kontrola PC - Antimalware Service Executable vytěžuje pc

[Axell]

Dobrý den

Prosím o kontrolu logu - služba Antimalware Service Executable vytěžuje procesor

Z důvodu velikosti zabaleno

FRST.rar

(20.33 KiB) Staženo 124 x

Děkuji

[Axell]

Addition.rar

(17.37 KiB) Staženo 76 x

Dějkuji

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

[Axell]

Zdravíčko

# -------------------------------
# Malwarebytes AdwCleaner 8.0.7.0
# -------------------------------
# Build: 07-22-2020
# Database: 2020-07-20.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 08-30-2020
# Duration: 00:00:38
# OS: Windows 7 Professional
# Scanned: 31837
# Detected: 7


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.SamsungSmartSwitch File D:\Users\Axell\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Smart Switch.lnk
Preinstalled.SamsungSmartSwitch File D:\Users\Public\Desktop\Smart Switch.lnk
Preinstalled.SamsungSmartSwitch Folder D:\Program Files (x86)\SAMSUNG\SMART SWITCH PC
Preinstalled.SamsungSmartSwitch Folder D:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAMSUNG\SMART SWITCH PC
Preinstalled.SamsungSmartSwitch Folder D:\Users\Axell\AppData\Roaming\SAMSUNG\SMART SWITCH PC
Preinstalled.SamsungSmartSwitch Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}
Preinstalled.SamsungSmartSwitch Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}


AdwCleaner[S00].txt - [2236 octets] - [30/08/2020 00:16:32]
AdwCleaner[S01].txt - [2297 octets] - [30/08/2020 10:47:29]
AdwCleaner[S02].txt - [2358 octets] - [30/08/2020 11:22:57]

########## EOF - D:\AdwCleaner\Logs\AdwCleaner[S03].txt ##########

[Rudy]

OK. Ty Preinstalled můžete ponechat. Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKU\S-1-5-21-3945993420-2137591309-1149009910-1000\...\MountPoints2: {4448c275-00cd-11e7-961f-005056c00008} - E:\MafiaLauncher.EXE
HKU\S-1-5-21-3945993420-2137591309-1149009910-1000\...\MountPoints2: {7d7f835e-2008-11e5-be49-005056c00008} - E:\setup.exe
HKU\S-1-5-21-3945993420-2137591309-1149009910-1000\...\MountPoints2: {fd415708-a2a1-11e8-922d-005056c00008} - I:\m.exe
HKU\S-1-5-21-3945993420-2137591309-1149009910-1000\...\MountPoints2: {fd41570b-a2a1-11e8-922d-005056c00008} - J:\autorun.exe
Task: {25D1AA00-B799-4125-B5B7-8DFDE3C2325D} - \Plejuphaniling -> No File <==== ATTENTION
Task: {24C51ACA-77D7-4033-ABE3-7A22D1812843} - System32\Tasks\GoogleUpdateTaskMachineUA => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-04-01] (Google Inc -> Google Inc.)
Task: {999F2EC4-2682-4594-8C07-F1AA749E98B9} - System32\Tasks\GoogleUpdateTaskMachineCore => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-04-01] (Google Inc -> Google Inc.)
Task: {9C7C891F-6D45-4A9E-BDFD-E9C0C31778B2} - System32\Tasks\{FFA0F157-FD25-49E9-AF5F-0701B070CA6D} => D:\Windows\system32\pcalua.exe -a "C:\Hidden & Dangerous II\hd2.exe" -d "C:\Hidden & Dangerous II\"
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
D:\Program Files (x86)\kgb keylogger
D:\Program Files (x86)\mywebsearch
D:\Program Files (x86)\purityscan
D:\Program Files (x86)\180searchassistant
D:\Program Files (x86)\180search assistant
D:\Program Files (x86)\adwarebazooka
D:\Users\Axell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ContextMenuHandlers1: [OODefrag] -> [CC]{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} => -> No File
ContextMenuHandlers1: [STShellMenu] -> {F32C83B9-DF1D-42AD-9741-C52909703957} => -> No File
ContextMenuHandlers2: [OODefrag] -> [CC]{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} => -> No File
ContextMenuHandlers2: [VMDiskMenuHandler] -> [CC]{271DC252-6FE1-4D59-9053-E4CF50AB99DE} => -> No File
ContextMenuHandlers2: [VMDiskMenuHandler64] -> [CC]{E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> [CC]{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => -> No File
ContextMenuHandlers3: [STShellMenu] -> [CC]{F32C83B9-DF1D-42AD-9741-C52909703957} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> [CC]{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => -> No File
ContextMenuHandlers6: [OODefrag] -> [CC]{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} => -> No File
ContextMenuHandlers6: [STShellMenu] -> [CC]{F32C83B9-DF1D-42AD-9741-C52909703957} => -> No File
AlternateDataStreams: D:\Users\Axell:Heroes & Generals [38]
FirewallRules: [TCP Query User{A8A0C133-44D6-4513-8CF0-871B8FE58FB8}F:\utorrent\utorrent.exe] => (Allow) F:\utorrent\utorrent.exe => No File
FirewallRules: [UDP Query User{165755CB-D109-4E02-BA0C-1F53E7A9FFCE}F:\utorrent\utorrent.exe] => (Allow) F:\utorrent\utorrent.exe => No File

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[Axell]

text zkopírován uložen do text.souboru s uvedenou koncovkou na plochu,program spuštěn po skončení programu restart pc ale log žádný.Tudíž jsem se podíval do toho txt souboru a v něm bylo přidáno.

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-08-2020
Ran by Axell (30-08-2020 13:01:06) Run:1
Running from D:\Users\Axell\Desktop
Loaded Profiles: Axell
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKU\S-1-5-21-3945993420-2137591309-1149009910-1000\...\MountPoints2: {4448c275-00cd-11e7-961f-005056c00008} - E:\MafiaLauncher.EXE
HKU\S-1-5-21-3945993420-2137591309-1149009910-1000\...\MountPoints2: {7d7f835e-2008-11e5-be49-005056c00008} - E:\setup.exe
HKU\S-1-5-21-3945993420-2137591309-1149009910-1000\...\MountPoints2: {fd415708-a2a1-11e8-922d-005056c00008} - I:\m.exe
HKU\S-1-5-21-3945993420-2137591309-1149009910-1000\...\MountPoints2: {fd41570b-a2a1-11e8-922d-005056c00008} - J:\autorun.exe
Task: {25D1AA00-B799-4125-B5B7-8DFDE3C2325D} - \Plejuphaniling -> No File <==== ATTENTION
Task: {24C51ACA-77D7-4033-ABE3-7A22D1812843} - System32\Tasks\GoogleUpdateTaskMachineUA => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-04-01] (Google Inc -> Google Inc.)
Task: {999F2EC4-2682-4594-8C07-F1AA749E98B9} - System32\Tasks\GoogleUpdateTaskMachineCore => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-04-01] (Google Inc -> Google Inc.)
Task: {9C7C891F-6D45-4A9E-BDFD-E9C0C31778B2} - System32\Tasks\{FFA0F157-FD25-49E9-AF5F-0701B070CA6D} => D:\Windows\system32\pcalua.exe -a "C:\Hidden & Dangerous II\hd2.exe" -d "C:\Hidden & Dangerous II\"
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
D:\Program Files (x86)\kgb keylogger
D:\Program Files (x86)\mywebsearch
D:\Program Files (x86)\purityscan
D:\Program Files (x86)\180searchassistant
D:\Program Files (x86)\180search assistant
D:\Program Files (x86)\adwarebazooka
D:\Users\Axell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ContextMenuHandlers1: [OODefrag] -> [CC]{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} => -> No File
ContextMenuHandlers1: [STShellMenu] -> {F32C83B9-DF1D-42AD-9741-C52909703957} => -> No File
ContextMenuHandlers2: [OODefrag] -> [CC]{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} => -> No File
ContextMenuHandlers2: [VMDiskMenuHandler] -> [CC]{271DC252-6FE1-4D59-9053-E4CF50AB99DE} => -> No File
ContextMenuHandlers2: [VMDiskMenuHandler64] -> [CC]{E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> [CC]{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => -> No File
ContextMenuHandlers3: [STShellMenu] -> [CC]{F32C83B9-DF1D-42AD-9741-C52909703957} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> [CC]{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => -> No File
ContextMenuHandlers6: [OODefrag] -> [CC]{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} => -> No File
ContextMenuHandlers6: [STShellMenu] -> [CC]{F32C83B9-DF1D-42AD-9741-C52909703957} => -> No File
AlternateDataStreams: D:\Users\Axell:Heroes & Generals [38]
FirewallRules: [TCP Query User{A8A0C133-44D6-4513-8CF0-871B8FE58FB8}F:\utorrent\utorrent.exe] => (Allow) F:\utorrent\utorrent.exe => No File
FirewallRules: [UDP Query User{165755CB-D109-4E02-BA0C-1F53E7A9FFCE}F:\utorrent\utorrent.exe] => (Allow) F:\utorrent\utorrent.exe => No File

EmptyTemp:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-3945993420-2137591309-1149009910-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4448c275-00cd-11e7-961f-005056c00008} => removed successfully
HKU\S-1-5-21-3945993420-2137591309-1149009910-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d7f835e-2008-11e5-be49-005056c00008} => removed successfully
HKU\S-1-5-21-3945993420-2137591309-1149009910-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd415708-a2a1-11e8-922d-005056c00008} => removed successfully
HKU\S-1-5-21-3945993420-2137591309-1149009910-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd41570b-a2a1-11e8-922d-005056c00008} => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25D1AA00-B799-4125-B5B7-8DFDE3C2325D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25D1AA00-B799-4125-B5B7-8DFDE3C2325D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plejuphaniling" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24C51ACA-77D7-4033-ABE3-7A22D1812843}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24C51ACA-77D7-4033-ABE3-7A22D1812843}" => removed successfully
D:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{999F2EC4-2682-4594-8C07-F1AA749E98B9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{999F2EC4-2682-4594-8C07-F1AA749E98B9}" => removed successfully
D:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C7C891F-6D45-4A9E-BDFD-E9C0C31778B2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C7C891F-6D45-4A9E-BDFD-E9C0C31778B2}" => removed successfully
D:\Windows\System32\Tasks\{FFA0F157-FD25-49E9-AF5F-0701B070CA6D} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FFA0F157-FD25-49E9-AF5F-0701B070CA6D}" => removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
"D:\Program Files (x86)\kgb keylogger" => not found
"D:\Program Files (x86)\mywebsearch" => not found
"D:\Program Files (x86)\purityscan" => not found
"D:\Program Files (x86)\180searchassistant" => not found
"D:\Program Files (x86)\180search assistant" => not found
"D:\Program Files (x86)\adwarebazooka" => not found
D:\Users\Axell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\OODefrag => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\STShellMenu => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\OODefrag => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\VMDiskMenuHandler => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\VMDiskMenuHandler64 => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MBAMShlExt => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\STShellMenu => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\MBAMShlExt => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\OODefrag => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\STShellMenu => removed successfully
D:\Users\Axell => ":Heroes & Generals" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A8A0C133-44D6-4513-8CF0-871B8FE58FB8}F:\utorrent\utorrent.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{165755CB-D109-4E02-BA0C-1F53E7A9FFCE}F:\utorrent\utorrent.exe" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 49765599 B
Java, Flash, Steam htmlcache => 392785231 B
Windows/system/drivers => 156484 B
Edge => 0 B
Chrome => 732565060 B
Firefox => 34913032 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 33058 B
ProgramData => 33058 B
systemprofile => 66244 B
systemprofile32 => 99430 B
LocalService => 132555 B
NetworkService => 203421838 B
Axell => 204714963 B

RecycleBin => 221323 B
EmptyTemp: => 1.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:09:38 ====

[Axell]

pc.jpg (83.36 KiB) Zobrazeno 2027 x

Po ukončení a restartu PC je vytížen procesor na max.

Ve správci jsem po cca 10 minutách ukončil Software report tool

[Rudy]

Klikněte pravým tlačítkem myši na nástroj Google software tool a přejděte na příkaz "Vlastnosti". V nových oknech vyberte Zabezpečení a přejděte na Upřesnit. Klikněte na tlačítko „Zakázat dědičnost“ a poté z tohoto objektu odeberte všechna zděděná oprávnění.

https://www.google.com/search?client=fi ... ol+disable .

[Axell]

Nějak jsem nepochopil ale nějak to dopadlo.Omylem jsem vymazal všechny uživatele ale pak jsem tam ty dva přidal viz obrázek.Byly tam dohromady 4.

12.jpg (58.75 KiB) Zobrazeno 2016 x

[Rudy]

To by mělo být OK. Nastala nějaká změna?

[Axell]

Změna ani nenastala

Pořád tam někde chroustá ten Antimalware Service Executable +-20 - 30 "procenty " výkonu procesoru

[Rudy]

Zkuste službu zastavit. Návod: https://www.spajk.cz/zastavit-sluzbu-an ... xecutable/ .

[Axell]

Už jsem na to narazil dříve.Ale nemám v pc to co vypínají W.Defender nemám ho ani v registru jak uvádí viz obr v příloze.Na pravo místo kdy by mělo být ale není.

3.jpg (44.59 KiB) Zobrazeno 2008 x

A v ovládacích panelech pokud najedu na Windows Defender a kliknu na něj tak mi to hlásí že program je vypnutý.

[Rudy]

OK. Zkusíme to jinak. V příkazovém řádku příkazem:

services.msc

+Enter spusťte konfigurační okno služeb. Službe vyhledejte v sezanmu a zastavte ji. Restartujte.

[Axell]

Takže službu jsem našel ale nejde zastavit - tlačítka jsou "mrtvé" viz obrázek

44.jpg (111.25 KiB) Zobrazeno 2004 x