.
--------------------------\\\ Start Report Of HijackThis ---------------
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:13:10 م, on 03/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\alrodan\LOCALS~1\Temp\winpidn.exe
C:\DOCUME~1\alrodan\LOCALS~1\Temp\winnhymhk.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\notepad.exe
C:\DOCUME~1\alrodan\LOCALS~1\Temp\bntoz\runn.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\alrodan\LOCALS~1\Temp\bntoz\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy-dsl.nesma.net.sa:8080
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: TransBar.lnk = F:\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: IDM بواسطة FLV تحميل محتوى فيديو - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: IDM تحميل بواسطة - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: IDM تحميل جميع الروابط بواسطة - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) -
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
O16 - DPF: {C171FF59-8C55-4796-A398-4F5D02B4C763} (IMC_Sec Control) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: "C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
--
End of file - 5323 bytes
.
.
--------------------------\\\ End Report Of Of HijackThis ---------------
.
.
.
.
--------------------------\\\ Start Report Of Running Processes ---------------
.
==================================================
Process Name : smss.exe
ProcessID : 732
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Session Manager
Company : Microsoft Corporation
Window Title :
File Size : 50,688
File Created Date : 17/06/1425 09:56:30 م
File Modified Date : 17/06/1425 09:56:30 م
Filename : C:\WINDOWS\System32\smss.exe
Base Address : 0x48580000
Created On : 26/01/1429 01:53:42 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 408 K
Mem Usage Peak : 712 K
Page Faults : 297
Pagefile Usage : 168 K
Pagefile Peak Usage : 1644 K
File Attributes : A
==================================================
==================================================
Process Name : csrss.exe
ProcessID : 788
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Client Server Runtime Process
Company : Microsoft Corporation
Window Title :
File Size : 6,144
File Created Date : 17/06/1425 09:56:08 م
File Modified Date : 17/06/1425 09:56:08 م
Filename : C:\WINDOWS\system32\csrss.exe
Base Address : 0x4A680000
Created On : 26/01/1429 01:53:45 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4484 K
Mem Usage Peak : 5696 K
Page Faults : 7685
Pagefile Usage : 1952 K
Pagefile Peak Usage : 5000 K
File Attributes : A
==================================================
==================================================
Process Name : winlogon.exe
ProcessID : 812
Priority : High
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Logon Application
Company : Microsoft Corporation
Window Title :
File Size : 501,248
File Created Date : 17/06/1425 09:56:36 م
File Modified Date : 17/06/1425 09:56:36 م
Filename : C:\WINDOWS\system32\winlogon.exe
Base Address : 0x01000000
Created On : 26/01/1429 01:53:47 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 792 K
Mem Usage Peak : 13880 K
Page Faults : 13936
Pagefile Usage : 8080 K
Pagefile Peak Usage : 8356 K
File Attributes : A
==================================================
==================================================
Process Name : services.exe
ProcessID : 856
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Services and Controller app
Company : Microsoft Corporation
Window Title :
File Size : 108,032
File Created Date : 17/06/1425 09:56:30 م
File Modified Date : 17/06/1425 09:56:30 م
Filename : C:\WINDOWS\system32\services.exe
Base Address : 0x01000000
Created On : 26/01/1429 01:53:49 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4240 K
Mem Usage Peak : 4408 K
Page Faults : 1794
Pagefile Usage : 2116 K
Pagefile Peak Usage : 2536 K
File Attributes : A
==================================================
==================================================
Process Name : lsass.exe
ProcessID : 868
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : LSA Shell (Export Version)
Company : Microsoft Corporation
Window Title :
File Size : 13,312
File Created Date : 17/06/1425 09:56:18 م
File Modified Date : 17/06/1425 09:56:18 م
Filename : C:\WINDOWS\system32\lsass.exe
Base Address : 0x01000000
Created On : 26/01/1429 01:53:49 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1880 K
Mem Usage Peak : 5776 K
Page Faults : 6474
Pagefile Usage : 3920 K
Pagefile Peak Usage : 4164 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1032
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 17/06/1425 09:56:32 م
File Modified Date : 17/06/1425 09:56:32 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 26/01/1429 01:53:50 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5040 K
Mem Usage Peak : 5084 K
Page Faults : 1463
Pagefile Usage : 3284 K
Pagefile Peak Usage : 23512 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1092
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 17/06/1425 09:56:32 م
File Modified Date : 17/06/1425 09:56:32 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 26/01/1429 01:53:51 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3732 K
Mem Usage Peak : 3732 K
Page Faults : 987
Pagefile Usage : 1724 K
Pagefile Peak Usage : 1740 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1124
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 17/06/1425 09:56:32 م
File Modified Date : 17/06/1425 09:56:32 م
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 26/01/1429 01:53:51 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 24920 K
Mem Usage Peak : 28688 K
Page Faults : 32069
Pagefile Usage : 18460 K
Pagefile Peak Usage : 22396 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1244
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 17/06/1425 09:56:32 م
File Modified Date : 17/06/1425 09:56:32 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 26/01/1429 01:53:51 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3408 K
Mem Usage Peak : 3448 K
Page Faults : 1018
Pagefile Usage : 1484 K
Pagefile Peak Usage : 1548 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1348
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 17/06/1425 09:56:32 م
File Modified Date : 17/06/1425 09:56:32 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 26/01/1429 01:53:51 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 7544 K
Mem Usage Peak : 7628 K
Page Faults : 6370
Pagefile Usage : 6048 K
Pagefile Peak Usage : 6328 K
File Attributes : A
==================================================
==================================================
Process Name : spoolsv.exe
ProcessID : 1588
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Spooler SubSystem App
Company : Microsoft Corporation
Window Title :
File Size : 57,856
File Created Date : 17/06/1425 09:56:32 م
File Modified Date : 17/06/1425 09:56:32 م
Filename : C:\WINDOWS\system32\spoolsv.exe
Base Address : 0x01000000
Created On : 26/01/1429 01:53:52 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4572 K
Mem Usage Peak : 4608 K
Page Faults : 1291
Pagefile Usage : 3128 K
Pagefile Peak Usage : 3428 K
File Attributes : A
==================================================
==================================================
Process Name : Explorer.EXE
ProcessID : 1832
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Explorer
Company : Microsoft Corporation
Window Title : نتائج البحث
File Size : 973,312
File Created Date : 17/06/1425 09:56:12 م
File Modified Date : 17/06/1425 09:56:12 م
Filename : C:\WINDOWS\Explorer.EXE
Base Address : 0x01000000
Created On : 26/01/1429 01:53:55 م
Visible Windows : 3
Hidden Windows : 59
User Name : AL-RODAN\alrodan
Mem Usage : 12436 K
Mem Usage Peak : 67300 K
Page Faults : 668042
Pagefile Usage : 43196 K
Pagefile Peak Usage : 54008 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 244
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 17/06/1425 09:56:32 م
File Modified Date : 17/06/1425 09:56:32 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 26/01/1429 01:54:02 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3236 K
Mem Usage Peak : 3240 K
Page Faults : 848
Pagefile Usage : 2296 K
Pagefile Peak Usage : 2320 K
File Attributes : A
==================================================
==================================================
Process Name : nvsvc32.exe
ProcessID : 296
Priority : Normal
Product Name : NVIDIA Driver Helper Service, Version 81.94
Version : 6.14.10.8194
Description : NVIDIA Driver Helper Service, Version 81.94
Company : NVIDIA Corporation
Window Title :
File Size : 131,139
File Created Date : 03/10/1426 03:03:00 م
File Modified Date : 03/10/1426 03:03:00 م
Filename : C:\WINDOWS\system32\nvsvc32.exe
Base Address : 0x00400000
Created On : 26/01/1429 01:54:02 م
Visible Windows : 0
Hidden Windows : 2
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3544 K
Mem Usage Peak : 4492 K
Page Faults : 3033
Pagefile Usage : 2180 K
Pagefile Peak Usage : 2884 K
File Attributes : A
==================================================
==================================================
Process Name : slserv.exe
ProcessID : 376
Priority : Normal
Product Name : Soft Modem
Version : 3.80.01MC15
Description :
Company : Smart Link
Window Title :
File Size : 73,796
File Created Date : 16/08/1428 04:09:02 م
File Modified Date : 17/06/1425 09:56:30 م
Filename : C:\WINDOWS\system32\slserv.exe
Base Address : 0x00400000
Created On : 26/01/1429 01:54:02 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 852 K
Mem Usage Peak : 852 K
Page Faults : 205
Pagefile Usage : 280 K
Pagefile Peak Usage : 280 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 400
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 17/06/1425 09:56:32 م
File Modified Date : 17/06/1425 09:56:32 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 26/01/1429 01:54:02 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4180 K
Mem Usage Peak : 4220 K
Page Faults : 1120
Pagefile Usage : 2564 K
Pagefile Peak Usage : 2652 K
File Attributes : A
==================================================
==================================================
Process Name : IEMonitor.exe
ProcessID : 2184
Priority : Normal
Product Name : IEMonitor Application
Version : 3, 0, 0, 1
Description : Internet Download Manager agent for click monitoring in IE-based browsers
Company : Tonec Inc.
Window Title :
File Size : 251,576
File Created Date : 29/09/1428 03:05:47 م
File Modified Date : 02/02/1428 02:53:54 م
Filename : C:\Program Files\Internet Download Manager\IEMonitor.exe
Base Address : 0x00400000
Created On : 26/01/1429 01:54:14 م
Visible Windows : 0
Hidden Windows : 3
User Name : AL-RODAN\alrodan
Mem Usage : 5020 K
Mem Usage Peak : 5024 K
Page Faults : 2022
Pagefile Usage : 1812 K
Pagefile Peak Usage : 1824 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 2652
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 17/06/1425 09:56:32 م
File Modified Date : 17/06/1425 09:56:32 م
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 26/01/1429 01:54:22 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3496 K
Mem Usage Peak : 3504 K
Page Faults : 902
Pagefile Usage : 1752 K
Pagefile Peak Usage : 1776 K
File Attributes : A
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 2108
Priority : Normal
Product Name : Windows® Internet Explorer
Version : 7.00.5730.11 (winmain(wmbla).061017-1135)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title : تكفون ساعدوني مشكلتي بالكاسبر - زيزوووم للأمن والحمايه - Windows Internet Explorer
File Size : 622,080
File Created Date : 16/08/1428 04:30:09 م
File Modified Date : 25/09/1427 09:04:40 ص
Filename : C:\Program Files\Internet Explorer\iexplore.exe
Base Address : 0x00400000
Created On : 26/01/1429 02:05:58 م
Visible Windows : 1
Hidden Windows : 32
User Name : AL-RODAN\alrodan
Mem Usage : 14976 K
Mem Usage Peak : 54900 K
Page Faults : 54362
Pagefile Usage : 42004 K
Pagefile Peak Usage : 43056 K
File Attributes : A
==================================================
==================================================
Process Name : ctfmon.exe
ProcessID : 3940
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : CTF Loader
Company : Microsoft Corporation
Window Title :
File Size : 15,360
File Created Date : 17/06/1425 09:56:08 م
File Modified Date : 17/06/1425 09:56:08 م
Filename : C:\WINDOWS\system32\ctfmon.exe
Base Address : 0x00400000
Created On : 26/01/1429 02:05:59 م
Visible Windows : 0
Hidden Windows : 5
User Name : AL-RODAN\alrodan
Mem Usage : 3436 K
Mem Usage Peak : 3436 K
Page Faults : 1004
Pagefile Usage : 1156 K
Pagefile Peak Usage : 1332 K
File Attributes : A
==================================================
==================================================
Process Name : winpidn.exe
ProcessID : 3980
Priority : Normal
Product Name : xmlscript
Version : 1.00
Description :
Company : q
Window Title : xmlscript
File Size : 51,712
File Created Date : 26/01/1429 12:07:30 م
File Modified Date : 26/01/1429 12:07:34 م
Filename : C:\DOCUME~1\alrodan\LOCALS~1\Temp\winpidn.exe
Base Address : 0x00400000
Created On : 26/01/1429 03:07:34 م
Visible Windows : 1
Hidden Windows : 3
User Name : AL-RODAN\alrodan
Mem Usage : 10560 K
Mem Usage Peak : 10612 K
Page Faults : 3461
Pagefile Usage : 4736 K
Pagefile Peak Usage : 4752 K
File Attributes : A
==================================================
==================================================
Process Name : winnhymhk.exe
ProcessID : 1964
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 30,720
File Created Date : 26/01/1429 12:07:42 م
File Modified Date : 26/01/1429 12:07:46 م
Filename : C:\DOCUME~1\alrodan\LOCALS~1\Temp\winnhymhk.exe
Base Address : 0x00400000
Created On : 26/01/1429 03:07:44 م
Visible Windows : 0
Hidden Windows : 0
User Name : AL-RODAN\alrodan
Mem Usage : 5808 K
Mem Usage Peak : 6004 K
Page Faults : 4736
Pagefile Usage : 2416 K
Pagefile Peak Usage : 2616 K
File Attributes : A
==================================================
==================================================
Process Name : notepad.exe
ProcessID : 3984
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : المفكرة
Company : Microsoft Corporation
Window Title : 21.txt - المفكرة
File Size : 155,136
File Created Date : 17/06/1425 09:56:24 م
File Modified Date : 17/06/1425 09:56:24 م
Filename : C:\WINDOWS\system32\notepad.exe
Base Address : 0x01000000
Created On : 26/01/1429 05:10:19 م
Visible Windows : 1
Hidden Windows : 2
User Name : AL-RODAN\alrodan
Mem Usage : 1020 K
Mem Usage Peak : 12564 K
Page Faults : 4088
Pagefile Usage : 4304 K
Pagefile Peak Usage : 9308 K
File Attributes : A
==================================================
==================================================
Process Name : runn.exe
ProcessID : 704
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 71,680
File Created Date : 26/01/1429 02:13:02 م
File Modified Date : 23/01/1429 10:24:26 م
Filename : C:\DOCUME~1\alrodan\LOCALS~1\Temp\bntoz\runn.exe
Base Address : 0x00400000
Created On : 26/01/1429 05:13:02 م
Visible Windows : 0
Hidden Windows : 0
User Name : AL-RODAN\alrodan
Mem Usage : 2084 K
Mem Usage Peak : 2116 K
Page Faults : 629
Pagefile Usage : 736 K
Pagefile Peak Usage : 824 K
File Attributes : A
==================================================
==================================================
Process Name : cmd.exe
ProcessID : 3168
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Command Processor
Company : Microsoft Corporation
Window Title :
File Size : 415,232
File Created Date : 17/06/1425 09:56:06 م
File Modified Date : 17/06/1425 09:56:06 م
Filename : C:\WINDOWS\system32\cmd.exe
Base Address : 0x4AD00000
Created On : 26/01/1429 05:13:02 م
Visible Windows : 0
Hidden Windows : 1
User Name : AL-RODAN\alrodan
Mem Usage : 2896 K
Mem Usage Peak : 2960 K
Page Faults : 838
Pagefile Usage : 2160 K
Pagefile Peak Usage : 2236 K
File Attributes : A
==================================================
==================================================
Process Name : wmiprvse.exe
ProcessID : 1848
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 218,112
File Created Date : 16/08/1428 04:28:40 م
File Modified Date : 18/06/1425 12:56:36 ص
Filename : C:\WINDOWS\system32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 26/01/1429 05:13:05 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 5692 K
Mem Usage Peak : 5692 K
Page Faults : 1451
Pagefile Usage : 3052 K
Pagefile Peak Usage : 3052 K
File Attributes : A
==================================================
==================================================
Process Name : CProcess.exe
ProcessID : 3200
Priority : Normal
Product Name : CurrProcess
Version : 1.11
Description : CurrProcess
Company : NirSoft
Window Title :
File Size : 35,840
File Created Date : 26/01/1429 02:13:02 م
File Modified Date : 08/06/1426 04:46:34 ص
Filename : C:\DOCUME~1\alrodan\LOCALS~1\Temp\bntoz\CProcess.exe
Base Address : 0x00400000
Created On : 26/01/1429 05:13:10 م
Visible Windows : 0
Hidden Windows : 0
User Name : AL-RODAN\alrodan
Mem Usage : 2172 K
Mem Usage Peak : 2232 K
Page Faults : 804
Pagefile Usage : 988 K
Pagefile Peak Usage : 1052 K
File Attributes : A
==================================================
.
.
--------------------------\\\ End Report Of Running Processes ---------------
.
.
.
.
--------------------------\\\ Windows XP Startup List ---------------
.
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
autocheck autochk *
Auto Check Utility
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\autochk.exe
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
rdpclip
rdpclip
RDP Clip Monitor
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\rdpclip.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
Userinit Logon Application
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Explorer.exe
Explorer.exe
Windows Explorer
Microsoft Corporation
6.00.2900.2180
c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvCplDaemon
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NVIDIA Display Properties Extension
NVIDIA Corporation
6.14.0010.8194
c:\windows\system32\nvcpl.dll
AVP
"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
File not found: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل
PalTalk.lnk
C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\PalTalk.lnk
PaltalkScene
AVM Software Inc.
9.91.2725.0000
c:\program files\paltalk messenger\paltalk.exe
C:\Documents and Settings\alrodan\قائمة ابدأ\البرامج\بدء التشغيل
TransBar.lnk
C:\Documents and Settings\alrodan\قائمة ابدأ\البرامج\بدء التشغيل\TransBar.lnk
TransBar
AKSoftware
1.04.0002.0000
f:\vista inspirat 2\transbar\transbar.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
CTF Loader
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\ctfmon.exe
IDMan
C:\Program Files\Internet Download Manager\IDMan.exe /onboot
Internet Download Manager (IDM)
Tonec Inc.
5.00.0011.0008
c:\program files\internet download manager\idman.exe
.
.
----------- End Report ---------------
.gif)
