اخوووووي هذي المفكره الي طلعتلي
.
--------------------------\\\ Start Report Of HijackThis ---------------
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:23 م, on 05/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mfc\My Documents\براامج\HaCkEr\اختراق الاجهزهـ\Bifrostr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\DOCUME~1\Mfc\LOCALS~1\Temp\bntoz\runn.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\Mfc\LOCALS~1\Temp\bntoz\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Helper Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: "إضافة إلى حاجب الدعايات" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 5776 bytes
.
.
--------------------------\\\ End Report Of Of HijackThis ---------------
.
.
.
.
--------------------------\\\ Start Report Of Running Processes ---------------
.
==================================================
Process Name : smss.exe
ProcessID : 444
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Session Manager
Company : Microsoft Corporation
Window Title :
File Size : 50,688
File Created Date : 27/10/1423 11:00:00 ص
File Modified Date : 27/10/1423 11:00:00 ص
Filename : C:\WINDOWS\System32\smss.exe
Base Address : 0x48580000
Created On : 03/08/1429 11:01:50 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 388 K
Mem Usage Peak : 704 K
Page Faults : 296
Pagefile Usage : 168 K
Pagefile Peak Usage : 1676 K
File Attributes : A
==================================================
==================================================
Process Name : csrss.exe
ProcessID : 492
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Client Server Runtime Process
Company : Microsoft Corporation
Window Title :
File Size : 6,144
File Created Date : 27/10/1423 11:00:00 ص
File Modified Date : 27/10/1423 11:00:00 ص
Filename : C:\WINDOWS\system32\csrss.exe
Base Address : 0x4A680000
Created On : 03/08/1429 11:01:51 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4572 K
Mem Usage Peak : 5328 K
Page Faults : 7510
Pagefile Usage : 2124 K
Pagefile Peak Usage : 4652 K
File Attributes : A
==================================================
==================================================
Process Name : winlogon.exe
ProcessID : 516
Priority : High
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Logon Application
Company : Microsoft Corporation
Window Title :
File Size : 502,272
File Created Date : 27/10/1423 11:00:00 ص
File Modified Date : 27/10/1423 11:00:00 ص
Filename : C:\WINDOWS\system32\winlogon.exe
Base Address : 0x01000000
Created On : 03/08/1429 11:01:52 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4552 K
Mem Usage Peak : 13488 K
Page Faults : 7164
Pagefile Usage : 11180 K
Pagefile Peak Usage : 11408 K
File Attributes : A
==================================================
==================================================
Process Name : services.exe
ProcessID : 560
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Services and Controller app
Company : Microsoft Corporation
Window Title :
File Size : 108,032
File Created Date : 27/10/1423 11:00:00 ص
File Modified Date : 27/10/1423 11:00:00 ص
Filename : C:\WINDOWS\system32\services.exe
Base Address : 0x01000000
Created On : 03/08/1429 11:01:52 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4760 K
Mem Usage Peak : 4796 K
Page Faults : 1926
Pagefile Usage : 2124 K
Pagefile Peak Usage : 2184 K
File Attributes : A
==================================================
==================================================
Process Name : lsass.exe
ProcessID : 572
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : LSA Shell (Export Version)
Company : Microsoft Corporation
Window Title :
File Size : 13,312
File Created Date : 27/10/1423 11:00:00 ص
File Modified Date : 27/10/1423 11:00:00 ص
Filename : C:\WINDOWS\system32\lsass.exe
Base Address : 0x01000000
Created On : 03/08/1429 11:01:52 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3092 K
Mem Usage Peak : 6168 K
Page Faults : 4333
Pagefile Usage : 5676 K
Pagefile Peak Usage : 5696 K
File Attributes : A
==================================================
==================================================
Process Name : DF5Serv.exe
ProcessID : 748
Priority : Normal
Product Name : Deep Freeze 6
Version : 6,30,20,1818
Description : Deep Freeze 6 service
Company : Faronics Corporation
Window Title :
File Size : 429,056
File Created Date : 13/06/1428 05:31:00 م
File Modified Date : 13/06/1428 05:31:00 م
Filename : C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
Base Address : 0x00400000
Created On : 03/08/1429 11:01:53 م
Visible Windows : 0
Hidden Windows : 3
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4404 K
Mem Usage Peak : 6164 K
Page Faults : 1997
Pagefile Usage : 3292 K
Pagefile Peak Usage : 5404 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 776
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 27/10/1423 11:00:00 ص
File Modified Date : 27/10/1423 11:00:00 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 03/08/1429 11:01:53 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5104 K
Mem Usage Peak : 5156 K
Page Faults : 1437
Pagefile Usage : 3256 K
Pagefile Peak Usage : 23372 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 824
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 27/10/1423 11:00:00 ص
File Modified Date : 27/10/1423 11:00:00 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 03/08/1429 11:01:53 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3844 K
Mem Usage Peak : 3844 K
Page Faults : 1049
Pagefile Usage : 1740 K
Pagefile Peak Usage : 1740 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 856
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 27/10/1423 11:00:00 ص
File Modified Date : 27/10/1423 11:00:00 ص
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 03/08/1429 11:01:53 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 19644 K
Mem Usage Peak : 21324 K
Page Faults : 13481
Pagefile Usage : 12444 K
Pagefile Peak Usage : 13620 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 976
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 27/10/1423 11:00:00 ص
File Modified Date : 27/10/1423 11:00:00 ص
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 03/08/1429 11:01:53 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3808 K
Mem Usage Peak : 3820 K
Page Faults : 1027
Pagefile Usage : 1536 K
Pagefile Peak Usage : 1584 K
File Attributes : A
==================================================
==================================================
Process Name : spoolsv.exe
ProcessID : 1144
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Spooler SubSystem App
Company : Microsoft Corporation
Window Title :
File Size : 57,856
File Created Date : 27/10/1423 11:00:00 ص
File Modified Date : 27/10/1423 11:00:00 ص
Filename : C:\WINDOWS\system32\spoolsv.exe
Base Address : 0x01000000
Created On : 03/08/1429 11:01:54 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4816 K
Mem Usage Peak : 5720 K
Page Faults : 1862
Pagefile Usage : 3316 K
Pagefile Peak Usage : 4084 K
File Attributes : A
==================================================
==================================================
Process Name : avp.exe
ProcessID : 1264
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 8.0.0.357
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 201,992
File Created Date : 19/04/1429 03:21:30 م
File Modified Date : 19/04/1429 03:21:30 م
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
Base Address : 0x00400000
Created On : 03/08/1429 11:01:57 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 17316 K
Mem Usage Peak : 104104 K
Page Faults : 56455
Pagefile Usage : 14060 K
Pagefile Peak Usage : 102100 K
File Attributes : A
==================================================
==================================================
Process Name : MDM.EXE
ProcessID : 1300
Priority : Normal
Product Name : Microsoft® Visual Studio .NET
Version : 7.00.9466
Description : Machine Debug Manager
Company : Microsoft Corporation
Window Title :
File Size : 322,120
File Created Date : 19/04/1424 08:25:00 م
File Modified Date : 19/04/1424 08:25:00 م
Filename : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Base Address : 0x00400000
Created On : 03/08/1429 11:01:57 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3192 K
Mem Usage Peak : 3196 K
Page Faults : 988
Pagefile Usage : 1112 K
Pagefile Peak Usage : 1116 K
File Attributes : A
==================================================
==================================================
Process Name : alg.exe
ProcessID : 1924
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Application Layer Gateway Service
Company : Microsoft Corporation
Window Title :
File Size : 44,544
File Created Date : 27/10/1423 11:00:00 ص
File Modified Date : 27/10/1423 11:00:00 ص
Filename : C:\WINDOWS\System32\alg.exe
Base Address : 0x01000000
Created On : 03/08/1429 11:20:40 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3680 K
Mem Usage Peak : 3680 K
Page Faults : 979
Pagefile Usage : 1296 K
Pagefile Peak Usage : 1304 K
File Attributes : A
==================================================
==================================================
Process Name : Explorer.EXE
ProcessID : 940
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Explorer
Company : Microsoft Corporation
Window Title : اختراق الاجهزهـ
File Size : 1,032,192
File Created Date : 27/10/1423 11:00:00 ص
File Modified Date : 27/10/1423 11:00:00 ص
Filename : C:\WINDOWS\Explorer.EXE
Base Address : 0x01000000
Created On : 03/08/1429 11:20:46 م
Visible Windows : 3
Hidden Windows : 43
User Name : ROOT\Mfc
Mem Usage : 10220 K
Mem Usage Peak : 31268 K
Page Faults : 32441
Pagefile Usage : 36004 K
Pagefile Peak Usage : 37720 K
File Attributes : A
==================================================
==================================================
Process Name : IEXPLORE.EXE
ProcessID : 1316
Priority : Normal
Product Name : Windows® Internet Explorer
Version : 7.00.6000.16674 (vista_gdr.080415-1732)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title :
File Size : 625,664
File Created Date : 21/03/1429 07:19:30 م
File Modified Date : 16/04/1429 07:40:18 ص
Filename : C:\Program Files\Internet Explorer\IEXPLORE.EXE
Base Address : 0x00400000
Created On : 03/08/1429 11:20:54 م
Visible Windows : 0
Hidden Windows : 2
User Name : ROOT\Mfc
Mem Usage : 6864 K
Mem Usage Peak : 9284 K
Page Faults : 4178
Pagefile Usage : 4188 K
Pagefile Peak Usage : 11124 K
File Attributes : A
==================================================
==================================================
Process Name : avp.exe
ProcessID : 1736
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 8.0.0.357
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 201,992
File Created Date : 19/04/1429 03:21:30 م
File Modified Date : 19/04/1429 03:21:30 م
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
Base Address : 0x00400000
Created On : 03/08/1429 11:20:59 م
Visible Windows : 0
Hidden Windows : 5
User Name : ROOT\Mfc
Mem Usage : 3896 K
Mem Usage Peak : 8072 K
Page Faults : 5373
Pagefile Usage : 7324 K
Pagefile Peak Usage : 7392 K
File Attributes : A
==================================================
==================================================
Process Name : realsched.exe
ProcessID : 1972
Priority : Normal
Product Name : RealPlayer (32-bit)
Version : 0.1.1.45
Description : RealNetworks Scheduler
Company : RealNetworks, Inc.
Window Title :
File Size : 185,896
File Created Date : 16/07/1429 05:57:14 ص
File Modified Date : 16/07/1429 05:57:14 ص
Filename : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Base Address : 0x00400000
Created On : 03/08/1429 11:21:00 م
Visible Windows : 0
Hidden Windows : 2
User Name : ROOT\Mfc
Mem Usage : 232 K
Mem Usage Peak : 2948 K
Page Faults : 3991
Pagefile Usage : 4232 K
Pagefile Peak Usage : 4260 K
File Attributes : A
==================================================
==================================================
Process Name : FrzState2k.exe
ProcessID : 208
Priority : Normal
Product Name : Deep Freeze 6
Version : 6,30,20,1818
Description : Deep Freeze 6 utility
Company : Faronics Corporation
Window Title :
File Size : 1,123,130
File Created Date : 23/07/1429 09:50:43 م
File Modified Date : 03/08/1429 08:21:02 م
Filename : C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
Base Address : 0x00400000
Created On : 03/08/1429 11:21:03 م
Visible Windows : 0
Hidden Windows : 4
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 6036 K
Mem Usage Peak : 6036 K
Page Faults : 1559
Pagefile Usage : 6192 K
Pagefile Peak Usage : 6192 K
File Attributes : A
==================================================
==================================================
Process Name : msnmsgr.exe
ProcessID : 908
Priority : Normal
Product Name : Messenger
Version : 8.5.1302.1018
Description : Windows Live Messenger
Company : Microsoft Corporation
Window Title : Intuos Messenger
File Size : 5,724,184
File Created Date : 07/10/1428 08:34:42 ص
File Modified Date : 07/10/1428 08:34:42 ص
Filename : C:\Program Files\Windows Live\Messenger\msnmsgr.exe
Base Address : 0x00400000
Created On : 03/08/1429 11:21:15 م
Visible Windows : 2
Hidden Windows : 54
User Name : ROOT\Mfc
Mem Usage : 62604 K
Mem Usage Peak : 63088 K
Page Faults : 68177
Pagefile Usage : 79056 K
Pagefile Peak Usage : 80132 K
File Attributes : A
==================================================
==================================================
Process Name : ctfmon.exe
ProcessID : 1048
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : CTF Loader
Company : Microsoft Corporation
Window Title :
File Size : 15,360
File Created Date : 27/10/1423 11:00:00 ص
File Modified Date : 27/10/1423 11:00:00 ص
Filename : C:\WINDOWS\system32\ctfmon.exe
Base Address : 0x00400000
Created On : 03/08/1429 11:21:27 م
Visible Windows : 0
Hidden Windows : 5
User Name : ROOT\Mfc
Mem Usage : 3436 K
Mem Usage Peak : 3436 K
Page Faults : 989
Pagefile Usage : 1488 K
Pagefile Peak Usage : 1488 K
File Attributes : A
==================================================
==================================================
Process Name : SnagIt32.exe
ProcessID : 3612
Priority : Normal
Product Name : SnagIt
Version : 8.0.1.0
Description : SnagIt 8
Company : TechSmith Corporation
Window Title :
File Size : 5,517,312
File Created Date : 14/02/1427 06:01:00 ص
File Modified Date : 14/02/1427 06:01:00 ص
Filename : C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
Base Address : 0x00400000
Created On : 03/08/1429 11:32:25 م
Visible Windows : 0
Hidden Windows : 25
User Name : ROOT\Mfc
Mem Usage : 3260 K
Mem Usage Peak : 25268 K
Page Faults : 9394
Pagefile Usage : 27920 K
Pagefile Peak Usage : 28092 K
File Attributes : A
==================================================
==================================================
Process Name : TSCHelp.exe
ProcessID : 3644
Priority : Normal
Product Name :
Version : 1.0.0
Description : TechSmith HTML Help Helper
Company : TechSmith Corporation
Window Title :
File Size : 26,112
File Created Date : 14/02/1427 06:01:00 ص
File Modified Date : 14/02/1427 06:01:00 ص
Filename : C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
Base Address : 0x00400000
Created On : 03/08/1429 11:32:27 م
Visible Windows : 0
Hidden Windows : 2
User Name : ROOT\Mfc
Mem Usage : 2656 K
Mem Usage Peak : 2656 K
Page Faults : 740
Pagefile Usage : 752 K
Pagefile Peak Usage : 752 K
File Attributes : A
==================================================
==================================================
Process Name : DUC20.exe
ProcessID : 3912
Priority : Normal
Product Name : DUC v2.2.1.0
Version : 2.2.1.0
Description : No-IP.com DUC
Company : Vitalwerks LLC
Window Title :
File Size : 1,172,992
File Created Date : 20/07/1429 02:29:06 ص
File Modified Date : 02/08/1429 11:03:11 م
Filename : C:\Program Files\No-IP\DUC20.exe
Base Address : 0x00400000
Created On : 03/08/1429 11:32:49 م
Visible Windows : 0
Hidden Windows : 27
User Name : ROOT\Mfc
Mem Usage : 5648 K
Mem Usage Peak : 5648 K
Page Faults : 1511
Pagefile Usage : 1732 K
Pagefile Peak Usage : 1788 K
File Attributes : A
==================================================
==================================================
Process Name : firefox.exe
ProcessID : 2964
Priority : Normal
Product Name : Firefox
Version : 1.9.0.1
Description : Firefox
Company : Mozilla Corporation
Window Title : مشكللــــــــــــه بتسجيل دخول للكمبيوتر - الصفحة 2 - زيزوووم للأمن والحمايه - موزيلا فايرفوكس
File Size : 307,712
File Created Date : 16/07/1429 03:53:18 ص
File Modified Date : 16/07/1429 06:39:57 م
Filename : C:\Program Files\Mozilla Firefox\firefox.exe
Base Address : 0x00400000
Created On : 03/08/1429 11:34:56 م
Visible Windows : 1
Hidden Windows : 17
User Name : ROOT\Mfc
Mem Usage : 62908 K
Mem Usage Peak : 64192 K
Page Faults : 146545
Pagefile Usage : 62692 K
Pagefile Peak Usage : 64312 K
File Attributes : A
==================================================
==================================================
Process Name : Bifrostr.exe
ProcessID : 3500
Priority : Normal
Product Name : Bifrost
Version : 1,2,1
Description : ][ هتلر القصيم ][
Company : TeaM PiracY SaudI
Window Title :
File Size : 1,847,296
File Created Date : 03/08/1429 12:52:57 م
File Modified Date : 03/08/1429 12:52:57 م
Filename : C:\Documents and Settings\Mfc\My Documents\براامج\HaCkEr\اختراق الاجهزهـ\Bifrostr.exe
Base Address : 0x00400000
Created On : 03/08/1429 11:35:28 م
Visible Windows : 0
Hidden Windows : 5
User Name : ROOT\Mfc
Mem Usage : 6816 K
Mem Usage Peak : 13732 K
Page Faults : 3768
Pagefile Usage : 13776 K
Pagefile Peak Usage : 20724 K
File Attributes : A
==================================================
==================================================
Process Name : usnsvc.exe
ProcessID : 2448
Priority : Normal
Product Name : Messenger
Version : 8.5.1302.1018
Description : Messenger Sharing USN Journal Reader Service
Company : Microsoft Corporation
Window Title :
File Size : 98,328
File Created Date : 07/10/1428 08:31:54 ص
File Modified Date : 07/10/1428 08:31:54 ص
Filename : C:\Program Files\Windows Live\Messenger\usnsvc.exe
Base Address : 0x00400000
Created On : 03/08/1429 11:36:29 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2808 K
Mem Usage Peak : 2812 K
Page Faults : 748
Pagefile Usage : 880 K
Pagefile Peak Usage : 896 K
File Attributes : A
==================================================
==================================================
Process Name : wmiprvse.exe
ProcessID : 1720
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 218,112
File Created Date : 21/03/1429 07:17:56 م
File Modified Date : 27/10/1423 11:00:00 ص
Filename : C:\WINDOWS\system32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 03/08/1429 11:42:46 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 5736 K
Mem Usage Peak : 5736 K
Page Faults : 1494
Pagefile Usage : 3008 K
Pagefile Peak Usage : 3008 K
File Attributes : A
==================================================
==================================================
Process Name : runn.exe
ProcessID : 2940
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 71,680
File Created Date : 03/08/1429 08:42:44 م
File Modified Date : 23/01/1429 10:24:25 م
Filename : C:\DOCUME~1\Mfc\LOCALS~1\Temp\bntoz\runn.exe
Base Address : 0x00400000
Created On : 03/08/1429 11:43:22 م
Visible Windows : 0
Hidden Windows : 0
User Name : ROOT\Mfc
Mem Usage : 2112 K
Mem Usage Peak : 2120 K
Page Faults : 649
Pagefile Usage : 876 K
Pagefile Peak Usage : 880 K
File Attributes : A
==================================================
==================================================
Process Name : cmd.exe
ProcessID : 2948
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Command Processor
Company : Microsoft Corporation
Window Title :
File Size : 388,608
File Created Date : 27/10/1423 11:00:00 ص
File Modified Date : 27/10/1423 11:00:00 ص
Filename : C:\WINDOWS\system32\cmd.exe
Base Address : 0x4AD00000
Created On : 03/08/1429 11:43:22 م
Visible Windows : 0
Hidden Windows : 1
User Name : ROOT\Mfc
Mem Usage : 3020 K
Mem Usage Peak : 3088 K
Page Faults : 874
Pagefile Usage : 2196 K
Pagefile Peak Usage : 2272 K
File Attributes : A
==================================================
==================================================
Process Name : CProcess.exe
ProcessID : 160
Priority : Normal
Product Name : CurrProcess
Version : 1.11
Description : CurrProcess
Company : NirSoft
Window Title :
File Size : 35,840
File Created Date : 03/08/1429 08:42:44 م
File Modified Date : 08/06/1426 04:46:34 ص
Filename : C:\DOCUME~1\Mfc\LOCALS~1\Temp\bntoz\CProcess.exe
Base Address : 0x00400000
Created On : 03/08/1429 11:43:23 م
Visible Windows : 0
Hidden Windows : 0
User Name : ROOT\Mfc
Mem Usage : 2212 K
Mem Usage Peak : 2264 K
Page Faults : 940
Pagefile Usage : 932 K
Pagefile Peak Usage : 1620 K
File Attributes : A
==================================================
.
.
--------------------------\\\ End Report Of Running Processes ---------------
.
.
.
.
--------------------------\\\ Windows XP Startup List ---------------
.
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk /k:C /k
*
autocheck autochk /k:C /k
*
Auto Check Utility
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\autochk.exe
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
rdpclip
rdpclip
RDP Clip Monitor
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\rdpclip.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
Userinit Logon Application
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Explorer.exe
Explorer.exe
Windows Explorer
Microsoft Corporation
6.00.2900.2180
c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AVP
"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
Kaspersky Anti-Virus
Kaspersky Lab
8.00.0000.0357
c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe
TkBellExe
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
RealNetworks Scheduler
RealNetworks, Inc.
0.01.0001.0045
c:\program files\common files\real\update_ob\realsched.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Windows Live Messenger
Microsoft Corporation
8.05.1302.1018
c:\program files\windows live\messenger\msnmsgr.exe
ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
CTF Loader
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\ctfmon.exe
Task Scheduler
A5F9C73891FE7F68.job
c:\docume~1\mfc\applic~1\rdrnew~1\Comp Active Cast.exe
File not found: c:\docume~1\mfc\applic~1\rdrnew~1\Comp Active Cast.exe
.
.
----------- End Report ---------------
