Hi to all sorry for my english, it's not my native language. ------------------ My Questions: 1- Can Process Explorer.exe show "Negative PID".? (hide pid) 2- What dos it mean "Analyze Offline System" In Autoruns.exe.? and how dos it work? ThanksD.A

Hi davoudccie, Are you trying to hide PID in Process Explorer? If so, please understand that it cannot be hidden, cause it is used to identify the exact process. For the "Analyze Offline System" feature in Autoruns, please refer to the introduction in this article. Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information. Regards, Linda Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

For the "Analyze Offline System" feature in Autoruns, please refer to the introduction in this article. Thanks for this refrence. I used "process hider" that kaspersky detect by this name: "Rootkit.Win32.Agent.x" http://www.virustotal.com/analisis/d75a46bee6bff13fd516b47220afeecf36cf8780b6f29da6cdb6bd2342390aee-1276393511 for example, when i select explorer.exe to hidden, explorer.exe removed from process explorer's list. it's so dangerous. sorry for my english. D.A

hi can you help me? pleaseD.A