Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

svchost.exe(netsvcs) - 100% cpu a 80% ram

Moderátor: Moderátoři

Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní: http://forum.viry.cz/viewtopic.php?f=12&t=123975 . Děkujeme za pochopení.
Odpovědět
Zpráva
Autor
angel0140
Návštěvník
Návštěvník
Příspěvky: 31
Registrován: 18 lis 2015 21:20

svchost.exe(netsvcs) - 100% cpu a 80% ram

#1 Příspěvek od angel0140 »

dobry vecer ... mam taky problem .. preinstaloval som sestre notebook hp compaq presario CQ57 ( cpu:amd E-450 , Ram: 4gb, Windows 7) cez recovery .. lebo jej siel dost pomaly a mala tam aj dost virusov ... po preinstalovani .. zapojeni netu .. pocitac ide dost pomaly pricom spomaluje ho svchost.exe(netsvcs).. skusal som zakazat auktualizaciu ale nepomaha to .. stale to zabera extremne vela ramky a 100% cpu... prosim o radu . :?:

angel0140
Návštěvník
Návštěvník
Příspěvky: 31
Registrován: 18 lis 2015 21:20

Re: svchost.exe(netsvcs) - 100% cpu a 80% ram

#2 Příspěvek od angel0140 »

poradi niekto?

angel0140
Návštěvník
Návštěvník
Příspěvky: 31
Registrován: 18 lis 2015 21:20

Re: svchost.exe(netsvcs) - 100% cpu a 80% ram

#3 Příspěvek od angel0140 »

Kód: Vybrat vše

Additional scan result of Farbar Recovery Scan Tool (x64) Version:29-11-2015
Ran by Rišo (2015-11-30 16:40:33)
Running from C:\Users\Rišo\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2015-11-29 10:37:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-213337971-4216619876-715870879-500 - Administrator - Disabled)
Guest (S-1-5-21-213337971-4216619876-715870879-501 - Limited - Disabled)
Rišo (S-1-5-21-213337971-4216619876-715870879-1001 - Administrator - Enabled) => C:\Users\Rišo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

18 Wheels of Steel Pedal to the Metal (HKLM-x32\...\18 Wheels of Steel Pedal to the Metal) (Version: 1.0 - ValuSoft)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.3.181.14 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
ATI Catalyst Install Manager (HKLM\...\{6153098B-60DB-6A9F-EA0F-B006A96B57D5}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2241 - AVAST Software)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.100.82.86 - Broadcom Corporation)
Broadcom Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.1300 - Broadcom Corporation)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1300 - Broadcom Corporation)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.2.0.0112 - Disc Soft Ltd)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Spoločnosť Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{68A55875-B6DD-41E8-8CF6-F193D9C47051}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{538E13B0-3CAF-436F-AF78-7863A6F9E2A5}) (Version: 4.1.7.1 - Hewlett-Packard Company)
K-Lite Mega Codec Pack 9.8.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.8.0 - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 sk) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 sk)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6287 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

30-11-2015 11:15:28 Nainštalované GTAIII
30-11-2015 11:35:12 Windows Update
30-11-2015 11:51:28 Inštalácia balíka ovládačov zariadenia: Disc Soft Ltd Radiče pamäťových zariadení
30-11-2015 11:54:16 Inštalácia balíka ovládačov zariadenia: Disc Soft Ltd Radiče Univerzálnej sériovej zbernice

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0082214C-9387-4E4D-80FA-4E7A083A86FF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {04123172-ECCB-4C86-9B2A-B79025A1DF35} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-29] (Google Inc.)
Task: {1DB76E14-0BC9-47E0-B208-046252D9DC99} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {29124E7E-668E-4BD7-A88B-14AB1A13EC22} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe
Task: {3E8386D7-014B-4CE8-ACDF-36ACC111CD16} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
Task: {5B73FCB3-78B6-4CE1-9405-A7644B1B5D2B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {837E7E8F-34C2-43A9-BE0C-83442E74D294} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-29] (Google Inc.)
Task: {8760E0A1-0822-46BE-96D6-3FD6E7B845EB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-11-29] (AVAST Software)
Task: {DE2EAD88-CCF1-41FD-8235-78A281C6BF16} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe
Task: {E2083DB0-575B-4474-AF4A-3CA30565D568} - System32\Tasks\SetupManager => C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exe
Task: {EA24E7E0-B51F-4337-BBBA-09284FF92960} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-15] (CyberLink)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-06-16 17:57 - 2011-06-16 17:57 - 00081696 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\BtwLeLib.dll
2011-07-05 10:27 - 2011-07-05 10:27 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2011-07-05 10:27 - 2011-07-05 10:27 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-07-05 10:13 - 2011-07-05 10:13 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-17 12:42 - 2011-06-17 12:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2015-11-29 21:25 - 2015-11-29 21:25 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-11-29 21:25 - 2015-11-29 21:25 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-30 09:54 - 2015-11-30 09:54 - 02996736 _____ () C:\Program Files\AVAST Software\Avast\defs\15113000\algo.dll
2015-11-29 21:25 - 2015-11-29 21:25 - 00466448 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-11-29 21:25 - 2015-11-29 21:25 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-213337971-4216619876-715870879-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rišo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 92.245.2.245 - 92.245.2.162
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A5347AA3-E50D-4B04-A815-E5A3779A62AB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5A44F186-A940-4463-859B-4807182D295B}] => (Allow) LPort=2869
FirewallRules: [{558B5E88-9811-4BCA-BD66-4BE794333566}] => (Allow) LPort=1900
FirewallRules: [{20D28974-0099-438F-ACA6-A9EE050A1B93}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe
FirewallRules: [{F2642B43-2782-4FEF-8AE3-06BC1BE721B8}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe
FirewallRules: [{87CD2117-4E23-4C49-AF34-09A3C4C84E3D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{62E07F0E-E437-4364-B81A-DC9E521F8AF6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E2BA81D1-55D5-4A57-9BFB-467121008C3E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{DF0061F2-EB48-4CBD-BDCD-F8D6E094D7DE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{169BCA16-65C7-4F85-9CB0-23FAF8321997}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/30/2015 04:06:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (11/30/2015 04:06:42 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (11/30/2015 03:59:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/30/2015 02:18:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybovej aplikácie: prism3d.exe, verzia: 0.0.0.0, časová značka: 0x41122944
Názov chybového modulu: game.dll, verzia: 0.0.0.0, časová značka: 0x41122a24
Kód výnimky: 0xc0000005
Odstup chyby: 0x0009c1e2
Identifikácia chybného procesu: 0xb20
Čas spustenia chybnej aplikácie: 0xprism3d.exe0
Cesta chybnej aplikácie: prism3d.exe1
Cesta chybného modulu: prism3d.exe2
Identifikácia hlásenia: prism3d.exe3

Error: (11/30/2015 00:28:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybovej aplikácie: prism3d.exe, verzia: 0.0.0.0, časová značka: 0x41122944
Názov chybového modulu: game.dll, verzia: 0.0.0.0, časová značka: 0x41122a24
Kód výnimky: 0xc0000005
Odstup chyby: 0x0009c1e2
Identifikácia chybného procesu: 0x10b0
Čas spustenia chybnej aplikácie: 0xprism3d.exe0
Cesta chybnej aplikácie: prism3d.exe1
Cesta chybného modulu: prism3d.exe2
Identifikácia hlásenia: prism3d.exe3

Error: (11/30/2015 11:46:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: RISO)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (11/30/2015 11:39:55 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: RISO)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (11/30/2015 11:39:53 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: RISO)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (11/30/2015 11:14:09 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (11/30/2015 11:14:09 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.


System errors:
=============
Error: (11/30/2015 04:01:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby HP Support Assistant Service zlyhalo kvôli nasledujúcej chybe: 
%%2

Error: (11/30/2015 03:56:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (11/30/2015 11:30:08 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (11/30/2015 11:29:59 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (11/30/2015 11:29:49 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (11/30/2015 11:29:40 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (11/30/2015 11:29:30 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (11/30/2015 11:29:21 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (11/30/2015 11:29:12 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (11/30/2015 11:29:02 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.


==================== Memory info =========================== 

Processor: AMD E-450 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 65%
Total physical RAM: 3690.91 MB
Available physical RAM: 1283.18 MB
Total Virtual: 7380.01 MB
Available Virtual: 4613.35 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.32 GB) (Free:200.38 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:16.18 GB) (Free:1.67 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:3.95 GB) FAT32
Drive g: (Data) (Fixed) (Total:214.09 GB) (Free:213.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C7362458)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=199 MB) - (Type=42)
Partition 3: (Not Active) - (Size=231.3 GB) - (Type=42)
Partition 4: (Not Active) - (Size=234.2 GB) - (Type=42)

==================== End of Addition.txt ============================

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-11-2015
Ran by Rišo (administrator) on RISO (30-11-2015 16:39:04)
Running from C:\Users\Rišo\Downloads
Loaded Profiles: Rišo (Available Profiles: Rišo)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-10] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1444880 2015-11-29] (Easybits)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-29] (AVAST Software)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-213337971-4216619876-715870879-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4179288 2015-11-18] (Disc Soft Ltd)
HKU\S-1-5-21-213337971-4216619876-715870879-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-213337971-4216619876-715870879-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-213337971-4216619876-715870879-1001\...\MountPoints2: {65a3704f-974a-11e5-a740-9439e5cac1af} - H:\launcher.exe
HKU\S-1-5-21-213337971-4216619876-715870879-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-21] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-11-29] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-10-06]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 92.245.2.245 92.245.2.162
Tcpip\..\Interfaces\{BEF1CD84-8ED0-4AAA-B18E-760F57501C49}: [DhcpNameServer] 92.245.2.245 92.245.2.162

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=CPNTDF
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=CPNTDF
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CPNTDF
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CPNTDF
HKU\S-1-5-21-213337971-4216619876-715870879-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=CPNTDF
HKU\S-1-5-21-213337971-4216619876-715870879-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CPNTDF
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM -> {D011BB7A-015B-4260-9DCD-C21EB65D1701} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://sk.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM-x32 -> {D011BB7A-015B-4260-9DCD-C21EB65D1701} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://sk.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-213337971-4216619876-715870879-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-213337971-4216619876-715870879-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-213337971-4216619876-715870879-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKU\S-1-5-21-213337971-4216619876-715870879-1001 -> {D011BB7A-015B-4260-9DCD-C21EB65D1701} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-213337971-4216619876-715870879-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://sk.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-29] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-29] (AVAST Software)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)

FireFox:
========
FF ProfilePath: C:\Users\Rišo\AppData\Roaming\Mozilla\Firefox\Profiles\qpj5upzr.default
FF SelectedSearchEngine: Google
FF Homepage: www.google.sk
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-29] (Google Inc.)
FF user.js: detected! => C:\Users\Rišo\AppData\Roaming\Mozilla\Firefox\Profiles\qpj5upzr.default\user.js [2015-03-12]
FF Extension: Firefox - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\firefox@firefox.sk [2015-11-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-29]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Rišo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Rišo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-29]
CHR Extension: (Disk Google) - C:\Users\Rišo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Rišo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-29] (AVAST Software)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369432 2015-11-18] (Disc Soft Ltd)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S3 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-11-29] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-11-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-11-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-11-29] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-29] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [154256 2015-11-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-11-29] (AVAST Software)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133160 2011-06-16] (Broadcom Corporation.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-11-30] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47160 2015-11-30] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-30 16:39 - 2015-11-30 16:39 - 00014827 _____ C:\Users\Rišo\Downloads\FRST.txt
2015-11-30 16:38 - 2015-11-30 16:39 - 00000000 ____D C:\FRST
2015-11-30 16:38 - 2015-11-30 16:38 - 02350080 _____ (Farbar) C:\Users\Rišo\Downloads\FRST64.exe
2015-11-30 11:59 - 2015-11-30 12:07 - 00000000 ____D C:\Users\Rišo\Documents\18 WoS Pedal to the Metal
2015-11-30 11:59 - 2015-11-30 11:59 - 00000000 ____D C:\Users\Rišo\AppData\Local\Disc_Soft_Ltd
2015-11-30 11:58 - 2015-11-30 11:58 - 00000705 _____ C:\Users\Rišo\Desktop\18 Wheels of Steel Pedal to the Metal.lnk
2015-11-30 11:58 - 2015-11-30 11:58 - 00000000 ____D C:\Users\Rišo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\18 WoS Pedal to the Metal
2015-11-30 11:58 - 2015-11-30 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\18 WoS Pedal to the Metal
2015-11-30 11:53 - 2015-11-30 11:53 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2015-11-30 11:52 - 2015-11-30 11:54 - 00047160 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2015-11-30 11:51 - 2015-11-30 11:56 - 00000000 ____D C:\Users\Rišo\AppData\Roaming\DAEMON Tools Lite
2015-11-30 11:51 - 2015-11-30 11:52 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2015-11-30 11:51 - 2015-11-30 11:51 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-11-30 11:51 - 2015-11-30 11:51 - 00001773 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2015-11-30 11:51 - 2015-11-30 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-11-30 11:50 - 2015-11-30 11:50 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2015-11-30 11:34 - 2015-11-30 11:34 - 01709792 _____ (Disc Soft Ltd.) C:\Users\Rišo\Downloads\DTLiteInstaller.exe
2015-11-29 21:58 - 2015-11-29 23:15 - 00007603 _____ C:\Users\Rišo\AppData\Local\Resmon.ResmonCfg
2015-11-29 21:57 - 2015-11-30 14:19 - 00000000 ____D C:\Users\Rišo\AppData\Local\CrashDumps
2015-11-29 21:41 - 2015-11-29 21:41 - 00002227 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-29 21:41 - 2015-11-29 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-29 21:37 - 2015-11-30 15:50 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-29 21:37 - 2015-11-29 21:45 - 00003932 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-11-29 21:36 - 2015-11-30 15:59 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-29 21:36 - 2015-11-29 21:46 - 00000000 ____D C:\Users\Rišo\AppData\Local\Google
2015-11-29 21:36 - 2015-11-29 21:45 - 00003680 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-29 21:36 - 2015-11-29 21:40 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-29 21:35 - 2015-11-29 21:25 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-11-29 21:33 - 2015-11-29 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-11-29 21:33 - 2013-03-07 19:00 - 00112640 _____ C:\Windows\SysWOW64\ff_vfw.dll
2015-11-29 21:33 - 2012-07-02 00:15 - 04102656 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
2015-11-29 21:33 - 2012-06-09 19:21 - 00178688 _____ C:\Windows\SysWOW64\unrar.dll
2015-11-29 21:33 - 2011-12-21 19:14 - 00151552 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2015-11-29 21:33 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2015-11-29 21:33 - 2011-06-24 16:44 - 00243200 _____ C:\Windows\SysWOW64\xvidvfw.dll
2015-11-29 21:33 - 2011-06-24 16:28 - 00650752 _____ C:\Windows\SysWOW64\xvidcore.dll
2015-11-29 21:32 - 2015-11-29 21:33 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2015-11-29 21:31 - 2015-11-30 12:00 - 00000000 ____D C:\Users\Rišo\AppData\Roaming\WinRAR
2015-11-29 21:31 - 2015-11-29 21:31 - 00000000 ____D C:\Users\Rišo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-11-29 21:31 - 2015-11-29 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-11-29 21:31 - 2015-11-29 21:31 - 00000000 ____D C:\Program Files (x86)\WinRAR
2015-11-29 21:28 - 2015-11-29 21:28 - 00000000 ____D C:\Users\Rišo\AppData\Roaming\AVAST Software
2015-11-29 21:26 - 2015-11-29 21:42 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-11-29 21:26 - 2015-11-29 21:26 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-11-29 21:26 - 2015-11-29 21:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-11-29 21:25 - 2015-11-29 21:25 - 01059656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-11-29 21:25 - 2015-11-29 21:25 - 00449992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-11-29 21:25 - 2015-11-29 21:25 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-11-29 21:25 - 2015-11-29 21:25 - 00154256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-11-29 21:25 - 2015-11-29 21:25 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-11-29 21:25 - 2015-11-29 21:25 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-11-29 21:25 - 2015-11-29 21:25 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-11-29 21:25 - 2015-11-29 21:25 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-11-29 21:25 - 2015-11-29 21:25 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-11-29 21:19 - 2015-11-29 21:19 - 00000000 ____D C:\Program Files\AVAST Software
2015-11-29 21:17 - 2015-11-29 21:18 - 05084256 _____ (AVAST Software) C:\Users\Rišo\Downloads\avast_free_antivirus_setup_online.exe
2015-11-29 21:13 - 2015-11-29 21:13 - 00001119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-29 21:13 - 2015-11-29 21:13 - 00001107 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-11-29 21:13 - 2015-11-29 21:13 - 00000000 ____D C:\Users\Rišo\AppData\Roaming\Mozilla
2015-11-29 21:13 - 2015-11-29 21:13 - 00000000 ____D C:\Users\Rišo\AppData\Local\Mozilla
2015-11-29 21:13 - 2015-11-29 21:13 - 00000000 ____D C:\ProgramData\Mozilla
2015-11-29 21:13 - 2015-11-29 21:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-29 21:13 - 2015-11-29 21:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-29 21:10 - 2015-11-29 21:10 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-11-29 21:09 - 2015-11-29 21:10 - 00000000 ____D C:\ProgramData\AVAST Software
2015-11-29 21:08 - 2015-11-29 21:12 - 42379965 _____ (Mozilla) C:\Users\Rišo\Downloads\Firefox 36.exe
2015-11-29 21:06 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-29 21:06 - 2014-05-14 17:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-29 21:06 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-29 21:06 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-29 21:06 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-29 21:06 - 2014-05-14 17:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-29 21:06 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-29 21:06 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-29 21:06 - 2014-05-14 17:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-29 21:06 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-29 21:05 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-29 21:05 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-29 21:05 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-29 21:05 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-29 21:02 - 2015-11-29 21:07 - 00000000 ____D C:\ProgramData\Easybits Magic Desktop for HP
2015-11-29 17:18 - 2015-11-29 17:18 - 00002743 _____ C:\Users\Rišo\Desktop\Microsoft Office Word 2007.lnk
2015-11-29 17:18 - 2015-11-29 17:18 - 00002657 _____ C:\Users\Rišo\Desktop\Microsoft Office Excel 2007.lnk
2015-11-29 17:18 - 2015-11-29 17:18 - 00002655 _____ C:\Users\Rišo\Desktop\Microsoft Office PowerPoint 2007.lnk
2015-11-29 17:13 - 2015-11-29 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-11-29 17:12 - 2015-11-29 17:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2015-11-29 17:12 - 2015-11-29 17:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2015-11-29 17:08 - 2015-11-29 17:08 - 00000000 ____D C:\Windows\SHELLNEW
2015-11-29 17:08 - 2015-11-29 17:08 - 00000000 ____D C:\Users\Rišo\AppData\Local\Microsoft Help
2015-11-29 17:08 - 2015-11-29 17:08 - 00000000 ____D C:\Program Files\Microsoft Office
2015-11-29 17:07 - 2015-11-29 17:07 - 00000000 __RHD C:\MSOCache
2015-11-29 17:07 - 2015-11-29 17:07 - 00000000 ____D C:\Users\Rišo\AppData\Roaming\Macromedia
2015-11-29 17:07 - 2015-11-29 17:07 - 00000000 ____D C:\Users\Rišo\AppData\Roaming\Adobe
2015-11-29 17:07 - 2015-11-29 17:07 - 00000000 ____D C:\Users\Rišo\AppData\Roaming\_MDLogs
2015-11-29 17:07 - 2009-07-14 02:14 - 01397248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win_utilman.exe
2015-11-29 11:52 - 2015-11-29 11:52 - 00000000 ____D C:\Users\Rišo\Documents\Složka Bluetooth Exchange
2015-11-29 11:52 - 2015-11-29 11:52 - 00000000 ____D C:\Users\Rišo\AppData\Local\Broadcom
2015-11-29 11:43 - 2015-11-29 11:43 - 00003870 _____ C:\Windows\System32\Tasks\SetupManager
2015-11-29 11:43 - 2015-11-29 11:43 - 00000000 ____D C:\Users\Rišo\AppData\Roaming\ATI
2015-11-29 11:43 - 2015-11-29 11:43 - 00000000 ____D C:\Users\Rišo\AppData\Local\ATI
2015-11-29 11:43 - 2015-11-29 11:43 - 00000000 ____D C:\Users\Rišo\AppData\Local\AMD
2015-11-29 11:42 - 2015-11-29 22:01 - 00000000 ____D C:\Users\Rišo\AppData\Roaming\hpqLog
2015-11-29 11:42 - 2015-11-29 11:53 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{670C9BFA-420C-4C6E-A352-BEBD4AC7BD6A}
2015-11-29 11:42 - 2015-11-29 11:42 - 00001443 _____ C:\Users\Rišo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-29 11:42 - 2015-11-29 11:42 - 00001409 _____ C:\Users\Rišo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-11-29 11:42 - 2015-11-29 11:42 - 00001056 _____ C:\Users\Rišo\Desktop\Dokumenty - odkaz.lnk
2015-11-29 11:42 - 2015-11-29 11:42 - 00000000 ____D C:\Users\Rišo\AppData\Roaming\Synaptics
2015-11-29 11:41 - 2015-11-29 11:41 - 00003512 _____ C:\Windows\System32\Tasks\Registration
2015-11-29 11:41 - 2015-11-29 11:41 - 00000000 ____D C:\Users\Rišo\AppData\Local\VirtualStore
2015-11-29 11:41 - 2015-11-29 11:41 - 00000000 ____D C:\Users\Rišo\AppData\Local\RemEngine
2015-11-29 11:40 - 2015-11-29 21:03 - 00084528 _____ C:\Users\Rišo\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-29 11:39 - 2015-11-29 11:43 - 00000000 ____D C:\Users\Rišo\AppData\Roaming\Hewlett-Packard
2015-11-29 11:38 - 2015-11-29 11:43 - 00000000 ____D C:\Users\Rišo\AppData\Local\Hewlett-Packard_Company
2015-11-29 11:38 - 2015-11-29 11:41 - 00000000 ____D C:\Users\Rišo\AppData\Local\Hewlett-Packard
2015-11-29 11:38 - 2015-11-29 11:38 - 00000000 ____D C:\Windows\SysWOW64\%COREALLUSERPATH%
2015-11-29 11:37 - 2015-11-29 11:42 - 00000000 ____D C:\Users\Rišo
2015-11-29 11:37 - 2015-11-29 11:37 - 00000020 ___SH C:\Users\Rišo\ntuser.ini
2015-11-29 11:37 - 2015-11-29 11:37 - 00000000 _SHDL C:\Users\Public\Documents\Obrázky
2015-11-29 11:37 - 2015-11-29 11:37 - 00000000 _SHDL C:\Users\Public\Documents\Hudba
2015-11-29 11:37 - 2015-11-29 11:37 - 00000000 _SHDL C:\Users\Public\Documents\Filmy
2015-11-29 11:37 - 2015-11-29 11:37 - 00000000 _SHDL C:\Users\Default\Šablony
2015-11-29 11:37 - 2015-11-29 11:37 - 00000000 _SHDL C:\Users\Default\Soubory cookie
2015-11-29 11:37 - 2015-11-29 11:37 - 00000000 _SHDL C:\Users\Default\Poslední
2015-11-29 11:37 - 2015-11-29 11:37 - 00000000 _SHDL C:\Users\Default\Okolní tiskárny
2015-11-29 11:37 - 2015-11-29 11:37 - 00000000 _SHDL C:\Users\Default\Okolní síť
2015-11-29 11:37 - 2015-11-29 11:37 - 00000000 _SHDL C:\Users\Default\Nabídka Start
2015-11-29 11:37 - 2015-11-29 11:37 - 00000000 _SHDL C:\Users\Default\Dokumenty
2015-11-29 11:37 - 2015-11-29 11:37 - 00000000 _SHDL C:\Users\Default\Documents\Obrázky
2015-11-29 11:37 - 2015-11-29 11:37 - 00000000 _SHDL C:\Users\Default\Documents\Hudba
2015-11-29 11:37 - 2015-11-29 11:37 - 00000000 _SHDL C:\Users\Default\Documents\Filmy
2015-11-29 11:37 - 2015-11-29 11:37 - 00000000 _SHDL C:\Users\Default\Data aplikací
2015-11-29 11:37 - 2015-11-29 11:37 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2015-11-29 11:37 - 2015-11-29 11:37 - 00000000 _SHDL C:\Users\Default\AppData\Local\Data aplikací
2015-11-29 11:37 - 2015-11-29 11:37 - 00000000 _SHDL C:\ProgramData\Šablony
2015-11-29 11:37 - 2015-11-29 11:37 - 00000000 _SHDL C:\ProgramData\Plocha
2015-11-29 11:37 - 2015-11-29 11:37 - 00000000 _SHDL C:\ProgramData\Oblíbené položky
2015-11-29 11:37 - 2015-11-29 11:37 - 00000000 _SHDL C:\ProgramData\Nabídka Start
2015-11-29 11:37 - 2015-11-29 11:37 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programy
2015-11-29 11:37 - 2015-11-29 11:37 - 00000000 _SHDL C:\ProgramData\Dokumenty
2015-11-29 11:37 - 2015-11-29 11:37 - 00000000 _SHDL C:\ProgramData\Data aplikací
2015-11-29 11:37 - 2011-10-07 02:43 - 00000000 ____D C:\Users\Rišo\AppData\Roaming\Media Center Programs

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-30 16:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2015-11-30 16:06 - 2011-08-11 03:34 - 00623144 _____ C:\Windows\system32\perfh005.dat
2015-11-30 16:06 - 2011-08-11 03:34 - 00121788 _____ C:\Windows\system32\perfc005.dat
2015-11-30 16:06 - 2009-07-14 06:13 - 01470062 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-30 16:06 - 2009-07-14 05:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-30 16:06 - 2009-07-14 05:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-30 16:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-11-30 15:58 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-30 11:32 - 2011-08-10 18:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-29 23:11 - 2011-08-10 18:47 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-11-29 23:06 - 2011-08-10 18:27 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-11-29 22:36 - 2009-07-14 06:08 - 00008572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-29 22:13 - 2011-08-10 18:33 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-11-29 22:11 - 2011-08-10 18:45 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-29 22:08 - 2011-08-10 18:34 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-11-29 21:44 - 2011-08-10 18:47 - 00000000 ____D C:\Program Files\Windows Live
2015-11-29 21:39 - 2011-06-14 05:09 - 00000000 ____D C:\Program Files\Hewlett-Packard
2015-11-29 21:00 - 2009-07-14 05:45 - 00345928 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-29 20:33 - 2009-07-14 06:32 - 00032768 _____ C:\Windows\system32\config\BCD-Template
2015-11-29 17:17 - 2011-08-10 18:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-11-29 17:16 - 2011-08-10 18:36 - 00000000 ____D C:\Program Files (x86)\HP Games
2015-11-29 17:16 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-11-29 17:15 - 2011-08-10 18:36 - 00000000 ____D C:\ProgramData\WildTangent
2015-11-29 17:11 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-11-29 17:08 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini
2015-11-29 11:51 - 2011-10-06 17:20 - 00000000 ____D C:\ProgramData\Norton
2015-11-29 11:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2015-11-29 11:41 - 2011-02-10 20:23 - 00000000 ____D C:\SWSetup
2015-11-29 11:38 - 2011-10-06 17:35 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2015-11-29 11:38 - 2011-08-10 18:45 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-11-29 11:38 - 2011-08-10 18:41 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-11-29 11:38 - 2011-08-10 18:35 - 00000000 ___RD C:\Program Files (x86)\Online Services
2015-11-29 11:38 - 2011-02-10 20:23 - 00000000 ___HD C:\SYSTEM.SAV
2015-11-29 11:38 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2015-11-29 11:38 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2015-11-29 11:37 - 2011-10-06 16:49 - 00000048 ____H C:\Windows\SysWOW64\ezsidmv.dat
2015-11-29 11:37 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-11-29 11:37 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Windows NT
2015-11-29 10:34 - 2007-01-02 02:25 - 00000000 ____D C:\Windows\Panther

==================== Files in the root of some directories =======

2015-11-29 21:58 - 2015-11-29 23:15 - 0007603 _____ () C:\Users\Rišo\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Rišo\AppData\Local\Temp\bitool.dll
C:\Users\Rišo\AppData\Local\Temp\DAEMON Tools Lite.exe
C:\Users\Rišo\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-29 12:53

==================== End of FRST.txt ============================

angel0140
Návštěvník
Návštěvník
Příspěvky: 31
Registrován: 18 lis 2015 21:20

Re: svchost.exe(netsvcs) - 100% cpu a 80% ram

#4 Příspěvek od angel0140 »

Kód: Vybrat vše

Fix result of Farbar Recovery Scan Tool (x64) Version:29-11-2015
Ran by Rišo (2015-11-30 17:00:09) Run:1
Running from C:\Users\Rišo\Downloads
Loaded Profiles: Rišo (Available Profiles: Rišo)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4126817388-1271623381-3695661034-1000\...\MountPoints2: {a3f3bef6-6993-11e3-8e91-d43d7ef50b37} - G:\Setup.exe
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-4126817388-1271623381-3695661034-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Michal\AppData\Local\Temp
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HP Software Update => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKU\S-1-5-21-4126817388-1271623381-3695661034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3f3bef6-6993-11e3-8e91-d43d7ef50b37} => key not found. 
HKCR\CLSID\{a3f3bef6-6993-11e3-8e91-d43d7ef50b37} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value not found.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value not found.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found. 
HKU\S-1-5-21-4126817388-1271623381-3695661034-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value not found.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
"C:\Users\Michal\AppData\Local\Temp" => not found.

==== End of Fixlog 17:00:10 ====

angel0140
Návštěvník
Návštěvník
Příspěvky: 31
Registrován: 18 lis 2015 21:20

Re: svchost.exe(netsvcs) - 100% cpu a 80% ram

#5 Příspěvek od angel0140 »

malwarebytes - anti malwar nenasiel nic .. pc ide pomaly ... skusim vystriekat zboku chladic stlacenym vzduchom v spreji ... po tom co zacal pc ist pomaly tak som povymazal dost utilitiek od hp

m0ple
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 93
Registrován: 19 pro 2014 21:41
Bydliště: Brno

Re: svchost.exe(netsvcs) - 100% cpu a 80% ram

#6 Příspěvek od m0ple »

Zdravím,

kde jste vzal ten FRST fix? :?:

Ty fixy jsou určené na mazání malware a vždy jsou dělané na míru konkrétnímu uživateli... Malware v lozích nevidno => problém OS.

Vytvořte mi zprávu o OS a kouknu na to.


Obrázek Performance Monitor:
  • Otevřete nabídku Start, do vyhledávání zadejte:
  • Na nalezený program klikněte pravým tlačítkem a zvolte možnost: Obrázek Spustit jako správce.
  • Otevře se administrátorská konzole, do ní zadejte:
  • a stiskněte Enter.
  • Vyčkejte na vytvoření zprávy diagnostiky OS.
  • V horním panelu klikněte na Soubor a zvolte možnost Uložit jako...
  • Obrázek
  • Zprávu uložte na Plochu pod libovolným názvem, zazipujte a následně ji nahrajte jako přílohu.

angel0140
Návštěvník
Návštěvník
Příspěvky: 31
Registrován: 18 lis 2015 21:20

Re: svchost.exe(netsvcs) - 100% cpu a 80% ram

#7 Příspěvek od angel0140 »

jj potom som si to uvedomil ... tento notebook uzival svagor co sa do pc absolutne nevyzna ... pc bol zavirovany a siel pomaly takze som ho obnovil cez recovery (samozrejme som sformatoval c) ... nasledne potom som vytvoril z volneho miesta na c novu jednotku aby mal oddeleny windows od dat( hry, fotky atd) ... chyba bude niekde u aktualizaciach windowsu
Přílohy
diagnostika os.rar
(86.02 KiB) Staženo 157 x

m0ple
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 93
Registrován: 19 pro 2014 21:41
Bydliště: Brno

Re: svchost.exe(netsvcs) - 100% cpu a 80% ram

#8 Příspěvek od m0ple »

Kromě WMI tam nic špatného nevidím - samozřejmě vyjma problémů s WU...

:arrow: Zkuste WU zapnout, vyhledat aktualizace a postupně je všechny nechat nainstalovat - proces může trvat dlouho (už jsem viděl hledání aktualizací po 8 hodin).

angel0140
Návštěvník
Návštěvník
Příspěvky: 31
Registrován: 18 lis 2015 21:20

Re: svchost.exe(netsvcs) - 100% cpu a 80% ram

#9 Příspěvek od angel0140 »

tak myslel som si ... no uvidime po aktualizacii .. cca tam by malo byt neco cez 150 ... prosim este mi pozri tento log

Kód: Vybrat vše

System errors:
=============
Error: (11/30/2015 04:01:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby HP Support Assistant Service zlyhalo kvôli nasledujúcej chybe:
%%2

Error: (11/30/2015 03:56:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (11/30/2015 11:30:08 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (11/30/2015 11:29:59 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (11/30/2015 11:29:49 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (11/30/2015 11:29:40 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (11/30/2015 11:29:30 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (11/30/2015 11:29:21 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (11/30/2015 11:29:12 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (11/30/2015 11:29:02 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

m0ple
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 93
Registrován: 19 pro 2014 21:41
Bydliště: Brno

Re: svchost.exe(netsvcs) - 100% cpu a 80% ram

#10 Příspěvek od m0ple »

Jo, aktualizací na W7 je hodně, taky to vždycky trvá, když to člověk instaluje z originálního média... ;)

Na to jsem se koukal už předtím (prošel jsem si celý FRST). První dvě bych musel vidět kompletní událost pro upřesnění, ale nic fatálního.

A ten zbytek značí vadnou mechaniku nebo vyměnitelné médium. Jsou problémy s mechanikou? Žádné jsi nezmiňoval...

angel0140
Návštěvník
Návštěvník
Příspěvky: 31
Registrován: 18 lis 2015 21:20

Re: svchost.exe(netsvcs) - 100% cpu a 80% ram

#11 Příspěvek od angel0140 »

tak mechanika podla mna bola malo pouzivana ... bol v nej aj prach ...vodka pomohla :wink: .... cd rom pracuje pomerne dobre a rychlo na to , ze ju skoro vobec nepouzival... no recovery ma tu chybu , ze ti nainstaluje vsetky utilitky a somariny co k notasu je ... ja to potom vacsinu odinstaluvavam ... tak uvidime ... zatial Dakujem velmi pekne :) ... :thumbsup:

Odpovědět