Skocz do zawartości


Close Open
Close Open
Zdjęcie
- - - - -

Proszę o sprawdzenie logów


  • Please log in to reply
1 reply to this topic

#1 [email protected]

[email protected]

    Adept

  • Forumowicze
  • Pip
  • 1 Postów:

Napisany 27 November 2020 - 00:42 AM

Komputer bardzo długo się uruchamia. Menedżer zadań przez około 10-15 minut od uruchomienia pokazuje użycie 100% dysku. Duże obciążenie pamięci dwoma procesami o takiej samej nazwie: Proces hosta systemu windows (Rundll32) był moment, że każdy z tych procesów zużywał 1024 MB pamięci. Zdarza się że komputer podczas pracy przestaje reagować na próbę otwarcia lub zamknięcia programów. Próbowałem znaleźć rozwiązanie w necie ale bezskutecznie. W faq niestety nie ma zdjęć więc sprawdziłem na innych stronach i mam nadzieję, że w FRST zaznaczyłem dobrze. Proszę o wyrozumiałość robię to pierwszy raz.

 

 

 

Addition

http://www.wklejto.pl/871276

FRST

http://www.wklejto.pl/871274

Shortcut

http://www.wklejto.pl/871275



#2 gajedan

gajedan

    Pasjonat

  • Forumowicze
  • PipPipPipPipPipPipPipPip
  • 5534 Postów:
  • Płeć:Mężczyzna

Napisany 27 November 2020 - 13:16 PM

W Google Chrome są tylko ślady po infekcji.

I nic więcej podejrzanego w logach nie ma.

 

Tylko kosmetyka:

Uruchom FRST. Na klawiaturze naciśnij jednocześnie CTRL+Y.Otworzy się Notatnik - wklej do niego:

GroupPolicy: Ograniczenia ? <==== UWAGA
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
Task: {595B3D07-8ABA-4657-991F-B73AC65AF129} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA
Task: {91487E37-02CE-48FB-B7B0-849960C19FBA} - \Lenovo\ImController\Lenovo iM Controller Monitor -> Brak pliku <==== UWAGA
Task: {C40F8D66-9FFE-40FC-9D21-ABCE63A360F4} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> Brak pliku <==== UWAGA
CHR StartupUrls: Default -> "hxxp://www.delta-search.com/?affID=119816&tt=030213_de&babsrc=HP_ss&mntrId=1e0b49f1000000000000000000000000","hxxp://www.awesomehp.com/?type=hp&ts=1392822890&from=slbnew&uid=3219913727_67190_1E0B49F1","hxxps://www.google.com/","hxxp://www.google.com/","hxxp://start.qone8.com/?type=hp&ts=1399825044&from=smt&uid=HGSTXHTS545050A7E680_TEA55C4N3WTYYR3WTYYRX","hxxp://www.gazeta.pl/0,0.html?p=180&d=20140619","hxxp://www.istartpageing.com/?type=hp&ts=1448483012&z=f78511e900c25e7b1eb75f1g1zdzdb3z0bbc0e0ofe&from=cmi&uid=WDCXWD1600BEVS-22RST0_WD-WXE80756162361623","hxxps://www.google.com/"
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
SearchScopes: HKU\S-1-5-21-2557499191-330303476-172829050-1001 -> DefaultScope {12F67B62-9588-4228-815E-2C219489D9EE} URL =
SearchScopes: HKU\S-1-5-21-2557499191-330303476-172829050-1001 -> {12F67B62-9588-4228-815E-2C219489D9EE} URL =
FirewallRules: [{D934BB4B-9038-490E-8C4A-8EA0D443CD2E}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS387E\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{84EAA846-9831-435A-B61C-484C8D974114}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS387E\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{7B0DFE55-9A7D-4EC9-A666-1D7D3D87509A}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS16E8\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{ADFF4D7F-7903-4547-9FAD-5D24EC46AE3B}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS16E8\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{BDF7870B-45CF-4C41-8DE2-F1114D4FA737}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS14F4\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{59831D4C-5D91-4BA9-BF9C-03C76439E8D9}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS14F4\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{E51E645B-87D5-4147-B120-F1C9DCFF5D4A}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS1554\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{8C196200-B242-4B56-ACCA-A61CCF2F37EB}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS1554\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{B55916CF-19CE-4D14-B395-945354184CBF}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{580C05A0-4EE7-40C0-BA3F-FC805291F31D}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{56172D6B-EB17-428A-85DA-CA677CD23205}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{236BAFBA-C836-43CD-9EA7-DB2F6BA8402D}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS45A8\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{83C45A68-A0C5-418E-961C-F8EA46930698}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS45A8\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{92B1B303-2DE1-4065-B726-665795634008}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS239D\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{0C7700F6-672A-4985-8C38-548DB2BB7953}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS239D\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{55841C48-6DAA-4C8A-855C-7076C3FB7B9A}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS2018\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{6522EC95-6AC8-461E-B9BE-78A3E2770D28}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS2018\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{9954BADE-99A9-4305-9D33-73959D81DB14}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS1CDD\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{6E49D20B-F50D-4256-A0AA-4095A9F1EB16}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS1CDD\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{BFC97F52-8B03-4E16-90F9-09AFDCDD163B}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS5C27\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{2A56F09E-303D-4A78-B3B5-5A532013FE8F}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS5C27\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{2228BB10-75CD-4510-98E7-7853A1DB6E31}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS5BE8\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{C2E6CEFE-1E42-4F5A-895B-04004C825BDE}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS5BE8\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{A46FE879-5414-4CC8-B592-09CB2953A9E3}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS3E80\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{AA1234EC-7EDE-4C6F-BCDD-A823128E6D69}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS3E80\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{CA9A5192-F513-48E0-9ED1-9E9671FD7E75}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS27A6\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{148DB05A-185D-4602-B5C7-ABEAD7EBCCF6}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS27A6\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{4490E9C2-1976-4559-8918-965F3E67368F}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS15C3\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{B8BF923B-7B46-4717-9B78-78A7A639D838}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS15C3\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{4A07C1DD-F147-4C7D-AABA-1837A81D2AD7}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS5F19\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{8D00896F-1554-4542-ABFA-A7FA954FD1A8}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS5F19\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{3C70BF23-42FB-45D5-A313-C61DBAEF02DB}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS7337\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{3F37455C-E7AB-4E79-B432-2FACA489E6C3}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS7337\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{F1D6AB4B-C2E4-4626-B04C-BE3BA3BAC6CE}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS4293\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{32EBBF3F-1150-4B96-AD01-808236FCD42E}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS4293\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{F8AAD37E-B524-4BF5-8428-CB5E28CF051B}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS36E3\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{104BAA7B-9918-463C-A18C-D959B1056139}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS36E3\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{8BE7F533-FBC0-4696-AB1F-56314FEFEA68}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS1A74\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{E8AD9DC5-C66C-4224-8602-192C1D30FBBA}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS1A74\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{89703615-F751-49B3-824B-C9E27023FCA7}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS05F7\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{CA596647-3DBB-410C-A8CE-52EF9FE1DA1E}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS05F7\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{3CC2D894-545F-4613-BC6B-36876B72E5B9}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS79ED\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{AFE191A9-1EBC-4F4A-B65D-71985C7ED5C3}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS79ED\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{963AFDB3-6C7B-46EA-8CC5-E6A12E58481B}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS3A69\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{D58010F3-753E-40D3-BE81-2A859F8A7290}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS3A69\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{411D5C77-E33D-41DB-9187-9BCB869A1F02}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS52B8\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{64F41A7F-1DE1-4CD1-B1B6-DE0BBDC404C4}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS52B8\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{CA6E747D-3E62-4A3B-A49B-AD21F80760E3}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS48B7\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{BC03E7EC-AE39-42FD-A074-8647544DE782}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS48B7\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{44C508AB-D506-426C-923D-CF13F7296328}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS0C9D\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{FF8B7465-279A-4AEC-B1CB-C4701263DCC9}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS0C9D\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{0248A179-473F-4FBD-AFCF-13CBDB69B240}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS04B1\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{BCF64F78-2B01-4391-9E5E-BE8896BF5D15}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS04B1\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{5606E523-EED5-4665-B767-695A341B372E}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS3082\HPDiagnosticCoreUI.exe => Brak pliku
FirewallRules: [{1DA192B4-368D-48AA-8BBC-3119B0793592}] => (Allow) C:\Users\Thormann Wheels\AppData\Local\Temp\7zS3082\HPDiagnosticCoreUI.exe => Brak pliku
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== UWAGA
Task: {CCB849FF-FA90-4231-8E92-57446230F675} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> Brak pliku <==== UWAGA
EmptyTemp:


Na klawiaturze naciśnij jednocześnie CTRL+S. W FRST kliknij na Fix (NAPRAW).

.






0 Użytkowników czyta ten temat

0 użytkowników, 0 gości, 0 anonimowych użytkowników