turhia prosesseja?

Caption CommandLine ProcessId
System Idle Process 0
System 4
smss.exe \SystemRoot\System32\smss.exe 460
csrss.exe C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 516
winlogon.exe winlogon.exe 724
services.exe C:\WINDOWS\system32\services.exe 768
lsass.exe C:\WINDOWS\system32\lsass.exe 780
ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe 924
svchost.exe C:\WINDOWS\system32\svchost -k DcomLaunch 936
svchost.exe C:\WINDOWS\system32\svchost -k rpcss 1012
svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs 1040
StyleXPService.exe "C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe" 1076
Smc.exe "C:\Program Files\Sygate\SPF\smc.exe" 1108
svchost.exe C:\WINDOWS\System32\svchost.exe -k NetworkService 1204
spoolsv.exe C:\WINDOWS\system32\spoolsv.exe 1356
svchost.exe C:\WINDOWS\System32\svchost.exe -k LocalService 1444
AVWUPSRV.EXE "C:\Program Files\AVPersonal\AVWUPSRV.EXE" 1492
SERVIC~1.EXE C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE 1524
backWeb-7681197.exe "C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe" 1556
fsgk32st.exe "C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe" 1816
fsgk32.exe "C:\Program Files\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE" /service /stopevent=28 1836
fssm32.exe "C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fssm32.exe" 3 1756 1752 1748 1860
fsbwsys.exe "C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe" 1868
FSMA32.EXE "C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE" 1968
FSMB32.EXE 1.3.6.1.4.1.2213.11.1.23 204
wdfmgr.exe C:\WINDOWS\System32\wdfmgr.exe 276
FCH32.EXE 1.3.6.1.4.1.2213.11.1.15 488
FAMEH32.EXE 1.3.6.1.4.1.2213.11.1.18 1272
fsdfwd.exe "C:\Program Files\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe" 1140
wmiprvse.exe C:\WINDOWS\System32\wbem\wmiprvse.exe 1644
FSAV32.exe 1.3.6.1.4.1.2213.12 2240
ati2evxx.exe Ati2evxx.exe -Client 3844
explorer.exe C:\WINDOWS\Explorer.EXE 4084
rundll32.exe "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network" 1552
rundll32.exe "C:\WINDOWS\system32\RunDll32.exe" cmicnfg.cpl,CMICtrlWnd 1608
htpatch.exe "C:\WINDOWS\htpatch.exe" 1708
FSM32.EXE "C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE" /splash 944
VProperty.exe "C:\PROGRA~1\PHILIP~1\VProperty.exe" 2136
Ad-Watch.exe "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" 2144
atiptaxx.exe "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" 2176
ctfmon.exe "C:\WINDOWS\system32\ctfmon.exe" 2196
fsguiexe.exe fsguiexe.exe 2484
csrss.exe C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 3700
winlogon.exe winlogon.exe 2668
ati2evxx.exe Ati2evxx.exe -Client 908
explorer.exe C:\WINDOWS\Explorer.EXE 2092
rundll32.exe "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network" 820
rundll32.exe "C:\WINDOWS\system32\RunDll32.exe" cmicnfg.cpl,CMICtrlWnd 532
htpatch.exe "C:\WINDOWS\htpatch.exe" 3868
FSM32.EXE "C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE" /splash 1220
VProperty.exe "C:\PROGRA~1\PHILIP~1\VProperty.exe" 3080
Ad-Watch.exe "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" 3092
atiptaxx.exe "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" 1248
ctfmon.exe "C:\WINDOWS\system32\ctfmon.exe" 3356
fsguiexe.exe fsguiexe.exe 1172
csrss.exe C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 3088
winlogon.exe winlogon.exe 2676
ati2evxx.exe Ati2evxx.exe -Client 772
explorer.exe C:\WINDOWS\Explorer.EXE 1480
rundll32.exe "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network" 1268
rundll32.exe "C:\WINDOWS\system32\RunDll32.exe" cmicnfg.cpl,CMICtrlWnd 3736
htpatch.exe "C:\WINDOWS\htpatch.exe" 3660
FSM32.EXE "C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE" /splash 1168
VProperty.exe "C:\PROGRA~1\PHILIP~1\VProperty.exe" 1772
Ad-Watch.exe "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" 3752
atiptaxx.exe "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" 3180
ctfmon.exe "C:\WINDOWS\system32\ctfmon.exe" 3980
fsguiexe.exe fsguiexe.exe 2680
msnmsgr.exe "C:\Program Files\MSN Messenger\msnmsgr.exe" 3152
msnmsgr.exe "C:\Program Files\MSN Messenger\msnmsgr.exe" 644
stinger.exe "C:\Documents and Settings\saatana666\Työpöytä\pöpö\stinger.exe" 4032
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" 2252
wmic.exe "C:\WINDOWS\System32\Wbem\WMIC.exe" /OUTPUT:C:\prosessit.txt path win32_process get Caption,Processid,Commandline 3988
wmiprvse.exe C:\WINDOWS\System32\wbem\wmiprvse.exe 884

 

otappa hijackthis logi ja mailaa se tänne niin se kertoo enemmän

 

Logfile of HijackThis v1.99.1
Scan saved at 16:50:36, on 26.8.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
C:\Program Files\F-Secure Anti-Virus\Common\FSMB32.EXE
C:\Program Files\F-Secure Anti-Virus\Common\FCH32.EXE
C:\Program Files\F-Secure Anti-Virus\Common\FAMEH32.EXE
C:\Program Files\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE
C:\PROGRA~1\PHILIP~1\VProperty.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure Anti-Virus\FSGUI\fsguiexe.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assis...ce=wdz1&utm_medium=bund&utm_campaign=wdz0605a
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - (no file)
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Anti-Virus\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Anti-Virus 2005 (BackWeb Plug-in - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

 

Ei mielestäni mitään erikoista.

 

noin kun tota silmäilin..en oikeasti nää mitään "turhaa", paljonhan tuossa on mutta ei mitään vaarallista.

Tietysti voi herää kysymys onko kaikki tarpeellista? F-Secure ON aikamoinen muisti syöppä (kts, paljonko sen juttuja on päällä) - joku toinen (esim Kaspesky tai NOD32) vie vähemmän, StyleXP:ssä on ainakin uusimmas asetus jolla saa "kaikki kivat" ILMAN että StyleXP.exe on päällä (se vain käy alussa sitten sammuu), Sygate palomuurina on ihan ok ja muut ovat ihan normaaleja "juttuja".

Hyvä tapa katsoa mitä mikin on => laita vain tiedosto hakukenttään ja saat pajon linkkejä jotka kertoo mikä mikin prosessi on. Yksi hyvä paikka (johon google yleensä eka viittaa) on http://www.liutilities.com/products/wintaskspro/processlibrary/

Eli ei hätä, mutta aina voi karsia kunhan vain TIETÄÄ mitä tekee