: [SSS2008 File Redirection Starter] "C:\Program Files\Steganos Privacy Suite 2008\fredirstarter.exe"
O4 - HKCU\..\Run: [IDMan] F:\برامج كمبيوتر\IDM_5.14\IDM_5.14\Cracked EXE\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - F:\برامج كمبيوتر\IDM_5.14\IDM_5.14\Cracked EXE\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - F:\برامج كمبيوتر\IDM_5.14\IDM_5.14\Cracked EXE\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - F:\برامج كمبيوتر\IDM_5.14\IDM_5.14\Cracked EXE\IEGetVL.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Steganos AntiTheft (SatSrv) - Unknown owner - C:\WINDOWS\system32\\SatSrv.exe

--
End of file - 5259 bytes
.
.
--------------------------\\\ End Report Of Of HijackThis ---------------
.
.
.
.
--------------------------\\\ Start Report Of Running Processes ---------------
.
==================================================
Process Name : smss.exe
ProcessID : 660
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Windows NT Session Manager
Company : Microsoft Corporation
Window Title :
File Size : 50,688
File Created Date : 04/08/2004 08:00:00 ص
File Modified Date : 14/04/2008 12:12:36 ص
Filename : C:\WINDOWS\System32\smss.exe
Base Address : 0x48580000
Created On : 30/03/2009 09:53:27 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 380 K
Mem Usage Peak : 696 K
Page Faults : 298
Pagefile Usage : 176 K
Pagefile Peak Usage : 1708 K
File Attributes : A
==================================================

==================================================
Process Name : csrss.exe
ProcessID : 716
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Client Server Runtime Process
Company : Microsoft Corporation
Window Title :
File Size : 6,144
File Created Date : 04/08/2004 08:00:00 ص
File Modified Date : 14/04/2008 12:12:16 ص
Filename : C:\WINDOWS\system32\csrss.exe
Base Address : 0x4A680000
Created On : 30/03/2009 09:53:30 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4824 K
Mem Usage Peak : 4936 K
Page Faults : 8520
Pagefile Usage : 1816 K
Pagefile Peak Usage : 1864 K
File Attributes : A
==================================================

==================================================
Process Name : winlogon.exe
ProcessID : 740
Priority : High
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2113)
Description : Windows NT Logon Application
Company : Microsoft Corporation
Window Title :
File Size : 507,904
File Created Date : 04/08/2004 08:00:00 ص
File Modified Date : 14/04/2008 12:12:40 ص
Filename : C:\WINDOWS\system32\winlogon.exe
Base Address : 0x01000000
Created On : 30/03/2009 09:53:32 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4752 K
Mem Usage Peak : 13472 K
Page Faults : 6994
Pagefile Usage : 6788 K
Pagefile Peak Usage : 9364 K
File Attributes : A
==================================================

==================================================
Process Name : services.exe
ProcessID : 784
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Services and Controller app
Company : Microsoft Corporation
Window Title :
File Size : 108,544
File Created Date : 04/08/2004 08:00:00 ص
File Modified Date : 14/04/2008 12:12:34 ص
Filename : C:\WINDOWS\system32\services.exe
Base Address : 0x01000000
Created On : 30/03/2009 09:53:34 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5360 K
Mem Usage Peak : 21556 K
Page Faults : 21998
Pagefile Usage : 3764 K
Pagefile Peak Usage : 12684 K
File Attributes : A
==================================================

==================================================
Process Name : lsass.exe
ProcessID : 796
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2113)
Description : LSA Shell (Export Version)
Company : Microsoft Corporation
Window Title :
File Size : 13,312
File Created Date : 04/08/2004 08:00:00 ص
File Modified Date : 14/04/2008 12:12:24 ص
Filename : C:\WINDOWS\system32\lsass.exe
Base Address : 0x01000000
Created On : 30/03/2009 09:53:34 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1376 K
Mem Usage Peak : 6080 K
Page Faults : 4740
Pagefile Usage : 3816 K
Pagefile Peak Usage : 3984 K
File Attributes : A
==================================================

==================================================
Process Name : svchost.exe
ProcessID : 960
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 04/08/2004 08:00:00 ص
File Modified Date : 14/04/2008 12:12:36 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 30/03/2009 09:53:35 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4804 K
Mem Usage Peak : 4884 K
Page Faults : 1363
Pagefile Usage : 3024 K
Pagefile Peak Usage : 23388 K
File Attributes : A
==================================================

==================================================
Process Name : svchost.exe
ProcessID : 1008
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 04/08/2004 08:00:00 ص
File Modified Date : 14/04/2008 12:12:36 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 30/03/2009 09:53:36 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4408 K
Mem Usage Peak : 4408 K
Page Faults : 1242
Pagefile Usage : 1884 K
Pagefile Peak Usage : 1920 K
File Attributes : A
==================================================

==================================================
Process Name : svchost.exe
ProcessID : 1152
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 04/08/2004 08:00:00 ص
File Modified Date : 14/04/2008 12:12:36 ص
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 30/03/2009 09:53:36 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 27136 K
Mem Usage Peak : 34820 K
Page Faults : 16896
Pagefile Usage : 16164 K
Pagefile Peak Usage : 24144 K
File Attributes : A
==================================================

==================================================
Process Name : svchost.exe
ProcessID : 1220
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 04/08/2004 08:00:00 ص
File Modified Date : 14/04/2008 12:12:36 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 30/03/2009 09:53:36 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3640 K
Mem Usage Peak : 3860 K
Page Faults : 1478
Pagefile Usage : 1376 K
Pagefile Peak Usage : 1624 K
File Attributes : A
==================================================

==================================================
Process Name : svchost.exe
ProcessID : 1368
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 04/08/2004 08:00:00 ص
File Modified Date : 14/04/2008 12:12:36 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 30/03/2009 09:53:37 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4600 K
Mem Usage Peak : 4612 K
Page Faults : 1212
Pagefile Usage : 1888 K
Pagefile Peak Usage : 1936 K
File Attributes : A
==================================================

==================================================
Process Name : aswUpdSv.exe
ProcessID : 1448
Priority : Normal
Product Name : avast! Antivirus
Version : 4, 8, 1335, 0
Description : avast! Antivirus updating service
Company : ALWIL Software
Window Title :
File Size : 18,752
File Created Date : 16/02/2009 07:39:38 م
File Modified Date : 05/02/2009 09:01:26 م
Filename : C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
Base Address : 0x00400000
Created On : 30/03/2009 09:53:37 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 312 K
Mem Usage Peak : 1896 K
Page Faults : 532
Pagefile Usage : 556 K
Pagefile Peak Usage : 556 K
File Attributes : A
==================================================

==================================================
Process Name : ashServ.exe
ProcessID : 1532
Priority : High
Product Name : avast! Antivirus
Version : 4, 8, 1335, 0
Description : avast! antivirus service
Company : ALWIL Software
Window Title :
File Size : 138,680
File Created Date : 16/02/2009 07:39:38 م
File Modified Date : 05/02/2009 09:08:40 م
Filename : C:\Program Files\Alwil Software\Avast4\ashServ.exe
Base Address : 0x00400000
Created On : 30/03/2009 09:53:38 م
Visible Windows : 0
Hidden Windows : 2
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 19416 K
Mem Usage Peak : 119164 K
Page Faults : 114570
Pagefile Usage : 29432 K
Pagefile Peak Usage : 74668 K
File Attributes : A
==================================================

==================================================
Process Name : Explorer.EXE
ProcessID : 1820
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.5512 (xpsp.080413-2105)
Description : Windows Explorer
Company : Microsoft Corporation
Window Title : Programs
File Size : 1,033,728
File Created Date : 04/08/2004 08:00:00 ص
File Modified Date : 14/04/2008 12:12:20 ص
Filename : C:\WINDOWS\Explorer.EXE
Base Address : 0x01000000
Created On : 30/03/2009 09:53:43 م
Visible Windows : 3
Hidden Windows : 40
User Name : ASSEM\assemabdallh
Mem Usage : 13508 K
Mem Usage Peak : 32748 K
Page Faults : 51397
Pagefile Usage : 24016 K
Pagefile Peak Usage : 37448 K
File Attributes : A
==================================================

==================================================
Process Name : spoolsv.exe
ProcessID : 2004
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-0852)
Description : Spooler SubSystem App
Company : Microsoft Corporation
Window Title :
File Size : 57,856
File Created Date : 04/08/2004 08:00:00 ص
File Modified Date : 14/04/2008 12:12:36 ص
Filename : C:\WINDOWS\system32\spoolsv.exe
Base Address : 0x01000000
Created On : 30/03/2009 09:53:45 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4824 K
Mem Usage Peak : 4856 K
Page Faults : 1352
Pagefile Usage : 3116 K
Pagefile Peak Usage : 3436 K
File Attributes : A
==================================================

==================================================
Process Name : ashDisp.exe
ProcessID : 212
Priority : Normal
Product Name : avast! Antivirus
Version : 4, 8, 1335, 0
Description : avast! service GUI component
Company : ALWIL Software
Window Title :
File Size : 81,000
File Created Date : 16/02/2009 07:39:38 م
File Modified Date : 05/02/2009 09:08:46 م
Filename : C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Base Address : 0x00400000
Created On : 30/03/2009 09:53:46 م
Visible Windows : 0
Hidden Windows : 7
User Name : ASSEM\assemabdallh
Mem Usage : 1896 K
Mem Usage Peak : 5464 K
Page Faults : 4815
Pagefile Usage : 2620 K
Pagefile Peak Usage : 2644 K
File Attributes : A
==================================================

==================================================
Process Name : PasswordManagerFFAutoFill.exe
ProcessID : 296
Priority : Normal
Product Name : Steganos Privacy Suite
Version : 10.0.7
Description :
Company :
Window Title :
File Size : 21,504
File Created Date : 11/09/2008 01:10:34 م
File Modified Date : 11/09/2008 01:10:34 م
Filename : C:\Program Files\Steganos Privacy Suite 2008\PasswordManagerFFAutoFill.exe
Base Address : 0x00400000
Created On : 30/03/2009 09:53:47 م
Visible Windows : 0
Hidden Windows : 0
User Name : ASSEM\assemabdallh
Mem Usage : 22436 K
Mem Usage Peak : 22436 K
Page Faults : 7953
Pagefile Usage : 18596 K
Pagefile Peak Usage : 19296 K
File Attributes : A
==================================================

==================================================
Process Name : SteganosHotKeyService.exe
ProcessID : 452
Priority : Normal
Product Name : Steganos Privacy Suite
Version : 10.0.7
Description :
Company :
Window Title :
File Size : 25,088
File Created Date : 11/09/2008 01:10:34 م
File Modified Date : 11/09/2008 01:10:34 م
Filename : C:\Program Files\Steganos Privacy Suite 2008\SteganosHotKeyService.exe
Base Address : 0x00400000
Created On : 30/03/2009 09:53:48 م
Visible Windows : 0
Hidden Windows : 2
User Name : ASSEM\assemabdallh
Mem Usage : 21564 K
Mem Usage Peak : 21568 K
Page Faults : 9780
Pagefile Usage : 17824 K
Pagefile Peak Usage : 18232 K
File Attributes : A
==================================================

==================================================
Process Name : fredirstarter.exe
ProcessID : 476
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 57,344
File Created Date : 11/09/2008 01:15:16 م
File Modified Date : 11/09/2008 01:15:16 م
Filename : C:\Program Files\Steganos Privacy Suite 2008\fredirstarter.exe
Base Address : 0x00400000
Created On : 30/03/2009 09:53:48 م
Visible Windows : 0
Hidden Windows : 0
User Name : ASSEM\assemabdallh
Mem Usage : 716 K
Mem Usage Peak : 716 K
Page Faults : 175
Pagefile Usage : 480 K
Pagefile Peak Usage : 480 K
File Attributes : A
==================================================

==================================================
Process Name : IDMan.exe
ProcessID : 608
Priority : Normal
Product Name : Internet Download Manager (IDM)
Version : 5.14.1.0
Description : Internet Download Manager (IDM)
Company : Tonec Inc.
Window Title : 67% Zyzoom_eScan_9.0.742.1.exe
File Size : 931,248
File Created Date : 28/10/2008 10:46:40 ص
File Modified Date : 15/07/2008 06:39:04 ص
Filename : F:\برامج كمبيوتر\IDM_5.14\IDM_5.14\Cracked EXE\IDMan.exe
Base Address : 0x00400000
Created On : 30/03/2009 09:53:49 م
Visible Windows : 1
Hidden Windows : 9
User Name : ASSEM\assemabdallh
Mem Usage : 5528 K
Mem Usage Peak : 13496 K
Page Faults : 14007
Pagefile Usage : 7292 K
Pagefile Peak Usage : 7824 K
File Attributes : A
==================================================

==================================================
Process Name : Ati2evxx.exe
ProcessID : 1292
Priority : Normal
Product Name : ATI External Event Utility for WindowsNT and Windows9X
Version : 6.14.4076
Description : ATI External Event Utility EXE Module
Company : ATI Technologies Inc.
Window Title :
File Size : 282,624
File Created Date : 03/06/2003 02:30:20 ص
File Modified Date : 03/06/2003 02:30:20 ص
Filename : C:\WINDOWS\system32\Ati2evxx.exe
Base Address : 0x00400000
Created On : 30/03/2009 09:53:54 م
Visible Windows : 0
Hidden Windows : 2
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2256 K
Mem Usage Peak : 2256 K
Page Faults : 578
Pagefile Usage : 572 K
Pagefile Peak Usage : 572 K
File Attributes : A
==================================================

==================================================
Process Name : BTNtService.exe
ProcessID : 1356
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 110,592
File Created Date : 02/03/2009 04:26:57 م
File Modified Date : 06/04/2005 02:03:28 م
Filename : C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
Base Address : 0x00400000
Created On : 30/03/2009 09:53:56 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2524 K
Mem Usage Peak : 2552 K
Page Faults : 666
Pagefile Usage : 1832 K
Pagefile Peak Usage : 1868 K
File Attributes : A
==================================================

==================================================
Process Name : svchost.exe
ProcessID : 1420
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 04/08/2004 08:00:00 ص
File Modified Date : 14/04/2008 12:12:36 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 30/03/2009 09:53:56 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3252 K
Mem Usage Peak : 3256 K
Page Faults : 858
Pagefile Usage : 2192 K
Pagefile Peak Usage : 2216 K
File Attributes : A
==================================================

==================================================
Process Name : FrameworkService.exe
ProcessID : 1488
Priority : Normal
Product Name : McAfee Common Framework
Version : 3.6.0.453
Description : Framework Service
Company : McAfee, Inc.
Window Title :
File Size : 104,000
File Created Date : 16/02/2009 07:14:29 م
File Modified Date : 17/11/2006 11:37:44 ص
Filename : C:\Program Files\McAfee\Common Framework\FrameworkService.exe
Base Address : 0x00400000
Created On : 30/03/2009 09:53:57 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 6328 K
Mem Usage Peak : 6396 K
Page Faults : 4984
Pagefile Usage : 4660 K
Pagefile Peak Usage : 4776 K
File Attributes : A
==================================================

==================================================
Process Name : netfxupdate.exe
ProcessID : 1768
Priority : Normal
Product Name : NetFxUpdate Application
Version : 1,0,3705,3
Description : NetFxUpdate Application
Company : Microsoft
Window Title :
File Size : 73,728
File Created Date : 15/01/2007 02:11:26 م
File Modified Date : 15/01/2007 02:11:26 م
Filename : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfx update.exe
Base Address : 0x01000000
Created On : 30/03/2009 09:54:01 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1432 K
Mem Usage Peak : 1436 K
Page Faults : 367
Pagefile Usage : 428 K
Pagefile Peak Usage : 432 K
File Attributes : A
==================================================

==================================================
Process Name : SatSrv.exe
ProcessID : 240
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 184,320
File Created Date : 05/12/2006 08:27:04 ص
File Modified Date : 05/12/2006 08:27:04 ص
Filename : C:\WINDOWS\system32\SatSrv.exe
Base Address : 0x00400000
Created On : 30/03/2009 09:54:02 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1908 K
Mem Usage Peak : 1908 K
Page Faults : 483
Pagefile Usage : 608 K
Pagefile Peak Usage : 628 K
File Attributes : A
==================================================

==================================================
Process Name : ngen.exe
ProcessID : 364
Priority : Normal
Product Name : Microsoft .NET Framework
Version : 1.1.4322.573
Description : Microsoft Common Language Runtime native compiler
Company : Microsoft Corporation
Window Title :
File Size : 73,728
File Created Date : 20/02/2003 05:09:46 م
File Modified Date : 20/02/2003 05:09:46 م
Filename : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen. exe
Base Address : 0x00400000
Created On : 30/03/2009 09:54:03 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 9512 K
Mem Usage Peak : 9524 K
Page Faults : 3681
Pagefile Usage : 5496 K
Pagefile Peak Usage : 5532 K
File Attributes : A
==================================================

==================================================
Process Name : naPrdMgr.exe
ProcessID : 432
Priority : Normal
Product Name : McAfee Common Framework
Version : 3.6.0.453
Description : NAI Product Manager
Company : McAfee, Inc.
Window Title :
File Size : 136,768
File Created Date : 16/02/2009 07:14:29 م
File Modified Date : 17/11/2006 11:40:56 ص
Filename : C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
Base Address : 0x00400000
Created On : 30/03/2009 09:54:04 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 860 K
Mem Usage Peak : 5084 K
Page Faults : 1893
Pagefile Usage : 2620 K
Pagefile Peak Usage : 2652 K
File Attributes : A
==================================================

==================================================
Process Name : ashMaiSv.exe
ProcessID : 572
Priority : Normal
Product Name : avast! Antivirus
Version : 4, 8, 1335, 0
Description : avast! e-Mail Scanner Service
Company : ALWIL Software
Window Title :
File Size : 254,040
File Created Date : 16/02/2009 07:39:38 م
File Modified Date : 05/02/2009 09:08:26 م
Filename : C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
Base Address : 0x00400000
Created On : 30/03/2009 09:54:08 م
Visible Windows : 0
Hidden Windows : 2
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 640 K
Mem Usage Peak : 48600 K
Page Faults : 67352
Pagefile Usage : 2668 K
Pagefile Peak Usage : 24264 K
File Attributes : A
==================================================

==================================================
Process Name : ashWebSv.exe
ProcessID : 864
Priority : Normal
Product Name : avast! Antivirus
Version : 4, 8, 1335, 0
Description : avast! Web Scanner
Company : ALWIL Software
Window Title :
File Size : 352,920
File Created Date : 16/02/2009 07:39:38 م
File Modified Date : 05/02/2009 09:06:04 م
Filename : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Base Address : 0x00400000
Created On : 30/03/2009 09:54:08 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 420 K
Mem Usage Peak : 48096 K
Page Faults : 48066
Pagefile Usage : 25924 K
Pagefile Peak Usage : 28844 K
File Attributes : A
==================================================

==================================================
Process Name : alg.exe
ProcessID : 2348
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-0852)
Description : Application Layer Gateway Service
Company : Microsoft Corporation
Window Title :
File Size : 44,544
File Created Date : 04/08/2004 08:00:00 ص
File Modified Date : 14/04/2008 12:12:12 ص
Filename : C:\WINDOWS\System32\alg.exe
Base Address : 0x01000000
Created On : 30/03/2009 09:54:11 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3600 K
Mem Usage Peak : 3612 K
Page Faults : 940
Pagefile Usage : 1204 K
Pagefile Peak Usage : 1232 K
File Attributes : A
==================================================

==================================================
Process Name : msiexec.exe
ProcessID : 2664
Priority : Normal
Product Name : Windows Installer - Unicode
Version : 3.1.4001.5512
Description : Windows® installer
Company : Microsoft Corporation
Window Title :
File Size : 78,848
File Created Date : 04/08/2004 08:00:00 ص
File Modified Date : 14/04/2008 12:12:28 ص
Filename : C:\WINDOWS\system32\msiexec.exe
Base Address : 0x01000000
Created On : 30/03/2009 09:54:13 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 14072 K
Mem Usage Peak : 14856 K
Page Faults : 21880
Pagefile Usage : 7188 K
Pagefile Peak Usage : 7484 K
File Attributes : A
==================================================

==================================================
Process Name : IEMonitor.exe
ProcessID : 2804
Priority : Normal
Product Name : IEMonitor Application
Version : 5, 12, 8, 0
Description : Internet Download Manager agent for click monitoring in IE-based browsers
Company : Tonec Inc.
Window Title :
File Size : 251,312
File Created Date : 28/10/2008 10:46:37 ص
File Modified Date : 18/02/2008 01:01:02 م
Filename : F:\برامج كمبيوتر\IDM_5.14\IDM_5.14\Cracked EXE\IEMonitor.exe
Base Address : 0x00400000
Created On : 30/03/2009 09:54:15 م
Visible Windows : 0
Hidden Windows : 3
User Name : ASSEM\assemabdallh
Mem Usage : 4672 K
Mem Usage Peak : 4684 K
Page Faults : 1237
Pagefile Usage : 1500 K
Pagefile Peak Usage : 1516 K
File Attributes : A
==================================================

==================================================
Process Name : MsiExec.exe
ProcessID : 2900
Priority : Normal
Product Name : Windows Installer - Unicode
Version : 3.1.4001.5512
Description : Windows® installer
Company : Microsoft Corporation
Window Title :
File Size : 78,848
File Created Date : 04/08/2004 08:00:00 ص
File Modified Date : 14/04/2008 12:12:28 ص
Filename : C:\WINDOWS\system32\MsiExec.exe
Base Address : 0x01000000
Created On : 30/03/2009 09:54:18 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3732 K
Mem Usage Peak : 3740 K
Page Faults : 1129
Pagefile Usage : 1268 K
Pagefile Peak Usage : 1292 K
File Attributes : A
==================================================

==================================================
Process Name : firefox.exe
ProcessID : 1720
Priority : Normal
Product Name : Firefox
Version : 1.9.0.8
Description : Firefox
Company : Mozilla Corporation
Window Title : تعلم كيف تقوم بحل مشكله الشاشه الزرقاء والريسيت خلال دقائق ..شرح نادر وتفصيلي بالصور - زيزوووم للأمن والحمايه - Mozilla Firefox
File Size : 307,704
File Created Date : 16/02/2009 09:15:51 م
File Modified Date : 29/03/2009 07:18:20 ص
Filename : C:\Program Files\Mozilla Firefox\firefox.exe
Base Address : 0x00400000
Created On : 30/03/2009 09:55:12 م
Visible Windows : 1
Hidden Windows : 20
User Name : ASSEM\assemabdallh
Mem Usage : 82732 K
Mem Usage Peak : 99100 K
Page Faults : 555396
Pagefile Usage : 70872 K
Pagefile Peak Usage : 89696 K
File Attributes : A
==================================================

==================================================
Process Name : CTFMON.EXE
ProcessID : 2320
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2105)
Description : CTF Loader
Company : Microsoft Corporation
Window Title :
File Size : 15,360
File Created Date : 04/08/2004 08:00:00 ص
File Modified Date : 14/04/2008 12:12:16 ص
Filename : C:\WINDOWS\system32\CTFMON.EXE
Base Address : 0x00400000
Created On : 30/03/2009 09:57:17 م
Visible Windows : 0
Hidden Windows : 5
User Name : ASSEM\assemabdallh
Mem Usage : 6492 K
Mem Usage Peak : 6492 K
Page Faults : 1734
Pagefile Usage : 1136 K
Pagefile Peak Usage : 1136 K
File Attributes : A
==================================================

==================================================
Process Name : Integrator.exe
ProcessID : 3636
Priority : Normal
Product Name : Dachshund Integrator
Version : 1.05.0001
Description :
Company : Dachshund Software
Window Title :
File Size : 151,552
File Created Date : 15/01/2003 09:46:24 ص
File Modified Date : 15/01/2003 09:46:24 ص
Filename : C:\WINDOWS\Integrator.exe
Base Address : 0x00400000
Created On : 30/03/2009 10:06:56 م
Visible Windows : 0
Hidden Windows : 7
User Name : ASSEM\assemabdallh
Mem Usage : 4940 K
Mem Usage Peak : 5036 K
Page Faults : 1336
Pagefile Usage : 1248 K
Pagefile Peak Usage : 1276 K
File Attributes : A
==================================================

==================================================
Process Name : runn.exe
ProcessID : 2124
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 71,680
File Created Date : 30/03/2009 08:30:37 م
File Modified Date : 31/01/2008 11:24:26 م
Filename : C:\DOCUME~1\ASSEMA~1\LOCALS~1\Temp\bntoz\runn.exe
Base Address : 0x00400000
Created On : 30/03/2009 10:30:37 م
Visible Windows : 0
Hidden Windows : 0
User Name : ASSEM\assemabdallh
Mem Usage : 2128 K
Mem Usage Peak : 2136 K
Page Faults : 613
Pagefile Usage : 624 K
Pagefile Peak Usage : 700 K
File Attributes : A
==================================================

==================================================
Process Name : cmd.exe
ProcessID : 2212
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2111)
Description : Windows Command Processor
Company : Microsoft Corporation
Window Title :
File Size : 389,120
File Created Date : 04/08/2004 08:00:00 ص
File Modified Date : 14/04/2008 12:12:14 ص
Filename : C:\WINDOWS\system32\cmd.exe
Base Address : 0x4AD00000
Created On : 30/03/2009 10:30:38 م
Visible Windows : 0
Hidden Windows : 1
User Name : ASSEM\assemabdallh
Mem Usage : 2924 K
Mem Usage Peak : 2992 K
Page Faults : 829
Pagefile Usage : 2060 K
Pagefile Peak Usage : 2136 K
File Attributes : A
==================================================

==================================================
Process Name : wmiprvse.exe
ProcessID : 2232
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.5512 (xpsp.080413-2108)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 218,112
File Created Date : 16/02/2009 12:46:43 م
File Modified Date : 14/04/2008 12:12:40 ص
Filename : C:\WINDOWS\system32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 30/03/2009 10:30:38 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 5704 K
Mem Usage Peak : 5704 K
Page Faults : 1463
Pagefile Usage : 2912 K
Pagefile Peak Usage : 2912 K
File Attributes : A
==================================================

==================================================
Process Name : CProcess.exe
ProcessID : 172
Priority : Normal
Product Name : CurrProcess
Version : 1.11
Description : CurrProcess
Company : NirSoft
Window Title :
File Size : 35,840
File Created Date : 30/03/2009 08:30:37 م
File Modified Date : 14/07/2005 05:46:34 ص
Filename : C:\DOCUME~1\ASSEMA~1\LOCALS~1\Temp\bntoz\CProcess. exe
Base Address : 0x00400000
Created On : 30/03/2009 10:30:39 م
Visible Windows : 0
Hidden Windows : 0
User Name : ASSEM\assemabdallh
Mem Usage : 2220 K
Mem Usage Peak : 2256 K
Page Faults : 867
Pagefile Usage : 888 K
Pagefile Peak Usage : 944 K
File Attributes : A
==================================================

.
.
--------------------------\\\ End Report Of Running Processes ---------------
.
.
.
.
--------------------------\\\ Windows XP Startup List ---------------
.

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
autocheck autochk *
Auto Check Utility
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\autochk.exe

HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
rdpclip
rdpclip
RDP Clip Monitor
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\rdpclip.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
Userinit Logon Application
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\userinit.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
explorer.exe
explorer.exe
Windows Explorer
Microsoft Corporation
6.00.2900.5512
c:\windows\explorer.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
avast!
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
avast! service GUI component
ALWIL Software
4.08.1335.0000
c:\program files\alwil software\avast4\ashdisp.exe
SSS2008 PasswordManagerFFAutoFill
"C:\Program Files\Steganos Privacy Suite 2008\PasswordManagerFFAutoFill.exe"
10.00.0007.0000
c:\program files\steganos privacy suite 2008\passwordmanagerffautofill.exe
SSS2008 HotKeys
"C:\Program Files\Steganos Privacy Suite 2008\SteganosHotKeyService.exe"
10.00.0007.0000
c:\program files\steganos privacy suite 2008\steganoshotkeyservice.exe
SSS2008 File Redirection Starter
"C:\Program Files\Steganos Privacy Suite 2008\fredirstarter.exe"
c:\program files\steganos privacy suite 2008\fredirstarter.exe

C:\Documents and Settings\assemabdallh\Start Menu\Programs\Startup
AntiCrash.lnk
C:\Documents and Settings\assemabdallh\Start Menu\Programs\Startup\AntiCrash.lnk
1.00.0000.0000
c:\program files\dachshund software\anticrash\anticrash.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
IDMan
F:\برامج كمبيوتر\IDM_5.14\IDM_5.14\Cracked EXE\IDMan.exe /onboot
Internet Download Manager (IDM)
Tonec Inc.
5.14.0001.0000
f:\برامج كمبيوتر\idm_5.14\idm_5.14\cracked exe\idman.exe
ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
CTF Loader
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\ctfmon.exe
.
.
----------- End Report

MAAX · 8 أبريل 2009

التقرير سليم عزيزي

assem_ade · 11 أبريل 2009

ليه بيعمل رستار عند اغلاق الكمبيوتر

تقرير الهايجاك .الكمبيوتر يعمل رستار عند الامر turn off

assem_ade

زيزوومي جديد

MAAX

عضوشرف

assem_ade

زيزوومي جديد