Kontrola CPU

[blaider1]

Zdravím mám problém s čoraz pomalším fungovaním pc. PC bohužial pre inštalovať nemôžem mám tam toho hromadu do školy a zabralo by mi kopu času pozahadzovať veci spet a ako bonus nemám stým skúsenosti že by som niečo pokafral. V poslednej dobe si všímam že pc pracuje čoraz pomalšie ako antivir mám od microsoftu essencial. pc som vyčistil aj adwcleaner,first64 aj jrt mám v pc . Pri výkone pc aj ked nemám takmer nič spusené je takéto https://ctrlv.cz/D6dW , Ked si dám využitie procesora vidím toto https://ctrlv.cz/TTmZ , vobec netuším čo je ten winlog a svchost ked však dám umiestnenie suboru toho winlogu najde mi ho kdesi Názovpc/appdata/roaming/winupdate/c - ked sa odklikam dozadu až k názvu pc tam nikde tu zložku appdata nemám , takež sa obávam že to bude vírus. Pripájam log z FRST a taktiež pripájam addition.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-10-2015
Ran by dado (administrator) on DADO-PC (10-12-2016 16:44:55)
Running from C:\Users\dado\Desktop
Loaded Profiles: dado (Available Profiles: dado)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft) C:\Users\dado\AppData\Roaming\WinUpdate\c\windrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\dado\AppData\Roaming\WinUpdate\c\winlog.exe
(CANON INC.) C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [3031664 2011-04-06] (VIA)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [Canon Toner Status] => C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe [1821240 2014-04-10] (CANON INC.)
HKU\S-1-5-21-2048779508-4136272637-3483633514-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd)
HKU\S-1-5-21-2048779508-4136272637-3483633514-1000\...\Run: [Facebook Update] => C:\Users\dado\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-14] (Facebook Inc.)
HKU\S-1-5-21-2048779508-4136272637-3483633514-1000\...\Run: [Windows Driver] => C:\Users\dado\AppData\Roaming\WinUpdate\c\windrv.exe [6144 2014-06-26] (Microsoft)
HKU\S-1-5-21-2048779508-4136272637-3483633514-1000\...\Run: [uTorrent] => C:\Users\dado\AppData\Roaming\uTorrent\uTorrent.exe [2145984 2016-11-27] (BitTorrent Inc.)
HKU\S-1-5-21-2048779508-4136272637-3483633514-1000\...\MountPoints2: {109d5f78-03f5-11e2-ac61-5404a6c4fd45} - G:\SETUP.EXE /AUTORUN

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{83409282-9345-4BDD-A9CF-B3C2ADFC8C92}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-14] (Oracle Corporation)
BHO-x32: Pomocník pri prihlasovaní v sieti Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-14] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [2013-11-21] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-05-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-05-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2048779508-4136272637-3483633514-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\dado\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha412\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta613\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha706\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha208\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3905\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1736\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home642\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode4799\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release720\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha3036\ff [not found]

Chrome:
=======
CHR StartupUrls: Profile 5 -> "hxxp://www.google.sk/"
CHR Profile: C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Disk Google) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-20]
CHR Extension: (YouTube) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-25]
CHR Extension: (video downloader) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgkkdjcofableihebmbkiegidgoekafg [2014-06-19]
CHR Extension: (Hľadať v Google) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-25]
CHR Extension: (Adobe Acrobat – Vytvoriť PDF) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-09-29]
CHR Extension: (AdBlock) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-25]
CHR Extension: (Ostrov Thassos - pohľad na more - Grécko.) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcljilfhnlofcfncmfgdnjkpglaailab [2014-08-03]
CHR Extension: (Peňaženka Google) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-25]
CHR Profile: C:\Users\dado\AppData\Local\Google\Chrome\User Data\Profile 5
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-30]
CHR Extension: (AdBlock) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-27]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-24]
CHR Extension: (Chrome Media Router) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-06-24]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2142728 2016-10-22] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2209296 2016-10-22] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 uCamMonitor; C:\Program Files (x86)\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-03-29] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2008-04-24] (ArcSoft, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-21] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 NvStUSB; C:\Windows\system32\drivers\nvstusb.sys [122472 2011-03-13] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-10 16:44 - 2016-12-10 16:45 - 00020047 _____ C:\Users\dado\Desktop\FRST.txt
2016-12-10 15:20 - 2016-12-10 15:20 - 00007668 _____ C:\Users\dado\AppData\Local\Resmon.ResmonCfg
2016-12-10 15:11 - 2016-12-10 15:12 - 05658636 _____ (Swearware) C:\Users\dado\Downloads\ComboFix.exe
2016-12-10 12:57 - 2016-12-10 13:30 - 00000000 ____D C:\Users\dado\Desktop\MBS - ZDRoje
2016-12-09 19:02 - 2016-12-09 19:02 - 03968464 _____ C:\Users\dado\Downloads\adwcleaner_6.040 (2).exe
2016-12-09 19:02 - 2016-12-09 19:02 - 03968464 _____ C:\Users\dado\Downloads\adwcleaner_6.040 (1).exe
2016-12-09 19:01 - 2016-12-09 19:01 - 03968464 _____ C:\Users\dado\Downloads\adwcleaner_6.040.exe
2016-12-09 19:01 - 2016-12-09 19:01 - 03968464 _____ C:\Users\dado\Desktop\adwcleaner_6.040.exe
2016-12-08 16:57 - 2016-12-08 17:26 - 00000000 ____D C:\Users\dado\Desktop\EBP - zápočet
2016-12-07 17:04 - 2016-12-07 17:32 - 00000000 ____D C:\Users\dado\Desktop\ŠKOLA
2016-12-04 15:50 - 2016-12-04 15:50 - 00153088 _____ C:\Users\dado\Desktop\Klobučník_BM31_MnŠ (1).xls
2016-11-30 17:54 - 2016-11-30 17:54 - 00002659 _____ C:\Users\dado\Desktop\Microsoft Office Excel 2007.lnk
2016-11-30 15:24 - 2016-12-05 19:18 - 00000000 ____D C:\Users\dado\Desktop\Štatistika
2016-11-28 19:20 - 2016-11-28 19:20 - 00000000 ____D C:\Users\dado\AppData\Roaming\Canon
2016-11-28 19:20 - 2016-11-28 19:20 - 00000000 _____ C:\Users\dado\Sti_Trace.log
2016-11-20 10:19 - 2016-11-20 10:19 - 00000000 ____D C:\Users\dado\AppData\LocalLow\Heroes and Generals

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-10 16:44 - 2015-07-02 21:45 - 00000000 ___DC C:\FRST
2016-12-10 16:42 - 2016-01-19 16:33 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-10 16:40 - 2012-09-30 10:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-12-10 16:36 - 2012-09-09 10:52 - 01432595 _____ C:\Windows\WindowsUpdate.log
2016-12-10 16:14 - 2009-07-14 05:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-10 16:14 - 2009-07-14 05:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-10 16:07 - 2012-09-09 11:35 - 00000000 ____D C:\Users\dado\AppData\Roaming\uTorrent
2016-12-10 16:06 - 2016-09-22 16:19 - 00012995 _____ C:\Windows\setupact.log
2016-12-10 16:06 - 2015-01-23 22:33 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-10 16:06 - 2012-05-10 14:53 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-10 16:06 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-10 16:05 - 2015-01-23 22:33 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-10 16:04 - 2015-07-02 20:43 - 00000000 ___DC C:\AdwCleaner
2016-12-10 15:13 - 2012-10-14 11:08 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2048779508-4136272637-3483633514-1000UA.job
2016-12-10 15:06 - 2012-09-09 10:56 - 00000000 ____D C:\Users\dado
2016-12-10 13:41 - 2016-10-17 12:55 - 00000000 ____D C:\Users\dado\Desktop\MBS semestralka
2016-12-10 13:34 - 2009-07-14 06:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-10 12:13 - 2012-10-14 11:08 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2048779508-4136272637-3483633514-1000Core.job
2016-12-07 19:53 - 2016-05-21 11:45 - 00000000 ____D C:\Users\dado\AppData\Local\CrashDumps
2016-12-07 19:39 - 2015-02-06 20:46 - 00000000 ____D C:\Users\dado\Desktop\Steve jobs
2016-12-02 10:36 - 2009-07-14 06:08 - 00032544 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-01 15:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-11-30 15:08 - 2015-04-11 18:48 - 00000384 _____ C:\Windows\ODBC.INI
2016-11-30 15:07 - 2012-09-30 10:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-11-30 15:07 - 2011-04-12 14:40 - 00000000 ____D C:\Windows\ShellNew
2016-11-30 15:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system
2016-11-20 10:17 - 2016-10-31 09:44 - 00000000 ____D C:\Users\dado\AppData\Roaming\DarknessII
2016-11-15 10:11 - 2015-01-23 22:34 - 00002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-15 10:11 - 2015-01-23 22:34 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-12 13:08 - 2016-01-27 15:19 - 00000000 ____D C:\Users\dado\AppData\Roaming\TS3Client

==================== Files in the root of some directories =======

2002-08-29 18:33 - 2002-08-29 18:33 - 0319488 ____R () C:\Users\dado\AppData\Roaming\MafiaSetup.exe
2013-03-16 12:13 - 2015-12-16 16:00 - 0010752 _____ () C:\Users\dado\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-18 14:58 - 2014-01-18 14:58 - 0000000 ___SH () C:\Users\dado\AppData\Local\LumaEmu
2016-12-10 15:20 - 2016-12-10 15:20 - 0007668 _____ () C:\Users\dado\AppData\Local\Resmon.ResmonCfg
2012-09-09 11:19 - 2016-09-29 14:48 - 0007600 _____ () C:\ProgramData\hpzinstall.log
2015-06-03 20:56 - 2015-06-03 20:56 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some files in TEMP:
====================
C:\Users\dado\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\dado\AppData\Local\Temp\KMP_4.1.3.3.exe
C:\Users\dado\AppData\Local\Temp\KMP_4.1.4.7.exe
C:\Users\dado\AppData\Local\Temp\libeay32.dll
C:\Users\dado\AppData\Local\Temp\msvcr120.dll
C:\Users\dado\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-16 16:05

==================== End of FRST.txt ============================

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

[blaider1]

# AdwCleaner v6.040 - Logfile created 10/12/2016 at 17:25:17
# Updated on 02/12/2016 by Malwarebytes
# Database : 2016-12-09.3 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : dado - DADO-PC
# Running from : C:\Users\dado\Desktop\adwcleaner_6.040.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2068 Bytes] - [08/06/2016 10:37:34]
C:\AdwCleaner\AdwCleaner[C3].txt - [4024 Bytes] - [04/10/2015 10:08:16]
C:\AdwCleaner\AdwCleaner[C4].txt - [1433 Bytes] - [28/01/2016 10:01:54]
C:\AdwCleaner\AdwCleaner[C5].txt - [1971 Bytes] - [09/12/2016 19:05:04]
C:\AdwCleaner\AdwCleaner[C6].txt - [1871 Bytes] - [10/12/2016 16:04:23]
C:\AdwCleaner\AdwCleaner[R0].txt - [24812 Bytes] - [02/07/2015 20:43:28]
C:\AdwCleaner\AdwCleaner[R1].txt - [1018 Bytes] - [02/07/2015 21:03:14]
C:\AdwCleaner\AdwCleaner[R2].txt - [1075 Bytes] - [02/07/2015 21:35:41]
C:\AdwCleaner\AdwCleaner[S0].txt - [21203 Bytes] - [02/07/2015 20:48:16]
C:\AdwCleaner\AdwCleaner[S1].txt - [3019 Bytes] - [02/07/2015 21:36:41]
C:\AdwCleaner\AdwCleaner[S4].txt - [3722 Bytes] - [04/10/2015 10:07:07]
C:\AdwCleaner\AdwCleaner[S5].txt - [1299 Bytes] - [28/01/2016 10:00:42]
C:\AdwCleaner\AdwCleaner[S6].txt - [2122 Bytes] - [09/12/2016 19:04:07]
C:\AdwCleaner\AdwCleaner[S7].txt - [2038 Bytes] - [10/12/2016 16:04:06]
C:\AdwCleaner\AdwCleaner[S8].txt - [2031 Bytes] - [10/12/2016 17:25:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [2104 Bytes] ##########

[Rudy]

Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-2048779508-4136272637-3483633514-1000\...\Run: [Facebook Update] => C:\Users\dado\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-14] (Facebook Inc.)
C:\Users\dado\AppData\Local\Facebook\Update
HKU\S-1-5-21-2048779508-4136272637-3483633514-1000\...\MountPoints2: {109d5f78-03f5-11e2-ac61-5404a6c4fd45} - G:\SETUP.EXE /AUTORUN
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Hľadať v Google) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-25]
CHR Extension: (Peňaženka Google) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2048779508-4136272637-3483633514-1000UA.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2048779508-4136272637-3483633514-1000Core.job
C:\Users\dado\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\dado\AppData\Local\Temp

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[blaider1]

Dúfam že som nič nepokašlal pretože pri ukladaní fixlist.txt mi dávalo koklonku že niektore znaky možu byt stratene pri ukladaní ako txt. tu je výsledný log :


Fix result of Farbar Recovery Scan Tool (x64) Version:03-10-2015
Ran by dado (2016-12-10 19:06:48) Run:2
Running from C:\Users\dado\Desktop
Loaded Profiles: dado (Available Profiles: dado)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-2048779508-4136272637-3483633514-1000\...\Run: [Facebook Update] => C:\Users\dado\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-14] (Facebook Inc.)
C:\Users\dado\AppData\Local\Facebook\Update
HKU\S-1-5-21-2048779508-4136272637-3483633514-1000\...\MountPoints2: {109d5f78-03f5-11e2-ac61-5404a6c4fd45} - G:\SETUP.EXE /AUTORUN
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (HAƒÂƒA?Â?AƒÂ?A?Â3adaAƒÂƒA?Â?AƒÂ?A?ÂY v Google) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-25]
CHR Extension: (PeAƒÂƒA?Â?AƒÂ?A?ˆaAƒÂƒA?Â?AƒÂ?A?Â3enka Google) - C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2048779508-4136272637-3483633514-1000UA.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2048779508-4136272637-3483633514-1000Core.job
C:\Users\dado\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\dado\AppData\Local\Temp

EmptyTemp:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-2048779508-4136272637-3483633514-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => value removed successfully
C:\Users\dado\AppData\Local\Facebook\Update => moved successfully
"HKU\S-1-5-21-2048779508-4136272637-3483633514-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{109d5f78-03f5-11e2-ac61-5404a6c4fd45}" => key removed successfully
HKCR\CLSID\{109d5f78-03f5-11e2-ac61-5404a6c4fd45} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf => moved successfully
C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2048779508-4136272637-3483633514-1000UA.job => moved successfully
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2048779508-4136272637-3483633514-1000Core.job => moved successfully
C:\Users\dado\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully

"C:\Users\dado\AppData\Local\Temp" folder move:

Could not move "C:\Users\dado\AppData\Local\Temp" => Scheduled to move on reboot.

EmptyTemp: => 1.6 GB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-12-10 19:14:09)

C:\Users\dado\AppData\Local\Temp => moved successfully

==== End of Fixlog 19:14:10 ====

[Rudy]

Smazáno. Nastala nějaká změna?

[blaider1]

Bohužiaľ zmenu som zatiaľ v rýchlosti nespozoroval, zajtra keď prídem z práce to uvidím teraz som to len pozrel v rýchlosti . avšak tak ako som písal v prvom príspevku a dokladoval to screenmy tak to ostalo rovnaké, zaujíma ma či to tak má byť . aj teraz mam otvorený len chrome a cpu využitý na 80%+skoro všetko spapá ten winlog a svchost.exe(netsvcs) rovnako ako vo vyššie uvedených screenoch.

[Rudy]

Pokud se vám to ještě nebude zdát, udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

[blaider1]

Poprosím ešte nezamykať vlákno , zdá sa mi že pc už pracuje o niečo rýchlejšie. Program som už stiahol. Dal som vykonať kompletný scan avšak po takmer 2 hodinách som si všimol že scan asi zamrzol pretože počet skontrolovaných položiek a aj cesta stala už asi pol hodiny . Takže scan spustím na novo ešte raz zajtra a potom pridám log.. Čo sa týka toho vytaženia procesora ako som hore písal s tými screenmi je možné že je to normálny jav ? to vyťaženie tými dvoma procesmi?

[Rudy]

Zkuste ho spustit v nouz. režimu.

[blaider1]

Takže v núdzovom režime my Malwarbyte našiel celkom dosť hrozieb , tu je log :

-Log Details-
Scan Date: 12/12/16
Scan Time: 12:02 PM
Logfile: scan.txt
Administrator: Yes

-Software Information-
Version: 3.0.0
Components Version: 1.0.0
Update Package Version: 1.0.0
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: dado-PC\dado

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 373245
Time Elapsed: 4 min, 51 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 12
PUP.Optional.CrossRider, HKU\S-1-5-21-2048779508-4136272637-3483633514-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{928F63E2-E80D-471F-86A7-E6A36817E7C5}, Quarantined, [307], [237487],1.0.0
PUP.Optional.CrossRider, HKU\S-1-5-21-2048779508-4136272637-3483633514-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E738D363-754F-48D0-9BD1-E163C113E571}, Quarantined, [307], [237488],1.0.0
PUP.Optional.MediaBuzz, HKLM\SOFTWARE\WOW6432NODE\MediaBuzzV1, Quarantined, [13885], [240133],1.0.0
PUP.Optional.MediaBuzz, HKLM\SOFTWARE\WOW6432NODE\MediaBuzzV1mode4799, Quarantined, [13885], [240133],1.0.0
PUP.Optional.MediaPlayerAlpha, HKLM\SOFTWARE\WOW6432NODE\MediaPlayerV1alpha706, Quarantined, [8297], [240217],1.0.0
PUP.Optional.MediaViewer, HKLM\SOFTWARE\WOW6432NODE\MediaViewerV1alpha208, Quarantined, [13895], [240269],1.0.0
PUP.Optional.MediaView, HKLM\SOFTWARE\WOW6432NODE\MediaViewV1alpha1736, Quarantined, [8301], [240266],1.0.0
PUP.Optional.MediaView, HKLM\SOFTWARE\WOW6432NODE\MediaViewV1alpha3905, Quarantined, [8301], [240266],1.0.0
PUP.Optional.MediaWatch, HKLM\SOFTWARE\WOW6432NODE\MediaWatchV1, Quarantined, [12432], [240273],1.0.0
PUP.Optional.MediaWatch, HKLM\SOFTWARE\WOW6432NODE\MediaWatchV1home642, Quarantined, [12432], [240272],1.0.0
PUP.Optional.TrustMediaViewer, HKLM\SOFTWARE\WOW6432NODE\TrustMediaViewerV1, Quarantined, [14222], [244228],1.0.0
PUP.Optional.TrustMediaViewer, HKLM\SOFTWARE\WOW6432NODE\TrustMediaViewerV1alpha3036, Quarantined, [14222], [244228],1.0.0

Registry Value: 2
PUP.Optional.CrossRider, HKU\S-1-5-21-2048779508-4136272637-3483633514-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{928F63E2-E80D-471F-86A7-E6A36817E7C5}|APPNAME, Quarantined, [307], [237487],1.0.0
PUP.Optional.CrossRider, HKU\S-1-5-21-2048779508-4136272637-3483633514-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E738D363-754F-48D0-9BD1-E163C113E571}|APPNAME, Quarantined, [307], [237488],1.0.0

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.OffersWizard, C:\PROGRAM FILES (X86)\COMMON FILES\CONFIG, Quarantined, [14730], [241306],1.0.0
PUP.Optional.SweetIM, C:\USERS\DADO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTERNAL EXTENSIONS\{EEE6C373-6118-11DC-9C72-001320C79847}, Quarantined, [1433], [243752],1.0.0

File: 7
RiskWare.GameHack, C:\PROGRAM FILES (X86)\WOLFENSTEIN THE NEW ORDER\STEAM_API64.DLL, Quarantined, [558], [305544],1.0.0
PUP.Optional.BitCoinMiner, C:\WINDOWS\SYSWOW64\ACUMNCMLFVGF.EXE, Quarantined, [254], [144764],1.0.0
Trojan.Agent.BCM, C:\WINDOWS\SYSWOW64\LCPMNCMLFVGF.EXE, Quarantined, [4921], [45863],1.0.0
Trojan.Agent.SCR, C:\WINDOWS\INF\MSSTP.VBE, Quarantined, [1244], [191833],1.0.0
PUP.Optional.OffersWizard, C:\PROGRAM FILES (X86)\COMMON FILES\CONFIG\VER.XML, Quarantined, [14730], [241306],1.0.0
PUP.Optional.SweetIM, C:\USERS\DADO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTERNAL EXTENSIONS\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx, Quarantined, [1433], [243752],1.0.0
PUP.Optional.SweetIM, C:\Users\dado\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx, Quarantined, [1433], [243752],1.0.0

Physical Sector: 0
(No malicious items detected)


(end)

Výsledné hrozby som teda uložil do karantény , v karanténe mám možnosti restore alebo delete, možem ich teda bez obáv zmazať ? . Treba vykonať další scan alebo niečo ? Myslým že pc od tejto chvílu pracuje spolahlivejšie a lepšie . no stále to vytťaženie procesora je hlavne tými dvoma procesmi ako som vyššie spomínal ... možete my odpovedať teda na otázku či je to bežne ? resp možem tie procesy ukončiť?

Vyhodnotenie porcesou :
CPU : winlog.exe cpt 47-50 average 47,76;
svchost.exe(netsvcs) 23-27 average 24,07
Memory : svchost.exe(netsvcs) 1 646 852 KB čo sa mi zdá strašne veľa
MBAM service.exe 279 960 kb
Chrome.exe je tam asi 4x dokopy asi 400 000
další svchost.exe(localsystmnetworkresctriced) 94 000
msmpeng.exe 130 000
všetky ostatné su už pod 100k

[blaider1]

Vyhodnotenie porcesou :
CPU : winlog.exe cpt 47-50 average 47,76;
svchost.exe(netsvcs) 23-27 average 24,07
Memory : svchost.exe(netsvcs) 1 646 852 KB čo sa mi zdá strašne veľa
MBAM service.exe 279 960 kb
Chrome.exe je tam asi 4x dokopy asi 400 000
další svchost.exe(localsystmnetworkresctriced) 94 000
msmpeng.exe 130 000
všetky ostatné su už pod 100k

svchost.exe(netsvcs) sa mi podarilo zbavit po jednoduchom vypnutí windows update v SErvices windows a využitie pamete sa mi znížilo z 99% na 33%


každopádne po vyjadrení sa k tomu poslednemu logu bude táto téma asi uzamknutá pretože vyťaženie cpu ako mi boplo povedané sa nerieši na tomto forum :/

[stell]

každopádne po vyjadrení sa k tomu poslednemu logu bude táto téma asi uzamknutá pretože vyťaženie cpu ako mi boplo povedané sa nerieši na tomto forum :/

zle si ma pochopil, opravit automaticke aktualizaciu na fore sa neda, na to je potrebne pripojit sa na pc, a opravit.
Je to taky špecificky problem,ze nikto na celom internete cez forum to neopravi.
Zaver ak nie je to virusovy problem,tak to na fore to nevyriesis.
tot vsjo

[blaider1]

Dobre už rozumiem každopádne čiastočne som problém už vyriešil , ešte mi chýba vyjadrenie rudyho či možem zmazať to čo našlo v poslednom scane a už sa dúfam problém úplne vyrieši

[Rudy]

Můžete smazat vše, co MBAM nalezl.