VIRY.CZ

Zdravim Vas,
poprosil by som Vas o kontrolu Logu, z dovodu vyssieho odberu RAM. Predtym sa mi notebook zapinal na cca 3GB RAM, teraz ma pri zanuti cca 5GB. Skusil som ADWcleaner, Malwarebytes, ale nepomohlo.

Dakujem pekne



info.txt logfile of random's system information tool 1.10 2018-10-08 16:55:50

======MBR======

0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9AA33B1114000000000200EEFFFFFF01000000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA

======Uninstall list======

. . .-->MsiExec.exe /X{7A5E4942-A527-42E6-A5FC-95109B756CA8}
. .-->MsiExec.exe /I{5F4E8D94-3947-4019-9239-D2541C9A35F2}
Adobe Acrobat Reader DC - Slovak-->MsiExec.exe /I{AC76BA86-7AD7-1051-7B44-AC0F074E4100}
Apple Mobile Device Support-->MsiExec.exe /I{77F8C879-88CD-4145-945A-541C35285285}
Apple Software Update-->MsiExec.exe /I{A30EA700-5515-48F0-88B0-9E99DC356B88}
Asmedia USB Host Controller Driver-->MsiExec.exe /X{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}
Battery Calibration-->C:\Program Files (x86)\InstallShield Installation Information\{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}\setup.exe -runfromtemp -l0x0409
Bonjour-->MsiExec.exe /X{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}
BurnRecovery-->C:\Program Files (x86)\InstallShield Installation Information\{92A6B009-1343-4C44-AFB1-8849137CA3F0}\setup.exe -runfromtemp -l0x0409
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Dragon Center-->C:\Program Files (x86)\InstallShield Installation Information\{C65B26BC-5A6F-4135-9678-55A877655471}\setup.exe -runfromtemp -l0x0409
ESET Security-->MsiExec.exe /I{0813F772-F554-4DA9-9CEA-ABCE6321BDFD}
Firebird SQL Server - MAGIX Edition-->MsiExec.exe /X{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\Installer\setup.exe" --uninstall --system-level --verbose-logging
Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
Help Desk-->C:\Program Files (x86)\InstallShield Installation Information\{7E8181AF-9679-49B3-B133-C265709B6927}\setup.exe -runfromtemp -l0x0409
Intel(R) Computing Improvement Program-->MsiExec.exe /X{2C895850-899F-4E06-ADB6-28A654FFCF9D}
Intel(R) Chipset Device Software-->"C:\ProgramData\Package Cache\{619e726e-d2b4-4e28-9568-c964fd81ee6c}\SetupChipset.exe" /uninstall
Intel(R) Chipset Device Software-->MsiExec.exe /I{FEBB7B48-CC1C-4A50-A497-FA21413F6BE9}
Intel(R) Management Engine Components-->"C:\ProgramData\Intel\Package Cache\{1CEAC85D-2590-4760-800F-8DE5E91F3700}\Setup.exe" -uninstall
Intel(R) Management Engine Components-->MsiExec.exe /I{7B3B60EB-197B-4B06-ADFF-D0B50E755D4F}
Intel(R) Management Engine Components-->MsiExec.exe /I{EC465D35-92DC-4DAE-9EA8-01215688F709}
Intel(R) Management Engine Driver-->MsiExec.exe /I{E5B5A486-C7F5-429C-9324-13835620F2FD}
Intel(R) ME UninstallLegacy-->MsiExec.exe /I{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}
Intel(R) Rapid Storage Technology-->"C:\ProgramData\Intel\Package Cache\{409CB30E-E457-4008-9B1A-ED1B9EA21140}\Setup.exe" -uninstall
Intel(R) Rapid Storage Technology-->MsiExec.exe /I{488216A5-E375-4695-AFB2-63DF4FB19C9B}
Intel(R) Trusted Connect Service Client x64-->MsiExec.exe /I{C9552825-7BF2-4344-BA91-D3CD46F4C442}
Intel(R) Trusted Connect Service Client x86-->MsiExec.exe /I{C9552825-7BF2-4344-BA91-D3CD46F4C441}
Intel(R) Trusted Connect Services Client-->"C:\ProgramData\Package Cache\{246c6cc0-9810-4728-9a29-28474de2eec5}\iclsClientInstaller.exe" /uninstall
Intel® Driver & Support Assistant-->"C:\ProgramData\Package Cache\{ef2ad7ab-dd41-48ed-ae53-f7fe3cd903d8}\Intel Driver and Support Assistant Installer.exe" /uninstall
Intel® Security Assist-->MsiExec.exe /I{CCBE9F01-C2C3-469C-A508-2E23A7495E91}
iTunes-->MsiExec.exe /I{C988C5F8-3771-46A4-91B8-771B8600A90B}
Java 8 Update 181 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F64180181F0}
Java 8 Update 181-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180181F0}
Java SE Development Kit 8 Update 181 (64-bit)-->MsiExec.exe /X{64A3A4F4-B792-11D6-A78A-00B0D0180181}
KB9X Radio Switch Driver-->C:\PROGRA~1\DIFX\D29FE5~1\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\kb9xradiobtn.inf_amd64_d2592575523e4d6d\kb9xradiobtn.inf
Killer Bandwidth Control Filter Driver-->MsiExec.exe /X{77573DC2-C142-420B-BE8B-4FE3CF46EF19}
Killer E240x Drivers-->MsiExec.exe /X{91BE85D2-5846-4160-9A2D-0A7B6284728E}
Killer Network Manager-->MsiExec.exe /X{0093B9DB-35D7-41BA-87A1-8C364D944CB5}
Killer Performance Suite-->"C:\Program Files (x86)\InstallShield Installation Information\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}\PerformanceSuite.exe" -remove -runfromtemp
Killer Wireless-AC Drivers-->MsiExec.exe /X{3EC452AC-3D23-4070-8A42-A894C5F93588}
LauncherSetup Install-->MsiExec.exe /I{C0AF8952-0B19-4081-85D9-987DBF52FE41}
MAGIX Content and Soundpools-->"C:\Program Files (x86)\Common Files\MAGIX Services\Uninstall\GlobalContent\GlobalContentSetup.exe"
MAGIX Music Maker Silver Soundpools-->MsiExec.exe /I{CC8B6E22-F579-46A1-A9F3-985F114590F0}
MAGIX Music Maker Silver-->"C:\Program Files (x86)\Common Files\MAGIX Services\Uninstall\{CD1DE5DB-7AF2-4D01-BBB1-9AD581B34403}\Music_Maker_2015_Silver_setup.exe"
MAGIX Music Maker Silver-->MsiExec.exe /I{CD1DE5DB-7AF2-4D01-BBB1-9AD581B34403}
MAGIX Photo Manager 15-->"C:\Program Files (x86)\Common Files\MAGIX Services\Uninstall\{10FDDBB2-C9D3-4207-B3A9-4910464BA0B0}\Photo_Manager_15_setup.exe"
MAGIX Photo Manager 15-->MsiExec.exe /I{10FDDBB2-C9D3-4207-B3A9-4910464BA0B0}
Microsoft Office 365 - sk-sk-->"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" scenario=install scenariosubtype=ARP sourcetype=None productstoremove=O365HomePremRetail.16_sk-sk_x-none culture=sk-sk version.16=16.0
Microsoft VC++ redistributables repacked.-->MsiExec.exe /I{985F7F32-5BE4-4CDA-9582-F7AEA40D1974}
Microsoft VC++ redistributables repacked.-->MsiExec.exe /I{D3531D7A-B6FA-44A5-A024-E2A14F325F90}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501-->"C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501-->"C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005-->MsiExec.exe /X{929FBD26-9020-399B-9A7A-751D61F0B942}
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005-->MsiExec.exe /X{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020-->"C:\ProgramData\Package Cache\{7474cd6e-76cc-4257-837e-5b9261e526af}\VC_redist.x64.exe" /uninstall
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020-->"C:\ProgramData\Package Cache\{5c045b7f-e561-4794-91f8-c6cda0893107}\VC_redist.x86.exe" /uninstall
Microsoft Visual C++ 2017 x64 Additional Runtime - 14.13.26020-->MsiExec.exe /X{C5ECDB9A-D9B0-3107-BA85-1269998A5B3E}
Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.13.26020-->MsiExec.exe /X{221D6DB4-46E2-333C-B09B-5F49351D0980}
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.13.26020-->MsiExec.exe /X{895D5198-C5DB-375E-86AB-133F4DAA9FE2}
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.13.26020-->MsiExec.exe /X{8F271F6C-6E7B-3D0A-951B-6E7B694D78BD}
MSI Social Media Collection-->MsiExec.exe /I{7ADEC426-BE95-48EF-84D4-086BD0F4D331}
MSI True Color-->"C:\Program Files\Portrait Displays\MSI True Color\Uninstall.exe"
MSXML 4.0 SP3 Parser-->MsiExec.exe /I{196467F1-C11F-4F76-858B-5812ADC83B94}
Nahimic 2 Audio Driver-->"C:\ProgramData\Package Cache\{38ca1b1f-9d48-476a-98a8-ef8d540ce051}\Nahimic2_Setup.exe" /uninstall
Nahimic 2 Audio Driver-->MsiExec.exe /I{C526A25E-AB3F-4E66-900B-ACF134FB093D}
Notepad++ (32-bit x86)-->C:\Program Files (x86)\Notepad++\uninstall.exe
NVIDIA GeForce Experience 3.15.0.164-->"C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.GFExperience
NVIDIA Grafický ovládač 416.16-->"C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA Ovládač 3D Vision 416.16-->"C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.3DVision
NVIDIA Ovládač zvuku HD 1.3.37.5-->"C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage HDAudio.Driver
NVIDIA Softvér systému s podporou technológie PhysX 9.18.0907-->"C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
Office 16 Click-to-Run Extensibility Component 64-bit Registration-->MsiExec.exe /X{90160000-00DD-0000-1000-0000000FF1CE}
Office 16 Click-to-Run Extensibility Component-->MsiExec.exe /X{90160000-008C-0000-0000-0000000FF1CE}
Office 16 Click-to-Run Licensing Component-->MsiExec.exe /I{90160000-008F-0000-1000-0000000FF1CE}
Podpora Apple aplikácií (32-bit)-->MsiExec.exe /I{308F2F8C-9D33-4B22-8A6C-D9C13DBEF8C6}
Podpora Apple aplikácií(64-bit)-->MsiExec.exe /I{0CB84A7D-9697-4526-A819-60FB050E8F05}
ProductDaemonSetup Install-->MsiExec.exe /I{34BEB8EF-E3F5-4FD0-82EB-F688A1E40FFE}
PuTTY release 0.70 (64-bit)-->MsiExec.exe /X{45B3032F-22CC-40CD-9E97-4DA7095FA5A2}
Qualcomm Atheros Bluetooth Installer (64)-->MsiExec.exe /X{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}
Realtek Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}\setup.exe" -runfromtemp -removeonly
Realtek High Definition Audio Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -runfromtemp -removeonly
SCM-->MsiExec.exe /I{1CC45AFD-DFFF-4165-86B4-FA112B167509}
Sizing Options-->C:\Program Files (x86)\InstallShield Installation Information\{DFAB6DE8-E45F-4D5D-95C0-E54C58993F9F}\setup.exe -runfromtemp -l0x0409
Steam-->C:\Program Files (x86)\Steam\uninstall.exe
SteelSeries Engine 3.12.13-->C:\Program Files\SteelSeries\SteelSeries Engine 3\uninst.exe
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
UIInstallUpgrade-->MsiExec.exe /I{A8B178EB-1927-4FB7-9D02-78A5FDE9A6B6}
VLC media player-->"C:\Program Files\VideoLAN\VLC\uninstall.exe"
WinRAR 5.40 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe

======System event log======

Computer Name: WIN-IV14C8FB0HC
Event Code: 37
Message: The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 42 seconds since the last report.
Record Number: 152
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20181006181907.165499-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: WIN-IV14C8FB0HC
Event Code: 26
Message: The driver has detected that device has old or out-of-date firmware. Reduced performance may result.
Record Number: 62
Source Name: BtFilter
Time Written: 20181006181819.839154-000
Event Type: Warning
User:

Computer Name: WIN-IV14C8FB0HC
Event Code: 7023
Message: Služba Pomocná služba protokolu IP bola ukončená s nasledujúcou chybou:
The device is not ready.
Record Number: 52
Source Name: Service Control Manager
Time Written: 20181006181813.751783-000
Event Type: Error
User:

Computer Name: WIN-IV14C8FB0HC
Event Code: 7023
Message: Služba Spooler bola ukončená s nasledujúcou chybou:
Ran out of memory
Record Number: 51
Source Name: Service Control Manager
Time Written: 20181006181813.445510-000
Event Type: Error
User:

Computer Name: WIN-IV14C8FB0HC
Event Code: 219
Message: The driver \Driver\WUDFRd failed to load for the device ACPI\ENE0110\5&2e5027f4&0.
Record Number: 19
Source Name: Microsoft-Windows-Kernel-PnP
Time Written: 20181006181755.977650-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: MSI
Event Code: 4104
Message: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A
Record Number: 56
Source Name: Microsoft-Windows-MSDTC Client 2
Time Written: 20181006182427.033589-000
Event Type: Error
User:

Computer Name: MSI
Event Code: 1023
Message: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code The specified module could not be found.).
Record Number: 54
Source Name: Microsoft-Windows-Perflib
Time Written: 20181006182409.445122-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: MSI
Event Code: 1008
Message: The Open procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed with error code The Workstation service has not been started.. Performance data for this service will not be available.
Record Number: 53
Source Name: Microsoft-Windows-Perflib
Time Written: 20181006182409.419300-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: MSI
Event Code: 1008
Message: The Open procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed with error code The system cannot find the file specified.. Performance data for this service will not be available.
Record Number: 52
Source Name: Microsoft-Windows-Perflib
Time Written: 20181006182409.382223-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: MSI
Event Code: 4104
Message: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A
Record Number: 51
Source Name: Microsoft-Windows-MSDTC Client 2
Time Written: 20181006182409.414801-000
Event Type: Error
User:

=====Security event log=====

Computer Name: WIN-IV14C8FB0HC
Event Code: 4688
Message: A new process has been created.

Creator Subject:
Security ID: S-1-5-18
Account Name: -
Account Domain: -
Logon ID: 0x3E7

Target Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Process Information:
New Process ID: 0x1b8
New Process Name: C:\Windows\System32\autochk.exe
Token Elevation Type: %%1936
Mandatory Label: S-1-16-16384
Creator Process ID: 0x18c
Creator Process Name: C:\Windows\System32\smss.exe
Process Command Line:

Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.

Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.

Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.

Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20181006181756.609098-000
Event Type: Audit Success
User:

Computer Name: WIN-IV14C8FB0HC
Event Code: 4688
Message: A new process has been created.

Creator Subject:
Security ID: S-1-5-18
Account Name: -
Account Domain: -
Logon ID: 0x3E7

Target Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Process Information:
New Process ID: 0x18c
New Process Name: C:\Windows\System32\smss.exe
Token Elevation Type: %%1936
Mandatory Label: S-1-16-16384
Creator Process ID: 0x4
Creator Process Name:
Process Command Line:

Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.

Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.

Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.

Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20181006181755.942179-000
Event Type: Audit Success
User:

Computer Name: WIN-IV14C8FB0HC
Event Code: 4826
Message: Boot Configuration Data loaded.

Subject:
Security ID: S-1-5-18
Account Name: -
Account Domain: -
Logon ID: 0x3E7

General Settings:
Load Options: -
Advanced Options: No
Configuration Access Policy: Default
System Event Logging: No
Kernel Debugging: No
VSM Launch Type: Off

Signature Settings:
Test Signing: No
Flight Signing: No
Disable Integrity Checks: No

HyperVisor Settings:
HyperVisor Load Options: -
HyperVisor Launch Type: Off
HyperVisor Debugging: No
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20181006181755.939834-000
Event Type: Audit Success
User:

Computer Name: WIN-IV14C8FB0HC
Event Code: 4696
Message: A primary token was assigned to process.

Subject:
Security ID: S-1-5-18
Account Name: -
Account Domain: -
Logon ID: 0x3E7

Process Information:
Process ID: 0x4
Process Name:

Target Process:
Target Process ID: 0x78
Target Process Name: Registry

New Token Information:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x3E7
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20181006181755.939830-000
Event Type: Audit Success
User:

Computer Name: WIN-IV14C8FB0HC
Event Code: 4688
Message: A new process has been created.

Creator Subject:
Security ID: S-1-5-18
Account Name: -
Account Domain: -
Logon ID: 0x3E7

Target Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Process Information:
New Process ID: 0x78
New Process Name: Registry
Token Elevation Type: %%1936
Mandatory Label: S-1-16-16384
Creator Process ID: 0x4
Creator Process Name:
Process Command Line:

Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.

Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.

Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.

Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20181006181755.939819-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"DriverData"=C:\Windows\System32\Drivers\DriverData
"OS"=Windows_NT
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"PSModulePath"=%ProgramFiles%\WindowsPowerShell\Modules;%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"NUMBER_OF_PROCESSORS"=8
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 94 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=5e03
"configsetroot"=%SystemRoot%\ConfigSetRoot
"Path"=C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\PuTTY\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT
"ESET_OPTIONS"=
"asl.log"=Destination=file

-----------------EOF-----------------

Zdravím!
Dejte log FRST: https://forum.viry.cz/viewtopic.php?f=13&t=154679 .

posielam v prilohe

Teď spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Dnes uz som spustal adwcleaner. A to odsuhlasenie podmienok tam uz nie je.

# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-09-21.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-08-2018
# Duration: 00:00:02
# OS: Windows 10 Home
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1260 octets] - [06/10/2018 19:15:31]
AdwCleaner[C00].txt - [1426 octets] - [06/10/2018 19:16:29]
AdwCleaner[S01].txt - [1518 octets] - [08/10/2018 16:21:51]
AdwCleaner[C01].txt - [1646 octets] - [08/10/2018 16:22:00]
AdwCleaner[S02].txt - [1494 octets] - [08/10/2018 18:54:02]
AdwCleaner[S03].txt - [1555 octets] - [08/10/2018 18:54:28]
AdwCleaner[C03].txt - [1741 octets] - [08/10/2018 18:56:36]
AdwCleaner[S04].txt - [1677 octets] - [08/10/2018 19:01:23]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C04].txt ##########

Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
C:\WINDOWS\LastGood.Tmp
C:\Program Files (x86)\Bonjour
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\SysWOW64\winrm.vbs
C:\WINDOWS\system32\winrm.vbs
C:\WINDOWS\system32\slmgr.vbs
C:\Users\jossi\AppData\Local\Temp
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
Task: {08CC0476-4847-4F79-9755-03190A698E02} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-06] (Google Inc.)
Task: {B794E48C-B213-40EB-904C-A5C234D47218} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-06] (Google Inc.)

EmptyTemp:
End

Uložte do C:\Users\jossi\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 06.10.2018
Ran by jossi (09-10-2018 11:28:56) Run:1
Running from C:\Users\jossi\Downloads
Loaded Profiles: jossi (Available Profiles: jossi)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
C:\WINDOWS\LastGood.Tmp
C:\Program Files (x86)\Bonjour
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\SysWOW64\winrm.vbs
C:\WINDOWS\system32\winrm.vbs
C:\WINDOWS\system32\slmgr.vbs
C:\Users\jossi\AppData\Local\Temp
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
Task: {08CC0476-4847-4F79-9755-03190A698E02} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-06] (Google Inc.)
Task: {B794E48C-B213-40EB-904C-A5C234D47218} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-06] (Google Inc.)

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
C:\WINDOWS\LastGood.Tmp => moved successfully
C:\Program Files (x86)\Bonjour => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\WINDOWS\SysWOW64\winrm.vbs => moved successfully
C:\WINDOWS\system32\winrm.vbs => moved successfully
C:\WINDOWS\system32\slmgr.vbs => moved successfully
C:\Users\jossi\AppData\Local\Temp => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
"HKU\\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx" => not found
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => not found
"HKU\\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx" => not found
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => not found
"HKU\\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ FileSyncEx" => not found
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08CC0476-4847-4F79-9755-03190A698E02}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08CC0476-4847-4F79-9755-03190A698E02}" => removed successfully
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B794E48C-B213-40EB-904C-A5C234D47218}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B794E48C-B213-40EB-904C-A5C234D47218}" => removed successfully
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7659520 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21315525 B
Java, Flash, Steam htmlcache => 131887 B
Windows/system/drivers => 5703161 B
Edge => 90988 B
Chrome => 440646005 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 14434 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
jossi => 320627 B

RecycleBin => 0 B
EmptyTemp: => 453.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:29:47 ====

Smazáno. Nastala nějaká změna?

Nepovedal by som, ze nastala zmena, stale po zapnuti je tam takmer 5GB RAM. Ntb som nedavno preinstaloval a po aktualizovani na posledny win 10 update 1809 je takato spotreba RAM. Neviem ci mi chyba nejaky ovladac nainstalovat, alebo previest radsej clean install windowsu, alebo to proste uz tak bude,ale aj tak mi to pride vela,ze postarte potrebuje 5GB, ked donedavna stacili 3GB.

Otevřte správce úloh a zjistěte, který proces odebírá nejvíce RAM.

Podle mne je toto v pořádku. Systém odebírá 29% instalované paměti, což odpovídá podprůměrnému zatížení.

tak len je to zvlastne, lebo len nedavno tolko pamati sa nevyuzivalo,ale aj tak dakujem za tu pracu

Nemáte zač. Pokud PC nemá problém s plynulým chodem, není co řešit. Zřejmě jste nainstaloval něco, co tu paměť spotřebovává. Může to být i aktualizace.