Takže logy jsou tady - teda i s úpravou ht na analy.exe... ani se mi nechce věřit, co je potřeba... S těma postupama už nemůžu sloužit - mám pocit, že jsem vyzkoušel všechno... promiň.
Logfile of HijackThis v1.99.1
Scan saved at 19:32:41, on 18.4.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Comodo\Firewall\cpf.exe
C:\WINDOWS\system32\svchost.exe
D:\____Programy k instalaci na nový systém a nastavení\HijackThis 1.99.1\hijackthis\analy.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://hledani.tiscali.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.viry.cz/go.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [ScanSoft OmniPage SE 4.0-reminder] "C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Data aplikací\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Spustit aplikaci Microsoft Outlook.lnk = C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Stáhnout položku pomocí FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Stáhnout všechny položky pomocí FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) -
http://adis.mfcr.cz/adis/jepo/epo/bin/capicom.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{99A7111B-7331-4E89-8606-A44CA33C6B9F}: NameServer = 82.202.114.2,195.146.99.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Process PID CPU Description Company Name
System Idle Process 0 61.95
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 528 Správce relací systému Windows NT Microsoft Corporation
csrss.exe 568 1.77 Client Server Runtime Process Microsoft Corporation
winlogon.exe 592 0.88 Windows NT Logon Application Microsoft Corporation
services.exe 636 7.08 Services and Controller app Microsoft Corporation
svchost.exe 808 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 856 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 920 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 960 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1128 Spooler SubSystem App Microsoft Corporation
aswUpdSv.exe 1244
ashServ.exe 1256 avast! antivirus service
cmdagent.exe 1284 Comodo Agent Service COMODO
nvsvc32.exe 1312 NVIDIA Driver Helper Service, Version 81.94 NVIDIA Corporation
ashMaiSv.exe 1632 avast! e-Mail Scanner Service ALWIL Software
ashWebSv.exe 1672 avast! Web Scanner ALWIL Software
svchost.exe 2924 Generic Host Process for Win32 Services Microsoft Corporation
lsass.exe 648 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 700 0.88 Průzkumník Windows Microsoft Corporation
ashDisp.exe 1480 avast! service GUI component
fpdisp5a.exe 456 FinePrint FinePrint Software, LLC
rundll32.exe 652 Run a DLL as an App Microsoft Corporation
OpWareSE4.exe 1568 OCR Aware ScanSoft, Inc.
ctfmon.exe 1788 CTF Loader Microsoft Corporation
msmsgs.exe 248 Windows Messenger Microsoft Corporation
cpf.exe 3232 0.88 COMODO Firewall Pro COMODO
procexp.exe 1600 25.66 Sysinternals Process Explorer Sysinternals
iexplore.exe 3236 0.88 Internet Explorer Microsoft Corporation
Process: winlogon.exe Pid: 592
Type Name
<Unknown type> \BaseNamedObjects\userenv: refresh timer for 592:1204
<Unknown type> \BaseNamedObjects\userenv: refresh timer for 592:1080
Desktop \Winlogon
Desktop \Disconnect
Desktop \Default
Desktop \Default
Directory \KnownDlls
Directory \Windows
Directory \BaseNamedObjects
Event \BaseNamedObjects\crypt32LogoffEvent
Event \BaseNamedObjects\userenv: User Profile setup event
Event \BaseNamedObjects\userenv: Machine Group Policy has been applied
Event \BaseNamedObjects\userenv: Machine Group Policy ForcedRefresh Needs Foreground Processing
Event \BaseNamedObjects\userenv: Machine Group Policy Processing is done
Event \BaseNamedObjects\userenv: Machine Policy Foreground Done Event
Event \BaseNamedObjects\userenv: User Group Policy has been applied
Event \BaseNamedObjects\userenv: User Group Policy ForcedRefresh Needs Foreground Processing
Event \BaseNamedObjects\userenv: User Group Policy Processing is done
Event \BaseNamedObjects\userenv: User Policy Foreground Done Event
Event \BaseNamedObjects\WinlogonTSSynchronizeEvent
Event \BaseNamedObjects\TS-WPAAE
Event \BaseNamedObjects\ReconEvent
Event \Security\NetworkProviderLoad
Event \BaseNamedObjects\Microsoft Smart Card Resource Manager Started
Event \BaseNamedObjects\WFP_IDLE_TRIGGER
Event \BaseNamedObjects\msgina: ReturnToWelcome
Event \BaseNamedObjects\msgina: ShutdownEvent
Event \BaseNamedObjects\ThemesStartEvent
Event \BaseNamedObjects\winlogon: machine GPO Event 57572
Event \BaseNamedObjects\DINPUTWINMM
Event \BaseNamedObjects\jjCSCSharedFillEvent_UM_KM
Event \BaseNamedObjects\jjCSCSessEvent_UM_KM_0
Event \BaseNamedObjects\WkssvcToAgentStartEvent
Event \BaseNamedObjects\WkssvcToAgentStopEvent
Event \BaseNamedObjects\AgentToWkssvcEvent
Event \BaseNamedObjects\AgentExistsEvent
Event \BaseNamedObjects\SENS Started Event
Event \BaseNamedObjects\userenv: Machine Group Policy ForcedRefresh Needs Foreground Processing
Event \BaseNamedObjects\userenv: Machine Group Policy has been applied
Event \BaseNamedObjects\userenv: Machine Group Policy Processing is done
Event \BaseNamedObjects\userenv: machine policy force refresh event
Event \BaseNamedObjects\userenv: machine policy refresh event
Event \BaseNamedObjects\userenv: Machine Group Policy has been applied
Event \BaseNamedObjects\userenv: User Group Policy has been applied
Event \BaseNamedObjects\winlogon: User GPO Event 652648
Event \BaseNamedObjects\userenv: user policy refresh event
Event \BaseNamedObjects\userenv: user policy force refresh event
Event \BaseNamedObjects\userenv: User Group Policy has been applied
Event \BaseNamedObjects\userenv: User Group Policy ForcedRefresh Needs Foreground Processing
Event \BaseNamedObjects\userenv: User Group Policy Processing is done
Event \BaseNamedObjects\mixercallback
Event \BaseNamedObjects\CscCacheInitCompleteEvent
Event \BaseNamedObjects\WlballoonLogoffNotificationEventName
Event \BaseNamedObjects\WlballoonLogoffNotificationEventName
Event \BaseNamedObjects\000000000005a701_WlballoonKerberosNotificationEventName
Event \BaseNamedObjects\hardwaremixercallback
File \Device\NamedPipe\TerminalServer\AutoReconnect
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
File \Device\KsecDD
File \Device\Tcp
File \Device\NamedPipe\winlogonrpc
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
File \Device\NamedPipe\InitShutdown
File \Device\NamedPipe\InitShutdown
File C:\WINDOWS\system32\dllcache
File C:\WINDOWS\AppPatch
File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\isapi\_vti_adm
File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin\_vti_adm
File C:\WINDOWS\system32
File C:\WINDOWS\Help
File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\isapi\_vti_aut
File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin\_vti_aut
File C:\WINDOWS\system32\inetsrv
File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin
File C:\WINDOWS\Fonts
File C:\WINDOWS\system32\drivers
File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\servsupp
File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar
File C:\Program Files\microsoft frontpage\version3.0\bin
File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin
File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin\1029
File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\isapi
File C:\WINDOWS
File C:\Program Files\Common Files\Microsoft Shared\DAO
File C:\Program Files\Windows Media Player
File C:\Program Files\Common Files\System\msadc
File C:\Program Files\Common Files\System\ado
File C:\Program Files\Common Files\System\Ole DB
File C:\WINDOWS\inf
File C:\WINDOWS\system
File C:\WINDOWS\msagent
File C:\WINDOWS\msagent\intl
File C:\Program Files\MSN Gaming Zone\Windows
File C:\WINDOWS\pchealth\helpctr\binaries
File C:\Program Files\NetMeeting
File C:\WINDOWS\system32\drivers\disdn
File C:\WINDOWS\ime\CHTIME\Applets
File C:\WINDOWS\system32\wbem
File C:\WINDOWS\system32\IME\CINTLGNT
File C:\WINDOWS\system32\Com
File C:\WINDOWS\system32\Setup
File C:\WINDOWS\ime\imjp8_1
File C:\Program Files\Common Files\Microsoft Shared\Triedit
File C:\Program Files\Windows NT
File C:\Program Files\Common Files\System
File C:\WINDOWS\system32\1029
File C:\WINDOWS\system32\1033
File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admcgi\scripts
File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admisapi\scripts
File C:\WINDOWS\system32\usmt
File C:\WINDOWS\ime\imkr6_1\dicts
File C:\WINDOWS\system32\mui\0005
File C:\Program Files\Internet Explorer
File C:\WINDOWS\ime\imjp8_1\applets
File C:\WINDOWS\ime\imkr6_1\applets
File C:\WINDOWS\system32\xircom
File C:\Program Files\Internet Explorer\Connection Wizard
File C:\Program Files\Common Files\Microsoft Shared\MSInfo
File C:\WINDOWS\ime\imkr6_1
File C:\WINDOWS\ime\shared
File C:\WINDOWS\system32\IME\PINTLGNT
File C:\Program Files\Common Files\SpeechEngines\Microsoft\Lexicon\1033
File C:\WINDOWS\Resources\Themes\Luna
File C:\Program Files\Movie Maker
File C:\WINDOWS\ime
File C:\WINDOWS\srchasst
File C:\Program Files\Outlook Express
File C:\WINDOWS\system32\oobe
File C:\Program Files\Common Files\MSSoap\Binaries
File C:\Program Files\Common Files\MSSoap\Binaries\Resources\1029
File C:\WINDOWS\system32\npp
File C:\WINDOWS\ime\shared\res
File C:\Program Files\Windows NT\Pinball
File C:\WINDOWS\ime\chsime\applets
File C:\WINDOWS\system32\Restore
File C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS\1033
File C:\Program Files\Common Files\Microsoft Shared\Speech
File C:\WINDOWS\Resources\Themes\Luna\Shell\NormalColor
File C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead
File C:\WINDOWS\Resources\Themes\Luna\Shell\Metallic
File C:\WINDOWS\system32\wbem\snmp
File C:\Program Files\Common Files\SpeechEngines\Microsoft
File C:\Program Files\Common Files\Microsoft Shared\Speech\1029
File C:\WINDOWS\PeerNet
File C:\WINDOWS\system32\spool\drivers\color
File C:\WINDOWS\system32\IME\TINTLGNT
File C:\WINDOWS\Help\Tours\mmTour
File C:\WINDOWS\pchealth\UploadLB\Binaries
File C:\Program Files\Common Files\Microsoft Shared\VGX
File C:\WINDOWS\system32\wbem\xml
File C:\Program Files\Windows NT\Accessories
File C:\Program Files\xerox\nwwia
File C:\WINDOWS\WinSxS
File \Device\NamedPipe\SfcApi
File \Device\NamedPipe\SfcApi
File \Device\Ip
File \Device\NamedPipe\winlogonrpc
File \Device\Tcp
File \Device\NamedPipe\winlogonrpc
File \Device\NamedPipe\ROUTER
File \Device\Ip
File \Device\NamedPipe\ROUTER
File \Device\Ip
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
File \Device\KSENUM#00000001\{9B365890-165F-11D0-A195-0020AFD156E4}
File C:\WINDOWS\system32
Key HKLM
Key HKCR
Key HKU\.DEFAULT
Key HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9
Key HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
Key HKLM\SYSTEM\ControlSet001\Control\Lsa
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Key HKLM\SYSTEM\Setup
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Credentials
Key HKU
Key HKCU
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
Key HKLM\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder
Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
Key HKLM\SOFTWARE\Microsoft\Tracing\RASAPI32
Key HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam
Key HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache
Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Linkage
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
KeyedEvent \KernelObjects\CritSecOutOfMemoryEvent
Mutant \BaseNamedObjects\userenv: machine policy mutex
Mutant \BaseNamedObjects\userenv: Machine Registry policy mutex
Mutant \BaseNamedObjects\userenv: user policy mutex
Mutant \BaseNamedObjects\userenv: User Registry policy mutex
Mutant \BaseNamedObjects\SingleSesMutex
Mutant \BaseNamedObjects\winlogon: Logon UserProfileMapping Mutex
Mutant \BaseNamedObjects\ShimCacheMutex
Mutant \BaseNamedObjects\msgina: InteractiveLogonMutex
Mutant \BaseNamedObjects\msgina: InteractiveLogonRequestMutex
Mutant \BaseNamedObjects\WPA_PR_MUTEX
Mutant \BaseNamedObjects\WPA_RT_MUTEX
Mutant \BaseNamedObjects\WPA_LT_MUTEX
Mutant \BaseNamedObjects\WPA_HWID_MUTEX
Mutant \BaseNamedObjects\WPA_LICSTORE_MUTEX
Mutant \BaseNamedObjects\RasPbFile
Mutant \BaseNamedObjects\MidiMapper_modLongMessage_RefCnt
Mutant \BaseNamedObjects\MidiMapper_Configure
Port \RPC Control\sclogonrpc
Port \RPC Control\IUserProfile
Port \RPC Control\OLE28A27679185742939C239B1F9B8D
Process services.exe(636)
Process lsass.exe(648)
Section \BaseNamedObjects\ShimSharedMemory
Section \BaseNamedObjects\WDMAUD_Callbacks
Section \BaseNamedObjects\mmGlobalPnpInfo
Semaphore \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
Semaphore \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
Semaphore \BaseNamedObjects\shell.{7CB834F0-527B-11D2-9D1F-0000F805CA57}
Thread winlogon.exe(592): 596
Thread winlogon.exe(592): 1840
Thread winlogon.exe(592): 596
Thread winlogon.exe(592): 624
Thread winlogon.exe(592): 632
Thread winlogon.exe(592): 644
Thread winlogon.exe(592): 748
Thread winlogon.exe(592): 748
Thread winlogon.exe(592): 752
Thread winlogon.exe(592): 756
Thread winlogon.exe(592): 848
Thread winlogon.exe(592): 1064
Thread winlogon.exe(592): 988
Thread winlogon.exe(592): 1204
Thread winlogon.exe(592): 1200
Thread winlogon.exe(592): 1080
Thread winlogon.exe(592): 1928
Thread winlogon.exe(592): 1112
Thread winlogon.exe(592): 1396
Thread winlogon.exe(592): 1108
Thread winlogon.exe(592): 1396
Thread winlogon.exe(592): 552
Token HARRY\HarryP
Token HARRY\HarryP
Token NT AUTHORITY\SYSTEM
Token HARRY\HarryP
Token NT AUTHORITY\SYSTEM
Token HARRY\HarryP
Token HARRY\HarryP
WindowStation \Windows\WindowStations\WinSta0
WindowStation \Windows\WindowStations\WinSta0
Co s tím ještě můžu udělat?
