VIRY.CZ

Prosím o kontrolu

pomalý NB Lenovo


celý log v příloze

log RSIT:

Logfile of random's system information tool 1.10 (written by random/random)
Run by grdin at 2020-10-21 07:59:16
Microsoft Windows 10 Home
System drive C: has 1458 GB (78%) free of 1881 GB
Total RAM: 3904 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:00:29, on 21.10.2020
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.19041.0001)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\trend micro\grdin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo17win10.msn.com/?pc=LCTE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo17win10.msn.com/?pc=LCTE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\86.0.622.43\BHO\ie_to_edge_bho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ControlCenter4] "C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe" /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\grdin\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3633181373-2798575866-3800236081-1021\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'winpostgr')
O4 - HKUS\S-1-5-21-3633181373-2798575866-3800236081-1021\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'winpostgr')
O4 - Startup: Sledovat výstrahy inkoustu - HP Deskjet 3520 series.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Inc. - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Genuine Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - AMD - C:\WINDOWS\System32\DriverStore\FileRepository\c0341168.inf_amd64_121d7cdc98257567\B340713\atiesrxx.exe
O23 - Service: AtherosSvc - Unknown owner - C:\WINDOWS\System32\drivers\AdminService.exe (file missing)
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_2d928b - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Dolby DAX2 API Service - Dolby Laboratories, Inc. - C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: ESET Firewall Helper (ekrnEpfw) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.75\elevation_service.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: System Interface Foundation Service (ImControllerService) - Lenovo Group Ltd. - C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) - arvato digital services llc - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: WinStromService (Service1) - FlexiBee Systems s.r.o. - C:\Program Files (x86)\WinStrom\winstromservice.exe
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: TeamViewer - TeamViewer Germany GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: Universal Communication Server (UniversalCommunicationServer) - BERNINA International AG - C:\Program Files (x86)\BERNINA\UCS\UniversalCommunicationServer.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: WinStrom-PostgreSQL - PostgreSQL Global Development Group - C:\Program Files (x86)\WinStrom\pgsql\9.3\bin\pg_ctl.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12444 bytes

======Listing Processes======








C:\WINDOWS\system32\lsass.exe
"fontdrvhost.exe"
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p -s PlugPlay
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-e73d4662-9748-4848-b963-7e5bd74f64f0 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-bd903121-62d8-4a9e-b82a-b0179db56f60 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-59ab8b89-1335-4ea6-bf17-44aea17fee97 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-5ea1a9f8-c4dc-46d6-bf41-8b302b133770 -LifetimeId:0443c1ae-69a1-453a-af41-66418ecc9ea8 -DeviceGroupId: -HostArg:0
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
C:\WINDOWS\system32\svchost.exe -k RPCSS -p
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p -s LSM
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s Schedule
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s ProfSvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s UserManager
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s nsi
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s StateRepository
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s camsvc
C:\WINDOWS\System32\svchost.exe -k NetworkService -p -s NlaSvc
C:\WINDOWS\System32\svchost.exe -k LocalService -p -s netprofm
C:\WINDOWS\system32\svchost.exe -k LocalService -p

C:\WINDOWS\System32\DriverStore\FileRepository\c0341168.inf_amd64_121d7cdc98257567\B340713\atiesrxx.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s SysMain
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s EventSystem
C:\WINDOWS\System32\svchost.exe -k netsvcs -p -s Themes

C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s SENS
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s FontCache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe"

C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s Dnscache
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
C:\WINDOWS\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
C:\WINDOWS\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s IKEEXT
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe"
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
C:\WINDOWS\System32\drivers\AdminService.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s CryptSvc
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s SstpSvc
"c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s Winmgmt
C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS
"C:\Program Files\Elantech\ETDService.exe"
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
"C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe"
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
"C:\Program Files (x86)\BERNINA\UCS\UniversalCommunicationServer.exe"
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s WpnService
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s LanmanServer
"C:\Program Files (x86)\WinStrom\pgsql\9.3\bin\pg_ctl.exe" runservice -N "WinStrom-PostgreSQL" -D "C:/Users/grdin/Documents/winstrom-data" -w -o "-h 127.0.0.1 -p 5435"
C:\WINDOWS\System32\svchost.exe -k LocalService -p -s WdiServiceHost
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetSvcs -p -s iphlpsvc
dashost.exe {8af36928-5557-40d9-8ff53580c811089f}
"C:\Program Files (x86)\WinStrom\pgsql\9.3\bin\postgres.exe" -D "C:/Users/grdin/Documents/winstrom-data" -h 127.0.0.1 -p 5435
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
"C:/Program Files (x86)/WinStrom/pgsql/9.3/bin/postgres.exe" "--forkboot" "5888" "-x4"
"C:/Program Files (x86)/WinStrom/pgsql/9.3/bin/postgres.exe" "--forkboot" "5884" "-x3"
"C:/Program Files (x86)/WinStrom/pgsql/9.3/bin/postgres.exe" "--forkboot" "5904" "-x5"
"C:/Program Files (x86)/WinStrom/pgsql/9.3/bin/postgres.exe" "--forkavlauncher" "5900"
"C:/Program Files (x86)/WinStrom/pgsql/9.3/bin/postgres.exe" "--forkcol" "5844"
"C:\Program Files (x86)\WinStrom\winstromservice.exe"
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
"C:\Program Files (x86)\Java\jre1.8.0_201\bin\java" -Xmx512m -client -XX:-OmitStackTraceInFastThrow -Djava.awt.headless=true -XX:MaxPermSize=128m -XX:+IgnoreUnrecognizedVMOptions --add-modules=java.xml.ws -Djava.library.path=. -classpath .;.\lib\jersey-json-1.17.1.jar;.\lib\hibernate-c3p0-3.6.10.Final.jar;.\lib\activiti-common-rest-5.12-fb.jar;.\lib\jcommander-1.48.jar;.\lib\jersey-core-1.17.1.jar;.\lib\javacsv-2.0.jar;.\lib\freemarker-2.3.15.jar;.\lib\commons-email-1.2.jar;.\lib\oauth-signature-1.17.1.jar;.\lib\jna-posix-1.0.jar;.\lib\winstrom-help-2020.1.0.8.jar;.\lib\softeu-fixopia-1.0.92.jar;.\lib\netty-3.3.1.Final.jar;.\lib\org.restlet.ext.servlet-2.0.15.jar;.\lib\slf4j-api-1.6.1.jar;.\lib\commons-logging-1.1.1.jar;.\lib\cglib-2.2.jar;.\lib\mimepull-1.6.jar;.\lib\org.restlet.ext.fileupload-2.0.15.jar;.\lib\jna-3.0.9.jar;.\lib\dom4j-1.6.1.jar;.\lib\oauth-server-1.17.1.jar;.\lib\commons-collections4-4.2.jar;.\lib\org.restlet-2.0.15.jar;.\lib\java-uuid-generator-3.1.3.jar;.\lib\jssc-2.8.0.jar;.\lib\joda-time-2.1.jar;.\lib\poi-ooxml-schemas-3.17.jar;.\lib\poi-3.17.jar;.\lib\postgresql-42.2.4.jre7.jar;.\lib\javassist-3.12.0.GA.jar;.\lib\hibernate-jpa-2.0-api-1.0.1.Final.jar;.\lib\core-3.2.1.jar;.\lib\classworlds-1.1.jar;.\lib\commons-lang-2.6.jar;.\lib\activation-1.1.jar;.\lib\picocontainer-2.14.3.jar;.\lib\org.ektorp-1.2.2.jar;.\lib\hibernate-core-3.6.10.Final.jar;.\lib\hibernate-commons-annotations-3.2.0.Final.jar;.\lib\activiti-diagram-rest-5.12.jar;.\lib\jsr311-api-1.1.1.jar;.\lib\activiti-bpmn-model-5.12.jar;.\lib\ehcache-core-2.4.3.jar;.\lib\jta-1.1.jar;.\lib\mybatis-3.1.1.jar;.\lib\verificator-1.6.jar;.\lib\jetty-6.1.26.jar;.\lib\bcprov-jdk16-136.jar;.\lib\commons-fileupload-1.2.2.jar;.\lib\poi-ooxml-3.17.jar;.\lib\c3p0-0.9.1.2.jar;.\lib\javase-3.2.1.jar;.\lib\asm-3.2.jar;.\lib\stax-api-1.0.1.jar;.\lib\hibernate-ehcache-3.6.10.Final.jar;.\lib\httpmime-4.5.2.jar;.\lib\winstrom-sql-2020.1.0.8.jar;.\lib\activiti-bpmn-converter-5.12.jar;.\lib\activiti-rest-5.12.jar;.\lib\jackson-jaxrs-1.9.2.jar;.\lib\jersey-servlet-1.17.1.jar;.\lib\jersey-server-1.17.1.jar;.\lib\mail-1.4.jar;.\lib\async-http-client-1.7.1.jar;.\lib\softeu-svn-info-api-1.23.jar;.\lib\httpclient-4.5.2.jar;.\lib\curvesapi-1.04.jar;.\lib\jetty-util-6.1.26.jar;.\lib\xmlpull-1.1.3.1.jar;.\lib\webdav-jaxrs-1.1.1.jar;.\lib\slf4j-log4j12-1.6.1.jar;.\lib\commons-collections-3.1.jar;.\lib\groovy-all-2.4.3.jar;.\lib\org.osgi.core-4.0.0.jar;.\lib\commons-lang3-3.3.2.jar;.\lib\commons-codec-1.6.jar;.\lib\winstrom-launcher-tool-2020.1.0.8.jar;.\lib\commons-io-1.4.jar;.\lib\jackson-xc-1.9.2.jar;.\lib\jackson-core-asl-1.9.4.jar;.\lib\winstrom-connector-2020.1.0.8.jar;.\lib\jackson-mapper-asl-1.9.4.jar;.\lib\log4j-1.2.12.jar;.\lib\xmlbeans-2.6.0.jar;.\lib\jcl-over-slf4j-1.7.2.jar;.\lib\antlr-2.7.6.jar;.\lib\servlet-api-2.5-20081211.jar;.\lib\xstream-1.4.11.1.jar;.\lib\jersey-multipart-1.17.1.jar;.\lib\jettison-1.1.jar;.\lib\httpclient-cache-4.5.2.jar;.\lib\activiti-engine-5.12-fb.jar;.\lib\jetty-management-6.1.26.jar;.\lib\commons-cli-1.1.jar;.\lib\jzlib-1.0.7.jar;.\lib\winstrom-server-2020.1.0.8.jar;.\lib\winstrom-launcher-api-2020.1.0.8.jar;.\lib\httpcore-4.4.4.jar;.\lib\commons-httpclient-3.1.jar;.\lib\org.restlet.ext.jackson-2.0.15.jar cz.winstrom.net.server.WinStromServer -c "C:\Program Files (x86)\Common Files\WinStrom\flexibee-server.xml"
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TabletInputService
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s TokenBroker
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s Appinfo
C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s CDPSvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
C:\WINDOWS\System32\svchost.exe -k LocalService -p -s LicenseManager

"C:\Program Files (x86)\Browny02\BrYNSvc.exe"
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
"C:\Program Files (x86)\Lenovo\System Update\SUService.exe"
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s UsoSvc


"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /c

C:\WINDOWS\System32\WinLogon.exe -SpecialSession
"dwm.exe"
"fontdrvhost.exe"
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wuauserv
atieclxx
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_MICPKEY
sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
"ctfmon.exe"
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup -s WpnUserService
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:\WINDOWS\Explorer.EXE
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
C:\WINDOWS\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
C:\WINDOWS\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20092.123.0_x64__8wekyb3d8bbwe\YourPhone.exe" -ServerName:App.AppX9yct9q388jvt4h7y0gn06smzkxcsnt8m.mca
"C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_DOLBYDRAGON
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
C:\Windows\System32\smartscreen.exe -Embedding
"C:\Program Files\ESET\ESET Security\eguiproxy.exe" /hide
"C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
"C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
"C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe"
"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\grdin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\grdin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\grdin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.75 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ffef7576e00,0x7ffef7576e10,0x7ffef7576e20
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1596,17134198631625499258,16572335914173209,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1612 /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1596,17134198631625499258,16572335914173209,131072 --lang=cs --service-sandbox-type=network --mojo-platform-channel-handle=1988 /prefetch:8
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1596,17134198631625499258,16572335914173209,131072 --lang=cs --service-sandbox-type=utility --mojo-platform-channel-handle=2280 /prefetch:8
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,17134198631625499258,16572335914173209,131072 --disable-gpu-compositing --lang=cs --extension-process --device-scale-factor=1.25 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,17134198631625499258,16572335914173209,131072 --disable-gpu-compositing --lang=cs --extension-process --device-scale-factor=1.25 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,17134198631625499258,16572335914173209,131072 --disable-gpu-compositing --lang=cs --device-scale-factor=1.25 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{03E2C565-B64A-4CEB-B2A2-8873F4E42749}\MicrosoftEdge_X64_86.0.622.48_86.0.622.43.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{03E2C565-B64A-4CEB-B2A2-8873F4E42749}\EDGEMITMP_DCF25.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{03E2C565-B64A-4CEB-B2A2-8873F4E42749}\EDGEMITMP_DCF25.tmp\MSEDGE_PATCH.PACKED.7Z" --previous-version="86.0.622.43" --msedge --verbose-logging --do-not-launch-msedge --system-level
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{03E2C565-B64A-4CEB-B2A2-8873F4E42749}\EDGEMITMP_DCF25.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\WINDOWS\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=86.0.4240.80 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{03E2C565-B64A-4CEB-B2A2-8873F4E42749}\EDGEMITMP_DCF25.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=86.0.622.48 --initial-client-data=0x214,0x218,0x21c,0xb0,0x220,0x7ff7f172ce90,0x7ff7f172cea0,0x7ff7f172ceb0
C:\WINDOWS\System32\svchost.exe -k netsvcs -p -s BITS
C:\WINDOWS\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
"C:\Program Files (x86)\Google\Update\Install\{3E22FC96-B258-43BE-A9FC-550B93AC95AB}\86.0.4240.111_86.0.4240.75_chrome_updater.exe" --verbose-logging --do-not-launch-chrome --system-level
"C:\Program Files (x86)\Google\Update\Install\{3E22FC96-B258-43BE-A9FC-550B93AC95AB}\CR_CE825.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Google\Update\Install\{3E22FC96-B258-43BE-A9FC-550B93AC95AB}\CR_CE825.tmp\CHROME_PATCH.PACKED.7Z" --previous-version="86.0.4240.75" --verbose-logging --do-not-launch-chrome --system-level
"C:\Program Files (x86)\Google\Update\Install\{3E22FC96-B258-43BE-A9FC-550B93AC95AB}\CR_CE825.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\WINDOWS\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0x214,0x218,0x21c,0x1f0,0x220,0x7ff6ae2b7740,0x7ff6ae2b7750,0x7ff6ae2b7760
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s BthAvctpSvc
"cmd" /c ""C:\Users\grdin\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe" -tag entry=LSBUpdater.exe,info={entry=unknown,afterupdate=no}"
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Users\grdin\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe" -tag entry=LSBUpdater.exe,info={entry=unknown,afterupdate=no}
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,17134198631625499258,16572335914173209,131072 --disable-gpu-compositing --lang=cs --device-scale-factor=1.25 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,17134198631625499258,16572335914173209,131072 --disable-gpu-compositing --lang=cs --device-scale-factor=1.25 --num-raster-threads=1 --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\grdin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\grdin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\grdin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=86.0.4240.80 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=86.0.622.43 --initial-client-data=0xe8,0xec,0xf0,0xc4,0xf4,0x7fff12aa23d8,0x7fff12aa23e8,0x7fff12aa23f8
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,640538582775872264,7308167671527828988,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,640538582775872264,7308167671527828988,131072 --lang=cs --service-sandbox-type=network --mojo-platform-channel-handle=2440 /prefetch:8
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,640538582775872264,7308167671527828988,131072 --lang=cs --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,640538582775872264,7308167671527828988,131072 --lang=cs --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,640538582775872264,7308167671527828988,131072 --lang=cs --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,640538582775872264,7308167671527828988,131072 --lang=cs --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
C:\WINDOWS\system32\AUDIODG.EXE 0x420
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Users\grdin\OneDrive\Plocha\RSITx64.exe"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 792 796 804 8192 800 776
/N /P --UseSystemFonts /Q:15

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}]
IEToEdge BHO - C:\Program Files (x86)\Microsoft\Edge\Application\86.0.622.43\BHO\ie_to_edge_bho_64.dll [2020-10-14 519056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-09-15 190272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06 171704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06 171704]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}]
IEToEdge BHO - C:\Program Files (x86)\Microsoft\Edge\Application\86.0.622.43\BHO\ie_to_edge_bho.dll [2020-10-14 403856]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-01-20 480120]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06 141496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-20 194424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06 141496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06 171704]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06 141496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\WINDOWS\system32\SecurityHealthSystray.exe [2019-12-07 86016]
"Seagull Drivers V3"=C:\Program Files\Seagull\Printer Drivers\Common\Seagull_DriverStartup.exe [2018-09-26 533776]
"AdobeGCInvoker-1.0"=C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2020-09-23 3402832]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2018-04-11 509936]
"DAX2_APP"=C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [2017-03-07 849920]
"egui"=C:\Program Files\ESET\ESET Security\ecmds.exe [2020-08-10 185648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\grdin\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2020-10-15 1938800]
"Adobe Acrobat Synchronizer"=C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [2020-09-11 5482544]
"Zoner Photo Studio Autoupdate"=C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE [2014-09-12 437248]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"=C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [2012-09-25 1163264]
"ControlCenter3"=C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [2008-12-24 114688]
"ControlCenter4"=C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [2017-11-07 146584]
"BrStsMon00"=C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2014-05-22 4513792]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-12-16 601424]
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [2020-09-11 5641776]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30 96056]

C:\Users\grdin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Sledovat výstrahy inkoustu - HP Deskjet 3520 series.lnk - C:\WINDOWS\system32\RunDll32.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CBDHSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcCtnrSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CBDHSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsQuic]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NgcCtnrSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NgcSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoRun"=0
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"aux"=wdmaud.drv
"midi"=wdmaud.drv
"midimapper"=midimap.dll
"mixer"=wdmaud.drv
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wave"=wdmaud.drv
"wavemapper"=msacm32.drv
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.mjpg"=pvmjpgx40.dll
"aux1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave1"=wdmaud.drv
"aux2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave2"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.inf - install -
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

Zdravím!
Dejte logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 . RSIT není s desítkami plně kompatibilní.

v příloze

Teď spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-09-29.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-21-2020
# Duration: 00:00:19
# OS: Windows 10 Home
# Cleaned: 11
# Failed: 1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted Search The Web (privitize)
Deleted http://searchou.com/?id=300ba3f10000000 ... 2&affilt=5

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Users\grdin\AppData\Local\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1
Deleted Preinstalled.LenovoServiceBridge Folder C:\Users\grdin\AppData\Local\PROGRAMS\LENOVO\LENOVO SERVICE BRIDGE
Deleted Preinstalled.LenovoServiceBridge Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1
Deleted Preinstalled.LenovoUpdate Folder C:\Program Files (x86)\LENOVO\SYSTEM UPDATE
Deleted Preinstalled.LenovoUpdate Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{03C6CC92-68F2-4961-9A73-CAECA350BD08}
Deleted Preinstalled.LenovoUpdate Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\TVSU_is1
Not Deleted Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2571 octets] - [21/10/2020 17:42:31]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Dejte nové logy FRST+Addition.

v příloze.

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
Task: {6E5C20D1-49AC-45B4-8E9D-0A19864894AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2019-01-09] (Google Inc -> Google Inc.)
Task: {040CC865-51DB-498F-B0CD-637F20920834} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {6E5C20D1-49AC-45B4-8E9D-0A19864894AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2019-01-09] (Google Inc -> Google Inc.)
Task: {70A5B174-F5C2-450A-9F31-60E63EFDB2D3} - \Lenovo\ImController\TimeBasedEvents\82cc7014-5fdf-4d96-b4a3-42b74ed8d6d3 -> No File <==== ATTENTION
Task: {C5CB944F-D748-4CE4-B53C-169C98B7DC9D} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {D7FE3585-A4FB-4EC9-967E-4B1F8A70C783} - \Lenovo\ImController\TimeBasedEvents\3415161f-f2a1-4908-9d74-cdaa75a76740 -> No File <==== ATTENTION
Task: {E88D61E6-7EB8-4EF3-8C0E-D677AC031B4A} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {EF6DA75A-9B6C-4003-BD77-8E234246EA4C} - \Lenovo\ImController\TimeBasedEvents\bec1ba6b-1fd7-4b1e-9d8c-2d90556f7b89 -> No File <==== ATTENTION
Task: {F2C3474F-0F68-486C-AB57-1AD220C41A40} - \Lenovo\ImController\TimeBasedEvents\5d47e19f-0fb3-4c93-8bd8-08a9191ba942 -> No File <==== ATTENTION
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\grdin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => -> No File
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => -> No File
ontextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
HKU\S-1-5-21-3633181373-2798575866-3800236081-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-3633181373-2798575866-3800236081-1001 -> DefaultScope {4DF0D807-70A7-4A0A-8838-984A2BD0734B} URL =
SearchScopes: HKU\S-1-5-21-3633181373-2798575866-3800236081-1001 -> {4DF0D807-70A7-4A0A-8838-984A2BD0734B} URL =
FirewallRules: [{7ACA3EA4-9412-4900-A093-6324CDCF907D}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe => No File
FirewallRules: [{5920659F-1BFD-4408-8397-295EF39CA4D0}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe => No File

EmptyTemp:
Hosts:
End

Uložte do C:\Users\grdin\OneDrive\Plocha jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-10-2020
Ran by grdin (21-10-2020 20:46:43) Run:1
Running from C:\Users\grdin\OneDrive\Plocha
Loaded Profiles: grdin & winpostgr
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
Task: {6E5C20D1-49AC-45B4-8E9D-0A19864894AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2019-01-09] (Google Inc -> Google Inc.)
Task: {040CC865-51DB-498F-B0CD-637F20920834} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {6E5C20D1-49AC-45B4-8E9D-0A19864894AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2019-01-09] (Google Inc -> Google Inc.)
Task: {70A5B174-F5C2-450A-9F31-60E63EFDB2D3} - \Lenovo\ImController\TimeBasedEvents\82cc7014-5fdf-4d96-b4a3-42b74ed8d6d3 -> No File <==== ATTENTION
Task: {C5CB944F-D748-4CE4-B53C-169C98B7DC9D} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {D7FE3585-A4FB-4EC9-967E-4B1F8A70C783} - \Lenovo\ImController\TimeBasedEvents\3415161f-f2a1-4908-9d74-cdaa75a76740 -> No File <==== ATTENTION
Task: {E88D61E6-7EB8-4EF3-8C0E-D677AC031B4A} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {EF6DA75A-9B6C-4003-BD77-8E234246EA4C} - \Lenovo\ImController\TimeBasedEvents\bec1ba6b-1fd7-4b1e-9d8c-2d90556f7b89 -> No File <==== ATTENTION
Task: {F2C3474F-0F68-486C-AB57-1AD220C41A40} - \Lenovo\ImController\TimeBasedEvents\5d47e19f-0fb3-4c93-8bd8-08a9191ba942 -> No File <==== ATTENTION
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\grdin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => -> No File
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => -> No File
ontextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
HKU\S-1-5-21-3633181373-2798575866-3800236081-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-3633181373-2798575866-3800236081-1001 -> DefaultScope {4DF0D807-70A7-4A0A-8838-984A2BD0734B} URL =
SearchScopes: HKU\S-1-5-21-3633181373-2798575866-3800236081-1001 -> {4DF0D807-70A7-4A0A-8838-984A2BD0734B} URL =
FirewallRules: [{7ACA3EA4-9412-4900-A093-6324CDCF907D}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe => No File
FirewallRules: [{5920659F-1BFD-4408-8397-295EF39CA4D0}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe => No File

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9} => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6E5C20D1-49AC-45B4-8E9D-0A19864894AE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E5C20D1-49AC-45B4-8E9D-0A19864894AE}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{040CC865-51DB-498F-B0CD-637F20920834}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{040CC865-51DB-498F-B0CD-637F20920834}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E5C20D1-49AC-45B4-8E9D-0A19864894AE}" => not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{70A5B174-F5C2-450A-9F31-60E63EFDB2D3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70A5B174-F5C2-450A-9F31-60E63EFDB2D3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\82cc7014-5fdf-4d96-b4a3-42b74ed8d6d3" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C5CB944F-D748-4CE4-B53C-169C98B7DC9D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5CB944F-D748-4CE4-B53C-169C98B7DC9D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7FE3585-A4FB-4EC9-967E-4B1F8A70C783}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7FE3585-A4FB-4EC9-967E-4B1F8A70C783}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\3415161f-f2a1-4908-9d74-cdaa75a76740" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E88D61E6-7EB8-4EF3-8C0E-D677AC031B4A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E88D61E6-7EB8-4EF3-8C0E-D677AC031B4A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Monitor" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF6DA75A-9B6C-4003-BD77-8E234246EA4C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF6DA75A-9B6C-4003-BD77-8E234246EA4C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\bec1ba6b-1fd7-4b1e-9d8c-2d90556f7b89" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2C3474F-0F68-486C-AB57-1AD220C41A40}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2C3474F-0F68-486C-AB57-1AD220C41A40}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\5d47e19f-0fb3-4c93-8bd8-08a9191ba942" => removed successfully
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
C:\Users\grdin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\CLVDShellExt => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\CLVDShellExt => removed successfully
ontextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File => Error: No automatic fix found for this entry.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
"HKU\S-1-5-21-3633181373-2798575866-3800236081-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages" => removed successfully
"HKU\S-1-5-21-3633181373-2798575866-3800236081-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-3633181373-2798575866-3800236081-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4DF0D807-70A7-4A0A-8838-984A2BD0734B} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7ACA3EA4-9412-4900-A093-6324CDCF907D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5920659F-1BFD-4408-8397-295EF39CA4D0}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 83371992 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2302850 B
Edge => 49886 B
Chrome => 68521027 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 6656 B
systemprofile32 => 6656 B
LocalService => 53506 B
NetworkService => 70128 B
grdin => 12147392 B
winpostgr => 12154048 B

RecycleBin => 0 B
EmptyTemp: => 180.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:48:34 ====

Smazáno. Zrychlil se NB?

Ano využití CPU i HDD se uklidnilo v rámci možností. Děkuji mnohokrát.

Rádo se stalo!