يعطيك العافية يالغالي
وهذا التقرير
ـــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــ
.
--------------------------\\\ Start Report Of HijackThis ---------------
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:40 ص, on 21/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\Ashampoo\ASHAMP~1\ashsnap.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\XPPRESP3\My Documents\برامج\imageshackert\55.exe
C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\bntoz\runn.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\bntoz\autorunsc.exe
C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\bntoz\runn.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\bntoz\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.102.0.102:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.254;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Azkary] C:\Program Files\Azkary\Azkary
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [1 mags 16 more] C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\road great.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AshSnap] C:\PROGRA~1\Ashampoo\ASHAMP~1\ashsnap.exe
O4 - HKCU\..\Run: [RoamPile] C:\DOCUME~1\XPPRESP3\APPLIC~1\HECKSI~1\Bonebinelse.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u ****l32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u ****l32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u ****l32 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &تحميل الكل باستعمال فلاش-جت - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &تحميل باستعمال فلاش-جت - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster -
Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia -
Files\ieSpell\wikipedia.HTM
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan ******) -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 11678 bytes
.
.
--------------------------\\\ End Report Of Of HijackThis ---------------
.
.
.
.
--------------------------\\\ Start Report Of Running Processes ---------------
.
==================================================
Process Name : smss.exe
ProcessID : 1236
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Session Manager
Company : Microsoft Corporation
Window Title :
File Size : 50,688
File Created Date : 18/06/1425 02:00:00 م
File Modified Date : 18/06/1425 02:00:00 م
Filename : C:\WINDOWS\System32\smss.exe
Base Address : 0x48580000
Created On : 13/03/1429 07:37:24 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 84 K
Mem Usage Peak : 708 K
Page Faults : 301
Pagefile Usage : 172 K
Pagefile Peak Usage : 1672 K
File Attributes : A
==================================================
==================================================
Process Name : csrss.exe
ProcessID : 1308
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Client Server Runtime Process
Company : Microsoft Corporation
Window Title :
File Size : 6,144
File Created Date : 18/06/1425 02:00:00 م
File Modified Date : 18/06/1425 02:00:00 م
Filename : C:\WINDOWS\system32\csrss.exe
Base Address : 0x4A680000
Created On : 13/03/1429 07:37:25 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3028 K
Mem Usage Peak : 5320 K
Page Faults : 27511
Pagefile Usage : 2256 K
Pagefile Peak Usage : 4560 K
File Attributes : A
==================================================
==================================================
Process Name : winlogon.exe
ProcessID : 1332
Priority : High
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Logon Application
Company : Microsoft Corporation
Window Title :
File Size : 502,272
File Created Date : 18/06/1425 02:00:00 م
File Modified Date : 18/06/1425 02:00:00 م
Filename : C:\WINDOWS\system32\winlogon.exe
Base Address : 0x01000000
Created On : 13/03/1429 07:37:26 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3224 K
Mem Usage Peak : 14216 K
Page Faults : 10931
Pagefile Usage : 9816 K
Pagefile Peak Usage : 11208 K
File Attributes : A
==================================================
==================================================
Process Name : services.exe
ProcessID : 1376
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Services and Controller app
Company : Microsoft Corporation
Window Title :
File Size : 108,032
File Created Date : 18/06/1425 02:00:00 م
File Modified Date : 18/06/1425 02:00:00 م
Filename : C:\WINDOWS\system32\services.exe
Base Address : 0x01000000
Created On : 13/03/1429 07:37:26 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1500 K
Mem Usage Peak : 3872 K
Page Faults : 7831
Pagefile Usage : 1932 K
Pagefile Peak Usage : 2236 K
File Attributes : A
==================================================
==================================================
Process Name : lsass.exe
ProcessID : 1388
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : LSA ****l (Export Version)
Company : Microsoft Corporation
Window Title :
File Size : 13,312
File Created Date : 18/06/1425 02:00:00 م
File Modified Date : 18/06/1425 02:00:00 م
Filename : C:\WINDOWS\system32\lsass.exe
Base Address : 0x01000000
Created On : 13/03/1429 07:37:26 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2788 K
Mem Usage Peak : 7220 K
Page Faults : 14193
Pagefile Usage : 7824 K
Pagefile Peak Usage : 8192 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1552
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 02:00:00 م
File Modified Date : 18/06/1425 02:00:00 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 13/03/1429 07:37:27 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1856 K
Mem Usage Peak : 5540 K
Page Faults : 2432
Pagefile Usage : 3652 K
Pagefile Peak Usage : 23868 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1644
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 02:00:00 م
File Modified Date : 18/06/1425 02:00:00 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 13/03/1429 07:37:27 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4804 K
Mem Usage Peak : 5956 K
Page Faults : 3802
Pagefile Usage : 9860 K
Pagefile Peak Usage : 9884 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1844
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 02:00:00 م
File Modified Date : 18/06/1425 02:00:00 م
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 13/03/1429 07:37:27 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 19568 K
Mem Usage Peak : 134492 K
Page Faults : 12972296
Pagefile Usage : 31008 K
Pagefile Peak Usage : 142440 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 276
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 02:00:00 م
File Modified Date : 18/06/1425 02:00:00 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 13/03/1429 07:37:27 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3596 K
Mem Usage Peak : 5836 K
Page Faults : 26448
Pagefile Usage : 3968 K
Pagefile Peak Usage : 5696 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 408
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 02:00:00 م
File Modified Date : 18/06/1425 02:00:00 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 13/03/1429 07:37:27 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3156 K
Mem Usage Peak : 7520 K
Page Faults : 7521
Pagefile Usage : 6276 K
Pagefile Peak Usage : 6544 K
File Attributes : A
==================================================
==================================================
Process Name : spoolsv.exe
ProcessID : 788
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2696 (xpsp.050610-1527)
Description : Spooler SubSystem App
Company : Microsoft Corporation
Window Title :
File Size : 57,856
File Created Date : 25/07/1428 04:23:15 م
File Modified Date : 25/07/1428 04:23:15 م
Filename : C:\WINDOWS\system32\spoolsv.exe
Base Address : 0x01000000
Created On : 13/03/1429 07:37:28 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1568 K
Mem Usage Peak : 5912 K
Page Faults : 3129
Pagefile Usage : 3764 K
Pagefile Peak Usage : 4276 K
File Attributes : A
==================================================
==================================================
Process Name : Explorer.EXE
ProcessID : 1040
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)
Description : Windows Explorer
Company : Microsoft Corporation
Window Title : Program Manager
File Size : 1,033,216
File Created Date : 25/07/1428 04:40:41 م
File Modified Date : 28/05/1428 10:23:07 ص
Filename : C:\WINDOWS\Explorer.EXE
Base Address : 0x01000000
Created On : 13/03/1429 07:37:36 م
Visible Windows : 2
Hidden Windows : 32
User Name : سلطان\سلطان
Mem Usage : 17152 K
Mem Usage Peak : 38024 K
Page Faults : 198934
Pagefile Usage : 40432 K
Pagefile Peak Usage : 50852 K
File Attributes : A
==================================================
==================================================
Process Name : ctfmon.exe
ProcessID : 1052
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : CTF Loader
Company : Microsoft Corporation
Window Title :
File Size : 15,360
File Created Date : 18/06/1425 02:00:00 م
File Modified Date : 18/06/1425 02:00:00 م
Filename : C:\WINDOWS\system32\ctfmon.exe
Base Address : 0x00400000
Created On : 13/03/1429 07:37:36 م
Visible Windows : 0
Hidden Windows : 5
User Name : سلطان\سلطان
Mem Usage : 2792 K
Mem Usage Peak : 4596 K
Page Faults : 9686
Pagefile Usage : 1928 K
Pagefile Peak Usage : 1932 K
File Attributes : A
==================================================
==================================================
Process Name : VTtrayp.exe
ProcessID : 1172
Priority : Normal
Product Name : Part of S3 Screen Toys
Version : 2.00.49-0411
Description : s3contrl (32-bit)
Company : S3 Graphics Co., Ltd.
Window Title :
File Size : 176,128
File Created Date : 13/03/1427 08:06:30 ص
File Modified Date : 13/03/1427 08:06:30 ص
Filename : C:\WINDOWS\system32\VTtrayp.exe
Base Address : 0x00400000
Created On : 13/03/1429 07:37:39 م
Visible Windows : 0
Hidden Windows : 2
User Name : سلطان\سلطان
Mem Usage : 844 K
Mem Usage Peak : 5388 K
Page Faults : 2803
Pagefile Usage : 1768 K
Pagefile Peak Usage : 2036 K
File Attributes : AR
==================================================
==================================================
Process Name : VTTimer.exe
ProcessID : 1180
Priority : Normal
Product Name : S3 Graphics, Inc. Utilities
Version : 2.00.01-0307
Description :
Company : S3 Graphics, Inc.
Window Title :
File Size : 53,248
File Created Date : 27/01/1426 07:33:28 م
File Modified Date : 27/01/1426 07:33:28 م
Filename : C:\WINDOWS\system32\VTTimer.exe
Base Address : 0x00400000
Created On : 13/03/1429 07:37:39 م
Visible Windows : 0
Hidden Windows : 2
User Name : سلطان\سلطان
Mem Usage : 616 K
Mem Usage Peak : 3036 K
Page Faults : 990
Pagefile Usage : 1160 K
Pagefile Peak Usage : 1160 K
File Attributes : AR
==================================================
==================================================
Process Name : VistaDrive.exe
ProcessID : 1188
Priority : Normal
Product Name :
Version : 3, 1, 1, 0
Description :
Company :
Window Title :
File Size : 280,779
File Created Date : 08/09/1428 08:08:20 ص
File Modified Date : 13/09/1427 05:56:28 م
Filename : C:\WINDOWS\VistaDrive\VistaDrive.exe
Base Address : 0x00400000
Created On : 13/03/1429 07:37:39 م
Visible Windows : 0
Hidden Windows : 2
User Name : سلطان\سلطان
Mem Usage : 1084 K
Mem Usage Peak : 5368 K
Page Faults : 1950
Pagefile Usage : 2584 K
Pagefile Peak Usage : 2652 K
File Attributes : A
==================================================
==================================================
Process Name : SOUNDMAN.EXE
ProcessID : 1196
Priority : Normal
Product Name : Realtek Sound Manager
Version : 5, 1, 0, 56
Description : Realtek Sound Manager
Company : Realtek Semiconductor Corp.
Window Title :
File Size : 577,536
File Created Date : 08/09/1428 08:49:01 ص
File Modified Date : 08/07/1427 09:12:36 م
Filename : C:\WINDOWS\SOUNDMAN.EXE
Base Address : 0x00400000
Created On : 13/03/1429 07:37:39 م
Visible Windows : 0
Hidden Windows : 2
User Name : سلطان\سلطان
Mem Usage : 728 K
Mem Usage Peak : 4172 K
Page Faults : 1391
Pagefile Usage : 2620 K
Pagefile Peak Usage : 2620 K
File Attributes : R
==================================================
==================================================
Process Name : sm56hlpr.exe
ProcessID : 1204
Priority : Normal
Product Name : Motorola SM56 Tray Application
Version : 6.10.05
Description : Motorola SM56 Win32 Utility
Company : Motorola Inc.
Window Title :
File Size : 544,768
File Created Date : 05/10/1428 08:23:49 ص
File Modified Date : 29/04/1426 09:40:48 ص
Filename : C:\WINDOWS\sm56hlpr.exe
Base Address : 0x00400000
Created On : 13/03/1429 07:37:39 م
Visible Windows : 0
Hidden Windows : 5
User Name : سلطان\سلطان
Mem Usage : 888 K
Mem Usage Peak : 4544 K
Page Faults : 1353
Pagefile Usage : 1992 K
Pagefile Peak Usage : 1992 K
File Attributes : AR
==================================================
==================================================
Process Name : PDVDServ.exe
ProcessID : 1224
Priority : Normal
Product Name : PowerDVD
Version : 6.00.1027
Description : PowerDVD RC Service
Company : Cyberlink Corp.
Window Title :
File Size : 32,768
File Created Date : 08/09/1428 09:07:36 ص
File Modified Date : 20/09/1425 05:24:46 م
Filename : C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
Base Address : 0x00400000
Created On : 13/03/1429 07:37:39 م
Visible Windows : 0
Hidden Windows : 3
User Name : سلطان\سلطان
Mem Usage : 640 K
Mem Usage Peak : 4060 K
Page Faults : 1346
Pagefile Usage : 4432 K
Pagefile Peak Usage : 4460 K
File Attributes : A
==================================================
==================================================
Process Name : HPWuSchd2.exe
ProcessID : 1276
Priority : Normal
Product Name : hp digital imaging
Version : 70.0.170.000
Description : Hewlett-Packard Product Assistant
Company : Hewlett-Packard Development Company, L.P.
Window Title :
File Size : 49,152
File Created Date : 20/01/1427 11:41:10 م
File Modified Date : 20/01/1427 11:41:10 م
Filename : C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Base Address : 0x00400000
Created On : 13/03/1429 07:37:39 م
Visible Windows : 0
Hidden Windows : 2
User Name : سلطان\سلطان
Mem Usage : 664 K
Mem Usage Peak : 3476 K
Page Faults : 1098
Pagefile Usage : 1360 K
Pagefile Peak Usage : 1360 K
File Attributes : A
==================================================
==================================================
Process Name : realsched.exe
ProcessID : 1296
Priority : Normal
Product Name : RealPlayer (32-bit)
Version : 0.1.1.45
Description : RealNetworks Scheduler
Company : RealNetworks, Inc.
Window Title :
File Size : 185,896
File Created Date : 08/09/1428 09:18:55 ص
File Modified Date : 29/02/1429 11:45:59 م
Filename : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Base Address : 0x00400000
Created On : 13/03/1429 07:37:39 م
Visible Windows : 0
Hidden Windows : 2
User Name : سلطان\سلطان
Mem Usage : 164 K
Mem Usage Peak : 4592 K
Page Faults : 23662
Pagefile Usage : 4724 K
Pagefile Peak Usage : 4752 K
File Attributes : A
==================================================
==================================================
Process Name : avp.exe
ProcessID : 1312
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 7.0.1.325
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 227,856
File Created Date : 01/02/1429 03:36:14 م
File Modified Date : 01/02/1429 03:36:14 م
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
Base Address : 0x00400000
Created On : 13/03/1429 07:37:39 م
Visible Windows : 0
Hidden Windows : 4
User Name : سلطان\سلطان
Mem Usage : 3456 K
Mem Usage Peak : 10704 K
Page Faults : 28603
Pagefile Usage : 10396 K
Pagefile Peak Usage : 16560 K
File Attributes : A
==================================================
==================================================
Process Name : RocketDock.exe
ProcessID : 1456
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title : RocketDock
File Size : 630,784
File Created Date : 08/09/1428 08:08:49 ص
File Modified Date : 29/02/1428 09:05:02 م
Filename : C:\Program Files\RocketDock\RocketDock.exe
Base Address : 0x00400000
Created On : 13/03/1429 07:37:39 م
Visible Windows : 10
Hidden Windows : 6
User Name : سلطان\سلطان
Mem Usage : 4436 K
Mem Usage Peak : 9044 K
Page Faults : 833855
Pagefile Usage : 6860 K
Pagefile Peak Usage : 13616 K
File Attributes : A
==================================================
==================================================
Process Name : daemon.exe
ProcessID : 1532
Priority : Normal
Product Name : DAEMON Tools
Version : 4.10.0.0
Description : Virtual DAEMON Manager
Company : DT Soft Ltd.
Window Title :
File Size : 167,368
File Created Date : 03/08/1428 11:24:39 ص
File Modified Date : 03/08/1428 11:24:39 ص
Filename : C:\Program Files\DAEMON Tools\daemon.exe
Base Address : 0x00400000
Created On : 13/03/1429 07:37:39 م
Visible Windows : 0
Hidden Windows : 2
User Name : سلطان\سلطان
Mem Usage : 624 K
Mem Usage Peak : 5436 K
Page Faults : 1672
Pagefile Usage : 2084 K
Pagefile Peak Usage : 2088 K
File Attributes : A
==================================================
==================================================
Process Name : ashsnap.exe
ProcessID : 1596
Priority : Normal
Product Name : Ashampoo Magical Snap
Version : 2, 0, 0, 0
Description : Ashampoo Magical Snap
Company : Nikolaus Brennig
Window Title : _nibCButtonBar-d93f2d04-e034-403b-8525-c8cd7bcf11d2
File Size : 600,064
File Created Date : 29/01/1429 12:26:24 م
File Modified Date : 21/01/1428 05:02:26 م
Filename : C:\PROGRA~1\Ashampoo\ASHAMP~1\ashsnap.exe
Base Address : 0x00400000
Created On : 13/03/1429 07:37:40 م
Visible Windows : 1
Hidden Windows : 6
User Name : سلطان\سلطان
Mem Usage : 8312 K
Mem Usage Peak : 20460 K
Page Faults : 22546
Pagefile Usage : 16744 K
Pagefile Peak Usage : 25252 K
File Attributes : A
==================================================
==================================================
Process Name : IEXPLORE.EXE
ProcessID : 1772
Priority : Normal
Product Name : Windows® Internet Explorer
Version : 7.00.6000.20733 (vista_ldr.071204-1500)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title :
File Size : 625,664
File Created Date : 25/09/1427 09:04:40 ص
File Modified Date : 27/11/1428 08:34:45 ص
Filename : C:\Program Files\Internet Explorer\IEXPLORE.EXE
Base Address : 0x00400000
Created On : 13/03/1429 07:37:41 م
Visible Windows : 0
Hidden Windows : 2
User Name : سلطان\سلطان
Mem Usage : 7820 K
Mem Usage Peak : 13936 K
Page Faults : 84869
Pagefile Usage : 31624 K
Pagefile Peak Usage : 31696 K
File Attributes :
==================================================
==================================================
Process Name : hpqtra08.exe
ProcessID : 1812
Priority : Normal
Product Name : hp digital imaging
Version : 70.0.170.000
Description : HP Digital Imaging Monitor
Company : Hewlett-Packard Development Company, L.P.
Window Title :
File Size : 288,472
File Created Date : 21/01/1427 01:21:22 ص
File Modified Date : 21/01/1427 01:21:22 ص
Filename : C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Base Address : 0x00400000
Created On : 13/03/1429 07:37:41 م
Visible Windows : 0
Hidden Windows : 71
User Name : سلطان\سلطان
Mem Usage : 4080 K
Mem Usage Peak : 15568 K
Page Faults : 10086
Pagefile Usage : 12152 K
Pagefile Peak Usage : 12236 K
File Attributes : A
==================================================
==================================================
Process Name : IEXPLORE.EXE
ProcessID : 1880
Priority : Normal
Product Name : Windows® Internet Explorer
Version : 7.00.6000.20733 (vista_ldr.071204-1500)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title :
File Size : 625,664
File Created Date : 25/09/1427 09:04:40 ص
File Modified Date : 27/11/1428 08:34:45 ص
Filename : C:\Program Files\Internet Explorer\IEXPLORE.EXE
Base Address : 0x00400000
Created On : 13/03/1429 07:37:42 م
Visible Windows : 0
Hidden Windows : 2
User Name : سلطان\سلطان
Mem Usage : 1436 K
Mem Usage Peak : 10232 K
Page Faults : 4439
Pagefile Usage : 22332 K
Pagefile Peak Usage : 22464 K
File Attributes :
==================================================
==================================================
Process Name : DATALA~1.EXE
ProcessID : 644
Priority : Normal
Product Name : Nokia PC Suite
Version : 6, 81, 124, 1
Description : DataLayer 2.0 Module
Company : Nokia Mobile Phones Ltd.
Window Title :
File Size : 851,456
File Created Date : 02/06/1427 12:50:52 م
File Modified Date : 02/06/1427 12:50:52 م
Filename : C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
Base Address : 0x00400000
Created On : 13/03/1429 07:37:51 م
Visible Windows : 0
Hidden Windows : 3
User Name : سلطان\سلطان
Mem Usage : 1140 K
Mem Usage Peak : 7896 K
Page Faults : 2605
Pagefile Usage : 5864 K
Pagefile Peak Usage : 5936 K
File Attributes : A
==================================================
==================================================
Process Name : avp.exe
ProcessID : 2180
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 7.0.1.325
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 227,856
File Created Date : 01/02/1429 03:36:14 م
File Modified Date : 01/02/1429 03:36:14 م
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
Base Address : 0x00400000
Created On : 13/03/1429 07:38:04 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 34116 K
Mem Usage Peak : 68036 K
Page Faults : 1599761
Pagefile Usage : 55128 K
Pagefile Peak Usage : 84520 K
File Attributes : A
==================================================
==================================================
Process Name : FolderSizeSvc.exe
ProcessID : 2208
Priority : Normal
Product Name : Folder Size for Windows
Version : 1, 3, 0, 0
Description : FolderSize Service
Company : Brio
Window Title :
File Size : 98,304
File Created Date : 24/02/1427 08:23:22 م
File Modified Date : 24/02/1427 08:23:22 م
Filename : C:\Program Files\FolderSize\FolderSizeSvc.exe
Base Address : 0x00400000
Created On : 13/03/1429 07:38:04 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 284 K
Mem Usage Peak : 2760 K
Page Faults : 948
Pagefile Usage : 1140 K
Pagefile Peak Usage : 1140 K
File Attributes : A
==================================================
==================================================
Process Name : openvpnas.exe
ProcessID : 2232
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 1,383,208
File Created Date : 05/02/1429 10:19:34 م
File Modified Date : 05/02/1429 10:19:34 م
Filename : C:\Program Files\Hotspot Shield\bin\openvpnas.exe
Base Address : 0x00400000
Created On : 13/03/1429 07:38:04 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 236 K
Mem Usage Peak : 2200 K
Page Faults : 560
Pagefile Usage : 704 K
Pagefile Peak Usage : 704 K
File Attributes : A
==================================================
==================================================
Process Name : ServiceLayer.exe
ProcessID : 2968
Priority : Normal
Product Name : PC Connectivity Solution
Version : 6, 81, 60, 0
Description : ServiceLayer Module
Company : Nokia.
Window Title :
File Size : 174,080
File Created Date : 09/05/1427 10:59:18 ص
File Modified Date : 09/05/1427 10:59:18 ص
Filename : C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Base Address : 0x00400000
Created On : 13/03/1429 07:38:20 م
Visible Windows : 0
Hidden Windows : 4
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2172 K
Mem Usage Peak : 6508 K
Page Faults : 19526
Pagefile Usage : 6204 K
Pagefile Peak Usage : 6408 K
File Attributes : A
==================================================
==================================================
Process Name : alg.exe
ProcessID : 3420
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Application Layer Gateway Service
Company : Microsoft Corporation
Window Title :
File Size : 44,544
File Created Date : 18/06/1425 02:00:00 م
File Modified Date : 18/06/1425 02:00:00 م
Filename : C:\WINDOWS\System32\alg.exe
Base Address : 0x01000000
Created On : 13/03/1429 07:38:21 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 212 K
Mem Usage Peak : 3824 K
Page Faults : 1105
Pagefile Usage : 1344 K
Pagefile Peak Usage : 1356 K
File Attributes : A
==================================================
==================================================
Process Name : hpqSTE08.exe
ProcessID : 3252
Priority : Normal
Product Name : hp digital imaging
Version : 70.0.170.000
Description : HP CUE Status
Company : Hewlett-Packard Development Company, L.P.
Window Title :
File Size : 239,320
File Created Date : 21/01/1427 02:24:52 ص
File Modified Date : 21/01/1427 02:24:52 ص
Filename : C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
Base Address : 0x00400000
Created On : 13/03/1429 07:38:30 م
Visible Windows : 0
Hidden Windows : 53
User Name : سلطان\سلطان
Mem Usage : 2312 K
Mem Usage Peak : 18404 K
Page Faults : 13323
Pagefile Usage : 13468 K
Pagefile Peak Usage : 13512 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 236
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 02:00:00 م
File Modified Date : 18/06/1425 02:00:00 م
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 13/03/1429 07:38:34 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 212 K
Mem Usage Peak : 3812 K
Page Faults : 1095
Pagefile Usage : 1800 K
Pagefile Peak Usage : 1824 K
File Attributes : A
==================================================
==================================================
Process Name : WLLoginProxy.exe
ProcessID : 3392
Priority : Normal
Product Name : Microsoft® Windows Live Login Helper
Version : 4.200.520.1
Description : WLLoginProxy.exe
Company : Microsoft Corporation
Window Title :
File Size : 118,336
File Created Date : 09/09/1428 07:35:36 ص
File Modified Date : 09/09/1428 07:35:36 ص
Filename : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
Base Address : 0x01000000
Created On : 13/03/1429 07:39:15 م
Visible Windows : 0
Hidden Windows : 0
User Name : سلطان\سلطان
Mem Usage : 1976 K
Mem Usage Peak : 8652 K
Page Faults : 3228
Pagefile Usage : 8336 K
Pagefile Peak Usage : 8404 K
File Attributes : A
==================================================
==================================================
Process Name : usnsvc.exe
ProcessID : 2432
Priority : Normal
Product Name : Messenger
Version : 8.5.1302.1018
Description : Messenger Sharing USN Journal Reader Service
Company : Microsoft Corporation
Window Title :
File Size : 98,328
File Created Date : 07/10/1428 08:31:54 ص
File Modified Date : 07/10/1428 08:31:54 ص
Filename : C:\Program Files\Windows Live\Messenger\usnsvc.exe
Base Address : 0x00400000
Created On : 13/03/1429 07:41:06 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 912 K
Mem Usage Peak : 2928 K
Page Faults : 806
Pagefile Usage : 992 K
Pagefile Peak Usage : 1012 K
File Attributes : A
==================================================
==================================================
Process Name : HPZipm12.exe
ProcessID : 2012
Priority : Normal
Product Name : HP PML
Version : 10, 1, 1, 4
Description : PML Driver
Company : HP
Window Title :
File Size : 69,632
File Created Date : 09/09/1428 12:21:55 ص
File Modified Date : 21/10/1426 06:58:48 م
Filename : C:\WINDOWS\system32\HPZipm12.exe
Base Address : 0x00400000
Created On : 13/03/1429 10:30:35 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 388 K
Mem Usage Peak : 2064 K
Page Faults : 529
Pagefile Usage : 708 K
Pagefile Peak Usage : 708 K
File Attributes : A
==================================================
==================================================
Process Name : msnmsgr.exe
ProcessID : 652
Priority : Normal
Product Name : Messenger
Version : 8.5.1302.1018
Description : Windows Live Messenger
Company : Microsoft Corporation
Window Title :
ahmadatiah@hotmail.com - محادثة
File Size : 5,724,184
File Created Date : 07/10/1428 08:34:42 ص
File Modified Date : 07/10/1428 08:34:42 ص
Filename : C:\Program Files\Windows Live\Messenger\msnmsgr.exe
Base Address : 0x00400000
Created On : 13/03/1429 10:31:46 م
Visible Windows : 2
Hidden Windows : 46
User Name : سلطان\سلطان
Mem Usage : 10388 K
Mem Usage Peak : 41712 K
Page Faults : 161762
Pagefile Usage : 53512 K
Pagefile Peak Usage : 54688 K
File Attributes : A
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 2644
Priority : Normal
Product Name : Windows® Internet Explorer
Version : 7.00.6000.20733 (vista_ldr.071204-1500)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title : من بعد تنظيف جهازي من الفيروسات اصبحت مشكلتي بالأكسبلور((للخبراء)) - زيزوووم للأمن والحمايه -
File Size : 625,664
File Created Date : 25/09/1427 09:04:40 ص
File Modified Date : 27/11/1428 08:34:45 ص
Filename : C:\Program Files\Internet Explorer\iexplore.exe
Base Address : 0x00400000
Created On : 13/03/1429 10:39:17 م
Visible Windows : 2
Hidden Windows : 126
User Name : سلطان\سلطان
Mem Usage : 6232 K
Mem Usage Peak : 68300 K
Page Faults : 397680
Pagefile Usage : 107464 K
Pagefile Peak Usage : 108428 K
File Attributes :
==================================================
==================================================
Process Name : orbitdm.exe
ProcessID : 3972
Priority : Normal
Product Name : Orbit Downloader
Version : 2, 1, 0, 7
Description : Orbit Downloader
Company : Orbitdownloader.com
Window Title : Orbit
File Size : 1,666,240
File Created Date : 08/09/1428 08:24:24 ص
File Modified Date : 11/08/1428 01:12:12 م
Filename : C:\Program Files\Orbitdownloader\orbitdm.exe
Base Address : 0x00400000
Created On : 13/03/1429 11:52:38 م
Visible Windows : 1
Hidden Windows : 14
User Name : سلطان\سلطان
Mem Usage : 760 K
Mem Usage Peak : 11200 K
Page Faults : 39568
Pagefile Usage : 7036 K
Pagefile Peak Usage : 7624 K
File Attributes : A
==================================================
==================================================
Process Name : orbitnet.exe
ProcessID : 1092
Priority : Normal
Product Name : P2P service of Orbit Downloader
Version : 1, 5, 0, 5
Description : P2P service of Orbit Downloader
Company : Orbitdownloader.com
Window Title :
File Size : 356,352
File Created Date : 08/09/1428 08:24:24 ص
File Modified Date : 13/04/1428 07:32:40 ص
Filename : C:\Program Files\Orbitdownloader\orbitnet.exe
Base Address : 0x00400000
Created On : 13/03/1429 11:52:38 م
Visible Windows : 0
Hidden Windows : 2
User Name : سلطان\سلطان
Mem Usage : 3508 K
Mem Usage Peak : 8444 K
Page Faults : 8492
Pagefile Usage : 4440 K
Pagefile Peak Usage : 4508 K
File Attributes : A
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 1768
Priority : Normal
Product Name : Windows® Internet Explorer
Version : 7.00.6000.20733 (vista_ldr.071204-1500)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title : التحكم بالأعضاء - منتديات المدار - vBulletin لوحة تحكم المراقب -
File Size : 625,664
File Created Date : 25/09/1427 09:04:40 ص
File Modified Date : 27/11/1428 08:34:45 ص
Filename : C:\Program Files\Internet Explorer\iexplore.exe
Base Address : 0x00400000
Created On : 13/03/1429 11:55:24 م
Visible Windows : 1
Hidden Windows : 58
User Name : سلطان\سلطان
Mem Usage : 29964 K
Mem Usage Peak : 54372 K
Page Faults : 201860
Pagefile Usage : 70100 K
Pagefile Peak Usage : 74356 K
File Attributes :
==================================================
==================================================
Process Name : 55.exe
ProcessID : 2584
Priority : Normal
Product Name :
Version : 0.5.1.0
Description :
Company : buggya****l
Window Title :
File Size : 302,592
File Created Date : 03/03/1429 05:23:10 م
File Modified Date : 20/04/1426 11:20:08 م
Filename : C:\Documents and Settings\XPPRESP3\My Documents\برامج\imageshackert\55.exe
Base Address : 0x00400000
Created On : 14/03/1429 12:29:04 ص
Visible Windows : 0
Hidden Windows : 11
User Name : سلطان\سلطان
Mem Usage : 2128 K
Mem Usage Peak : 15832 K
Page Faults : 7965
Pagefile Usage : 12356 K
Pagefile Peak Usage : 13536 K
File Attributes : A
==================================================
==================================================
Process Name : runn.exe
ProcessID : 884
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 71,680
File Created Date : 13/03/1429 09:56:32 م
File Modified Date : 23/01/1429 10:24:25 م
Filename : C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\bntoz\runn.exe
Base Address : 0x00400000
Created On : 14/03/1429 12:56:34 ص
Visible Windows : 0
Hidden Windows : 0
User Name : سلطان\سلطان
Mem Usage : 2732 K
Mem Usage Peak : 2736 K
Page Faults : 810
Pagefile Usage : 1028 K
Pagefile Peak Usage : 1032 K
File Attributes : A
==================================================
==================================================
Process Name : cmd.exe
ProcessID : 2572
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Command Processor
Company : Microsoft Corporation
Window Title :
File Size : 388,608
File Created Date : 18/06/1425 02:00:00 م
File Modified Date : 18/06/1425 02:00:00 م
Filename : C:\WINDOWS\system32\cmd.exe
Base Address : 0x4AD00000
Created On : 14/03/1429 12:56:34 ص
Visible Windows : 0
Hidden Windows : 1
User Name : سلطان\سلطان
Mem Usage : 3188 K
Mem Usage Peak : 3252 K
Page Faults : 923
Pagefile Usage : 2216 K
Pagefile Peak Usage : 2292 K
File Attributes : A
==================================================
==================================================
Process Name : autorunsc.exe
ProcessID : 604
Priority : Normal
Product Name : Sysinternals autoruns
Version : 9.02
Description : Autostart program viewer
Company : Sysinternals -
Window Title : AutoRuns License Agreement
File Size : 504,872
File Created Date : 13/03/1429 09:56:32 م
File Modified Date : 01/01/1429 12:32:44 م
Filename : C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\bntoz\autorunsc.exe
Base Address : 0x00400000
Created On : 14/03/1429 12:57:02 ص
Visible Windows : 1
Hidden Windows : 2
User Name : سلطان\سلطان
Mem Usage : 6032 K
Mem Usage Peak : 6252 K
Page Faults : 2617
Pagefile Usage : 4728 K
Pagefile Peak Usage : 6596 K
File Attributes : A
==================================================
==================================================
Process Name : runn.exe
ProcessID : 3364
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 71,680
File Created Date : 13/03/1429 09:56:32 م
File Modified Date : 23/01/1429 10:24:25 م
Filename : C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\bntoz\runn.exe
Base Address : 0x00400000
Created On : 14/03/1429 12:58:16 ص
Visible Windows : 0
Hidden Windows : 0
User Name : سلطان\سلطان
Mem Usage : 2728 K
Mem Usage Peak : 2732 K
Page Faults : 809
Pagefile Usage : 1028 K
Pagefile Peak Usage : 1032 K
File Attributes : A
==================================================
==================================================
Process Name : cmd.exe
ProcessID : 3928
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Command Processor
Company : Microsoft Corporation
Window Title :
File Size : 388,608
File Created Date : 18/06/1425 02:00:00 م
File Modified Date : 18/06/1425 02:00:00 م
Filename : C:\WINDOWS\system32\cmd.exe
Base Address : 0x4AD00000
Created On : 14/03/1429 12:58:17 ص
Visible Windows : 0
Hidden Windows : 1
User Name : سلطان\سلطان
Mem Usage : 3192 K
Mem Usage Peak : 3256 K
Page Faults : 899
Pagefile Usage : 2220 K
Pagefile Peak Usage : 2288 K
File Attributes : A
==================================================
==================================================
Process Name : wmiprvse.exe
ProcessID : 2912
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 218,112
File Created Date : 08/09/1428 08:07:22 ص
File Modified Date : 18/06/1425 02:00:00 م
Filename : C:\WINDOWS\system32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 14/03/1429 12:58:33 ص
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 5884 K
Mem Usage Peak : 5884 K
Page Faults : 1515
Pagefile Usage : 3032 K
Pagefile Peak Usage : 3032 K
File Attributes : A
==================================================
==================================================
Process Name : CProcess.exe
ProcessID : 1716
Priority : Normal
Product Name : CurrProcess
Version : 1.11
Description : CurrProcess
Company : NirSoft
Window Title :
File Size : 35,840
File Created Date : 13/03/1429 09:56:32 م
File Modified Date : 08/06/1426 04:46:34 ص
Filename : C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\bntoz\CProcess.exe
Base Address : 0x00400000
Created On : 14/03/1429 12:58:40 ص
Visible Windows : 0
Hidden Windows : 0
User Name : سلطان\سلطان
Mem Usage : 2824 K
Mem Usage Peak : 2892 K
Page Faults : 1324
Pagefile Usage : 1164 K
Pagefile Peak Usage : 1808 K
File Attributes : A
==================================================
.
.
--------------------------\\\ End Report Of Running Processes ---------------
.
.
.
.
--------------------------\\\ Windows XP Startup List ---------------
.
.png)
.png)
