zatížená pamět Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Pedrossos
Level 3
Level 3
Příspěvky: 529
Registrován: červen 18
Bydliště: Brno-venkov
Pohlaví: Muž
Stav:
Offline

Re: zatížená pamět  Vyřešeno

Příspěvekod Pedrossos » 10 úno 2019 19:13

otevřelo se jen jedno okno, měl jsem 9% pak 13 a zase 22... při hraní Dayz Standaleon CPU 60%-70%
Základní deska: B450 PRO GAMING ,CPU Ryzen 7 2700,GPU Nvidia RTX 3060,Patriot Viper Steel 32GB KIT DDR4 3600Mhz CL18,Zdroj:VERO M2 600W / Case: SilentiumPC Signum SG1X TG RGB

Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: zatížená pamět

Příspěvekod jaro3 » 10 úno 2019 22:24

logy bys měl mít ve stejném místě , pokud máš OTL na ploše , tak bys tam měl mít oba logy taky.
Nebo v C:\_OTL\Logs
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Pedrossos
Level 3
Level 3
Příspěvky: 529
Registrován: červen 18
Bydliště: Brno-venkov
Pohlaví: Muž
Stav:
Offline

Re: zatížená pamět

Příspěvekod Pedrossos » 11 úno 2019 11:33

promin přehlédl
OTL Extras logfile created on: 10.2.2019 13:16:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\GUARDS\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.19230)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

7,25 Gb Total Physical Memory | 6,33 Gb Available Physical Memory | 87,31% Memory free
14,50 Gb Paging File | 13,61 Gb Available in Paging File | 93,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 190,84 Gb Free Space | 81,98% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 70,09 Mb Free Space | 70,10% Space Free | Partition Type: NTFS
Drive E: | 244,14 Gb Total Space | 197,39 Gb Free Space | 80,85% Space Free | Partition Type: NTFS
Drive F: | 687,27 Gb Total Space | 166,54 Gb Free Space | 24,23% Space Free | Partition Type: NTFS

Computer Name: GUARDS-PC | User Name: GUARDS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML-308046B0AF4A39CB] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12DB504F-3ADD-42A5-A506-EFD516180785}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\euro truck simulator 2\bin\win_x64\eurotrucks2.exe |
"{1C6B6A0D-56E2-4842-97BB-BA1946AA055D}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steam.exe |
"{2332FB97-DDF4-43BB-AF29-931C19A8EDDF}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{65EFDAD3-767B-473B-ACA1-3AF4A2766649}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe |
"{78D8456D-796D-4053-BC2C-39ABB7D4F2C1}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe |
"{8A8FCB15-D10A-433D-A7BD-594BD524013F}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe |
"{8E8E2E12-26DD-49CE-B615-E001005D021D}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe |
"{8F5EF3EA-3F12-4B55-9AB4-4C62489AEABA}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\vr paradise\vrparadise.exe |
"{AF320708-9D5A-4651-AAAA-CCA4D930C3DB}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\tom clancy's rainbow six siege\rainbowsix.exe |
"{B000CC10-2F3C-482A-8214-D424CDCD6B3B}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe |
"{B8A6DCF4-6403-4C97-9749-93DAB0E85194}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steam.exe |
"{C01E0CF2-3B7D-4208-A7AF-942315DE0EEE}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{C702E0DD-70BE-42D3-AF7E-CE1B5B96B029}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\tom clancy's rainbow six siege\rainbowsix.exe |
"{E258B997-A0B2-40E0-A438-367D90EAB29B}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\vr paradise\vrparadise.exe |
"{EDF68190-4C5B-49DE-A7AE-CF4974ED3554}" = dir=out | name=spybot ip immunization |
"{F9030293-A39B-468B-B07B-27BE4B4C636E}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\euro truck simulator 2\bin\win_x64\eurotrucks2.exe |
"{FC44F79A-7B2E-472A-9DB5-EE6FCC330A23}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe |
"TCP Query User{7456E794-92A3-400F-B302-21537EEED2D2}F:\program files (x86)\steam\steamapps\common\dayz\dayz_x64.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\dayz\dayz_x64.exe |
"UDP Query User{C51A8C97-96CB-46CD-B2CF-40D2CD0E7AD2}F:\program files (x86)\steam\steamapps\common\dayz\dayz_x64.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\dayz\dayz_x64.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09CCBE8E-B964-30EF-AE84-6537AB4197F9}" = Microsoft .NET Framework 4.7.2
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2FFDB576-0CD2-D465-4A3B-27D3AB27C3FD}" = AMD Wireless Display v3.0
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{7F2E9D13-DCE0-7810-1360-C4F4C0FA857B}" = AMD Install Manager
"{8D50D8C6-1E3D-3BAB-B2B7-A5399EA1EBD1}" = Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.10.25008
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029" = Microsoft .NET Framework 4.7.2 (čeština)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.7.2
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{C668F044-4825-330D-8F9F-3CBFC9F2AB89}" = Microsoft Visual C++ 2017 x64 Additional Runtime - 14.10.25008
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{F4C44834-E4FA-3DA9-B999-A30EC54E95B0}" = Microsoft .NET Framework 4.7.2 (CSY)
"AMD Catalyst Install Manager" = AMD Install Manager
"Mozilla Firefox 65.0 (x64 cs)" = Mozilla Firefox 65.0 (x64 cs)
"Steam App 221100" = DayZ
"Steam App 252490" = Rust
"Steam App 33230" = Assassin's Creed II
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{C6CDA568-CD91-3CA0-9EDE-DAD98A13D6E1}" = Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.10.25008
"{d992c12e-cab2-426f-bde3-fb8c53950b0d}" = Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
"{E6222D59-608C-3018-B86B-69BD241ACDE5}" = Microsoft Visual C++ 2017 x86 Additional Runtime - 14.10.25008
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"Bandicam" = Bandicam
"Uplay" = Uplay

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Discord" = Discord

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8.2.2019 13:07:18 | Computer Name = GUARDS-PC | Source = WinMgmt | ID = 10
Description =

Error - 8.2.2019 16:00:16 | Computer Name = GUARDS-PC | Source = WinMgmt | ID = 10
Description =

Error - 8.2.2019 22:10:22 | Computer Name = GUARDS-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 9.2.2019 9:28:22 | Computer Name = GUARDS-PC | Source = WinMgmt | ID = 10
Description =

Error - 9.2.2019 10:09:54 | Computer Name = GUARDS-PC | Source = Windows Search Service | ID = 1019
Description =

Error - 9.2.2019 10:16:18 | Computer Name = GUARDS-PC | Source = WinMgmt | ID = 10
Description =

Error - 9.2.2019 10:28:43 | Computer Name = GUARDS-PC | Source = WinMgmt | ID = 10
Description =

Error - 9.2.2019 17:25:42 | Computer Name = GUARDS-PC | Source = VSS | ID = 8194
Description =

Error - 9.2.2019 17:30:29 | Computer Name = GUARDS-PC | Source = WinMgmt | ID = 10
Description =

Error - 10.2.2019 7:00:25 | Computer Name = GUARDS-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 8.2.2019 13:01:38 | Computer Name = GUARDS-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 8.2.2019 15:52:30 | Computer Name = GUARDS-PC | Source = Application Popup | ID = 1060
Description = Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě
s tímto systémem. Požádejte dodavatele softwaru o kompatibilní verzi ovladače.

Error - 8.2.2019 15:52:30 | Computer Name = GUARDS-PC | Source = Application Popup | ID = 1060
Description = Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě
s tímto systémem. Požádejte dodavatele softwaru o kompatibilní verzi ovladače.

Error - 8.2.2019 15:55:25 | Computer Name = GUARDS-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 8.2.2019 15:56:52 | Computer Name = GUARDS-PC | Source = Application Popup | ID = 1060
Description = Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě
s tímto systémem. Požádejte dodavatele softwaru o kompatibilní verzi ovladače.

Error - 8.2.2019 15:56:52 | Computer Name = GUARDS-PC | Source = Application Popup | ID = 1060
Description = Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě
s tímto systémem. Požádejte dodavatele softwaru o kompatibilní verzi ovladače.

Error - 8.2.2019 15:57:28 | Computer Name = GUARDS-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označena jako interaktivní služba. Avšak
systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba
nebude fungovat správně.

Error - 9.2.2019 17:25:58 | Computer Name = GUARDS-PC | Source = Service Control Manager | ID = 7031
Description = Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error - 9.2.2019 17:25:58 | Computer Name = GUARDS-PC | Source = Service Control Manager | ID = 7031
Description = Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena.
Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund:
Restartovat službu.

Error - 9.2.2019 17:26:28 | Computer Name = GUARDS-PC | Source = Service Control Manager | ID = 7032
Description = Správce služeb se pokusil o opravnou akci (Restartovat službu) po
nečekaném ukončení služby Windows Search, ale tato akce selhala kvůli následující
chybě: %%1056


< End of report >
Základní deska: B450 PRO GAMING ,CPU Ryzen 7 2700,GPU Nvidia RTX 3060,Patriot Viper Steel 32GB KIT DDR4 3600Mhz CL18,Zdroj:VERO M2 600W / Case: SilentiumPC Signum SG1X TG RGB

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: zatížená pamět

Příspěvekod jaro3 » 11 úno 2019 18:10

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2018.08.13 16:54:39 | 014,183,936 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2018.08.13 16:40:58 | 012,880,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp
C:\WINDOWS\system32\DUMP*.tmp
c:\windows\Tasks\*.job /s
C:\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\Program Files\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\Windows\SysNative\drivers\*.tmp
C:\Windows\SysWow64\drivers\*.tmp
C:\Program Files (x86)\*.tmp
C:\Windows\SysWow64\*.tmp
C:\Windows\SysNative\*.tmp
C:\Program Files (x86)\*.tmp

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
""=""%1" %*"

:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[start explorer]
[Reboot]


Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Pedrossos
Level 3
Level 3
Příspěvky: 529
Registrován: červen 18
Bydliště: Brno-venkov
Pohlaví: Muž
Stav:
Offline

Re: zatížená pamět

Příspěvekod Pedrossos » 11 úno 2019 18:47

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\assembly\Desktop.ini moved successfully.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
========== FILES ==========
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\*.tmp not found.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\System32\dllcache\*.tmp not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder C:\WINDOWS\system32\DUMP*.tmp not found.
File\Folder c:\windows\Tasks\*.job not found.
File\Folder C:\*.tmp not found.
File\Folder C:\WINDOWS\System32\drivers\*.tmp not found.
File\Folder C:\Program Files\*.tmp not found.
File\Folder C:\Documents and Settings\All Users\Data aplikací\*.tmp not found.
File\Folder C:\Windows\SysNative\drivers\*.tmp not found.
File\Folder C:\Windows\SysWow64\drivers\*.tmp not found.
File\Folder C:\Program Files (x86)\*.tmp not found.
File\Folder C:\Windows\SysWow64\*.tmp not found.
File\Folder C:\Windows\SysNative\*.tmp not found.
File\Folder C:\Program Files (x86)\*.tmp not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: GUARDS
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: GUARDS
->Temp folder emptied: 3006 bytes
->Temporary Internet Files folder emptied: 128 bytes
->FireFox cache emptied: 94904315 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 91,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02112019_184115

Files\Folders moved on Reboot...
C:\Users\GUARDS\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\GUARDS\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Základní deska: B450 PRO GAMING ,CPU Ryzen 7 2700,GPU Nvidia RTX 3060,Patriot Viper Steel 32GB KIT DDR4 3600Mhz CL18,Zdroj:VERO M2 600W / Case: SilentiumPC Signum SG1X TG RGB

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: zatížená pamět

Příspěvekod jaro3 » 11 úno 2019 20:50

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt
Další odkazy:
http://ccm.net/download/download-24087-delfix
https://www.bleepingcomputer.com/download/delfix/

Podle mě je to čisté , dál bych to neřešil , tedy viry ne..
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Pedrossos
Level 3
Level 3
Příspěvky: 529
Registrován: červen 18
Bydliště: Brno-venkov
Pohlaví: Muž
Stav:
Offline

Re: zatížená pamět

Příspěvekod Pedrossos » 12 úno 2019 13:38

# DelFix v1.013 - Logfile created 12/02/2019 at 13:36:47
# Updated 17/04/2016 by Xplode
# Username : GUARDS - GUARDS-PC
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\Users\GUARDS\Desktop\Addition.txt
Deleted : C:\Users\GUARDS\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\GUARDS\Desktop\Extras.Txt
Deleted : C:\Users\GUARDS\Desktop\Fixlog.txt
Deleted : C:\Users\GUARDS\Desktop\FRST.txt
Deleted : C:\Users\GUARDS\Desktop\FRST64.exe
Deleted : C:\Users\GUARDS\Desktop\OTL.Txt
Deleted : C:\Users\GUARDS\Desktop\OTL.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\Swearware

~ Cleaning system restore ...

Deleted : RP #64 [ComboFix created restore point | 02/09/2019 14:06:57]
Deleted : RP #66 [Restore Point Created by FRST | 02/09/2019 21:25:42]

New restore point created !

########## - EOF - ##########
Základní deska: B450 PRO GAMING ,CPU Ryzen 7 2700,GPU Nvidia RTX 3060,Patriot Viper Steel 32GB KIT DDR4 3600Mhz CL18,Zdroj:VERO M2 600W / Case: SilentiumPC Signum SG1X TG RGB

Pedrossos
Level 3
Level 3
Příspěvky: 529
Registrován: červen 18
Bydliště: Brno-venkov
Pohlaví: Muž
Stav:
Offline

Re: zatížená pamět

Příspěvekod Pedrossos » 12 úno 2019 13:41

nejvíc pomohl combo a zoek + ty příkazy moc děkuji za pomoc
Základní deska: B450 PRO GAMING ,CPU Ryzen 7 2700,GPU Nvidia RTX 3060,Patriot Viper Steel 32GB KIT DDR4 3600Mhz CL18,Zdroj:VERO M2 600W / Case: SilentiumPC Signum SG1X TG RGB

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: zatížená pamět

Příspěvekod jaro3 » 12 úno 2019 18:22

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Pedrossos
Level 3
Level 3
Příspěvky: 529
Registrován: červen 18
Bydliště: Brno-venkov
Pohlaví: Muž
Stav:
Offline

Re: zatížená pamět

Příspěvekod Pedrossos » 13 úno 2019 14:32

ještě jednou ti moc děkuji
Základní deska: B450 PRO GAMING ,CPU Ryzen 7 2700,GPU Nvidia RTX 3060,Patriot Viper Steel 32GB KIT DDR4 3600Mhz CL18,Zdroj:VERO M2 600W / Case: SilentiumPC Signum SG1X TG RGB


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 10 hostů