Caption CommandLine ProcessId System Idle Process 0 System 4 smss.exe \SystemRoot\System32\smss.exe 460 csrss.exe C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 516 winlogon.exe winlogon.exe 724 services.exe C:\WINDOWS\system32\services.exe 768 lsass.exe C:\WINDOWS\system32\lsass.exe 780 ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe 924 svchost.exe C:\WINDOWS\system32\svchost -k DcomLaunch 936 svchost.exe C:\WINDOWS\system32\svchost -k rpcss 1012 svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs 1040 StyleXPService.exe "C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe" 1076 Smc.exe "C:\Program Files\Sygate\SPF\smc.exe" 1108 svchost.exe C:\WINDOWS\System32\svchost.exe -k NetworkService 1204 spoolsv.exe C:\WINDOWS\system32\spoolsv.exe 1356 svchost.exe C:\WINDOWS\System32\svchost.exe -k LocalService 1444 AVWUPSRV.EXE "C:\Program Files\AVPersonal\AVWUPSRV.EXE" 1492 SERVIC~1.EXE C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE 1524 backWeb-7681197.exe "C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe" 1556 fsgk32st.exe "C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe" 1816 fsgk32.exe "C:\Program Files\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE" /service /stopevent=28 1836 fssm32.exe "C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fssm32.exe" 3 1756 1752 1748 1860 fsbwsys.exe "C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe" 1868 FSMA32.EXE "C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE" 1968 FSMB32.EXE 1.3.6.1.4.1.2213.11.1.23 204 wdfmgr.exe C:\WINDOWS\System32\wdfmgr.exe 276 FCH32.EXE 1.3.6.1.4.1.2213.11.1.15 488 FAMEH32.EXE 1.3.6.1.4.1.2213.11.1.18 1272 fsdfwd.exe "C:\Program Files\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe" 1140 wmiprvse.exe C:\WINDOWS\System32\wbem\wmiprvse.exe 1644 FSAV32.exe 1.3.6.1.4.1.2213.12 2240 ati2evxx.exe Ati2evxx.exe -Client 3844 explorer.exe C:\WINDOWS\Explorer.EXE 4084 rundll32.exe "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network" 1552 rundll32.exe "C:\WINDOWS\system32\RunDll32.exe" cmicnfg.cpl,CMICtrlWnd 1608 htpatch.exe "C:\WINDOWS\htpatch.exe" 1708 FSM32.EXE "C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE" /splash 944 VProperty.exe "C:\PROGRA~1\PHILIP~1\VProperty.exe" 2136 Ad-Watch.exe "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" 2144 atiptaxx.exe "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" 2176 ctfmon.exe "C:\WINDOWS\system32\ctfmon.exe" 2196 fsguiexe.exe fsguiexe.exe 2484 csrss.exe C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 3700 winlogon.exe winlogon.exe 2668 ati2evxx.exe Ati2evxx.exe -Client 908 explorer.exe C:\WINDOWS\Explorer.EXE 2092 rundll32.exe "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network" 820 rundll32.exe "C:\WINDOWS\system32\RunDll32.exe" cmicnfg.cpl,CMICtrlWnd 532 htpatch.exe "C:\WINDOWS\htpatch.exe" 3868 FSM32.EXE "C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE" /splash 1220 VProperty.exe "C:\PROGRA~1\PHILIP~1\VProperty.exe" 3080 Ad-Watch.exe "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" 3092 atiptaxx.exe "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" 1248 ctfmon.exe "C:\WINDOWS\system32\ctfmon.exe" 3356 fsguiexe.exe fsguiexe.exe 1172 csrss.exe C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 3088 winlogon.exe winlogon.exe 2676 ati2evxx.exe Ati2evxx.exe -Client 772 explorer.exe C:\WINDOWS\Explorer.EXE 1480 rundll32.exe "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network" 1268 rundll32.exe "C:\WINDOWS\system32\RunDll32.exe" cmicnfg.cpl,CMICtrlWnd 3736 htpatch.exe "C:\WINDOWS\htpatch.exe" 3660 FSM32.EXE "C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE" /splash 1168 VProperty.exe "C:\PROGRA~1\PHILIP~1\VProperty.exe" 1772 Ad-Watch.exe "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" 3752 atiptaxx.exe "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" 3180 ctfmon.exe "C:\WINDOWS\system32\ctfmon.exe" 3980 fsguiexe.exe fsguiexe.exe 2680 msnmsgr.exe "C:\Program Files\MSN Messenger\msnmsgr.exe" 3152 msnmsgr.exe "C:\Program Files\MSN Messenger\msnmsgr.exe" 644 stinger.exe "C:\Documents and Settings\saatana666\Työpöytä\pöpö\stinger.exe" 4032 firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" 2252 wmic.exe "C:\WINDOWS\System32\Wbem\WMIC.exe" /OUTPUT:C:\prosessit.txt path win32_process get Caption,Processid,Commandline 3988 wmiprvse.exe C:\WINDOWS\System32\wbem\wmiprvse.exe 884
Logfile of HijackThis v1.99.1 Scan saved at 16:50:36, on 26.8.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fssm32.exe C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE C:\Program Files\F-Secure Anti-Virus\Common\FSMB32.EXE C:\Program Files\F-Secure Anti-Virus\Common\FCH32.EXE C:\Program Files\F-Secure Anti-Virus\Common\FAMEH32.EXE C:\Program Files\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsav32.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\htpatch.exe C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE C:\PROGRA~1\PHILIP~1\VProperty.exe C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\F-Secure Anti-Virus\FSGUI\fsguiexe.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\Explorer.EXE C:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assis...ce=wdz1&utm_medium=bund&utm_campaign=wdz0605a R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - (no file) O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network" O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Anti-Virus\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: F-Secure Anti-Virus 2005 (BackWeb Plug-in - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\Common\FSMA32.EXE O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
noin kun tota silmäilin..en oikeasti nää mitään "turhaa", paljonhan tuossa on mutta ei mitään vaarallista. Tietysti voi herää kysymys onko kaikki tarpeellista? F-Secure ON aikamoinen muisti syöppä (kts, paljonko sen juttuja on päällä) - joku toinen (esim Kaspesky tai NOD32) vie vähemmän, StyleXP:ssä on ainakin uusimmas asetus jolla saa "kaikki kivat" ILMAN että StyleXP.exe on päällä (se vain käy alussa sitten sammuu), Sygate palomuurina on ihan ok ja muut ovat ihan normaaleja "juttuja". Hyvä tapa katsoa mitä mikin on => laita vain tiedosto hakukenttään ja saat pajon linkkejä jotka kertoo mikä mikin prosessi on. Yksi hyvä paikka (johon google yleensä eka viittaa) on http://www.liutilities.com/products/wintaskspro/processlibrary/ Eli ei hätä, mutta aina voi karsia kunhan vain TIETÄÄ mitä tekee