VIRY.CZ

Dobrý den,
prosím o radu a o kontrolu logu z FRST. V počítači s W10 Home mám nějaký virus, který vytváří soubory gpu_update.exe a složky update nebo updates se stejným obsahem ve složkách Program files(86), user\uzivatel\appdata (resp. v různých podsložkách v nich).
gpu_update.exe mi začal hlásit Windows Defender, teď jsem zkusil avast a našel asi tři soubory. Malwarebytes Adwcleaner nic nenašel. Když složky update smažu, po nějaké době se vytvoří znovu a ve správci úloh občas na chvilku problikne proces updates. Pokud zkontroluju různými antiviry složky update, které se vytvářejí, nic podezřelého v nich nenajdou. Pravděpodobně k infekci došlo spuštěním falešného instalátoru hry Contra Return, která vyšla na mobily a existuje falešná stránka s PC verzí https://www.contrareturn.com. Údajně by to měl být nějaký coin miner, ale procesor ani grafiku mi to nezatěžuje.

Předem děkuji za jakoukoliv radu a pomoc.
Petr

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Nevím, jestli nedělám něco špatně. Test proběhne během pár sekund a "Cisteni a opravy" tam nevidim. Je tam "Spustit základní opravu". Je to ono? Nebo mám špatnou verzi?

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-06-29.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-26-2021
# Duration: 00:00:00
# OS: Windows 10 Home
# Cleaned: 0
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1406 octets] - [18/07/2021 21:45:57]
AdwCleaner[S01].txt - [1467 octets] - [26/07/2021 20:25:38]
AdwCleaner[C01].txt - [1657 octets] - [26/07/2021 20:26:12]
AdwCleaner[S02].txt - [1589 octets] - [26/07/2021 21:53:26]
AdwCleaner[S03].txt - [1650 octets] - [26/07/2021 22:05:05]
AdwCleaner[S04].txt - [1711 octets] - [26/07/2021 22:13:01]
AdwCleaner[S05].txt - [1772 octets] - [26/07/2021 22:13:59]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C05].txt ##########

Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {091E6CE0-475C-4232-8607-6DD41F3F0F4B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-09] (Google LLC -> Google LLC)
Task: {379DBFA2-038D-4E49-AED4-50BD64AE5BE2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-09] (Google LLC -> Google LLC)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
FirewallRules: [UDP Query User{9989D291-775E-4D0B-92C9-419A1EA6DA7B}C:\program files (x86)\steam\steamapps\common\succubus prologue\succubus\binaries\win64\succubus-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\succubus prologue\succubus\binaries\win64\succubus-win64-shipping.exe => No File
FirewallRules: [TCP Query User{7E140418-0C4A-4522-8743-D316B10402B2}C:\program files (x86)\steam\steamapps\common\succubus prologue\succubus\binaries\win64\succubus-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\succubus prologue\succubus\binaries\win64\succubus-win64-shipping.exe => No File
FirewallRules: [UDP Query User{CDF0C5AB-AF51-41AC-8EFB-83F63F8CF8DD}C:\program files (x86)\steam\steamapps\common\paradise lost demo\paradiselost\binaries\win64\paradiselost-win64-shipping.exe] => (Block) C:\program files (x86)\steam\steamapps\common\paradise lost demo\paradiselost\binaries\win64\paradiselost-win64-shipping.exe => No File
FirewallRules: [TCP Query User{75E45487-1080-411A-A581-074ADC254C6B}C:\program files (x86)\steam\steamapps\common\paradise lost demo\paradiselost\binaries\win64\paradiselost-win64-shipping.exe] => (Block) C:\program files (x86)\steam\steamapps\common\paradise lost demo\paradiselost\binaries\win64\paradiselost-win64-shipping.exe => No File
FirewallRules: [UDP Query User{D1D06F52-11D7-4523-9515-F8F74FD6095F}C:\program files\epic games\heavyraindemo\heavyrain.exe] => (Allow) C:\program files\epic games\heavyraindemo\heavyrain.exe => No File
FirewallRules: [TCP Query User{074DBE65-67F1-40B1-B601-99FA05AD423F}C:\program files\epic games\heavyraindemo\heavyrain.exe] => (Allow) C:\program files\epic games\heavyraindemo\heavyrain.exe => No File
FirewallRules: [UDP Query User{8298DE48-CC2B-4B76-919E-8452F889EED1}C:\users\pegas\downloads\castlevania_636\castlevania\castlevania.exe] => (Block) C:\users\pegas\downloads\castlevania_636\castlevania\castlevania.exe => No File
FirewallRules: [TCP Query User{B47788F8-9B83-4AC4-AB7B-B50C5DE3B1D9}C:\users\pegas\downloads\castlevania_636\castlevania\castlevania.exe] => (Block) C:\users\pegas\downloads\castlevania_636\castlevania\castlevania.exe => No File
FirewallRules: [UDP Query User{4C62490D-543E-4AA9-B325-A186010C4DC5}C:\users\pegas\downloads\agony_ue4_remake_prototype\windowsnoeditor\engine\binaries\win64\ue4game.exe] => (Block) C:\users\pegas\downloads\agony_ue4_remake_prototype\windowsnoeditor\engine\binaries\win64\ue4game.exe => No File
FirewallRules: [TCP Query User{4C2DB790-2679-4852-A7C6-F0DD04D27A17}C:\users\pegas\downloads\agony_ue4_remake_prototype\windowsnoeditor\engine\binaries\win64\ue4game.exe] => (Block) C:\users\pegas\downloads\agony_ue4_remake_prototype\windowsnoeditor\engine\binaries\win64\ue4game.exe => No File
FirewallRules: [UDP Query User{7C24045A-1339-4D25-B86C-DB79E9B1868D}C:\program files (x86)\steam\steamapps\common\gears5\geargame\binaries\steam\gears5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\gears5\geargame\binaries\steam\gears5.exe => No File
FirewallRules: [TCP Query User{E0742EF1-4AE5-4429-A4A6-9E04527F703F}C:\program files (x86)\steam\steamapps\common\gears5\geargame\binaries\steam\gears5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\gears5\geargame\binaries\steam\gears5.exe => No File
FirewallRules: [UDP Query User{C191B030-A7CF-45A4-8CA9-7D1DB294D88A}C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe => No File
FirewallRules: [TCP Query User{EF96618A-6A25-4D51-B183-FFE8E32B982C}C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe => No File
FirewallRules: [{B5EB5C28-112D-41A2-958F-6492565D95CD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{A3BC4C13-5DAD-4BC6-99AF-BDC06610522D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
hklm\software\microsoft\windows defender\spynet\\DisableBlockAtFirstSeen
C:\$Recycle.Bin\S-1-5-21-1156052103-1126085748-2276357170-1001\$REE83P7.exe

EmptyTemp:
End

Uložte do C:\Users\Pegas\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-07-2021 01
Ran by Pegas (27-07-2021 22:05:20) Run:1
Running from C:\Users\Pegas\Downloads
Loaded Profiles: Pegas
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {091E6CE0-475C-4232-8607-6DD41F3F0F4B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-09] (Google LLC -> Google LLC)
Task: {379DBFA2-038D-4E49-AED4-50BD64AE5BE2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-09] (Google LLC -> Google LLC)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
FirewallRules: [UDP Query User{9989D291-775E-4D0B-92C9-419A1EA6DA7B}C:\program files (x86)\steam\steamapps\common\succubus prologue\succubus\binaries\win64\succubus-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\succubus prologue\succubus\binaries\win64\succubus-win64-shipping.exe => No File
FirewallRules: [TCP Query User{7E140418-0C4A-4522-8743-D316B10402B2}C:\program files (x86)\steam\steamapps\common\succubus prologue\succubus\binaries\win64\succubus-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\succubus prologue\succubus\binaries\win64\succubus-win64-shipping.exe => No File
FirewallRules: [UDP Query User{CDF0C5AB-AF51-41AC-8EFB-83F63F8CF8DD}C:\program files (x86)\steam\steamapps\common\paradise lost demo\paradiselost\binaries\win64\paradiselost-win64-shipping.exe] => (Block) C:\program files (x86)\steam\steamapps\common\paradise lost demo\paradiselost\binaries\win64\paradiselost-win64-shipping.exe => No File
FirewallRules: [TCP Query User{75E45487-1080-411A-A581-074ADC254C6B}C:\program files (x86)\steam\steamapps\common\paradise lost demo\paradiselost\binaries\win64\paradiselost-win64-shipping.exe] => (Block) C:\program files (x86)\steam\steamapps\common\paradise lost demo\paradiselost\binaries\win64\paradiselost-win64-shipping.exe => No File
FirewallRules: [UDP Query User{D1D06F52-11D7-4523-9515-F8F74FD6095F}C:\program files\epic games\heavyraindemo\heavyrain.exe] => (Allow) C:\program files\epic games\heavyraindemo\heavyrain.exe => No File
FirewallRules: [TCP Query User{074DBE65-67F1-40B1-B601-99FA05AD423F}C:\program files\epic games\heavyraindemo\heavyrain.exe] => (Allow) C:\program files\epic games\heavyraindemo\heavyrain.exe => No File
FirewallRules: [UDP Query User{8298DE48-CC2B-4B76-919E-8452F889EED1}C:\users\pegas\downloads\castlevania_636\castlevania\castlevania.exe] => (Block) C:\users\pegas\downloads\castlevania_636\castlevania\castlevania.exe => No File
FirewallRules: [TCP Query User{B47788F8-9B83-4AC4-AB7B-B50C5DE3B1D9}C:\users\pegas\downloads\castlevania_636\castlevania\castlevania.exe] => (Block) C:\users\pegas\downloads\castlevania_636\castlevania\castlevania.exe => No File
FirewallRules: [UDP Query User{4C62490D-543E-4AA9-B325-A186010C4DC5}C:\users\pegas\downloads\agony_ue4_remake_prototype\windowsnoeditor\engine\binaries\win64\ue4game.exe] => (Block) C:\users\pegas\downloads\agony_ue4_remake_prototype\windowsnoeditor\engine\binaries\win64\ue4game.exe => No File
FirewallRules: [TCP Query User{4C2DB790-2679-4852-A7C6-F0DD04D27A17}C:\users\pegas\downloads\agony_ue4_remake_prototype\windowsnoeditor\engine\binaries\win64\ue4game.exe] => (Block) C:\users\pegas\downloads\agony_ue4_remake_prototype\windowsnoeditor\engine\binaries\win64\ue4game.exe => No File
FirewallRules: [UDP Query User{7C24045A-1339-4D25-B86C-DB79E9B1868D}C:\program files (x86)\steam\steamapps\common\gears5\geargame\binaries\steam\gears5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\gears5\geargame\binaries\steam\gears5.exe => No File
FirewallRules: [TCP Query User{E0742EF1-4AE5-4429-A4A6-9E04527F703F}C:\program files (x86)\steam\steamapps\common\gears5\geargame\binaries\steam\gears5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\gears5\geargame\binaries\steam\gears5.exe => No File
FirewallRules: [UDP Query User{C191B030-A7CF-45A4-8CA9-7D1DB294D88A}C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe => No File
FirewallRules: [TCP Query User{EF96618A-6A25-4D51-B183-FFE8E32B982C}C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe => No File
FirewallRules: [{B5EB5C28-112D-41A2-958F-6492565D95CD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{A3BC4C13-5DAD-4BC6-99AF-BDC06610522D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
hklm\software\microsoft\windows defender\spynet\\DisableBlockAtFirstSeen
C:\$Recycle.Bin\S-1-5-21-1156052103-1126085748-2276357170-1001\$REE83P7.exe

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{091E6CE0-475C-4232-8607-6DD41F3F0F4B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{091E6CE0-475C-4232-8607-6DD41F3F0F4B}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{379DBFA2-038D-4E49-AED4-50BD64AE5BE2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{379DBFA2-038D-4E49-AED4-50BD64AE5BE2}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9989D291-775E-4D0B-92C9-419A1EA6DA7B}C:\program files (x86)\steam\steamapps\common\succubus prologue\succubus\binaries\win64\succubus-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7E140418-0C4A-4522-8743-D316B10402B2}C:\program files (x86)\steam\steamapps\common\succubus prologue\succubus\binaries\win64\succubus-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CDF0C5AB-AF51-41AC-8EFB-83F63F8CF8DD}C:\program files (x86)\steam\steamapps\common\paradise lost demo\paradiselost\binaries\win64\paradiselost-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{75E45487-1080-411A-A581-074ADC254C6B}C:\program files (x86)\steam\steamapps\common\paradise lost demo\paradiselost\binaries\win64\paradiselost-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D1D06F52-11D7-4523-9515-F8F74FD6095F}C:\program files\epic games\heavyraindemo\heavyrain.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{074DBE65-67F1-40B1-B601-99FA05AD423F}C:\program files\epic games\heavyraindemo\heavyrain.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8298DE48-CC2B-4B76-919E-8452F889EED1}C:\users\pegas\downloads\castlevania_636\castlevania\castlevania.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B47788F8-9B83-4AC4-AB7B-B50C5DE3B1D9}C:\users\pegas\downloads\castlevania_636\castlevania\castlevania.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4C62490D-543E-4AA9-B325-A186010C4DC5}C:\users\pegas\downloads\agony_ue4_remake_prototype\windowsnoeditor\engine\binaries\win64\ue4game.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4C2DB790-2679-4852-A7C6-F0DD04D27A17}C:\users\pegas\downloads\agony_ue4_remake_prototype\windowsnoeditor\engine\binaries\win64\ue4game.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7C24045A-1339-4D25-B86C-DB79E9B1868D}C:\program files (x86)\steam\steamapps\common\gears5\geargame\binaries\steam\gears5.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E0742EF1-4AE5-4429-A4A6-9E04527F703F}C:\program files (x86)\steam\steamapps\common\gears5\geargame\binaries\steam\gears5.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C191B030-A7CF-45A4-8CA9-7D1DB294D88A}C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EF96618A-6A25-4D51-B183-FFE8E32B982C}C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B5EB5C28-112D-41A2-958F-6492565D95CD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A3BC4C13-5DAD-4BC6-99AF-BDC06610522D}" => removed successfully
hklm\software\microsoft\windows defender\spynet\\DisableBlockAtFirstSeen => Error: No automatic fix found for this entry.
"C:\$Recycle.Bin\S-1-5-21-1156052103-1126085748-2276357170-1001\$REE83P7.exe" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 290221014 B
Java, Flash, Steam htmlcache => 393243478 B
Windows/system/drivers => 11481386 B
Edge => 1401033 B
Firefox => 1562924779 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 1568 B
LocalService => 17404 B
NetworkService => 737328 B
Pegas => 304826427 B

RecycleBin => 0 B
EmptyTemp: => 2.4 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 22:08:02 ====

Smazáno, log je již OK.

Děkuju moc. Složky se přestaly vytvářet, tak snad je to OK.

Rádo se stalo, také věřím, že bude vše OK.

VIRY.CZ

Prosím o kontrolu a pomoc (gpu_update.exe)

Prosím o kontrolu a pomoc (gpu_update.exe)

Re: Prosím o kontrolu a pomoc (gpu_update.exe)

Re: Prosím o kontrolu a pomoc (gpu_update.exe)

Re: Prosím o kontrolu a pomoc (gpu_update.exe)

Re: Prosím o kontrolu a pomoc (gpu_update.exe)

Re: Prosím o kontrolu a pomoc (gpu_update.exe)

Re: Prosím o kontrolu a pomoc (gpu_update.exe)

Re: Prosím o kontrolu a pomoc (gpu_update.exe)