Vytížení CPU firewallem

Zpráva

wenty91 · #1 Příspěvek od **wenty91** » 23 pro 2017 14:44

Dobrý den, chtěl bych Vás poprosit o pomoc.
Na ntb se mi asi před měsícem začal vytěžovat procesor do takové míry že se na ntb nedalo pracovat.
Většinou byl procesor na 99%, když jsem zjistil, že mi to vytěžuje Firewall tak jsme ho prostě vypnul a už bylo vše v pohodě procsor na 5%. Jenže po dnešní aktualizaci Win 10 na build 16299.125, pokud chci firewall zakázat, tak vyskočí hláška: přístup odepřen.
Po aktualizaci se procesor nevytěžuje na předchozích 99%, ale na 75% zhruba, ale i tak..a nejvíce ho tedy vytěžuje Hostitel služby: Místní služba (bez sítě).

Dá se s tím něco dělat?

Sem píši poprvé tak prosím o schovívavost, pokud bych něco nevěděl nebo něco dělal špatně, děkuji.
Viděl jsem, že chcete po lidech logy, ale nevím jestli sem dávám ten správný.

#2 Příspěvek od **Rudy** » 23 pro 2017 16:23

Zdravím!
Zkusíme nejprve PC vyčistit. Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

wenty91 · #3 Příspěvek od **wenty91** » 23 pro 2017 18:52

Tak zatím žádná změna.

# AdwCleaner 7.0.6.0 - Logfile created on Sat Dec 23 17:40:24 2017
# Updated on 2017/21/12 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Program Files (x86)\Mobogenie
Deleted: C:\Users\Nikola\AppData\Local\Mobogenie
Deleted: C:\Users\Nikola\AppData\Local\genienext
Deleted: C:\Users\Nikola\AppData\Roaming\OpenCandy
Deleted: C:\Users\Nikola\AppData\Roaming\newnext.me

***** [ Files ] *****

Deleted: C:\Users\Nikola\daemonprocess.txt

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
Deleted: [Value] - HKU\S-1-5-21-2789698950-51257510-2621383479-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|NextLive
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|mobilegeni daemon
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|mobilegeni daemon

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [2925 B] - [2017/12/23 17:38:56]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

#4 Příspěvek od **Rudy** » 23 pro 2017 18:58

Dejte nový log FRST.

wenty91 · #5 Příspěvek od **wenty91** » 23 pro 2017 19:16

Děkuji za brzké reakce a ochotu mi pomoct =)

#6 Příspěvek od **Rudy** » 23 pro 2017 20:10

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
SearchScopes: HKU\S-1-5-21-2789698950-51257510-2621383479-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2789698950-51257510-2621383479-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d0c166bd9bf04c
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d0e2f35ac565db
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d042f87f0208b6
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d08f3cdb358ad6
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d0f29d908f570b
C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d08f3cdb358ad6.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d042f87f0208b6.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0c166bd9bf04c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
Task: {0F12F3D9-AFC4-464D-8130-5A6B7E817DD5} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {11DAAC3F-3B70-4156-9B06-4FC31AFB6C0B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {17428BAA-AFC9-423A-8D22-FA11B5B66DA1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {20160D2D-A5F2-42F0-8D90-3CFBBE427841} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {34AA5C4D-4AA0-4932-9CD7-4653FB814CB1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8601B48C-9707-4BA3-8682-BE831D609D4F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {947DB668-20BC-481F-BF7C-232F34367200} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {AE1560F8-1DFF-49FE-A287-CC3ECE1722A1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C8DDD06E-55A1-4724-B282-1968D0B58799} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {CBFBB223-690C-4867-BD84-B9D9159C416F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D959C5AC-E76B-4AE1-8947-14A2072F6FD5} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {E22DD6ED-7691-4FFC-BA01-6D17FD29211C} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {EFDD796F-D5EB-44F5-B798-53F80A461B43} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:C8B8CEBD [109]
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

wenty91 · #7 Příspěvek od **wenty91** » 23 pro 2017 21:06

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-12-2017 01
Ran by Wenty (23-12-2017 20:55:45) Run:1
Running from C:\Users\Nikola\Desktop
Loaded Profiles: Wenty (Available Profiles: Wenty)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
SearchScopes: HKU\S-1-5-21-2789698950-51257510-2621383479-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2789698950-51257510-2621383479-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d0c166bd9bf04c
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d0e2f35ac565db
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d042f87f0208b6
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d08f3cdb358ad6
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d0f29d908f570b
C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d08f3cdb358ad6.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d042f87f0208b6.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0c166bd9bf04c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
Task: {0F12F3D9-AFC4-464D-8130-5A6B7E817DD5} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {11DAAC3F-3B70-4156-9B06-4FC31AFB6C0B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {17428BAA-AFC9-423A-8D22-FA11B5B66DA1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {20160D2D-A5F2-42F0-8D90-3CFBBE427841} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {34AA5C4D-4AA0-4932-9CD7-4653FB814CB1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8601B48C-9707-4BA3-8682-BE831D609D4F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {947DB668-20BC-481F-BF7C-232F34367200} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {AE1560F8-1DFF-49FE-A287-CC3ECE1722A1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C8DDD06E-55A1-4724-B282-1968D0B58799} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {CBFBB223-690C-4867-BD84-B9D9159C416F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D959C5AC-E76B-4AE1-8947-14A2072F6FD5} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {E22DD6ED-7691-4FFC-BA01-6D17FD29211C} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {EFDD796F-D5EB-44F5-B798-53F80A461B43} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:C8B8CEBD [109]
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

EmptyTemp:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-2789698950-51257510-2621383479-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2789698950-51257510-2621383479-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKLM\Software\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d0c166bd9bf04c => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d0e2f35ac565db => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d042f87f0208b6 => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d08f3cdb358ad6 => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d0f29d908f570b => moved successfully
C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d08f3cdb358ad6.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d042f87f0208b6.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0c166bd9bf04c.job => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip" => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => key not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64" => removed successfully
HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => key not found
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avast" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C}" => removed successfully
HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => key not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip" => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => key not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files" => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => key not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files" => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0F12F3D9-AFC4-464D-8130-5A6B7E817DD5} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F12F3D9-AFC4-464D-8130-5A6B7E817DD5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11DAAC3F-3B70-4156-9B06-4FC31AFB6C0B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11DAAC3F-3B70-4156-9B06-4FC31AFB6C0B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17428BAA-AFC9-423A-8D22-FA11B5B66DA1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17428BAA-AFC9-423A-8D22-FA11B5B66DA1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{20160D2D-A5F2-42F0-8D90-3CFBBE427841}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20160D2D-A5F2-42F0-8D90-3CFBBE427841}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{34AA5C4D-4AA0-4932-9CD7-4653FB814CB1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34AA5C4D-4AA0-4932-9CD7-4653FB814CB1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8601B48C-9707-4BA3-8682-BE831D609D4F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8601B48C-9707-4BA3-8682-BE831D609D4F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{947DB668-20BC-481F-BF7C-232F34367200}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{947DB668-20BC-481F-BF7C-232F34367200}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE1560F8-1DFF-49FE-A287-CC3ECE1722A1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE1560F8-1DFF-49FE-A287-CC3ECE1722A1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C8DDD06E-55A1-4724-B282-1968D0B58799}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8DDD06E-55A1-4724-B282-1968D0B58799}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CBFBB223-690C-4867-BD84-B9D9159C416F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBFBB223-690C-4867-BD84-B9D9159C416F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D959C5AC-E76B-4AE1-8947-14A2072F6FD5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D959C5AC-E76B-4AE1-8947-14A2072F6FD5}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E22DD6ED-7691-4FFC-BA01-6D17FD29211C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E22DD6ED-7691-4FFC-BA01-6D17FD29211C}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFDD796F-D5EB-44F5-B798-53F80A461B43}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFDD796F-D5EB-44F5-B798-53F80A461B43}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
C:\ProgramData\Temp => ":C8B8CEBD" ADS removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\SunJavaUpdateSched => value removed successfully
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value not found.

=========== EmptyTemp: ==========

BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 25156544 B
Java, Flash, Steam htmlcache => 24471 B
Windows/system/drivers => 3207281 B
Edge => 1804842 B
Chrome => 727168353 B
Firefox => 384853527 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 2450 B
NetworkService => 0 B
Nikola => 31200617 B

RecycleBin => 0 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 20:58:40 ====

#8 Příspěvek od **Rudy** » 23 pro 2017 21:58

Smazáno. Nastala nějaká změna?

wenty91 · #9 Příspěvek od **wenty91** » 24 pro 2017 08:49

Bohužel ne.

#10 Příspěvek od **Rudy** » 24 pro 2017 11:42

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

wenty91 · #11 Příspěvek od **wenty91** » 24 pro 2017 14:34

Toto?
Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 24.12.17
Čas skenování: 14:00
Logovací soubor: 7692214a-e8aa-11e7-bf23-ac220baa0881.json
Správce: Ano

-Informace o softwaru-
Verze: 3.3.1.2183
Verze komponentů: 1.0.262
Aktualizovat verzi balíku komponent: 1.0.3556
Licence: Zkušební

-Systémová informace-
OS: Windows 10 (Build 16299.125)
CPU: x64
Systém souborů: NTFS
Uživatel: WENTYPC\Wenty

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 362453
Zjištěné hrozby: 0
(Nebyly zjištěny žádné škodlivé položky)
Hrozby umístěné do karantény: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 13 min, 8 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

(end)

#12 Příspěvek od **Rudy** » 24 pro 2017 15:25

Toto je OK. Jste-li si jist, že problém způsobuje FW, zkuste obnovu systému k datu, kdy korketně fungoval.

wenty91 · #13 Příspěvek od **wenty91** » 24 pro 2017 19:10

Bohužel jsem neměl aktivní obnovu systému a tak nemám žádnou zálohu, ke které bych se mohl vrátit.
Asi to přeinstaluju na sedmičky a bude klid.

Děkuji Vám za rady a přejí Vám krásné svátky.

#14 Příspěvek od **Rudy** » 24 pro 2017 20:09

Ještě zkuste vypnout aut. aktualizace, je možné, žr to někaterá nedokončená aktualizace způsbuje. Zapněte je až před příští pravidelnou (druhá středa v lednu). Nové aktalizace obvykle ty staré opraví. Jiná možnost je vypnout systémový firewall a nainstalovat jiný od jiného výrobce.

wenty91 · #15 Příspěvek od **wenty91** » 26 pro 2017 16:50

Dneska se mi podařilo najít funkci, vráceni se k předchozímu buildu. Takže jsem to udělal a pokud ve Správci úloh ukončím Firewall v programu Windows defender, tak je znatelný pokles využití CPU ze 75% +- na 13% +-.
Ale toto řešení mi dlouho nevydrží. V 10sítkách nejdou vypnout automatické aktualizace a tak za nějakou dobu budu nucený systém aktualizovat a v novém buildu je už odepřen přístup k ukončení úlohy Firewallu. Nebo se pletu?

VIRY.CZ

Vytížení CPU firewallem

Vytížení CPU firewallem

Re: Vytížení CPU firewallem

Re: Vytížení CPU firewallem

Re: Vytížení CPU firewallem

Re: Vytížení CPU firewallem

Re: Vytížení CPU firewallem

Re: Vytížení CPU firewallem

Re: Vytížení CPU firewallem

Re: Vytížení CPU firewallem

Re: Vytížení CPU firewallem

Re: Vytížení CPU firewallem

Re: Vytížení CPU firewallem

Re: Vytížení CPU firewallem

Re: Vytížení CPU firewallem

Re: Vytížení CPU firewallem