You are on page 1of 4

Process PID CPU Description Company Name

System Idle Process 0 100.00


Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 548 Windows NT Session Manager Microsoft Corpor
ation
csrss.exe 612 Client Server Runtime Process Microsoft Corpor
ation
winlogon.exe 636 Windows NT Logon Application Microsoft Corpor
ation
services.exe 680 Services and Controller app Microsof
t Corporation
svchost.exe 856 Generic Host Process for Win32 Services
Microsoft Corporation
wmiprvse.exe 1100 WMI Microsoft Corporation
svchost.exe 932 Generic Host Process for Win32 Services
Microsoft Corporation
svchost.exe 1028 Generic Host Process for Win32 Services
Microsoft Corporation
wscntfy.exe 204 Windows Security Center Notification App
Microsoft Corporation
wuauclt.exe 460 Automatic Updates Microsoft Corpor
ation
svchost.exe 1076 Generic Host Process for Win32 Services
Microsoft Corporation
svchost.exe 1164 Generic Host Process for Win32 Services
Microsoft Corporation
spoolsv.exe 1392 Spooler SubSystem App Microsoft Corpor
ation
alg.exe 1988 Application Layer Gateway Service Microsof
t Corporation
lsass.exe 692 LSA Shell (Export Version) Microsoft Corpor
ation
explorer.exe 1564 Windows Explorer Microsoft Corporation
igfxtray.exe 196 igfxTray Module Intel Corporation
hkcmd.exe 160 hkcmd Module Intel Corporation
procexp.exe 520 Sysinternals Process Explorer Sysinternals - w
ww.sysinternals.com
Process: System Pid: 4
Type Name
Directory \Device\WinDfs
Directory \Device\Harddisk0
Directory \Device\Http
Directory \Device\Harddisk1
Event \Security\TRKWKS_EVENT
Event \Device\DmControl\VxKernel2VoldEvent
Event \LanmanServerAnnounceEvent
Event \KernelObjects\LowMemoryCondition
Event \GLOBAL??\ProcmonExternalLoggerEnabled
Event \BaseNamedObjects\PrefetchTracesReady
File C:\System Volume Information\_restore{E3FBB116-B87F-439F-8E4E-A451A828A4
C0}\RP2\change.log
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File C:\WINDOWS\system32\config\default.LOG
File C:\Documents and Settings\NetworkService\Local Settings\Application Data
\Microsoft\Windows\UsrClass.dat
File C:\WINDOWS\system32\config\SAM.LOG
File C:\WINDOWS\system32\config\SAM
File C:\Documents and Settings\NetworkService\NTUSER.DAT
File C:\WINDOWS\system32\config\default
File C:\WINDOWS\system32\config\system
File C:\WINDOWS\system32\config\system.LOG
File C:\WINDOWS\system32\config\software.LOG
File \Device\Tcp
File \Device\Tcp
File \Device\Udp
File C:\Documents and Settings\NetworkService\ntuser.dat.LOG
File C:\WINDOWS\system32\config\software
File C:\WINDOWS\system32\config\SECURITY.LOG
File C:\Documents and Settings\Administrator\NTUSER.DAT
File C:\pagefile.sys
File \Device\Tcp
File \Device\Tcp
File C:\WINDOWS\system32\config\SECURITY
File \Device\Tcp
File \Device\Tcp
File C:\Documents and Settings\NetworkService\Local Settings\Application Data
\Microsoft\Windows\UsrClass.dat.LOG
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File C:\Documents and Settings\LocalService\Local Settings\Application Data\M
icrosoft\Windows\UsrClass.dat
File C:\Documents and Settings\LocalService\NTUSER.DAT
File C:\Documents and Settings\Administrator\Local Settings\Application Data\
Microsoft\Windows\UsrClass.dat.LOG
File C:\Documents and Settings\LocalService\ntuser.dat.LOG
File C:\Documents and Settings\LocalService\Local Settings\Application Data\M
icrosoft\Windows\UsrClass.dat.LOG
File \Device\Mup
File \Device\LanmanRedirector
File \Device\Mup
File C:\Documents and Settings\Administrator\Local Settings\Application Data\
Microsoft\Windows\UsrClass.dat
File C:\Documents and Settings\Administrator\ntuser.dat.LOG
File \Device\WebDavRedirector
File \Device\RawIp
File \Device\Udp
File \Device\Udp
File \Device\NamedPipe\
File \Device\Udp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Tcp
File \Device\Udp
File \Device\Tcp
File \Device\Tcp
FilterConnectionPort \ProcessMonitorPort
Key HKLM\SYSTEM\ControlSet001\Control\Session Manager\Memory Management\Pref
etchParameters
Key \REGISTRY
Key HKLM\SYSTEM\Setup
Key HKLM\HARDWARE\DESCRIPTION\System\MultifunctionAdapter
Key HKLM\SYSTEM\WPA\Key-CJ27J3P2XV9J9JCPB4DVT
Key HKLM\SYSTEM\WPA\MediaCenter
Key HKLM\SYSTEM\WPA\PnP
Key HKLM\SYSTEM\WPA\SigningHash-6KCM6KFTX6MD62
Key HKLM\SYSTEM\ControlSet001\Control\ProductOptions
Key HKLM\SYSTEM\ControlSet001\Services\Eventlog
Key HKLM\SYSTEM\ControlSet001\Services\HTTP\Parameters\UrlAclInfo
Key HKLM\SYSTEM\ControlSet001\Services\ialm\Device0\VolatileSettings
Key HKLM\HARDWARE\DESCRIPTION\System\MultifunctionAdapter
Key HKLM\HARDWARE\DESCRIPTION\System\MultifunctionAdapter
Port \SeRmCommandPort
Process System(4)
Process lsass.exe(692)
Process lsass.exe(692)
Process spoolsv.exe(1392)
Process lsass.exe(692)
Thread System(4): 12
Thread System(4): 96
Thread System(4): 104
Thread System(4): 292
Thread System(4): 156
Thread System(4): 284
Thread System(4): 152
Thread System(4): 288
Thread System(4): 352
Thread System(4): 1640
Thread System(4): 216
Thread System(4): 220
Thread System(4): 224
Thread System(4): 228
Thread System(4): 208
Thread System(4): 984
Thread System(4): 280
Thread System(4): 116
Token NT AUTHORITY\ANONYMOUS LOGON:db00